From a9e3baa5625d20c476c46582612da807c20c158b Mon Sep 17 00:00:00 2001 From: Jung-uk Kim Date: Wed, 22 Jan 2020 01:15:57 +0000 Subject: Install man5 and man7 for OpenSSL. Note config.5 and crypto.7 are not installed because we have conflicts. Requested by: phk MFC after: 1 month --- secure/lib/libcrypto/Makefile | 5 +- secure/lib/libcrypto/Makefile.man | 3809 +------------------- secure/lib/libcrypto/man/ADMISSIONS.3 | 280 -- secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 | 260 -- secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 | 171 - secure/lib/libcrypto/man/ASN1_OBJECT_new.3 | 182 - secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 | 195 - secure/lib/libcrypto/man/ASN1_STRING_length.3 | 242 -- secure/lib/libcrypto/man/ASN1_STRING_new.3 | 182 - secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 | 245 -- secure/lib/libcrypto/man/ASN1_TIME_set.3 | 380 -- secure/lib/libcrypto/man/ASN1_TYPE_get.3 | 231 -- secure/lib/libcrypto/man/ASN1_generate_nconf.3 | 381 -- secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 | 270 -- secure/lib/libcrypto/man/ASYNC_start_job.3 | 453 --- secure/lib/libcrypto/man/BF_encrypt.3 | 249 -- secure/lib/libcrypto/man/BIO_ADDR.3 | 253 -- secure/lib/libcrypto/man/BIO_ADDRINFO.3 | 239 -- secure/lib/libcrypto/man/BIO_connect.3 | 240 -- secure/lib/libcrypto/man/BIO_ctrl.3 | 263 -- secure/lib/libcrypto/man/BIO_f_base64.3 | 223 -- secure/lib/libcrypto/man/BIO_f_buffer.3 | 217 -- secure/lib/libcrypto/man/BIO_f_cipher.3 | 211 -- secure/lib/libcrypto/man/BIO_f_md.3 | 295 -- secure/lib/libcrypto/man/BIO_f_null.3 | 171 - secure/lib/libcrypto/man/BIO_f_ssl.3 | 435 --- secure/lib/libcrypto/man/BIO_find_type.3 | 203 -- secure/lib/libcrypto/man/BIO_get_data.3 | 195 - secure/lib/libcrypto/man/BIO_get_ex_new_index.3 | 191 - secure/lib/libcrypto/man/BIO_meth_new.3 | 288 -- secure/lib/libcrypto/man/BIO_new.3 | 202 -- secure/lib/libcrypto/man/BIO_new_CMS.3 | 204 -- secure/lib/libcrypto/man/BIO_parse_hostserv.3 | 212 -- secure/lib/libcrypto/man/BIO_printf.3 | 182 - secure/lib/libcrypto/man/BIO_push.3 | 224 -- secure/lib/libcrypto/man/BIO_read.3 | 226 -- secure/lib/libcrypto/man/BIO_s_accept.3 | 365 -- secure/lib/libcrypto/man/BIO_s_bio.3 | 329 -- secure/lib/libcrypto/man/BIO_s_connect.3 | 338 -- secure/lib/libcrypto/man/BIO_s_fd.3 | 230 -- secure/lib/libcrypto/man/BIO_s_file.3 | 303 -- secure/lib/libcrypto/man/BIO_s_mem.3 | 297 -- secure/lib/libcrypto/man/BIO_s_null.3 | 176 - secure/lib/libcrypto/man/BIO_s_socket.3 | 186 - secure/lib/libcrypto/man/BIO_set_callback.3 | 392 -- secure/lib/libcrypto/man/BIO_should_retry.3 | 273 -- secure/lib/libcrypto/man/BN_BLINDING_new.3 | 254 -- secure/lib/libcrypto/man/BN_CTX_new.3 | 213 -- secure/lib/libcrypto/man/BN_CTX_start.3 | 189 - secure/lib/libcrypto/man/BN_add.3 | 259 -- secure/lib/libcrypto/man/BN_add_word.3 | 192 - secure/lib/libcrypto/man/BN_bn2bin.3 | 245 -- secure/lib/libcrypto/man/BN_cmp.3 | 180 - secure/lib/libcrypto/man/BN_copy.3 | 191 - secure/lib/libcrypto/man/BN_generate_prime.3 | 337 -- secure/lib/libcrypto/man/BN_mod_inverse.3 | 173 - secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 | 218 -- secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 | 205 -- secure/lib/libcrypto/man/BN_new.3 | 195 - secure/lib/libcrypto/man/BN_num_bytes.3 | 192 - secure/lib/libcrypto/man/BN_rand.3 | 220 -- secure/lib/libcrypto/man/BN_security_bits.3 | 181 - secure/lib/libcrypto/man/BN_set_bit.3 | 200 - secure/lib/libcrypto/man/BN_swap.3 | 163 - secure/lib/libcrypto/man/BN_zero.3 | 197 - secure/lib/libcrypto/man/BUF_MEM_new.3 | 204 -- secure/lib/libcrypto/man/CMS_add0_cert.3 | 200 - secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 | 203 -- secure/lib/libcrypto/man/CMS_add1_signer.3 | 238 -- secure/lib/libcrypto/man/CMS_compress.3 | 210 -- secure/lib/libcrypto/man/CMS_decrypt.3 | 212 -- secure/lib/libcrypto/man/CMS_encrypt.3 | 233 -- secure/lib/libcrypto/man/CMS_final.3 | 177 - secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 | 265 -- secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 | 218 -- secure/lib/libcrypto/man/CMS_get0_type.3 | 217 -- secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 | 209 -- secure/lib/libcrypto/man/CMS_sign.3 | 258 -- secure/lib/libcrypto/man/CMS_sign_receipt.3 | 183 - secure/lib/libcrypto/man/CMS_uncompress.3 | 189 - secure/lib/libcrypto/man/CMS_verify.3 | 261 -- secure/lib/libcrypto/man/CMS_verify_receipt.3 | 185 - secure/lib/libcrypto/man/CONF_modules_free.3 | 190 - secure/lib/libcrypto/man/CONF_modules_load_file.3 | 282 -- secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 | 283 -- secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 | 298 -- secure/lib/libcrypto/man/CRYPTO_memcmp.3 | 171 - .../lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 | 179 - secure/lib/libcrypto/man/CTLOG_STORE_new.3 | 209 -- secure/lib/libcrypto/man/CTLOG_new.3 | 201 -- secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 | 229 -- secure/lib/libcrypto/man/DEFINE_STACK_OF.3 | 404 --- secure/lib/libcrypto/man/DES_random_key.3 | 444 --- secure/lib/libcrypto/man/DH_generate_key.3 | 186 - secure/lib/libcrypto/man/DH_generate_parameters.3 | 263 -- secure/lib/libcrypto/man/DH_get0_pqg.3 | 254 -- secure/lib/libcrypto/man/DH_get_1024_160.3 | 191 - secure/lib/libcrypto/man/DH_meth_new.3 | 294 -- secure/lib/libcrypto/man/DH_new.3 | 178 - secure/lib/libcrypto/man/DH_new_by_nid.3 | 172 - secure/lib/libcrypto/man/DH_set_method.3 | 219 -- secure/lib/libcrypto/man/DH_size.3 | 187 - secure/lib/libcrypto/man/DSA_SIG_new.3 | 189 - secure/lib/libcrypto/man/DSA_do_sign.3 | 184 - secure/lib/libcrypto/man/DSA_dup_DH.3 | 172 - secure/lib/libcrypto/man/DSA_generate_key.3 | 173 - secure/lib/libcrypto/man/DSA_generate_parameters.3 | 240 -- secure/lib/libcrypto/man/DSA_get0_pqg.3 | 239 -- secure/lib/libcrypto/man/DSA_meth_new.3 | 342 -- secure/lib/libcrypto/man/DSA_new.3 | 180 - secure/lib/libcrypto/man/DSA_set_method.3 | 219 -- secure/lib/libcrypto/man/DSA_sign.3 | 202 -- secure/lib/libcrypto/man/DSA_size.3 | 180 - secure/lib/libcrypto/man/DTLS_get_data_mtu.3 | 168 - secure/lib/libcrypto/man/DTLS_set_timer_cb.3 | 170 - secure/lib/libcrypto/man/DTLSv1_listen.3 | 262 -- secure/lib/libcrypto/man/ECDSA_SIG_new.3 | 347 -- secure/lib/libcrypto/man/ECPKParameters_print.3 | 175 - secure/lib/libcrypto/man/EC_GFp_simple_method.3 | 201 -- secure/lib/libcrypto/man/EC_GROUP_copy.3 | 331 -- secure/lib/libcrypto/man/EC_GROUP_new.3 | 261 -- secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 | 190 - secure/lib/libcrypto/man/EC_KEY_new.3 | 309 -- secure/lib/libcrypto/man/EC_POINT_add.3 | 216 -- secure/lib/libcrypto/man/EC_POINT_new.3 | 339 -- secure/lib/libcrypto/man/ENGINE_add.3 | 767 ---- secure/lib/libcrypto/man/ERR_GET_LIB.3 | 196 - secure/lib/libcrypto/man/ERR_clear_error.3 | 166 - secure/lib/libcrypto/man/ERR_error_string.3 | 206 -- secure/lib/libcrypto/man/ERR_get_error.3 | 208 -- secure/lib/libcrypto/man/ERR_load_crypto_strings.3 | 188 - secure/lib/libcrypto/man/ERR_load_strings.3 | 191 - secure/lib/libcrypto/man/ERR_print_errors.3 | 191 - secure/lib/libcrypto/man/ERR_put_error.3 | 207 -- secure/lib/libcrypto/man/ERR_remove_state.3 | 180 - secure/lib/libcrypto/man/ERR_set_mark.3 | 172 - secure/lib/libcrypto/man/EVP_BytesToKey.3 | 210 -- .../libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 | 182 - secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 | 343 -- secure/lib/libcrypto/man/EVP_DigestInit.3 | 446 --- secure/lib/libcrypto/man/EVP_DigestSignInit.3 | 285 -- secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 | 243 -- secure/lib/libcrypto/man/EVP_EncodeInit.3 | 290 -- secure/lib/libcrypto/man/EVP_EncryptInit.3 | 711 ---- secure/lib/libcrypto/man/EVP_MD_meth_new.3 | 292 -- secure/lib/libcrypto/man/EVP_OpenInit.3 | 200 - secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 | 553 --- secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 | 526 --- secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 | 192 - .../lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 | 183 - .../lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 | 288 -- .../man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 | 222 -- .../lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 | 211 -- .../libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 | 240 -- secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 | 207 -- secure/lib/libcrypto/man/EVP_PKEY_cmp.3 | 203 -- secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 | 236 -- secure/lib/libcrypto/man/EVP_PKEY_derive.3 | 234 -- secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 | 241 -- .../man/EVP_PKEY_get_default_digest_nid.3 | 181 - secure/lib/libcrypto/man/EVP_PKEY_keygen.3 | 335 -- secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 | 182 - secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 | 570 --- secure/lib/libcrypto/man/EVP_PKEY_new.3 | 257 -- secure/lib/libcrypto/man/EVP_PKEY_print_private.3 | 191 - secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 | 282 -- secure/lib/libcrypto/man/EVP_PKEY_sign.3 | 245 -- secure/lib/libcrypto/man/EVP_PKEY_verify.3 | 234 -- secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 | 245 -- secure/lib/libcrypto/man/EVP_SealInit.3 | 223 -- secure/lib/libcrypto/man/EVP_SignInit.3 | 240 -- secure/lib/libcrypto/man/EVP_VerifyInit.3 | 223 -- secure/lib/libcrypto/man/EVP_aes.3 | 216 -- secure/lib/libcrypto/man/EVP_aria.3 | 182 - secure/lib/libcrypto/man/EVP_bf_cbc.3 | 179 - secure/lib/libcrypto/man/EVP_blake2b512.3 | 186 - secure/lib/libcrypto/man/EVP_camellia.3 | 177 - secure/lib/libcrypto/man/EVP_cast5_cbc.3 | 179 - secure/lib/libcrypto/man/EVP_chacha20.3 | 188 - secure/lib/libcrypto/man/EVP_des.3 | 187 - secure/lib/libcrypto/man/EVP_desx_cbc.3 | 175 - secure/lib/libcrypto/man/EVP_idea_cbc.3 | 177 - secure/lib/libcrypto/man/EVP_md2.3 | 176 - secure/lib/libcrypto/man/EVP_md4.3 | 176 - secure/lib/libcrypto/man/EVP_md5.3 | 186 - secure/lib/libcrypto/man/EVP_mdc2.3 | 177 - secure/lib/libcrypto/man/EVP_rc2_cbc.3 | 189 - secure/lib/libcrypto/man/EVP_rc4.3 | 189 - secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 | 196 - secure/lib/libcrypto/man/EVP_ripemd160.3 | 176 - secure/lib/libcrypto/man/EVP_seed_cbc.3 | 179 - secure/lib/libcrypto/man/EVP_sha1.3 | 177 - secure/lib/libcrypto/man/EVP_sha224.3 | 187 - secure/lib/libcrypto/man/EVP_sha3_224.3 | 192 - secure/lib/libcrypto/man/EVP_sm3.3 | 177 - secure/lib/libcrypto/man/EVP_sm4_cbc.3 | 182 - secure/lib/libcrypto/man/EVP_whirlpool.3 | 177 - secure/lib/libcrypto/man/HMAC.3 | 279 -- secure/lib/libcrypto/man/MD5.3 | 224 -- secure/lib/libcrypto/man/MDC2_Init.3 | 199 - secure/lib/libcrypto/man/OBJ_nid2obj.3 | 327 -- secure/lib/libcrypto/man/OCSP_REQUEST_new.3 | 248 -- secure/lib/libcrypto/man/OCSP_cert_to_id.3 | 218 -- secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 | 215 -- secure/lib/libcrypto/man/OCSP_resp_find_status.3 | 319 -- secure/lib/libcrypto/man/OCSP_response_status.3 | 244 -- secure/lib/libcrypto/man/OCSP_sendreq_new.3 | 253 -- secure/lib/libcrypto/man/OPENSSL_Applink.3 | 168 - secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 | 369 -- secure/lib/libcrypto/man/OPENSSL_LH_stats.3 | 197 - secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 | 242 -- secure/lib/libcrypto/man/OPENSSL_config.3 | 210 -- secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 | 191 - secure/lib/libcrypto/man/OPENSSL_ia32cap.3 | 295 -- secure/lib/libcrypto/man/OPENSSL_init_crypto.3 | 379 -- secure/lib/libcrypto/man/OPENSSL_init_ssl.3 | 209 -- secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 | 186 - .../libcrypto/man/OPENSSL_load_builtin_modules.3 | 187 - secure/lib/libcrypto/man/OPENSSL_malloc.3 | 371 -- secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 | 260 -- secure/lib/libcrypto/man/OSSL_STORE_INFO.3 | 314 -- secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 | 362 -- secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 | 300 -- secure/lib/libcrypto/man/OSSL_STORE_expect.3 | 206 -- secure/lib/libcrypto/man/OSSL_STORE_open.3 | 281 -- .../lib/libcrypto/man/OpenSSL_add_all_algorithms.3 | 195 - secure/lib/libcrypto/man/PEM_bytes_read_bio.3 | 216 -- secure/lib/libcrypto/man/PEM_read.3 | 263 -- secure/lib/libcrypto/man/PEM_read_CMS.3 | 199 - secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 | 613 ---- secure/lib/libcrypto/man/PEM_read_bio_ex.3 | 199 - .../lib/libcrypto/man/PEM_write_bio_CMS_stream.3 | 180 - .../lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 | 179 - secure/lib/libcrypto/man/PKCS12_create.3 | 217 -- secure/lib/libcrypto/man/PKCS12_newpass.3 | 246 -- secure/lib/libcrypto/man/PKCS12_parse.3 | 203 -- secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 | 208 -- secure/lib/libcrypto/man/PKCS7_decrypt.3 | 187 - secure/lib/libcrypto/man/PKCS7_encrypt.3 | 218 -- secure/lib/libcrypto/man/PKCS7_sign.3 | 252 -- secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 | 224 -- secure/lib/libcrypto/man/PKCS7_verify.3 | 258 -- secure/lib/libcrypto/man/RAND_DRBG_generate.3 | 214 -- secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 | 204 -- secure/lib/libcrypto/man/RAND_DRBG_new.3 | 247 -- secure/lib/libcrypto/man/RAND_DRBG_reseed.3 | 239 -- secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 | 268 -- secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 | 193 - secure/lib/libcrypto/man/RAND_add.3 | 235 -- secure/lib/libcrypto/man/RAND_bytes.3 | 203 -- secure/lib/libcrypto/man/RAND_cleanup.3 | 175 - secure/lib/libcrypto/man/RAND_egd.3 | 193 - secure/lib/libcrypto/man/RAND_load_file.3 | 218 -- secure/lib/libcrypto/man/RAND_set_rand_method.3 | 203 -- secure/lib/libcrypto/man/RC4_set_key.3 | 197 - secure/lib/libcrypto/man/RIPEMD160_Init.3 | 200 - secure/lib/libcrypto/man/RSA_blinding_on.3 | 176 - secure/lib/libcrypto/man/RSA_check_key.3 | 213 -- secure/lib/libcrypto/man/RSA_generate_key.3 | 233 -- secure/lib/libcrypto/man/RSA_get0_key.3 | 298 -- secure/lib/libcrypto/man/RSA_meth_new.3 | 382 -- secure/lib/libcrypto/man/RSA_new.3 | 179 - .../libcrypto/man/RSA_padding_add_PKCS1_type_1.3 | 276 -- secure/lib/libcrypto/man/RSA_print.3 | 182 - secure/lib/libcrypto/man/RSA_private_encrypt.3 | 200 - secure/lib/libcrypto/man/RSA_public_encrypt.3 | 231 -- secure/lib/libcrypto/man/RSA_set_method.3 | 315 -- secure/lib/libcrypto/man/RSA_sign.3 | 196 - .../lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 | 198 - secure/lib/libcrypto/man/RSA_size.3 | 186 - secure/lib/libcrypto/man/SCT_new.3 | 306 -- secure/lib/libcrypto/man/SCT_print.3 | 187 - secure/lib/libcrypto/man/SCT_validate.3 | 223 -- secure/lib/libcrypto/man/SHA256_Init.3 | 236 -- secure/lib/libcrypto/man/SMIME_read_CMS.3 | 207 -- secure/lib/libcrypto/man/SMIME_read_PKCS7.3 | 210 -- secure/lib/libcrypto/man/SMIME_write_CMS.3 | 199 - secure/lib/libcrypto/man/SMIME_write_PKCS7.3 | 200 - secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 | 325 -- .../man/SSL_COMP_add_compression_method.3 | 229 -- secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 | 181 - .../lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 | 188 - secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 | 205 -- .../lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 | 186 - secure/lib/libcrypto/man/SSL_CONF_cmd.3 | 777 ---- secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 | 182 - secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 | 282 -- .../libcrypto/man/SSL_CTX_add_extra_chain_cert.3 | 209 -- secure/lib/libcrypto/man/SSL_CTX_add_session.3 | 200 - secure/lib/libcrypto/man/SSL_CTX_config.3 | 224 -- secure/lib/libcrypto/man/SSL_CTX_ctrl.3 | 175 - secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 | 508 --- secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 | 188 - secure/lib/libcrypto/man/SSL_CTX_free.3 | 182 - secure/lib/libcrypto/man/SSL_CTX_get0_param.3 | 194 - secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 | 191 - .../libcrypto/man/SSL_CTX_has_client_custom_ext.3 | 168 - .../libcrypto/man/SSL_CTX_load_verify_locations.3 | 287 -- secure/lib/libcrypto/man/SSL_CTX_new.3 | 326 -- secure/lib/libcrypto/man/SSL_CTX_sess_number.3 | 217 -- .../libcrypto/man/SSL_CTX_sess_set_cache_size.3 | 193 - secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 | 245 -- secure/lib/libcrypto/man/SSL_CTX_sessions.3 | 178 - secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 | 307 -- secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 | 238 -- secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 | 249 -- .../libcrypto/man/SSL_CTX_set1_verify_cert_store.3 | 226 -- .../lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 | 314 -- secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 | 213 -- secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 | 219 -- .../man/SSL_CTX_set_cert_verify_callback.3 | 209 -- secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 | 237 -- .../lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 | 241 -- .../libcrypto/man/SSL_CTX_set_client_hello_cb.3 | 262 -- .../man/SSL_CTX_set_ct_validation_callback.3 | 271 -- .../libcrypto/man/SSL_CTX_set_ctlog_list_file.3 | 183 - .../libcrypto/man/SSL_CTX_set_default_passwd_cb.3 | 240 -- secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 | 182 - .../man/SSL_CTX_set_generate_session_id.3 | 267 -- .../lib/libcrypto/man/SSL_CTX_set_info_callback.3 | 285 -- .../libcrypto/man/SSL_CTX_set_keylog_callback.3 | 183 - .../lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 | 213 -- .../libcrypto/man/SSL_CTX_set_min_proto_version.3 | 199 - secure/lib/libcrypto/man/SSL_CTX_set_mode.3 | 266 -- .../lib/libcrypto/man/SSL_CTX_set_msg_callback.3 | 252 -- secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 | 196 - secure/lib/libcrypto/man/SSL_CTX_set_options.3 | 471 --- .../man/SSL_CTX_set_psk_client_callback.3 | 292 -- .../lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 | 203 -- secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 | 202 -- .../man/SSL_CTX_set_record_padding_callback.3 | 219 -- .../lib/libcrypto/man/SSL_CTX_set_security_level.3 | 309 -- .../libcrypto/man/SSL_CTX_set_session_cache_mode.3 | 258 -- .../libcrypto/man/SSL_CTX_set_session_id_context.3 | 215 -- .../libcrypto/man/SSL_CTX_set_session_ticket_cb.3 | 301 -- .../man/SSL_CTX_set_split_send_fragment.3 | 303 -- secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 | 193 - .../man/SSL_CTX_set_stateless_cookie_generate_cb.3 | 188 - secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 | 199 - .../man/SSL_CTX_set_tlsext_servername_callback.3 | 206 -- .../libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 | 245 -- .../man/SSL_CTX_set_tlsext_ticket_key_cb.3 | 323 -- .../libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 | 231 -- .../libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 | 269 -- secure/lib/libcrypto/man/SSL_CTX_set_verify.3 | 472 --- secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 | 324 -- .../libcrypto/man/SSL_CTX_use_psk_identity_hint.3 | 269 -- secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 | 215 -- secure/lib/libcrypto/man/SSL_SESSION_free.3 | 214 -- secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 | 187 - .../lib/libcrypto/man/SSL_SESSION_get0_hostname.3 | 201 -- .../libcrypto/man/SSL_SESSION_get0_id_context.3 | 185 - secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 | 169 - .../libcrypto/man/SSL_SESSION_get_compress_id.3 | 170 - secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 | 177 - .../man/SSL_SESSION_get_protocol_version.3 | 185 - secure/lib/libcrypto/man/SSL_SESSION_get_time.3 | 204 -- secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 | 188 - .../lib/libcrypto/man/SSL_SESSION_is_resumable.3 | 174 - secure/lib/libcrypto/man/SSL_SESSION_print.3 | 176 - secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 | 179 - secure/lib/libcrypto/man/SSL_accept.3 | 205 -- secure/lib/libcrypto/man/SSL_alert_type_string.3 | 369 -- secure/lib/libcrypto/man/SSL_alloc_buffers.3 | 193 - secure/lib/libcrypto/man/SSL_check_chain.3 | 225 -- secure/lib/libcrypto/man/SSL_clear.3 | 208 -- secure/lib/libcrypto/man/SSL_connect.3 | 220 -- secure/lib/libcrypto/man/SSL_do_handshake.3 | 204 -- .../lib/libcrypto/man/SSL_export_keying_material.3 | 217 -- secure/lib/libcrypto/man/SSL_extension_supported.3 | 399 -- secure/lib/libcrypto/man/SSL_free.3 | 186 - secure/lib/libcrypto/man/SSL_get0_peer_scts.3 | 176 - secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 | 167 - secure/lib/libcrypto/man/SSL_get_all_async_fds.3 | 213 -- secure/lib/libcrypto/man/SSL_get_ciphers.3 | 241 -- secure/lib/libcrypto/man/SSL_get_client_random.3 | 229 -- secure/lib/libcrypto/man/SSL_get_current_cipher.3 | 200 - secure/lib/libcrypto/man/SSL_get_default_timeout.3 | 181 - secure/lib/libcrypto/man/SSL_get_error.3 | 293 -- secure/lib/libcrypto/man/SSL_get_extms_support.3 | 172 - secure/lib/libcrypto/man/SSL_get_fd.3 | 179 - secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 | 201 -- .../lib/libcrypto/man/SSL_get_peer_certificate.3 | 189 - .../lib/libcrypto/man/SSL_get_peer_signature_nid.3 | 183 - secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 | 183 - secure/lib/libcrypto/man/SSL_get_psk_identity.3 | 173 - secure/lib/libcrypto/man/SSL_get_rbio.3 | 175 - secure/lib/libcrypto/man/SSL_get_session.3 | 235 -- secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 | 219 -- secure/lib/libcrypto/man/SSL_get_verify_result.3 | 190 - secure/lib/libcrypto/man/SSL_get_version.3 | 221 -- secure/lib/libcrypto/man/SSL_in_init.3 | 227 -- secure/lib/libcrypto/man/SSL_key_update.3 | 236 -- secure/lib/libcrypto/man/SSL_library_init.3 | 185 - secure/lib/libcrypto/man/SSL_load_client_CA_file.3 | 197 - secure/lib/libcrypto/man/SSL_new.3 | 195 - secure/lib/libcrypto/man/SSL_pending.3 | 199 - secure/lib/libcrypto/man/SSL_read.3 | 275 -- secure/lib/libcrypto/man/SSL_read_early_data.3 | 480 --- secure/lib/libcrypto/man/SSL_rstate_string.3 | 195 - secure/lib/libcrypto/man/SSL_session_reused.3 | 178 - secure/lib/libcrypto/man/SSL_set1_host.3 | 249 -- secure/lib/libcrypto/man/SSL_set_bio.3 | 227 -- secure/lib/libcrypto/man/SSL_set_connect_state.3 | 207 -- secure/lib/libcrypto/man/SSL_set_fd.3 | 188 - secure/lib/libcrypto/man/SSL_set_session.3 | 194 - secure/lib/libcrypto/man/SSL_set_shutdown.3 | 204 -- secure/lib/libcrypto/man/SSL_set_verify_result.3 | 178 - secure/lib/libcrypto/man/SSL_shutdown.3 | 287 -- secure/lib/libcrypto/man/SSL_state_string.3 | 185 - secure/lib/libcrypto/man/SSL_want.3 | 233 -- secure/lib/libcrypto/man/SSL_write.3 | 251 -- secure/lib/libcrypto/man/UI_STRING.3 | 274 -- secure/lib/libcrypto/man/UI_UTIL_read_pw.3 | 202 -- secure/lib/libcrypto/man/UI_create_method.3 | 319 -- secure/lib/libcrypto/man/UI_new.3 | 376 -- secure/lib/libcrypto/man/X509V3_get_d2i.3 | 375 -- secure/lib/libcrypto/man/X509_ALGOR_dup.3 | 193 - secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 | 242 -- .../lib/libcrypto/man/X509_EXTENSION_set_object.3 | 223 -- secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 | 264 -- secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 | 313 -- .../lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 | 224 -- .../lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 | 257 -- secure/lib/libcrypto/man/X509_NAME_get0_der.3 | 171 - .../lib/libcrypto/man/X509_NAME_get_index_by_NID.3 | 254 -- secure/lib/libcrypto/man/X509_NAME_print_ex.3 | 252 -- secure/lib/libcrypto/man/X509_PUBKEY_new.3 | 248 -- secure/lib/libcrypto/man/X509_SIG_get0.3 | 172 - .../lib/libcrypto/man/X509_STORE_CTX_get_error.3 | 416 --- secure/lib/libcrypto/man/X509_STORE_CTX_new.3 | 295 -- .../libcrypto/man/X509_STORE_CTX_set_verify_cb.3 | 334 -- secure/lib/libcrypto/man/X509_STORE_add_cert.3 | 230 -- secure/lib/libcrypto/man/X509_STORE_get0_param.3 | 186 - secure/lib/libcrypto/man/X509_STORE_new.3 | 188 - .../libcrypto/man/X509_STORE_set_verify_cb_func.3 | 364 -- .../libcrypto/man/X509_VERIFY_PARAM_set_flags.3 | 500 --- secure/lib/libcrypto/man/X509_check_ca.3 | 177 - secure/lib/libcrypto/man/X509_check_host.3 | 288 -- secure/lib/libcrypto/man/X509_check_issued.3 | 175 - secure/lib/libcrypto/man/X509_check_private_key.3 | 183 - secure/lib/libcrypto/man/X509_cmp.3 | 209 -- secure/lib/libcrypto/man/X509_cmp_time.3 | 192 - secure/lib/libcrypto/man/X509_digest.3 | 194 - secure/lib/libcrypto/man/X509_dup.3 | 202 -- secure/lib/libcrypto/man/X509_get0_notBefore.3 | 231 -- secure/lib/libcrypto/man/X509_get0_signature.3 | 257 -- secure/lib/libcrypto/man/X509_get0_uids.3 | 188 - .../lib/libcrypto/man/X509_get_extension_flags.3 | 298 -- secure/lib/libcrypto/man/X509_get_pubkey.3 | 215 -- secure/lib/libcrypto/man/X509_get_serialNumber.3 | 200 - secure/lib/libcrypto/man/X509_get_subject_name.3 | 214 -- secure/lib/libcrypto/man/X509_get_version.3 | 211 -- secure/lib/libcrypto/man/X509_new.3 | 213 -- secure/lib/libcrypto/man/X509_sign.3 | 227 -- secure/lib/libcrypto/man/X509_verify_cert.3 | 190 - secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 | 264 -- secure/lib/libcrypto/man/d2i_DHparams.3 | 174 - secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 | 203 -- secure/lib/libcrypto/man/d2i_PrivateKey.3 | 209 -- secure/lib/libcrypto/man/d2i_SSL_SESSION.3 | 182 - secure/lib/libcrypto/man/d2i_X509.3 | 385 -- secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 | 182 - secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 | 182 - secure/lib/libcrypto/man/i2d_re_X509_tbs.3 | 218 -- secure/lib/libcrypto/man/man3/ADMISSIONS.3 | 280 ++ .../libcrypto/man/man3/ASN1_INTEGER_get_int64.3 | 260 ++ secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 | 171 + secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 | 182 + .../lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 | 195 + secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 | 242 ++ secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 | 182 + .../lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 | 245 ++ secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 | 380 ++ secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 | 231 ++ .../lib/libcrypto/man/man3/ASN1_generate_nconf.3 | 381 ++ secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 | 270 ++ secure/lib/libcrypto/man/man3/ASYNC_start_job.3 | 453 +++ secure/lib/libcrypto/man/man3/BF_encrypt.3 | 249 ++ secure/lib/libcrypto/man/man3/BIO_ADDR.3 | 253 ++ secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 | 239 ++ secure/lib/libcrypto/man/man3/BIO_connect.3 | 240 ++ secure/lib/libcrypto/man/man3/BIO_ctrl.3 | 263 ++ secure/lib/libcrypto/man/man3/BIO_f_base64.3 | 223 ++ secure/lib/libcrypto/man/man3/BIO_f_buffer.3 | 217 ++ secure/lib/libcrypto/man/man3/BIO_f_cipher.3 | 211 ++ secure/lib/libcrypto/man/man3/BIO_f_md.3 | 295 ++ secure/lib/libcrypto/man/man3/BIO_f_null.3 | 171 + secure/lib/libcrypto/man/man3/BIO_f_ssl.3 | 435 +++ secure/lib/libcrypto/man/man3/BIO_find_type.3 | 203 ++ secure/lib/libcrypto/man/man3/BIO_get_data.3 | 195 + .../lib/libcrypto/man/man3/BIO_get_ex_new_index.3 | 191 + secure/lib/libcrypto/man/man3/BIO_meth_new.3 | 288 ++ secure/lib/libcrypto/man/man3/BIO_new.3 | 202 ++ secure/lib/libcrypto/man/man3/BIO_new_CMS.3 | 204 ++ secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 | 212 ++ secure/lib/libcrypto/man/man3/BIO_printf.3 | 182 + secure/lib/libcrypto/man/man3/BIO_push.3 | 224 ++ secure/lib/libcrypto/man/man3/BIO_read.3 | 226 ++ secure/lib/libcrypto/man/man3/BIO_s_accept.3 | 365 ++ secure/lib/libcrypto/man/man3/BIO_s_bio.3 | 329 ++ secure/lib/libcrypto/man/man3/BIO_s_connect.3 | 338 ++ secure/lib/libcrypto/man/man3/BIO_s_fd.3 | 230 ++ secure/lib/libcrypto/man/man3/BIO_s_file.3 | 303 ++ secure/lib/libcrypto/man/man3/BIO_s_mem.3 | 297 ++ secure/lib/libcrypto/man/man3/BIO_s_null.3 | 176 + secure/lib/libcrypto/man/man3/BIO_s_socket.3 | 186 + secure/lib/libcrypto/man/man3/BIO_set_callback.3 | 392 ++ secure/lib/libcrypto/man/man3/BIO_should_retry.3 | 273 ++ secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 | 254 ++ secure/lib/libcrypto/man/man3/BN_CTX_new.3 | 213 ++ secure/lib/libcrypto/man/man3/BN_CTX_start.3 | 189 + secure/lib/libcrypto/man/man3/BN_add.3 | 259 ++ secure/lib/libcrypto/man/man3/BN_add_word.3 | 192 + secure/lib/libcrypto/man/man3/BN_bn2bin.3 | 245 ++ secure/lib/libcrypto/man/man3/BN_cmp.3 | 180 + secure/lib/libcrypto/man/man3/BN_copy.3 | 191 + secure/lib/libcrypto/man/man3/BN_generate_prime.3 | 337 ++ secure/lib/libcrypto/man/man3/BN_mod_inverse.3 | 173 + .../lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 | 218 ++ .../lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 | 205 ++ secure/lib/libcrypto/man/man3/BN_new.3 | 195 + secure/lib/libcrypto/man/man3/BN_num_bytes.3 | 192 + secure/lib/libcrypto/man/man3/BN_rand.3 | 220 ++ secure/lib/libcrypto/man/man3/BN_security_bits.3 | 181 + secure/lib/libcrypto/man/man3/BN_set_bit.3 | 200 + secure/lib/libcrypto/man/man3/BN_swap.3 | 163 + secure/lib/libcrypto/man/man3/BN_zero.3 | 197 + secure/lib/libcrypto/man/man3/BUF_MEM_new.3 | 204 ++ secure/lib/libcrypto/man/man3/CMS_add0_cert.3 | 200 + .../libcrypto/man/man3/CMS_add1_recipient_cert.3 | 203 ++ secure/lib/libcrypto/man/man3/CMS_add1_signer.3 | 238 ++ secure/lib/libcrypto/man/man3/CMS_compress.3 | 210 ++ secure/lib/libcrypto/man/man3/CMS_decrypt.3 | 212 ++ secure/lib/libcrypto/man/man3/CMS_encrypt.3 | 233 ++ secure/lib/libcrypto/man/man3/CMS_final.3 | 177 + .../libcrypto/man/man3/CMS_get0_RecipientInfos.3 | 265 ++ .../lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 | 218 ++ secure/lib/libcrypto/man/man3/CMS_get0_type.3 | 217 ++ .../libcrypto/man/man3/CMS_get1_ReceiptRequest.3 | 209 ++ secure/lib/libcrypto/man/man3/CMS_sign.3 | 258 ++ secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 | 183 + secure/lib/libcrypto/man/man3/CMS_uncompress.3 | 189 + secure/lib/libcrypto/man/man3/CMS_verify.3 | 261 ++ secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 | 185 + secure/lib/libcrypto/man/man3/CONF_modules_free.3 | 190 + .../libcrypto/man/man3/CONF_modules_load_file.3 | 282 ++ .../libcrypto/man/man3/CRYPTO_THREAD_run_once.3 | 283 ++ .../libcrypto/man/man3/CRYPTO_get_ex_new_index.3 | 298 ++ secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 | 171 + .../man/man3/CTLOG_STORE_get0_log_by_id.3 | 179 + secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 | 209 ++ secure/lib/libcrypto/man/man3/CTLOG_new.3 | 201 ++ .../libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 | 229 ++ secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 | 404 +++ secure/lib/libcrypto/man/man3/DES_random_key.3 | 444 +++ secure/lib/libcrypto/man/man3/DH_generate_key.3 | 186 + .../libcrypto/man/man3/DH_generate_parameters.3 | 263 ++ secure/lib/libcrypto/man/man3/DH_get0_pqg.3 | 254 ++ secure/lib/libcrypto/man/man3/DH_get_1024_160.3 | 191 + secure/lib/libcrypto/man/man3/DH_meth_new.3 | 294 ++ secure/lib/libcrypto/man/man3/DH_new.3 | 178 + secure/lib/libcrypto/man/man3/DH_new_by_nid.3 | 172 + secure/lib/libcrypto/man/man3/DH_set_method.3 | 219 ++ secure/lib/libcrypto/man/man3/DH_size.3 | 187 + secure/lib/libcrypto/man/man3/DSA_SIG_new.3 | 189 + secure/lib/libcrypto/man/man3/DSA_do_sign.3 | 184 + secure/lib/libcrypto/man/man3/DSA_dup_DH.3 | 172 + secure/lib/libcrypto/man/man3/DSA_generate_key.3 | 173 + .../libcrypto/man/man3/DSA_generate_parameters.3 | 240 ++ secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 | 239 ++ secure/lib/libcrypto/man/man3/DSA_meth_new.3 | 342 ++ secure/lib/libcrypto/man/man3/DSA_new.3 | 180 + secure/lib/libcrypto/man/man3/DSA_set_method.3 | 219 ++ secure/lib/libcrypto/man/man3/DSA_sign.3 | 202 ++ secure/lib/libcrypto/man/man3/DSA_size.3 | 180 + secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 | 168 + secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 | 170 + secure/lib/libcrypto/man/man3/DTLSv1_listen.3 | 262 ++ secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 | 347 ++ .../lib/libcrypto/man/man3/ECPKParameters_print.3 | 175 + .../lib/libcrypto/man/man3/EC_GFp_simple_method.3 | 201 ++ secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 | 331 ++ secure/lib/libcrypto/man/man3/EC_GROUP_new.3 | 261 ++ .../lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 | 190 + secure/lib/libcrypto/man/man3/EC_KEY_new.3 | 309 ++ secure/lib/libcrypto/man/man3/EC_POINT_add.3 | 216 ++ secure/lib/libcrypto/man/man3/EC_POINT_new.3 | 339 ++ secure/lib/libcrypto/man/man3/ENGINE_add.3 | 767 ++++ secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 | 196 + secure/lib/libcrypto/man/man3/ERR_clear_error.3 | 166 + secure/lib/libcrypto/man/man3/ERR_error_string.3 | 206 ++ secure/lib/libcrypto/man/man3/ERR_get_error.3 | 208 ++ .../libcrypto/man/man3/ERR_load_crypto_strings.3 | 188 + secure/lib/libcrypto/man/man3/ERR_load_strings.3 | 191 + secure/lib/libcrypto/man/man3/ERR_print_errors.3 | 191 + secure/lib/libcrypto/man/man3/ERR_put_error.3 | 207 ++ secure/lib/libcrypto/man/man3/ERR_remove_state.3 | 180 + secure/lib/libcrypto/man/man3/ERR_set_mark.3 | 172 + secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 | 210 ++ .../man/man3/EVP_CIPHER_CTX_get_cipher_data.3 | 182 + .../lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 | 343 ++ secure/lib/libcrypto/man/man3/EVP_DigestInit.3 | 446 +++ secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 | 285 ++ .../lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 | 243 ++ secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 | 290 ++ secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 | 711 ++++ secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 | 292 ++ secure/lib/libcrypto/man/man3/EVP_OpenInit.3 | 200 + .../lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 | 553 +++ secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 | 526 +++ secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 | 192 + .../man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 | 183 + .../libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 | 288 ++ .../man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 | 222 ++ .../libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 | 211 ++ .../man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 | 240 ++ .../libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 | 207 ++ secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 | 203 ++ secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 | 236 ++ secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 | 234 ++ secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 | 241 ++ .../man/man3/EVP_PKEY_get_default_digest_nid.3 | 181 + secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 | 335 ++ .../libcrypto/man/man3/EVP_PKEY_meth_get_count.3 | 182 + secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 | 570 +++ secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 | 257 ++ .../libcrypto/man/man3/EVP_PKEY_print_private.3 | 191 + secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 | 282 ++ secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 | 245 ++ secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 | 234 ++ .../libcrypto/man/man3/EVP_PKEY_verify_recover.3 | 245 ++ secure/lib/libcrypto/man/man3/EVP_SealInit.3 | 223 ++ secure/lib/libcrypto/man/man3/EVP_SignInit.3 | 240 ++ secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 | 223 ++ secure/lib/libcrypto/man/man3/EVP_aes.3 | 216 ++ secure/lib/libcrypto/man/man3/EVP_aria.3 | 182 + secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 | 179 + secure/lib/libcrypto/man/man3/EVP_blake2b512.3 | 186 + secure/lib/libcrypto/man/man3/EVP_camellia.3 | 177 + secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 | 179 + secure/lib/libcrypto/man/man3/EVP_chacha20.3 | 188 + secure/lib/libcrypto/man/man3/EVP_des.3 | 187 + secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 | 175 + secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 | 177 + secure/lib/libcrypto/man/man3/EVP_md2.3 | 176 + secure/lib/libcrypto/man/man3/EVP_md4.3 | 176 + secure/lib/libcrypto/man/man3/EVP_md5.3 | 186 + secure/lib/libcrypto/man/man3/EVP_mdc2.3 | 177 + secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 | 189 + secure/lib/libcrypto/man/man3/EVP_rc4.3 | 189 + .../lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 | 196 + secure/lib/libcrypto/man/man3/EVP_ripemd160.3 | 176 + secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 | 179 + secure/lib/libcrypto/man/man3/EVP_sha1.3 | 177 + secure/lib/libcrypto/man/man3/EVP_sha224.3 | 187 + secure/lib/libcrypto/man/man3/EVP_sha3_224.3 | 192 + secure/lib/libcrypto/man/man3/EVP_sm3.3 | 177 + secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 | 182 + secure/lib/libcrypto/man/man3/EVP_whirlpool.3 | 177 + secure/lib/libcrypto/man/man3/HMAC.3 | 279 ++ secure/lib/libcrypto/man/man3/MD5.3 | 224 ++ secure/lib/libcrypto/man/man3/MDC2_Init.3 | 199 + secure/lib/libcrypto/man/man3/Makefile | 3806 +++++++++++++++++++ secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 | 327 ++ secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 | 248 ++ secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 | 218 ++ .../libcrypto/man/man3/OCSP_request_add1_nonce.3 | 215 ++ .../lib/libcrypto/man/man3/OCSP_resp_find_status.3 | 319 ++ .../lib/libcrypto/man/man3/OCSP_response_status.3 | 244 ++ secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 | 253 ++ secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 | 168 + .../lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 | 369 ++ secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 | 197 + .../libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 | 242 ++ secure/lib/libcrypto/man/man3/OPENSSL_config.3 | 210 ++ .../lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 | 191 + secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 | 295 ++ .../lib/libcrypto/man/man3/OPENSSL_init_crypto.3 | 379 ++ secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 | 209 ++ .../libcrypto/man/man3/OPENSSL_instrument_bus.3 | 186 + .../man/man3/OPENSSL_load_builtin_modules.3 | 187 + secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 | 371 ++ .../lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 | 260 ++ secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 | 314 ++ secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 | 362 ++ secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 | 300 ++ secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 | 206 ++ secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 | 281 ++ .../man/man3/OpenSSL_add_all_algorithms.3 | 195 + secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 | 216 ++ secure/lib/libcrypto/man/man3/PEM_read.3 | 263 ++ secure/lib/libcrypto/man/man3/PEM_read_CMS.3 | 199 + .../libcrypto/man/man3/PEM_read_bio_PrivateKey.3 | 613 ++++ secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 | 199 + .../libcrypto/man/man3/PEM_write_bio_CMS_stream.3 | 180 + .../man/man3/PEM_write_bio_PKCS7_stream.3 | 179 + secure/lib/libcrypto/man/man3/PKCS12_create.3 | 217 ++ secure/lib/libcrypto/man/man3/PKCS12_newpass.3 | 246 ++ secure/lib/libcrypto/man/man3/PKCS12_parse.3 | 203 ++ secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 | 208 ++ secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 | 187 + secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 | 218 ++ secure/lib/libcrypto/man/man3/PKCS7_sign.3 | 252 ++ .../lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 | 224 ++ secure/lib/libcrypto/man/man3/PKCS7_verify.3 | 258 ++ secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 | 214 ++ .../lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 | 204 ++ secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 | 247 ++ secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 | 239 ++ .../libcrypto/man/man3/RAND_DRBG_set_callbacks.3 | 268 ++ .../lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 | 193 + secure/lib/libcrypto/man/man3/RAND_add.3 | 235 ++ secure/lib/libcrypto/man/man3/RAND_bytes.3 | 203 ++ secure/lib/libcrypto/man/man3/RAND_cleanup.3 | 175 + secure/lib/libcrypto/man/man3/RAND_egd.3 | 193 + secure/lib/libcrypto/man/man3/RAND_load_file.3 | 218 ++ .../lib/libcrypto/man/man3/RAND_set_rand_method.3 | 203 ++ secure/lib/libcrypto/man/man3/RC4_set_key.3 | 197 + secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 | 200 + secure/lib/libcrypto/man/man3/RSA_blinding_on.3 | 176 + secure/lib/libcrypto/man/man3/RSA_check_key.3 | 213 ++ secure/lib/libcrypto/man/man3/RSA_generate_key.3 | 233 ++ secure/lib/libcrypto/man/man3/RSA_get0_key.3 | 298 ++ secure/lib/libcrypto/man/man3/RSA_meth_new.3 | 382 ++ secure/lib/libcrypto/man/man3/RSA_new.3 | 179 + .../man/man3/RSA_padding_add_PKCS1_type_1.3 | 276 ++ secure/lib/libcrypto/man/man3/RSA_print.3 | 182 + .../lib/libcrypto/man/man3/RSA_private_encrypt.3 | 200 + secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 | 231 ++ secure/lib/libcrypto/man/man3/RSA_set_method.3 | 315 ++ secure/lib/libcrypto/man/man3/RSA_sign.3 | 196 + .../man/man3/RSA_sign_ASN1_OCTET_STRING.3 | 198 + secure/lib/libcrypto/man/man3/RSA_size.3 | 186 + secure/lib/libcrypto/man/man3/SCT_new.3 | 306 ++ secure/lib/libcrypto/man/man3/SCT_print.3 | 187 + secure/lib/libcrypto/man/man3/SCT_validate.3 | 223 ++ secure/lib/libcrypto/man/man3/SHA256_Init.3 | 236 ++ secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 | 207 ++ secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 | 210 ++ secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 | 199 + secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 | 200 + .../lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 | 325 ++ .../man/man3/SSL_COMP_add_compression_method.3 | 229 ++ secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 | 181 + .../libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 | 188 + .../libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 | 205 ++ .../libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 | 186 + secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 | 777 ++++ secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 | 182 + .../libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 | 282 ++ .../man/man3/SSL_CTX_add_extra_chain_cert.3 | 209 ++ .../lib/libcrypto/man/man3/SSL_CTX_add_session.3 | 200 + secure/lib/libcrypto/man/man3/SSL_CTX_config.3 | 224 ++ secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 | 175 + .../lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 | 508 +++ .../libcrypto/man/man3/SSL_CTX_flush_sessions.3 | 188 + secure/lib/libcrypto/man/man3/SSL_CTX_free.3 | 182 + secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 | 194 + .../libcrypto/man/man3/SSL_CTX_get_verify_mode.3 | 191 + .../man/man3/SSL_CTX_has_client_custom_ext.3 | 168 + .../man/man3/SSL_CTX_load_verify_locations.3 | 287 ++ secure/lib/libcrypto/man/man3/SSL_CTX_new.3 | 326 ++ .../lib/libcrypto/man/man3/SSL_CTX_sess_number.3 | 217 ++ .../man/man3/SSL_CTX_sess_set_cache_size.3 | 193 + .../libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 | 245 ++ secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 | 178 + .../lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 | 307 ++ .../lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 | 238 ++ .../lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 | 249 ++ .../man/man3/SSL_CTX_set1_verify_cert_store.3 | 226 ++ .../man/man3/SSL_CTX_set_alpn_select_cb.3 | 314 ++ .../lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 | 213 ++ .../libcrypto/man/man3/SSL_CTX_set_cert_store.3 | 219 ++ .../man/man3/SSL_CTX_set_cert_verify_callback.3 | 209 ++ .../libcrypto/man/man3/SSL_CTX_set_cipher_list.3 | 237 ++ .../man/man3/SSL_CTX_set_client_cert_cb.3 | 241 ++ .../man/man3/SSL_CTX_set_client_hello_cb.3 | 262 ++ .../man/man3/SSL_CTX_set_ct_validation_callback.3 | 271 ++ .../man/man3/SSL_CTX_set_ctlog_list_file.3 | 183 + .../man/man3/SSL_CTX_set_default_passwd_cb.3 | 240 ++ .../lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 | 182 + .../man/man3/SSL_CTX_set_generate_session_id.3 | 267 ++ .../libcrypto/man/man3/SSL_CTX_set_info_callback.3 | 285 ++ .../man/man3/SSL_CTX_set_keylog_callback.3 | 183 + .../libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 | 213 ++ .../man/man3/SSL_CTX_set_min_proto_version.3 | 199 + secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 | 266 ++ .../libcrypto/man/man3/SSL_CTX_set_msg_callback.3 | 252 ++ .../libcrypto/man/man3/SSL_CTX_set_num_tickets.3 | 196 + .../lib/libcrypto/man/man3/SSL_CTX_set_options.3 | 471 +++ .../man/man3/SSL_CTX_set_psk_client_callback.3 | 292 ++ .../man/man3/SSL_CTX_set_quiet_shutdown.3 | 203 ++ .../libcrypto/man/man3/SSL_CTX_set_read_ahead.3 | 202 ++ .../man/man3/SSL_CTX_set_record_padding_callback.3 | 219 ++ .../man/man3/SSL_CTX_set_security_level.3 | 309 ++ .../man/man3/SSL_CTX_set_session_cache_mode.3 | 258 ++ .../man/man3/SSL_CTX_set_session_id_context.3 | 215 ++ .../man/man3/SSL_CTX_set_session_ticket_cb.3 | 301 ++ .../man/man3/SSL_CTX_set_split_send_fragment.3 | 303 ++ .../libcrypto/man/man3/SSL_CTX_set_ssl_version.3 | 193 + .../SSL_CTX_set_stateless_cookie_generate_cb.3 | 188 + .../lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 | 199 + .../man3/SSL_CTX_set_tlsext_servername_callback.3 | 206 ++ .../man/man3/SSL_CTX_set_tlsext_status_cb.3 | 245 ++ .../man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 | 323 ++ .../man/man3/SSL_CTX_set_tlsext_use_srtp.3 | 231 ++ .../man/man3/SSL_CTX_set_tmp_dh_callback.3 | 269 ++ secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 | 472 +++ .../libcrypto/man/man3/SSL_CTX_use_certificate.3 | 324 ++ .../man/man3/SSL_CTX_use_psk_identity_hint.3 | 269 ++ .../libcrypto/man/man3/SSL_CTX_use_serverinfo.3 | 215 ++ secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 | 214 ++ .../libcrypto/man/man3/SSL_SESSION_get0_cipher.3 | 187 + .../libcrypto/man/man3/SSL_SESSION_get0_hostname.3 | 201 ++ .../man/man3/SSL_SESSION_get0_id_context.3 | 185 + .../lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 | 169 + .../man/man3/SSL_SESSION_get_compress_id.3 | 170 + .../libcrypto/man/man3/SSL_SESSION_get_ex_data.3 | 177 + .../man/man3/SSL_SESSION_get_protocol_version.3 | 185 + .../lib/libcrypto/man/man3/SSL_SESSION_get_time.3 | 204 ++ .../libcrypto/man/man3/SSL_SESSION_has_ticket.3 | 188 + .../libcrypto/man/man3/SSL_SESSION_is_resumable.3 | 174 + secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 | 176 + .../lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 | 179 + secure/lib/libcrypto/man/man3/SSL_accept.3 | 205 ++ .../lib/libcrypto/man/man3/SSL_alert_type_string.3 | 369 ++ secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 | 193 + secure/lib/libcrypto/man/man3/SSL_check_chain.3 | 225 ++ secure/lib/libcrypto/man/man3/SSL_clear.3 | 208 ++ secure/lib/libcrypto/man/man3/SSL_connect.3 | 220 ++ secure/lib/libcrypto/man/man3/SSL_do_handshake.3 | 204 ++ .../man/man3/SSL_export_keying_material.3 | 217 ++ .../libcrypto/man/man3/SSL_extension_supported.3 | 399 ++ secure/lib/libcrypto/man/man3/SSL_free.3 | 186 + secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 | 176 + secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 | 167 + .../lib/libcrypto/man/man3/SSL_get_all_async_fds.3 | 213 ++ secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 | 241 ++ .../lib/libcrypto/man/man3/SSL_get_client_random.3 | 229 ++ .../libcrypto/man/man3/SSL_get_current_cipher.3 | 200 + .../libcrypto/man/man3/SSL_get_default_timeout.3 | 181 + secure/lib/libcrypto/man/man3/SSL_get_error.3 | 293 ++ .../lib/libcrypto/man/man3/SSL_get_extms_support.3 | 172 + secure/lib/libcrypto/man/man3/SSL_get_fd.3 | 179 + .../libcrypto/man/man3/SSL_get_peer_cert_chain.3 | 201 ++ .../libcrypto/man/man3/SSL_get_peer_certificate.3 | 189 + .../man/man3/SSL_get_peer_signature_nid.3 | 183 + .../lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 | 183 + .../lib/libcrypto/man/man3/SSL_get_psk_identity.3 | 173 + secure/lib/libcrypto/man/man3/SSL_get_rbio.3 | 175 + secure/lib/libcrypto/man/man3/SSL_get_session.3 | 235 ++ .../libcrypto/man/man3/SSL_get_shared_sigalgs.3 | 219 ++ .../lib/libcrypto/man/man3/SSL_get_verify_result.3 | 190 + secure/lib/libcrypto/man/man3/SSL_get_version.3 | 221 ++ secure/lib/libcrypto/man/man3/SSL_in_init.3 | 227 ++ secure/lib/libcrypto/man/man3/SSL_key_update.3 | 236 ++ secure/lib/libcrypto/man/man3/SSL_library_init.3 | 185 + .../libcrypto/man/man3/SSL_load_client_CA_file.3 | 197 + secure/lib/libcrypto/man/man3/SSL_new.3 | 195 + secure/lib/libcrypto/man/man3/SSL_pending.3 | 199 + secure/lib/libcrypto/man/man3/SSL_read.3 | 275 ++ .../lib/libcrypto/man/man3/SSL_read_early_data.3 | 480 +++ secure/lib/libcrypto/man/man3/SSL_rstate_string.3 | 195 + secure/lib/libcrypto/man/man3/SSL_session_reused.3 | 178 + secure/lib/libcrypto/man/man3/SSL_set1_host.3 | 249 ++ secure/lib/libcrypto/man/man3/SSL_set_bio.3 | 227 ++ .../lib/libcrypto/man/man3/SSL_set_connect_state.3 | 207 ++ secure/lib/libcrypto/man/man3/SSL_set_fd.3 | 188 + secure/lib/libcrypto/man/man3/SSL_set_session.3 | 194 + secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 | 204 ++ .../lib/libcrypto/man/man3/SSL_set_verify_result.3 | 178 + secure/lib/libcrypto/man/man3/SSL_shutdown.3 | 287 ++ secure/lib/libcrypto/man/man3/SSL_state_string.3 | 185 + secure/lib/libcrypto/man/man3/SSL_want.3 | 233 ++ secure/lib/libcrypto/man/man3/SSL_write.3 | 251 ++ secure/lib/libcrypto/man/man3/UI_STRING.3 | 274 ++ secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 | 202 ++ secure/lib/libcrypto/man/man3/UI_create_method.3 | 319 ++ secure/lib/libcrypto/man/man3/UI_new.3 | 376 ++ secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 | 375 ++ secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 | 193 + .../libcrypto/man/man3/X509_CRL_get0_by_serial.3 | 242 ++ .../libcrypto/man/man3/X509_EXTENSION_set_object.3 | 223 ++ .../lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 | 264 ++ .../lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 | 313 ++ .../man/man3/X509_NAME_ENTRY_get_object.3 | 224 ++ .../man/man3/X509_NAME_add_entry_by_txt.3 | 257 ++ secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 | 171 + .../man/man3/X509_NAME_get_index_by_NID.3 | 254 ++ secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 | 252 ++ secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 | 248 ++ secure/lib/libcrypto/man/man3/X509_SIG_get0.3 | 172 + .../libcrypto/man/man3/X509_STORE_CTX_get_error.3 | 416 +++ secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 | 295 ++ .../man/man3/X509_STORE_CTX_set_verify_cb.3 | 334 ++ .../lib/libcrypto/man/man3/X509_STORE_add_cert.3 | 230 ++ .../lib/libcrypto/man/man3/X509_STORE_get0_param.3 | 186 + secure/lib/libcrypto/man/man3/X509_STORE_new.3 | 188 + .../man/man3/X509_STORE_set_verify_cb_func.3 | 364 ++ .../man/man3/X509_VERIFY_PARAM_set_flags.3 | 500 +++ secure/lib/libcrypto/man/man3/X509_check_ca.3 | 177 + secure/lib/libcrypto/man/man3/X509_check_host.3 | 288 ++ secure/lib/libcrypto/man/man3/X509_check_issued.3 | 175 + .../libcrypto/man/man3/X509_check_private_key.3 | 183 + secure/lib/libcrypto/man/man3/X509_cmp.3 | 209 ++ secure/lib/libcrypto/man/man3/X509_cmp_time.3 | 192 + secure/lib/libcrypto/man/man3/X509_digest.3 | 194 + secure/lib/libcrypto/man/man3/X509_dup.3 | 202 ++ .../lib/libcrypto/man/man3/X509_get0_notBefore.3 | 231 ++ .../lib/libcrypto/man/man3/X509_get0_signature.3 | 257 ++ secure/lib/libcrypto/man/man3/X509_get0_uids.3 | 188 + .../libcrypto/man/man3/X509_get_extension_flags.3 | 298 ++ secure/lib/libcrypto/man/man3/X509_get_pubkey.3 | 215 ++ .../lib/libcrypto/man/man3/X509_get_serialNumber.3 | 200 + .../lib/libcrypto/man/man3/X509_get_subject_name.3 | 214 ++ secure/lib/libcrypto/man/man3/X509_get_version.3 | 211 ++ secure/lib/libcrypto/man/man3/X509_new.3 | 213 ++ secure/lib/libcrypto/man/man3/X509_sign.3 | 227 ++ secure/lib/libcrypto/man/man3/X509_verify_cert.3 | 190 + .../lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 | 264 ++ secure/lib/libcrypto/man/man3/d2i_DHparams.3 | 174 + .../libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 | 203 ++ secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 | 209 ++ secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 | 182 + secure/lib/libcrypto/man/man3/d2i_X509.3 | 385 ++ secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 | 182 + .../lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 | 182 + secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 | 218 ++ secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 | 179 + secure/lib/libcrypto/man/man5/Makefile | 3 + secure/lib/libcrypto/man/man5/x509v3_config.5 | 704 ++++ secure/lib/libcrypto/man/man7/Ed25519.7 | 221 ++ secure/lib/libcrypto/man/man7/Makefile | 20 + secure/lib/libcrypto/man/man7/RAND.7 | 210 ++ secure/lib/libcrypto/man/man7/RAND_DRBG.7 | 396 ++ secure/lib/libcrypto/man/man7/RSA-PSS.7 | 189 + secure/lib/libcrypto/man/man7/SM2.7 | 217 ++ secure/lib/libcrypto/man/man7/X25519.7 | 208 ++ secure/lib/libcrypto/man/man7/bio.7 | 217 ++ secure/lib/libcrypto/man/man7/ct.7 | 185 + secure/lib/libcrypto/man/man7/des_modes.7 | 295 ++ secure/lib/libcrypto/man/man7/evp.7 | 236 ++ secure/lib/libcrypto/man/man7/ossl_store-file.7 | 191 + secure/lib/libcrypto/man/man7/ossl_store.7 | 215 ++ .../lib/libcrypto/man/man7/passphrase-encoding.7 | 287 ++ secure/lib/libcrypto/man/man7/scrypt.7 | 248 ++ secure/lib/libcrypto/man/man7/ssl.7 | 914 +++++ secure/lib/libcrypto/man/man7/x509.7 | 206 ++ secure/lib/libcrypto/man/o2i_SCT_LIST.3 | 179 - 950 files changed, 119116 insertions(+), 113952 deletions(-) delete mode 100644 secure/lib/libcrypto/man/ADMISSIONS.3 delete mode 100644 secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 delete mode 100644 secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 delete mode 100644 secure/lib/libcrypto/man/ASN1_OBJECT_new.3 delete mode 100644 secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 delete mode 100644 secure/lib/libcrypto/man/ASN1_STRING_length.3 delete mode 100644 secure/lib/libcrypto/man/ASN1_STRING_new.3 delete mode 100644 secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 delete mode 100644 secure/lib/libcrypto/man/ASN1_TIME_set.3 delete mode 100644 secure/lib/libcrypto/man/ASN1_TYPE_get.3 delete mode 100644 secure/lib/libcrypto/man/ASN1_generate_nconf.3 delete mode 100644 secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 delete mode 100644 secure/lib/libcrypto/man/ASYNC_start_job.3 delete mode 100644 secure/lib/libcrypto/man/BF_encrypt.3 delete mode 100644 secure/lib/libcrypto/man/BIO_ADDR.3 delete mode 100644 secure/lib/libcrypto/man/BIO_ADDRINFO.3 delete mode 100644 secure/lib/libcrypto/man/BIO_connect.3 delete mode 100644 secure/lib/libcrypto/man/BIO_ctrl.3 delete mode 100644 secure/lib/libcrypto/man/BIO_f_base64.3 delete mode 100644 secure/lib/libcrypto/man/BIO_f_buffer.3 delete mode 100644 secure/lib/libcrypto/man/BIO_f_cipher.3 delete mode 100644 secure/lib/libcrypto/man/BIO_f_md.3 delete mode 100644 secure/lib/libcrypto/man/BIO_f_null.3 delete mode 100644 secure/lib/libcrypto/man/BIO_f_ssl.3 delete mode 100644 secure/lib/libcrypto/man/BIO_find_type.3 delete mode 100644 secure/lib/libcrypto/man/BIO_get_data.3 delete mode 100644 secure/lib/libcrypto/man/BIO_get_ex_new_index.3 delete mode 100644 secure/lib/libcrypto/man/BIO_meth_new.3 delete mode 100644 secure/lib/libcrypto/man/BIO_new.3 delete mode 100644 secure/lib/libcrypto/man/BIO_new_CMS.3 delete mode 100644 secure/lib/libcrypto/man/BIO_parse_hostserv.3 delete mode 100644 secure/lib/libcrypto/man/BIO_printf.3 delete mode 100644 secure/lib/libcrypto/man/BIO_push.3 delete mode 100644 secure/lib/libcrypto/man/BIO_read.3 delete mode 100644 secure/lib/libcrypto/man/BIO_s_accept.3 delete mode 100644 secure/lib/libcrypto/man/BIO_s_bio.3 delete mode 100644 secure/lib/libcrypto/man/BIO_s_connect.3 delete mode 100644 secure/lib/libcrypto/man/BIO_s_fd.3 delete mode 100644 secure/lib/libcrypto/man/BIO_s_file.3 delete mode 100644 secure/lib/libcrypto/man/BIO_s_mem.3 delete mode 100644 secure/lib/libcrypto/man/BIO_s_null.3 delete mode 100644 secure/lib/libcrypto/man/BIO_s_socket.3 delete mode 100644 secure/lib/libcrypto/man/BIO_set_callback.3 delete mode 100644 secure/lib/libcrypto/man/BIO_should_retry.3 delete mode 100644 secure/lib/libcrypto/man/BN_BLINDING_new.3 delete mode 100644 secure/lib/libcrypto/man/BN_CTX_new.3 delete mode 100644 secure/lib/libcrypto/man/BN_CTX_start.3 delete mode 100644 secure/lib/libcrypto/man/BN_add.3 delete mode 100644 secure/lib/libcrypto/man/BN_add_word.3 delete mode 100644 secure/lib/libcrypto/man/BN_bn2bin.3 delete mode 100644 secure/lib/libcrypto/man/BN_cmp.3 delete mode 100644 secure/lib/libcrypto/man/BN_copy.3 delete mode 100644 secure/lib/libcrypto/man/BN_generate_prime.3 delete mode 100644 secure/lib/libcrypto/man/BN_mod_inverse.3 delete mode 100644 secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 delete mode 100644 secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 delete mode 100644 secure/lib/libcrypto/man/BN_new.3 delete mode 100644 secure/lib/libcrypto/man/BN_num_bytes.3 delete mode 100644 secure/lib/libcrypto/man/BN_rand.3 delete mode 100644 secure/lib/libcrypto/man/BN_security_bits.3 delete mode 100644 secure/lib/libcrypto/man/BN_set_bit.3 delete mode 100644 secure/lib/libcrypto/man/BN_swap.3 delete mode 100644 secure/lib/libcrypto/man/BN_zero.3 delete mode 100644 secure/lib/libcrypto/man/BUF_MEM_new.3 delete mode 100644 secure/lib/libcrypto/man/CMS_add0_cert.3 delete mode 100644 secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 delete mode 100644 secure/lib/libcrypto/man/CMS_add1_signer.3 delete mode 100644 secure/lib/libcrypto/man/CMS_compress.3 delete mode 100644 secure/lib/libcrypto/man/CMS_decrypt.3 delete mode 100644 secure/lib/libcrypto/man/CMS_encrypt.3 delete mode 100644 secure/lib/libcrypto/man/CMS_final.3 delete mode 100644 secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 delete mode 100644 secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 delete mode 100644 secure/lib/libcrypto/man/CMS_get0_type.3 delete mode 100644 secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 delete mode 100644 secure/lib/libcrypto/man/CMS_sign.3 delete mode 100644 secure/lib/libcrypto/man/CMS_sign_receipt.3 delete mode 100644 secure/lib/libcrypto/man/CMS_uncompress.3 delete mode 100644 secure/lib/libcrypto/man/CMS_verify.3 delete mode 100644 secure/lib/libcrypto/man/CMS_verify_receipt.3 delete mode 100644 secure/lib/libcrypto/man/CONF_modules_free.3 delete mode 100644 secure/lib/libcrypto/man/CONF_modules_load_file.3 delete mode 100644 secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 delete mode 100644 secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 delete mode 100644 secure/lib/libcrypto/man/CRYPTO_memcmp.3 delete mode 100644 secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 delete mode 100644 secure/lib/libcrypto/man/CTLOG_STORE_new.3 delete mode 100644 secure/lib/libcrypto/man/CTLOG_new.3 delete mode 100644 secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 delete mode 100644 secure/lib/libcrypto/man/DEFINE_STACK_OF.3 delete mode 100644 secure/lib/libcrypto/man/DES_random_key.3 delete mode 100644 secure/lib/libcrypto/man/DH_generate_key.3 delete mode 100644 secure/lib/libcrypto/man/DH_generate_parameters.3 delete mode 100644 secure/lib/libcrypto/man/DH_get0_pqg.3 delete mode 100644 secure/lib/libcrypto/man/DH_get_1024_160.3 delete mode 100644 secure/lib/libcrypto/man/DH_meth_new.3 delete mode 100644 secure/lib/libcrypto/man/DH_new.3 delete mode 100644 secure/lib/libcrypto/man/DH_new_by_nid.3 delete mode 100644 secure/lib/libcrypto/man/DH_set_method.3 delete mode 100644 secure/lib/libcrypto/man/DH_size.3 delete mode 100644 secure/lib/libcrypto/man/DSA_SIG_new.3 delete mode 100644 secure/lib/libcrypto/man/DSA_do_sign.3 delete mode 100644 secure/lib/libcrypto/man/DSA_dup_DH.3 delete mode 100644 secure/lib/libcrypto/man/DSA_generate_key.3 delete mode 100644 secure/lib/libcrypto/man/DSA_generate_parameters.3 delete mode 100644 secure/lib/libcrypto/man/DSA_get0_pqg.3 delete mode 100644 secure/lib/libcrypto/man/DSA_meth_new.3 delete mode 100644 secure/lib/libcrypto/man/DSA_new.3 delete mode 100644 secure/lib/libcrypto/man/DSA_set_method.3 delete mode 100644 secure/lib/libcrypto/man/DSA_sign.3 delete mode 100644 secure/lib/libcrypto/man/DSA_size.3 delete mode 100644 secure/lib/libcrypto/man/DTLS_get_data_mtu.3 delete mode 100644 secure/lib/libcrypto/man/DTLS_set_timer_cb.3 delete mode 100644 secure/lib/libcrypto/man/DTLSv1_listen.3 delete mode 100644 secure/lib/libcrypto/man/ECDSA_SIG_new.3 delete mode 100644 secure/lib/libcrypto/man/ECPKParameters_print.3 delete mode 100644 secure/lib/libcrypto/man/EC_GFp_simple_method.3 delete mode 100644 secure/lib/libcrypto/man/EC_GROUP_copy.3 delete mode 100644 secure/lib/libcrypto/man/EC_GROUP_new.3 delete mode 100644 secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 delete mode 100644 secure/lib/libcrypto/man/EC_KEY_new.3 delete mode 100644 secure/lib/libcrypto/man/EC_POINT_add.3 delete mode 100644 secure/lib/libcrypto/man/EC_POINT_new.3 delete mode 100644 secure/lib/libcrypto/man/ENGINE_add.3 delete mode 100644 secure/lib/libcrypto/man/ERR_GET_LIB.3 delete mode 100644 secure/lib/libcrypto/man/ERR_clear_error.3 delete mode 100644 secure/lib/libcrypto/man/ERR_error_string.3 delete mode 100644 secure/lib/libcrypto/man/ERR_get_error.3 delete mode 100644 secure/lib/libcrypto/man/ERR_load_crypto_strings.3 delete mode 100644 secure/lib/libcrypto/man/ERR_load_strings.3 delete mode 100644 secure/lib/libcrypto/man/ERR_print_errors.3 delete mode 100644 secure/lib/libcrypto/man/ERR_put_error.3 delete mode 100644 secure/lib/libcrypto/man/ERR_remove_state.3 delete mode 100644 secure/lib/libcrypto/man/ERR_set_mark.3 delete mode 100644 secure/lib/libcrypto/man/EVP_BytesToKey.3 delete mode 100644 secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 delete mode 100644 secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 delete mode 100644 secure/lib/libcrypto/man/EVP_DigestInit.3 delete mode 100644 secure/lib/libcrypto/man/EVP_DigestSignInit.3 delete mode 100644 secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 delete mode 100644 secure/lib/libcrypto/man/EVP_EncodeInit.3 delete mode 100644 secure/lib/libcrypto/man/EVP_EncryptInit.3 delete mode 100644 secure/lib/libcrypto/man/EVP_MD_meth_new.3 delete mode 100644 secure/lib/libcrypto/man/EVP_OpenInit.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_cmp.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_derive.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_keygen.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_new.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_print_private.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_sign.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_verify.3 delete mode 100644 secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 delete mode 100644 secure/lib/libcrypto/man/EVP_SealInit.3 delete mode 100644 secure/lib/libcrypto/man/EVP_SignInit.3 delete mode 100644 secure/lib/libcrypto/man/EVP_VerifyInit.3 delete mode 100644 secure/lib/libcrypto/man/EVP_aes.3 delete mode 100644 secure/lib/libcrypto/man/EVP_aria.3 delete mode 100644 secure/lib/libcrypto/man/EVP_bf_cbc.3 delete mode 100644 secure/lib/libcrypto/man/EVP_blake2b512.3 delete mode 100644 secure/lib/libcrypto/man/EVP_camellia.3 delete mode 100644 secure/lib/libcrypto/man/EVP_cast5_cbc.3 delete mode 100644 secure/lib/libcrypto/man/EVP_chacha20.3 delete mode 100644 secure/lib/libcrypto/man/EVP_des.3 delete mode 100644 secure/lib/libcrypto/man/EVP_desx_cbc.3 delete mode 100644 secure/lib/libcrypto/man/EVP_idea_cbc.3 delete mode 100644 secure/lib/libcrypto/man/EVP_md2.3 delete mode 100644 secure/lib/libcrypto/man/EVP_md4.3 delete mode 100644 secure/lib/libcrypto/man/EVP_md5.3 delete mode 100644 secure/lib/libcrypto/man/EVP_mdc2.3 delete mode 100644 secure/lib/libcrypto/man/EVP_rc2_cbc.3 delete mode 100644 secure/lib/libcrypto/man/EVP_rc4.3 delete mode 100644 secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 delete mode 100644 secure/lib/libcrypto/man/EVP_ripemd160.3 delete mode 100644 secure/lib/libcrypto/man/EVP_seed_cbc.3 delete mode 100644 secure/lib/libcrypto/man/EVP_sha1.3 delete mode 100644 secure/lib/libcrypto/man/EVP_sha224.3 delete mode 100644 secure/lib/libcrypto/man/EVP_sha3_224.3 delete mode 100644 secure/lib/libcrypto/man/EVP_sm3.3 delete mode 100644 secure/lib/libcrypto/man/EVP_sm4_cbc.3 delete mode 100644 secure/lib/libcrypto/man/EVP_whirlpool.3 delete mode 100644 secure/lib/libcrypto/man/HMAC.3 delete mode 100644 secure/lib/libcrypto/man/MD5.3 delete mode 100644 secure/lib/libcrypto/man/MDC2_Init.3 delete mode 100644 secure/lib/libcrypto/man/OBJ_nid2obj.3 delete mode 100644 secure/lib/libcrypto/man/OCSP_REQUEST_new.3 delete mode 100644 secure/lib/libcrypto/man/OCSP_cert_to_id.3 delete mode 100644 secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 delete mode 100644 secure/lib/libcrypto/man/OCSP_resp_find_status.3 delete mode 100644 secure/lib/libcrypto/man/OCSP_response_status.3 delete mode 100644 secure/lib/libcrypto/man/OCSP_sendreq_new.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_Applink.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_LH_stats.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_config.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_ia32cap.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_init_crypto.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_init_ssl.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_malloc.3 delete mode 100644 secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 delete mode 100644 secure/lib/libcrypto/man/OSSL_STORE_INFO.3 delete mode 100644 secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 delete mode 100644 secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 delete mode 100644 secure/lib/libcrypto/man/OSSL_STORE_expect.3 delete mode 100644 secure/lib/libcrypto/man/OSSL_STORE_open.3 delete mode 100644 secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 delete mode 100644 secure/lib/libcrypto/man/PEM_bytes_read_bio.3 delete mode 100644 secure/lib/libcrypto/man/PEM_read.3 delete mode 100644 secure/lib/libcrypto/man/PEM_read_CMS.3 delete mode 100644 secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 delete mode 100644 secure/lib/libcrypto/man/PEM_read_bio_ex.3 delete mode 100644 secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 delete mode 100644 secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 delete mode 100644 secure/lib/libcrypto/man/PKCS12_create.3 delete mode 100644 secure/lib/libcrypto/man/PKCS12_newpass.3 delete mode 100644 secure/lib/libcrypto/man/PKCS12_parse.3 delete mode 100644 secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 delete mode 100644 secure/lib/libcrypto/man/PKCS7_decrypt.3 delete mode 100644 secure/lib/libcrypto/man/PKCS7_encrypt.3 delete mode 100644 secure/lib/libcrypto/man/PKCS7_sign.3 delete mode 100644 secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 delete mode 100644 secure/lib/libcrypto/man/PKCS7_verify.3 delete mode 100644 secure/lib/libcrypto/man/RAND_DRBG_generate.3 delete mode 100644 secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 delete mode 100644 secure/lib/libcrypto/man/RAND_DRBG_new.3 delete mode 100644 secure/lib/libcrypto/man/RAND_DRBG_reseed.3 delete mode 100644 secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 delete mode 100644 secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 delete mode 100644 secure/lib/libcrypto/man/RAND_add.3 delete mode 100644 secure/lib/libcrypto/man/RAND_bytes.3 delete mode 100644 secure/lib/libcrypto/man/RAND_cleanup.3 delete mode 100644 secure/lib/libcrypto/man/RAND_egd.3 delete mode 100644 secure/lib/libcrypto/man/RAND_load_file.3 delete mode 100644 secure/lib/libcrypto/man/RAND_set_rand_method.3 delete mode 100644 secure/lib/libcrypto/man/RC4_set_key.3 delete mode 100644 secure/lib/libcrypto/man/RIPEMD160_Init.3 delete mode 100644 secure/lib/libcrypto/man/RSA_blinding_on.3 delete mode 100644 secure/lib/libcrypto/man/RSA_check_key.3 delete mode 100644 secure/lib/libcrypto/man/RSA_generate_key.3 delete mode 100644 secure/lib/libcrypto/man/RSA_get0_key.3 delete mode 100644 secure/lib/libcrypto/man/RSA_meth_new.3 delete mode 100644 secure/lib/libcrypto/man/RSA_new.3 delete mode 100644 secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 delete mode 100644 secure/lib/libcrypto/man/RSA_print.3 delete mode 100644 secure/lib/libcrypto/man/RSA_private_encrypt.3 delete mode 100644 secure/lib/libcrypto/man/RSA_public_encrypt.3 delete mode 100644 secure/lib/libcrypto/man/RSA_set_method.3 delete mode 100644 secure/lib/libcrypto/man/RSA_sign.3 delete mode 100644 secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 delete mode 100644 secure/lib/libcrypto/man/RSA_size.3 delete mode 100644 secure/lib/libcrypto/man/SCT_new.3 delete mode 100644 secure/lib/libcrypto/man/SCT_print.3 delete mode 100644 secure/lib/libcrypto/man/SCT_validate.3 delete mode 100644 secure/lib/libcrypto/man/SHA256_Init.3 delete mode 100644 secure/lib/libcrypto/man/SMIME_read_CMS.3 delete mode 100644 secure/lib/libcrypto/man/SMIME_read_PKCS7.3 delete mode 100644 secure/lib/libcrypto/man/SMIME_write_CMS.3 delete mode 100644 secure/lib/libcrypto/man/SMIME_write_PKCS7.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 delete mode 100644 secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CONF_cmd.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_add_session.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_config.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_ctrl.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_free.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_get0_param.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_new.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_sess_number.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_sessions.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_mode.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_options.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_set_verify.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 delete mode 100644 secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_free.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_get_time.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_print.3 delete mode 100644 secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 delete mode 100644 secure/lib/libcrypto/man/SSL_accept.3 delete mode 100644 secure/lib/libcrypto/man/SSL_alert_type_string.3 delete mode 100644 secure/lib/libcrypto/man/SSL_alloc_buffers.3 delete mode 100644 secure/lib/libcrypto/man/SSL_check_chain.3 delete mode 100644 secure/lib/libcrypto/man/SSL_clear.3 delete mode 100644 secure/lib/libcrypto/man/SSL_connect.3 delete mode 100644 secure/lib/libcrypto/man/SSL_do_handshake.3 delete mode 100644 secure/lib/libcrypto/man/SSL_export_keying_material.3 delete mode 100644 secure/lib/libcrypto/man/SSL_extension_supported.3 delete mode 100644 secure/lib/libcrypto/man/SSL_free.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get0_peer_scts.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_all_async_fds.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_ciphers.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_client_random.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_current_cipher.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_default_timeout.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_error.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_extms_support.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_fd.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_peer_certificate.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_psk_identity.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_rbio.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_session.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_verify_result.3 delete mode 100644 secure/lib/libcrypto/man/SSL_get_version.3 delete mode 100644 secure/lib/libcrypto/man/SSL_in_init.3 delete mode 100644 secure/lib/libcrypto/man/SSL_key_update.3 delete mode 100644 secure/lib/libcrypto/man/SSL_library_init.3 delete mode 100644 secure/lib/libcrypto/man/SSL_load_client_CA_file.3 delete mode 100644 secure/lib/libcrypto/man/SSL_new.3 delete mode 100644 secure/lib/libcrypto/man/SSL_pending.3 delete mode 100644 secure/lib/libcrypto/man/SSL_read.3 delete mode 100644 secure/lib/libcrypto/man/SSL_read_early_data.3 delete mode 100644 secure/lib/libcrypto/man/SSL_rstate_string.3 delete mode 100644 secure/lib/libcrypto/man/SSL_session_reused.3 delete mode 100644 secure/lib/libcrypto/man/SSL_set1_host.3 delete mode 100644 secure/lib/libcrypto/man/SSL_set_bio.3 delete mode 100644 secure/lib/libcrypto/man/SSL_set_connect_state.3 delete mode 100644 secure/lib/libcrypto/man/SSL_set_fd.3 delete mode 100644 secure/lib/libcrypto/man/SSL_set_session.3 delete mode 100644 secure/lib/libcrypto/man/SSL_set_shutdown.3 delete mode 100644 secure/lib/libcrypto/man/SSL_set_verify_result.3 delete mode 100644 secure/lib/libcrypto/man/SSL_shutdown.3 delete mode 100644 secure/lib/libcrypto/man/SSL_state_string.3 delete mode 100644 secure/lib/libcrypto/man/SSL_want.3 delete mode 100644 secure/lib/libcrypto/man/SSL_write.3 delete mode 100644 secure/lib/libcrypto/man/UI_STRING.3 delete mode 100644 secure/lib/libcrypto/man/UI_UTIL_read_pw.3 delete mode 100644 secure/lib/libcrypto/man/UI_create_method.3 delete mode 100644 secure/lib/libcrypto/man/UI_new.3 delete mode 100644 secure/lib/libcrypto/man/X509V3_get_d2i.3 delete mode 100644 secure/lib/libcrypto/man/X509_ALGOR_dup.3 delete mode 100644 secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 delete mode 100644 secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 delete mode 100644 secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 delete mode 100644 secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 delete mode 100644 secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 delete mode 100644 secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 delete mode 100644 secure/lib/libcrypto/man/X509_NAME_get0_der.3 delete mode 100644 secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 delete mode 100644 secure/lib/libcrypto/man/X509_NAME_print_ex.3 delete mode 100644 secure/lib/libcrypto/man/X509_PUBKEY_new.3 delete mode 100644 secure/lib/libcrypto/man/X509_SIG_get0.3 delete mode 100644 secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 delete mode 100644 secure/lib/libcrypto/man/X509_STORE_CTX_new.3 delete mode 100644 secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 delete mode 100644 secure/lib/libcrypto/man/X509_STORE_add_cert.3 delete mode 100644 secure/lib/libcrypto/man/X509_STORE_get0_param.3 delete mode 100644 secure/lib/libcrypto/man/X509_STORE_new.3 delete mode 100644 secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 delete mode 100644 secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 delete mode 100644 secure/lib/libcrypto/man/X509_check_ca.3 delete mode 100644 secure/lib/libcrypto/man/X509_check_host.3 delete mode 100644 secure/lib/libcrypto/man/X509_check_issued.3 delete mode 100644 secure/lib/libcrypto/man/X509_check_private_key.3 delete mode 100644 secure/lib/libcrypto/man/X509_cmp.3 delete mode 100644 secure/lib/libcrypto/man/X509_cmp_time.3 delete mode 100644 secure/lib/libcrypto/man/X509_digest.3 delete mode 100644 secure/lib/libcrypto/man/X509_dup.3 delete mode 100644 secure/lib/libcrypto/man/X509_get0_notBefore.3 delete mode 100644 secure/lib/libcrypto/man/X509_get0_signature.3 delete mode 100644 secure/lib/libcrypto/man/X509_get0_uids.3 delete mode 100644 secure/lib/libcrypto/man/X509_get_extension_flags.3 delete mode 100644 secure/lib/libcrypto/man/X509_get_pubkey.3 delete mode 100644 secure/lib/libcrypto/man/X509_get_serialNumber.3 delete mode 100644 secure/lib/libcrypto/man/X509_get_subject_name.3 delete mode 100644 secure/lib/libcrypto/man/X509_get_version.3 delete mode 100644 secure/lib/libcrypto/man/X509_new.3 delete mode 100644 secure/lib/libcrypto/man/X509_sign.3 delete mode 100644 secure/lib/libcrypto/man/X509_verify_cert.3 delete mode 100644 secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 delete mode 100644 secure/lib/libcrypto/man/d2i_DHparams.3 delete mode 100644 secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 delete mode 100644 secure/lib/libcrypto/man/d2i_PrivateKey.3 delete mode 100644 secure/lib/libcrypto/man/d2i_SSL_SESSION.3 delete mode 100644 secure/lib/libcrypto/man/d2i_X509.3 delete mode 100644 secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 delete mode 100644 secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 delete mode 100644 secure/lib/libcrypto/man/i2d_re_X509_tbs.3 create mode 100644 secure/lib/libcrypto/man/man3/ADMISSIONS.3 create mode 100644 secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 create mode 100644 secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 create mode 100644 secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 create mode 100644 secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 create mode 100644 secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 create mode 100644 secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 create mode 100644 secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 create mode 100644 secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 create mode 100644 secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 create mode 100644 secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 create mode 100644 secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 create mode 100644 secure/lib/libcrypto/man/man3/ASYNC_start_job.3 create mode 100644 secure/lib/libcrypto/man/man3/BF_encrypt.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_ADDR.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_connect.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_ctrl.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_f_base64.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_f_buffer.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_f_cipher.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_f_md.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_f_null.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_f_ssl.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_find_type.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_get_data.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_meth_new.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_new.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_new_CMS.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_printf.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_push.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_read.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_s_accept.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_s_bio.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_s_connect.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_s_fd.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_s_file.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_s_mem.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_s_null.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_s_socket.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_set_callback.3 create mode 100644 secure/lib/libcrypto/man/man3/BIO_should_retry.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_CTX_new.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_CTX_start.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_add.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_add_word.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_bn2bin.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_cmp.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_copy.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_generate_prime.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_mod_inverse.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_new.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_num_bytes.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_rand.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_security_bits.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_set_bit.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_swap.3 create mode 100644 secure/lib/libcrypto/man/man3/BN_zero.3 create mode 100644 secure/lib/libcrypto/man/man3/BUF_MEM_new.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_add0_cert.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_add1_signer.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_compress.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_decrypt.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_encrypt.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_final.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_get0_type.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_sign.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_uncompress.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_verify.3 create mode 100644 secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 create mode 100644 secure/lib/libcrypto/man/man3/CONF_modules_free.3 create mode 100644 secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 create mode 100644 secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 create mode 100644 secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 create mode 100644 secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 create mode 100644 secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 create mode 100644 secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 create mode 100644 secure/lib/libcrypto/man/man3/CTLOG_new.3 create mode 100644 secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 create mode 100644 secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 create mode 100644 secure/lib/libcrypto/man/man3/DES_random_key.3 create mode 100644 secure/lib/libcrypto/man/man3/DH_generate_key.3 create mode 100644 secure/lib/libcrypto/man/man3/DH_generate_parameters.3 create mode 100644 secure/lib/libcrypto/man/man3/DH_get0_pqg.3 create mode 100644 secure/lib/libcrypto/man/man3/DH_get_1024_160.3 create mode 100644 secure/lib/libcrypto/man/man3/DH_meth_new.3 create mode 100644 secure/lib/libcrypto/man/man3/DH_new.3 create mode 100644 secure/lib/libcrypto/man/man3/DH_new_by_nid.3 create mode 100644 secure/lib/libcrypto/man/man3/DH_set_method.3 create mode 100644 secure/lib/libcrypto/man/man3/DH_size.3 create mode 100644 secure/lib/libcrypto/man/man3/DSA_SIG_new.3 create mode 100644 secure/lib/libcrypto/man/man3/DSA_do_sign.3 create mode 100644 secure/lib/libcrypto/man/man3/DSA_dup_DH.3 create mode 100644 secure/lib/libcrypto/man/man3/DSA_generate_key.3 create mode 100644 secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 create mode 100644 secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 create mode 100644 secure/lib/libcrypto/man/man3/DSA_meth_new.3 create mode 100644 secure/lib/libcrypto/man/man3/DSA_new.3 create mode 100644 secure/lib/libcrypto/man/man3/DSA_set_method.3 create mode 100644 secure/lib/libcrypto/man/man3/DSA_sign.3 create mode 100644 secure/lib/libcrypto/man/man3/DSA_size.3 create mode 100644 secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 create mode 100644 secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 create mode 100644 secure/lib/libcrypto/man/man3/DTLSv1_listen.3 create mode 100644 secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 create mode 100644 secure/lib/libcrypto/man/man3/ECPKParameters_print.3 create mode 100644 secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 create mode 100644 secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 create mode 100644 secure/lib/libcrypto/man/man3/EC_GROUP_new.3 create mode 100644 secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 create mode 100644 secure/lib/libcrypto/man/man3/EC_KEY_new.3 create mode 100644 secure/lib/libcrypto/man/man3/EC_POINT_add.3 create mode 100644 secure/lib/libcrypto/man/man3/EC_POINT_new.3 create mode 100644 secure/lib/libcrypto/man/man3/ENGINE_add.3 create mode 100644 secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 create mode 100644 secure/lib/libcrypto/man/man3/ERR_clear_error.3 create mode 100644 secure/lib/libcrypto/man/man3/ERR_error_string.3 create mode 100644 secure/lib/libcrypto/man/man3/ERR_get_error.3 create mode 100644 secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 create mode 100644 secure/lib/libcrypto/man/man3/ERR_load_strings.3 create mode 100644 secure/lib/libcrypto/man/man3/ERR_print_errors.3 create mode 100644 secure/lib/libcrypto/man/man3/ERR_put_error.3 create mode 100644 secure/lib/libcrypto/man/man3/ERR_remove_state.3 create mode 100644 secure/lib/libcrypto/man/man3/ERR_set_mark.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_DigestInit.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_OpenInit.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_SealInit.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_SignInit.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_aes.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_aria.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_blake2b512.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_camellia.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_chacha20.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_des.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_md2.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_md4.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_md5.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_mdc2.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_rc4.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_ripemd160.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_sha1.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_sha224.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_sha3_224.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_sm3.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 create mode 100644 secure/lib/libcrypto/man/man3/EVP_whirlpool.3 create mode 100644 secure/lib/libcrypto/man/man3/HMAC.3 create mode 100644 secure/lib/libcrypto/man/man3/MD5.3 create mode 100644 secure/lib/libcrypto/man/man3/MDC2_Init.3 create mode 100644 secure/lib/libcrypto/man/man3/Makefile create mode 100644 secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 create mode 100644 secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 create mode 100644 secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 create mode 100644 secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 create mode 100644 secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 create mode 100644 secure/lib/libcrypto/man/man3/OCSP_response_status.3 create mode 100644 secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_config.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 create mode 100644 secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 create mode 100644 secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 create mode 100644 secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 create mode 100644 secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 create mode 100644 secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 create mode 100644 secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 create mode 100644 secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 create mode 100644 secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 create mode 100644 secure/lib/libcrypto/man/man3/PEM_read.3 create mode 100644 secure/lib/libcrypto/man/man3/PEM_read_CMS.3 create mode 100644 secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 create mode 100644 secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 create mode 100644 secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 create mode 100644 secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 create mode 100644 secure/lib/libcrypto/man/man3/PKCS12_create.3 create mode 100644 secure/lib/libcrypto/man/man3/PKCS12_newpass.3 create mode 100644 secure/lib/libcrypto/man/man3/PKCS12_parse.3 create mode 100644 secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 create mode 100644 secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 create mode 100644 secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 create mode 100644 secure/lib/libcrypto/man/man3/PKCS7_sign.3 create mode 100644 secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 create mode 100644 secure/lib/libcrypto/man/man3/PKCS7_verify.3 create mode 100644 secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 create mode 100644 secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 create mode 100644 secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 create mode 100644 secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 create mode 100644 secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 create mode 100644 secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 create mode 100644 secure/lib/libcrypto/man/man3/RAND_add.3 create mode 100644 secure/lib/libcrypto/man/man3/RAND_bytes.3 create mode 100644 secure/lib/libcrypto/man/man3/RAND_cleanup.3 create mode 100644 secure/lib/libcrypto/man/man3/RAND_egd.3 create mode 100644 secure/lib/libcrypto/man/man3/RAND_load_file.3 create mode 100644 secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 create mode 100644 secure/lib/libcrypto/man/man3/RC4_set_key.3 create mode 100644 secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_blinding_on.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_check_key.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_generate_key.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_get0_key.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_meth_new.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_new.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_print.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_set_method.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_sign.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 create mode 100644 secure/lib/libcrypto/man/man3/RSA_size.3 create mode 100644 secure/lib/libcrypto/man/man3/SCT_new.3 create mode 100644 secure/lib/libcrypto/man/man3/SCT_print.3 create mode 100644 secure/lib/libcrypto/man/man3/SCT_validate.3 create mode 100644 secure/lib/libcrypto/man/man3/SHA256_Init.3 create mode 100644 secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 create mode 100644 secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 create mode 100644 secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 create mode 100644 secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_config.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_free.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_new.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_accept.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_check_chain.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_clear.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_connect.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_do_handshake.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_extension_supported.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_free.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_client_random.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_error.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_fd.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_rbio.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_session.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_get_version.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_in_init.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_key_update.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_library_init.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_new.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_pending.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_read.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_read_early_data.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_rstate_string.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_session_reused.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_set1_host.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_set_bio.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_set_fd.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_set_session.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_shutdown.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_state_string.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_want.3 create mode 100644 secure/lib/libcrypto/man/man3/SSL_write.3 create mode 100644 secure/lib/libcrypto/man/man3/UI_STRING.3 create mode 100644 secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 create mode 100644 secure/lib/libcrypto/man/man3/UI_create_method.3 create mode 100644 secure/lib/libcrypto/man/man3/UI_new.3 create mode 100644 secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_SIG_get0.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_STORE_new.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_check_ca.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_check_host.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_check_issued.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_check_private_key.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_cmp.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_cmp_time.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_digest.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_dup.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_get0_signature.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_get0_uids.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_get_pubkey.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_get_subject_name.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_get_version.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_new.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_sign.3 create mode 100644 secure/lib/libcrypto/man/man3/X509_verify_cert.3 create mode 100644 secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 create mode 100644 secure/lib/libcrypto/man/man3/d2i_DHparams.3 create mode 100644 secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 create mode 100644 secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 create mode 100644 secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 create mode 100644 secure/lib/libcrypto/man/man3/d2i_X509.3 create mode 100644 secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 create mode 100644 secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 create mode 100644 secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 create mode 100644 secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 create mode 100644 secure/lib/libcrypto/man/man5/Makefile create mode 100644 secure/lib/libcrypto/man/man5/x509v3_config.5 create mode 100644 secure/lib/libcrypto/man/man7/Ed25519.7 create mode 100644 secure/lib/libcrypto/man/man7/Makefile create mode 100644 secure/lib/libcrypto/man/man7/RAND.7 create mode 100644 secure/lib/libcrypto/man/man7/RAND_DRBG.7 create mode 100644 secure/lib/libcrypto/man/man7/RSA-PSS.7 create mode 100644 secure/lib/libcrypto/man/man7/SM2.7 create mode 100644 secure/lib/libcrypto/man/man7/X25519.7 create mode 100644 secure/lib/libcrypto/man/man7/bio.7 create mode 100644 secure/lib/libcrypto/man/man7/ct.7 create mode 100644 secure/lib/libcrypto/man/man7/des_modes.7 create mode 100644 secure/lib/libcrypto/man/man7/evp.7 create mode 100644 secure/lib/libcrypto/man/man7/ossl_store-file.7 create mode 100644 secure/lib/libcrypto/man/man7/ossl_store.7 create mode 100644 secure/lib/libcrypto/man/man7/passphrase-encoding.7 create mode 100644 secure/lib/libcrypto/man/man7/scrypt.7 create mode 100644 secure/lib/libcrypto/man/man7/ssl.7 create mode 100644 secure/lib/libcrypto/man/man7/x509.7 delete mode 100644 secure/lib/libcrypto/man/o2i_SCT_LIST.3 (limited to 'secure') diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile index 5a3b847a8414..f8325332d6db 100644 --- a/secure/lib/libcrypto/Makefile +++ b/secure/lib/libcrypto/Makefile @@ -12,9 +12,7 @@ VERSION_MAP= ${.CURDIR}/Version.map NO_LINT= -.if exists(Makefile.man) .include "Makefile.man" -.endif .include "Makefile.inc" SRCS= cpt_err.c cryptlib.c ctype.c cversion.c ex_data.c getenv.c init.c @@ -531,5 +529,4 @@ PICFLAG+= -DOPENSSL_PIC ${LCRYPTO_SRC}/crypto/whrlpool \ ${LCRYPTO_SRC}/crypto/x509 \ ${LCRYPTO_SRC}/crypto/x509v3 \ - ${LCRYPTO_SRC}/include/openssl \ - ${.CURDIR}/man + ${LCRYPTO_SRC}/include/openssl diff --git a/secure/lib/libcrypto/Makefile.man b/secure/lib/libcrypto/Makefile.man index da6c0c8a8e88..827d6be51b92 100644 --- a/secure/lib/libcrypto/Makefile.man +++ b/secure/lib/libcrypto/Makefile.man @@ -1,3806 +1,5 @@ # $FreeBSD$ -MAN+= ADMISSIONS.3 -MAN+= ASN1_INTEGER_get_int64.3 -MAN+= ASN1_ITEM_lookup.3 -MAN+= ASN1_OBJECT_new.3 -MAN+= ASN1_STRING_TABLE_add.3 -MAN+= ASN1_STRING_length.3 -MAN+= ASN1_STRING_new.3 -MAN+= ASN1_STRING_print_ex.3 -MAN+= ASN1_TIME_set.3 -MAN+= ASN1_TYPE_get.3 -MAN+= ASN1_generate_nconf.3 -MAN+= ASYNC_WAIT_CTX_new.3 -MAN+= ASYNC_start_job.3 -MAN+= BF_encrypt.3 -MAN+= BIO_ADDR.3 -MAN+= BIO_ADDRINFO.3 -MAN+= BIO_connect.3 -MAN+= BIO_ctrl.3 -MAN+= BIO_f_base64.3 -MAN+= BIO_f_buffer.3 -MAN+= BIO_f_cipher.3 -MAN+= BIO_f_md.3 -MAN+= BIO_f_null.3 -MAN+= BIO_f_ssl.3 -MAN+= BIO_find_type.3 -MAN+= BIO_get_data.3 -MAN+= BIO_get_ex_new_index.3 -MAN+= BIO_meth_new.3 -MAN+= BIO_new.3 -MAN+= BIO_new_CMS.3 -MAN+= BIO_parse_hostserv.3 -MAN+= BIO_printf.3 -MAN+= BIO_push.3 -MAN+= BIO_read.3 -MAN+= BIO_s_accept.3 -MAN+= BIO_s_bio.3 -MAN+= BIO_s_connect.3 -MAN+= BIO_s_fd.3 -MAN+= BIO_s_file.3 -MAN+= BIO_s_mem.3 -MAN+= BIO_s_null.3 -MAN+= BIO_s_socket.3 -MAN+= BIO_set_callback.3 -MAN+= BIO_should_retry.3 -MAN+= BN_BLINDING_new.3 -MAN+= BN_CTX_new.3 -MAN+= BN_CTX_start.3 -MAN+= BN_add.3 -MAN+= BN_add_word.3 -MAN+= BN_bn2bin.3 -MAN+= BN_cmp.3 -MAN+= BN_copy.3 -MAN+= BN_generate_prime.3 -MAN+= BN_mod_inverse.3 -MAN+= BN_mod_mul_montgomery.3 -MAN+= BN_mod_mul_reciprocal.3 -MAN+= BN_new.3 -MAN+= BN_num_bytes.3 -MAN+= BN_rand.3 -MAN+= BN_security_bits.3 -MAN+= BN_set_bit.3 -MAN+= BN_swap.3 -MAN+= BN_zero.3 -MAN+= BUF_MEM_new.3 -MAN+= CMS_add0_cert.3 -MAN+= CMS_add1_recipient_cert.3 -MAN+= CMS_add1_signer.3 -MAN+= CMS_compress.3 -MAN+= CMS_decrypt.3 -MAN+= CMS_encrypt.3 -MAN+= CMS_final.3 -MAN+= CMS_get0_RecipientInfos.3 -MAN+= CMS_get0_SignerInfos.3 -MAN+= CMS_get0_type.3 -MAN+= CMS_get1_ReceiptRequest.3 -MAN+= CMS_sign.3 -MAN+= CMS_sign_receipt.3 -MAN+= CMS_uncompress.3 -MAN+= CMS_verify.3 -MAN+= CMS_verify_receipt.3 -MAN+= CONF_modules_free.3 -MAN+= CONF_modules_load_file.3 -MAN+= CRYPTO_THREAD_run_once.3 -MAN+= CRYPTO_get_ex_new_index.3 -MAN+= CRYPTO_memcmp.3 -MAN+= CTLOG_STORE_get0_log_by_id.3 -MAN+= CTLOG_STORE_new.3 -MAN+= CTLOG_new.3 -MAN+= CT_POLICY_EVAL_CTX_new.3 -MAN+= DEFINE_STACK_OF.3 -MAN+= DES_random_key.3 -MAN+= DH_generate_key.3 -MAN+= DH_generate_parameters.3 -MAN+= DH_get0_pqg.3 -MAN+= DH_get_1024_160.3 -MAN+= DH_meth_new.3 -MAN+= DH_new.3 -MAN+= DH_new_by_nid.3 -MAN+= DH_set_method.3 -MAN+= DH_size.3 -MAN+= DSA_SIG_new.3 -MAN+= DSA_do_sign.3 -MAN+= DSA_dup_DH.3 -MAN+= DSA_generate_key.3 -MAN+= DSA_generate_parameters.3 -MAN+= DSA_get0_pqg.3 -MAN+= DSA_meth_new.3 -MAN+= DSA_new.3 -MAN+= DSA_set_method.3 -MAN+= DSA_sign.3 -MAN+= DSA_size.3 -MAN+= DTLS_get_data_mtu.3 -MAN+= DTLS_set_timer_cb.3 -MAN+= DTLSv1_listen.3 -MAN+= ECDSA_SIG_new.3 -MAN+= ECPKParameters_print.3 -MAN+= EC_GFp_simple_method.3 -MAN+= EC_GROUP_copy.3 -MAN+= EC_GROUP_new.3 -MAN+= EC_KEY_get_enc_flags.3 -MAN+= EC_KEY_new.3 -MAN+= EC_POINT_add.3 -MAN+= EC_POINT_new.3 -MAN+= ENGINE_add.3 -MAN+= ERR_GET_LIB.3 -MAN+= ERR_clear_error.3 -MAN+= ERR_error_string.3 -MAN+= ERR_get_error.3 -MAN+= ERR_load_crypto_strings.3 -MAN+= ERR_load_strings.3 -MAN+= ERR_print_errors.3 -MAN+= ERR_put_error.3 -MAN+= ERR_remove_state.3 -MAN+= ERR_set_mark.3 -MAN+= EVP_BytesToKey.3 -MAN+= EVP_CIPHER_CTX_get_cipher_data.3 -MAN+= EVP_CIPHER_meth_new.3 -MAN+= EVP_DigestInit.3 -MAN+= EVP_DigestSignInit.3 -MAN+= EVP_DigestVerifyInit.3 -MAN+= EVP_EncodeInit.3 -MAN+= EVP_EncryptInit.3 -MAN+= EVP_MD_meth_new.3 -MAN+= EVP_OpenInit.3 -MAN+= EVP_PKEY_ASN1_METHOD.3 -MAN+= EVP_PKEY_CTX_ctrl.3 -MAN+= EVP_PKEY_CTX_new.3 -MAN+= EVP_PKEY_CTX_set1_pbe_pass.3 -MAN+= EVP_PKEY_CTX_set_hkdf_md.3 -MAN+= EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 -MAN+= EVP_PKEY_CTX_set_scrypt_N.3 -MAN+= EVP_PKEY_CTX_set_tls1_prf_md.3 -MAN+= EVP_PKEY_asn1_get_count.3 -MAN+= EVP_PKEY_cmp.3 -MAN+= EVP_PKEY_decrypt.3 -MAN+= EVP_PKEY_derive.3 -MAN+= EVP_PKEY_encrypt.3 -MAN+= EVP_PKEY_get_default_digest_nid.3 -MAN+= EVP_PKEY_keygen.3 -MAN+= EVP_PKEY_meth_get_count.3 -MAN+= EVP_PKEY_meth_new.3 -MAN+= EVP_PKEY_new.3 -MAN+= EVP_PKEY_print_private.3 -MAN+= EVP_PKEY_set1_RSA.3 -MAN+= EVP_PKEY_sign.3 -MAN+= EVP_PKEY_verify.3 -MAN+= EVP_PKEY_verify_recover.3 -MAN+= EVP_SealInit.3 -MAN+= EVP_SignInit.3 -MAN+= EVP_VerifyInit.3 -MAN+= EVP_aes.3 -MAN+= EVP_aria.3 -MAN+= EVP_bf_cbc.3 -MAN+= EVP_blake2b512.3 -MAN+= EVP_camellia.3 -MAN+= EVP_cast5_cbc.3 -MAN+= EVP_chacha20.3 -MAN+= EVP_des.3 -MAN+= EVP_desx_cbc.3 -MAN+= EVP_idea_cbc.3 -MAN+= EVP_md2.3 -MAN+= EVP_md4.3 -MAN+= EVP_md5.3 -MAN+= EVP_mdc2.3 -MAN+= EVP_rc2_cbc.3 -MAN+= EVP_rc4.3 -MAN+= EVP_rc5_32_12_16_cbc.3 -MAN+= EVP_ripemd160.3 -MAN+= EVP_seed_cbc.3 -MAN+= EVP_sha1.3 -MAN+= EVP_sha224.3 -MAN+= EVP_sha3_224.3 -MAN+= EVP_sm3.3 -MAN+= EVP_sm4_cbc.3 -MAN+= EVP_whirlpool.3 -MAN+= HMAC.3 -MAN+= MD5.3 -MAN+= MDC2_Init.3 -MAN+= OBJ_nid2obj.3 -MAN+= OCSP_REQUEST_new.3 -MAN+= OCSP_cert_to_id.3 -MAN+= OCSP_request_add1_nonce.3 -MAN+= OCSP_resp_find_status.3 -MAN+= OCSP_response_status.3 -MAN+= OCSP_sendreq_new.3 -MAN+= OPENSSL_Applink.3 -MAN+= OPENSSL_LH_COMPFUNC.3 -MAN+= OPENSSL_LH_stats.3 -MAN+= OPENSSL_VERSION_NUMBER.3 -MAN+= OPENSSL_config.3 -MAN+= OPENSSL_fork_prepare.3 -MAN+= OPENSSL_ia32cap.3 -MAN+= OPENSSL_init_crypto.3 -MAN+= OPENSSL_init_ssl.3 -MAN+= OPENSSL_instrument_bus.3 -MAN+= OPENSSL_load_builtin_modules.3 -MAN+= OPENSSL_malloc.3 -MAN+= OPENSSL_secure_malloc.3 -MAN+= OSSL_STORE_INFO.3 -MAN+= OSSL_STORE_LOADER.3 -MAN+= OSSL_STORE_SEARCH.3 -MAN+= OSSL_STORE_expect.3 -MAN+= OSSL_STORE_open.3 -MAN+= OpenSSL_add_all_algorithms.3 -MAN+= PEM_bytes_read_bio.3 -MAN+= PEM_read.3 -MAN+= PEM_read_CMS.3 -MAN+= PEM_read_bio_PrivateKey.3 -MAN+= PEM_read_bio_ex.3 -MAN+= PEM_write_bio_CMS_stream.3 -MAN+= PEM_write_bio_PKCS7_stream.3 -MAN+= PKCS12_create.3 -MAN+= PKCS12_newpass.3 -MAN+= PKCS12_parse.3 -MAN+= PKCS5_PBKDF2_HMAC.3 -MAN+= PKCS7_decrypt.3 -MAN+= PKCS7_encrypt.3 -MAN+= PKCS7_sign.3 -MAN+= PKCS7_sign_add_signer.3 -MAN+= PKCS7_verify.3 -MAN+= RAND_DRBG_generate.3 -MAN+= RAND_DRBG_get0_master.3 -MAN+= RAND_DRBG_new.3 -MAN+= RAND_DRBG_reseed.3 -MAN+= RAND_DRBG_set_callbacks.3 -MAN+= RAND_DRBG_set_ex_data.3 -MAN+= RAND_add.3 -MAN+= RAND_bytes.3 -MAN+= RAND_cleanup.3 -MAN+= RAND_egd.3 -MAN+= RAND_load_file.3 -MAN+= RAND_set_rand_method.3 -MAN+= RC4_set_key.3 -MAN+= RIPEMD160_Init.3 -MAN+= RSA_blinding_on.3 -MAN+= RSA_check_key.3 -MAN+= RSA_generate_key.3 -MAN+= RSA_get0_key.3 -MAN+= RSA_meth_new.3 -MAN+= RSA_new.3 -MAN+= RSA_padding_add_PKCS1_type_1.3 -MAN+= RSA_print.3 -MAN+= RSA_private_encrypt.3 -MAN+= RSA_public_encrypt.3 -MAN+= RSA_set_method.3 -MAN+= RSA_sign.3 -MAN+= RSA_sign_ASN1_OCTET_STRING.3 -MAN+= RSA_size.3 -MAN+= SCT_new.3 -MAN+= SCT_print.3 -MAN+= SCT_validate.3 -MAN+= SHA256_Init.3 -MAN+= SMIME_read_CMS.3 -MAN+= SMIME_read_PKCS7.3 -MAN+= SMIME_write_CMS.3 -MAN+= SMIME_write_PKCS7.3 -MAN+= SSL_CIPHER_get_name.3 -MAN+= SSL_COMP_add_compression_method.3 -MAN+= SSL_CONF_CTX_new.3 -MAN+= SSL_CONF_CTX_set1_prefix.3 -MAN+= SSL_CONF_CTX_set_flags.3 -MAN+= SSL_CONF_CTX_set_ssl_ctx.3 -MAN+= SSL_CONF_cmd.3 -MAN+= SSL_CONF_cmd_argv.3 -MAN+= SSL_CTX_add1_chain_cert.3 -MAN+= SSL_CTX_add_extra_chain_cert.3 -MAN+= SSL_CTX_add_session.3 -MAN+= SSL_CTX_config.3 -MAN+= SSL_CTX_ctrl.3 -MAN+= SSL_CTX_dane_enable.3 -MAN+= SSL_CTX_flush_sessions.3 -MAN+= SSL_CTX_free.3 -MAN+= SSL_CTX_get0_param.3 -MAN+= SSL_CTX_get_verify_mode.3 -MAN+= SSL_CTX_has_client_custom_ext.3 -MAN+= SSL_CTX_load_verify_locations.3 -MAN+= SSL_CTX_new.3 -MAN+= SSL_CTX_sess_number.3 -MAN+= SSL_CTX_sess_set_cache_size.3 -MAN+= SSL_CTX_sess_set_get_cb.3 -MAN+= SSL_CTX_sessions.3 -MAN+= SSL_CTX_set0_CA_list.3 -MAN+= SSL_CTX_set1_curves.3 -MAN+= SSL_CTX_set1_sigalgs.3 -MAN+= SSL_CTX_set1_verify_cert_store.3 -MAN+= SSL_CTX_set_alpn_select_cb.3 -MAN+= SSL_CTX_set_cert_cb.3 -MAN+= SSL_CTX_set_cert_store.3 -MAN+= SSL_CTX_set_cert_verify_callback.3 -MAN+= SSL_CTX_set_cipher_list.3 -MAN+= SSL_CTX_set_client_cert_cb.3 -MAN+= SSL_CTX_set_client_hello_cb.3 -MAN+= SSL_CTX_set_ct_validation_callback.3 -MAN+= SSL_CTX_set_ctlog_list_file.3 -MAN+= SSL_CTX_set_default_passwd_cb.3 -MAN+= SSL_CTX_set_ex_data.3 -MAN+= SSL_CTX_set_generate_session_id.3 -MAN+= SSL_CTX_set_info_callback.3 -MAN+= SSL_CTX_set_keylog_callback.3 -MAN+= SSL_CTX_set_max_cert_list.3 -MAN+= SSL_CTX_set_min_proto_version.3 -MAN+= SSL_CTX_set_mode.3 -MAN+= SSL_CTX_set_msg_callback.3 -MAN+= SSL_CTX_set_num_tickets.3 -MAN+= SSL_CTX_set_options.3 -MAN+= SSL_CTX_set_psk_client_callback.3 -MAN+= SSL_CTX_set_quiet_shutdown.3 -MAN+= SSL_CTX_set_read_ahead.3 -MAN+= SSL_CTX_set_record_padding_callback.3 -MAN+= SSL_CTX_set_security_level.3 -MAN+= SSL_CTX_set_session_cache_mode.3 -MAN+= SSL_CTX_set_session_id_context.3 -MAN+= SSL_CTX_set_session_ticket_cb.3 -MAN+= SSL_CTX_set_split_send_fragment.3 -MAN+= SSL_CTX_set_ssl_version.3 -MAN+= SSL_CTX_set_stateless_cookie_generate_cb.3 -MAN+= SSL_CTX_set_timeout.3 -MAN+= SSL_CTX_set_tlsext_servername_callback.3 -MAN+= SSL_CTX_set_tlsext_status_cb.3 -MAN+= SSL_CTX_set_tlsext_ticket_key_cb.3 -MAN+= SSL_CTX_set_tlsext_use_srtp.3 -MAN+= SSL_CTX_set_tmp_dh_callback.3 -MAN+= SSL_CTX_set_verify.3 -MAN+= SSL_CTX_use_certificate.3 -MAN+= SSL_CTX_use_psk_identity_hint.3 -MAN+= SSL_CTX_use_serverinfo.3 -MAN+= SSL_SESSION_free.3 -MAN+= SSL_SESSION_get0_cipher.3 -MAN+= SSL_SESSION_get0_hostname.3 -MAN+= SSL_SESSION_get0_id_context.3 -MAN+= SSL_SESSION_get0_peer.3 -MAN+= SSL_SESSION_get_compress_id.3 -MAN+= SSL_SESSION_get_ex_data.3 -MAN+= SSL_SESSION_get_protocol_version.3 -MAN+= SSL_SESSION_get_time.3 -MAN+= SSL_SESSION_has_ticket.3 -MAN+= SSL_SESSION_is_resumable.3 -MAN+= SSL_SESSION_print.3 -MAN+= SSL_SESSION_set1_id.3 -MAN+= SSL_accept.3 -MAN+= SSL_alert_type_string.3 -MAN+= SSL_alloc_buffers.3 -MAN+= SSL_check_chain.3 -MAN+= SSL_clear.3 -MAN+= SSL_connect.3 -MAN+= SSL_do_handshake.3 -MAN+= SSL_export_keying_material.3 -MAN+= SSL_extension_supported.3 -MAN+= SSL_free.3 -MAN+= SSL_get0_peer_scts.3 -MAN+= SSL_get_SSL_CTX.3 -MAN+= SSL_get_all_async_fds.3 -MAN+= SSL_get_ciphers.3 -MAN+= SSL_get_client_random.3 -MAN+= SSL_get_current_cipher.3 -MAN+= SSL_get_default_timeout.3 -MAN+= SSL_get_error.3 -MAN+= SSL_get_extms_support.3 -MAN+= SSL_get_fd.3 -MAN+= SSL_get_peer_cert_chain.3 -MAN+= SSL_get_peer_certificate.3 -MAN+= SSL_get_peer_signature_nid.3 -MAN+= SSL_get_peer_tmp_key.3 -MAN+= SSL_get_psk_identity.3 -MAN+= SSL_get_rbio.3 -MAN+= SSL_get_session.3 -MAN+= SSL_get_shared_sigalgs.3 -MAN+= SSL_get_verify_result.3 -MAN+= SSL_get_version.3 -MAN+= SSL_in_init.3 -MAN+= SSL_key_update.3 -MAN+= SSL_library_init.3 -MAN+= SSL_load_client_CA_file.3 -MAN+= SSL_new.3 -MAN+= SSL_pending.3 -MAN+= SSL_read.3 -MAN+= SSL_read_early_data.3 -MAN+= SSL_rstate_string.3 -MAN+= SSL_session_reused.3 -MAN+= SSL_set1_host.3 -MAN+= SSL_set_bio.3 -MAN+= SSL_set_connect_state.3 -MAN+= SSL_set_fd.3 -MAN+= SSL_set_session.3 -MAN+= SSL_set_shutdown.3 -MAN+= SSL_set_verify_result.3 -MAN+= SSL_shutdown.3 -MAN+= SSL_state_string.3 -MAN+= SSL_want.3 -MAN+= SSL_write.3 -MAN+= UI_STRING.3 -MAN+= UI_UTIL_read_pw.3 -MAN+= UI_create_method.3 -MAN+= UI_new.3 -MAN+= X509V3_get_d2i.3 -MAN+= X509_ALGOR_dup.3 -MAN+= X509_CRL_get0_by_serial.3 -MAN+= X509_EXTENSION_set_object.3 -MAN+= X509_LOOKUP_hash_dir.3 -MAN+= X509_LOOKUP_meth_new.3 -MAN+= X509_NAME_ENTRY_get_object.3 -MAN+= X509_NAME_add_entry_by_txt.3 -MAN+= X509_NAME_get0_der.3 -MAN+= X509_NAME_get_index_by_NID.3 -MAN+= X509_NAME_print_ex.3 -MAN+= X509_PUBKEY_new.3 -MAN+= X509_SIG_get0.3 -MAN+= X509_STORE_CTX_get_error.3 -MAN+= X509_STORE_CTX_new.3 -MAN+= X509_STORE_CTX_set_verify_cb.3 -MAN+= X509_STORE_add_cert.3 -MAN+= X509_STORE_get0_param.3 -MAN+= X509_STORE_new.3 -MAN+= X509_STORE_set_verify_cb_func.3 -MAN+= X509_VERIFY_PARAM_set_flags.3 -MAN+= X509_check_ca.3 -MAN+= X509_check_host.3 -MAN+= X509_check_issued.3 -MAN+= X509_check_private_key.3 -MAN+= X509_cmp.3 -MAN+= X509_cmp_time.3 -MAN+= X509_digest.3 -MAN+= X509_dup.3 -MAN+= X509_get0_notBefore.3 -MAN+= X509_get0_signature.3 -MAN+= X509_get0_uids.3 -MAN+= X509_get_extension_flags.3 -MAN+= X509_get_pubkey.3 -MAN+= X509_get_serialNumber.3 -MAN+= X509_get_subject_name.3 -MAN+= X509_get_version.3 -MAN+= X509_new.3 -MAN+= X509_sign.3 -MAN+= X509_verify_cert.3 -MAN+= X509v3_get_ext_by_NID.3 -MAN+= d2i_DHparams.3 -MAN+= d2i_PKCS8PrivateKey_bio.3 -MAN+= d2i_PrivateKey.3 -MAN+= d2i_SSL_SESSION.3 -MAN+= d2i_X509.3 -MAN+= i2d_CMS_bio_stream.3 -MAN+= i2d_PKCS7_bio_stream.3 -MAN+= i2d_re_X509_tbs.3 -MAN+= o2i_SCT_LIST.3 -MLINKS+= ADMISSIONS.3 ADMISSIONS_get0_admissionAuthority.3 -MLINKS+= ADMISSIONS.3 ADMISSIONS_get0_namingAuthority.3 -MLINKS+= ADMISSIONS.3 ADMISSIONS_get0_professionInfos.3 -MLINKS+= ADMISSIONS.3 ADMISSIONS_set0_admissionAuthority.3 -MLINKS+= ADMISSIONS.3 ADMISSIONS_set0_namingAuthority.3 -MLINKS+= ADMISSIONS.3 ADMISSIONS_set0_professionInfos.3 -MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX.3 -MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX_get0_admissionAuthority.3 -MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX_get0_contentsOfAdmissions.3 -MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX_set0_admissionAuthority.3 -MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX_set0_contentsOfAdmissions.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_get0_authorityId.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_get0_authorityText.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_get0_authorityURL.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_set0_authorityId.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_set0_authorityText.3 -MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_set0_authorityURL.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFOS.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_addProfessionInfo.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_namingAuthority.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_professionItems.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_professionOIDs.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_registrationNumber.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_addProfessionInfo.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_namingAuthority.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_professionItems.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_professionOIDs.3 -MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_registrationNumber.3 -MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_get.3 -MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_get_int64.3 -MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_set.3 -MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_set_int64.3 -MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_to_BN.3 -MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_get.3 -MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_get_uint64.3 -MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_set.3 -MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_set_int64.3 -MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_set_uint64.3 -MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_to_BN.3 -MLINKS+= ASN1_INTEGER_get_int64.3 BN_to_ASN1_ENUMERATED.3 -MLINKS+= ASN1_INTEGER_get_int64.3 BN_to_ASN1_INTEGER.3 -MLINKS+= ASN1_ITEM_lookup.3 ASN1_ITEM_get.3 -MLINKS+= ASN1_OBJECT_new.3 ASN1_OBJECT_free.3 -MLINKS+= ASN1_STRING_TABLE_add.3 ASN1_STRING_TABLE.3 -MLINKS+= ASN1_STRING_TABLE_add.3 ASN1_STRING_TABLE_cleanup.3 -MLINKS+= ASN1_STRING_TABLE_add.3 ASN1_STRING_TABLE_get.3 -MLINKS+= ASN1_STRING_length.3 ASN1_STRING_cmp.3 -MLINKS+= ASN1_STRING_length.3 ASN1_STRING_data.3 -MLINKS+= ASN1_STRING_length.3 ASN1_STRING_dup.3 -MLINKS+= ASN1_STRING_length.3 ASN1_STRING_get0_data.3 -MLINKS+= ASN1_STRING_length.3 ASN1_STRING_set.3 -MLINKS+= ASN1_STRING_length.3 ASN1_STRING_to_UTF8.3 -MLINKS+= ASN1_STRING_length.3 ASN1_STRING_type.3 -MLINKS+= ASN1_STRING_new.3 ASN1_STRING_free.3 -MLINKS+= ASN1_STRING_new.3 ASN1_STRING_type_new.3 -MLINKS+= ASN1_STRING_print_ex.3 ASN1_STRING_print.3 -MLINKS+= ASN1_STRING_print_ex.3 ASN1_STRING_print_ex_fp.3 -MLINKS+= ASN1_STRING_print_ex.3 ASN1_tag2str.3 -MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_adj.3 -MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_check.3 -MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_print.3 -MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_set.3 -MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_set_string.3 -MLINKS+= ASN1_TIME_set.3 ASN1_TIME_adj.3 -MLINKS+= ASN1_TIME_set.3 ASN1_TIME_check.3 -MLINKS+= ASN1_TIME_set.3 ASN1_TIME_cmp_time_t.3 -MLINKS+= ASN1_TIME_set.3 ASN1_TIME_compare.3 -MLINKS+= ASN1_TIME_set.3 ASN1_TIME_diff.3 -MLINKS+= ASN1_TIME_set.3 ASN1_TIME_normalize.3 -MLINKS+= ASN1_TIME_set.3 ASN1_TIME_print.3 -MLINKS+= ASN1_TIME_set.3 ASN1_TIME_set_string.3 -MLINKS+= ASN1_TIME_set.3 ASN1_TIME_set_string_X509.3 -MLINKS+= ASN1_TIME_set.3 ASN1_TIME_to_generalizedtime.3 -MLINKS+= ASN1_TIME_set.3 ASN1_TIME_to_tm.3 -MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_adj.3 -MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_check.3 -MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_cmp_time_t.3 -MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_print.3 -MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_set.3 -MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_set_string.3 -MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_cmp.3 -MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_pack_sequence.3 -MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_set.3 -MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_set1.3 -MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_unpack_sequence.3 -MLINKS+= ASN1_generate_nconf.3 ASN1_generate_v3.3 -MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_clear_fd.3 -MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_free.3 -MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_get_all_fds.3 -MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_get_changed_fds.3 -MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_get_fd.3 -MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_set_wait_fd.3 -MLINKS+= ASYNC_start_job.3 ASYNC_block_pause.3 -MLINKS+= ASYNC_start_job.3 ASYNC_cleanup_thread.3 -MLINKS+= ASYNC_start_job.3 ASYNC_get_current_job.3 -MLINKS+= ASYNC_start_job.3 ASYNC_get_wait_ctx.3 -MLINKS+= ASYNC_start_job.3 ASYNC_init_thread.3 -MLINKS+= ASYNC_start_job.3 ASYNC_is_capable.3 -MLINKS+= ASYNC_start_job.3 ASYNC_pause_job.3 -MLINKS+= ASYNC_start_job.3 ASYNC_unblock_pause.3 -MLINKS+= BF_encrypt.3 BF_cbc_encrypt.3 -MLINKS+= BF_encrypt.3 BF_cfb64_encrypt.3 -MLINKS+= BF_encrypt.3 BF_decrypt.3 -MLINKS+= BF_encrypt.3 BF_ecb_encrypt.3 -MLINKS+= BF_encrypt.3 BF_ofb64_encrypt.3 -MLINKS+= BF_encrypt.3 BF_options.3 -MLINKS+= BF_encrypt.3 BF_set_key.3 -MLINKS+= BIO_ADDR.3 BIO_ADDR_clear.3 -MLINKS+= BIO_ADDR.3 BIO_ADDR_family.3 -MLINKS+= BIO_ADDR.3 BIO_ADDR_free.3 -MLINKS+= BIO_ADDR.3 BIO_ADDR_hostname_string.3 -MLINKS+= BIO_ADDR.3 BIO_ADDR_new.3 -MLINKS+= BIO_ADDR.3 BIO_ADDR_path_string.3 -MLINKS+= BIO_ADDR.3 BIO_ADDR_rawaddress.3 -MLINKS+= BIO_ADDR.3 BIO_ADDR_rawmake.3 -MLINKS+= BIO_ADDR.3 BIO_ADDR_rawport.3 -MLINKS+= BIO_ADDR.3 BIO_ADDR_service_string.3 -MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_address.3 -MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_family.3 -MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_free.3 -MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_next.3 -MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_protocol.3 -MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_socktype.3 -MLINKS+= BIO_ADDRINFO.3 BIO_lookup.3 -MLINKS+= BIO_ADDRINFO.3 BIO_lookup_ex.3 -MLINKS+= BIO_ADDRINFO.3 BIO_lookup_type.3 -MLINKS+= BIO_connect.3 BIO_accept_ex.3 -MLINKS+= BIO_connect.3 BIO_bind.3 -MLINKS+= BIO_connect.3 BIO_closesocket.3 -MLINKS+= BIO_connect.3 BIO_listen.3 -MLINKS+= BIO_connect.3 BIO_socket.3 -MLINKS+= BIO_ctrl.3 BIO_callback_ctrl.3 -MLINKS+= BIO_ctrl.3 BIO_ctrl_pending.3 -MLINKS+= BIO_ctrl.3 BIO_ctrl_wpending.3 -MLINKS+= BIO_ctrl.3 BIO_eof.3 -MLINKS+= BIO_ctrl.3 BIO_flush.3 -MLINKS+= BIO_ctrl.3 BIO_get_close.3 -MLINKS+= BIO_ctrl.3 BIO_get_info_callback.3 -MLINKS+= BIO_ctrl.3 BIO_info_cb.3 -MLINKS+= BIO_ctrl.3 BIO_int_ctrl.3 -MLINKS+= BIO_ctrl.3 BIO_pending.3 -MLINKS+= BIO_ctrl.3 BIO_ptr_ctrl.3 -MLINKS+= BIO_ctrl.3 BIO_reset.3 -MLINKS+= BIO_ctrl.3 BIO_seek.3 -MLINKS+= BIO_ctrl.3 BIO_set_close.3 -MLINKS+= BIO_ctrl.3 BIO_set_info_callback.3 -MLINKS+= BIO_ctrl.3 BIO_tell.3 -MLINKS+= BIO_ctrl.3 BIO_wpending.3 -MLINKS+= BIO_f_buffer.3 BIO_get_buffer_num_lines.3 -MLINKS+= BIO_f_buffer.3 BIO_set_buffer_read_data.3 -MLINKS+= BIO_f_buffer.3 BIO_set_buffer_size.3 -MLINKS+= BIO_f_buffer.3 BIO_set_read_buffer_size.3 -MLINKS+= BIO_f_buffer.3 BIO_set_write_buffer_size.3 -MLINKS+= BIO_f_cipher.3 BIO_get_cipher_ctx.3 -MLINKS+= BIO_f_cipher.3 BIO_get_cipher_status.3 -MLINKS+= BIO_f_cipher.3 BIO_set_cipher.3 -MLINKS+= BIO_f_md.3 BIO_get_md.3 -MLINKS+= BIO_f_md.3 BIO_get_md_ctx.3 -MLINKS+= BIO_f_md.3 BIO_set_md.3 -MLINKS+= BIO_f_ssl.3 BIO_do_handshake.3 -MLINKS+= BIO_f_ssl.3 BIO_get_num_renegotiates.3 -MLINKS+= BIO_f_ssl.3 BIO_get_ssl.3 -MLINKS+= BIO_f_ssl.3 BIO_new_buffer_ssl_connect.3 -MLINKS+= BIO_f_ssl.3 BIO_new_ssl.3 -MLINKS+= BIO_f_ssl.3 BIO_new_ssl_connect.3 -MLINKS+= BIO_f_ssl.3 BIO_set_ssl.3 -MLINKS+= BIO_f_ssl.3 BIO_set_ssl_mode.3 -MLINKS+= BIO_f_ssl.3 BIO_set_ssl_renegotiate_bytes.3 -MLINKS+= BIO_f_ssl.3 BIO_set_ssl_renegotiate_timeout.3 -MLINKS+= BIO_f_ssl.3 BIO_ssl_copy_session_id.3 -MLINKS+= BIO_f_ssl.3 BIO_ssl_shutdown.3 -MLINKS+= BIO_find_type.3 BIO_method_type.3 -MLINKS+= BIO_find_type.3 BIO_next.3 -MLINKS+= BIO_get_data.3 BIO_get_init.3 -MLINKS+= BIO_get_data.3 BIO_get_shutdown.3 -MLINKS+= BIO_get_data.3 BIO_set_data.3 -MLINKS+= BIO_get_data.3 BIO_set_init.3 -MLINKS+= BIO_get_data.3 BIO_set_shutdown.3 -MLINKS+= BIO_get_ex_new_index.3 BIO_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 BIO_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 DH_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 DH_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 DH_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 DSA_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 DSA_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 DSA_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 ECDH_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 ECDH_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 ECDH_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 EC_KEY_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 EC_KEY_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 EC_KEY_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 ENGINE_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 ENGINE_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 ENGINE_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 RSA_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 RSA_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 RSA_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 UI_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 UI_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 UI_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 X509_STORE_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 X509_STORE_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 X509_STORE_set_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 X509_get_ex_data.3 -MLINKS+= BIO_get_ex_new_index.3 X509_get_ex_new_index.3 -MLINKS+= BIO_get_ex_new_index.3 X509_set_ex_data.3 -MLINKS+= BIO_meth_new.3 BIO_get_new_index.3 -MLINKS+= BIO_meth_new.3 BIO_meth_free.3 -MLINKS+= BIO_meth_new.3 BIO_meth_get_callback_ctrl.3 -MLINKS+= BIO_meth_new.3 BIO_meth_get_create.3 -MLINKS+= BIO_meth_new.3 BIO_meth_get_ctrl.3 -MLINKS+= BIO_meth_new.3 BIO_meth_get_destroy.3 -MLINKS+= BIO_meth_new.3 BIO_meth_get_gets.3 -MLINKS+= BIO_meth_new.3 BIO_meth_get_puts.3 -MLINKS+= BIO_meth_new.3 BIO_meth_get_read.3 -MLINKS+= BIO_meth_new.3 BIO_meth_get_read_ex.3 -MLINKS+= BIO_meth_new.3 BIO_meth_get_write.3 -MLINKS+= BIO_meth_new.3 BIO_meth_get_write_ex.3 -MLINKS+= BIO_meth_new.3 BIO_meth_set_callback_ctrl.3 -MLINKS+= BIO_meth_new.3 BIO_meth_set_create.3 -MLINKS+= BIO_meth_new.3 BIO_meth_set_ctrl.3 -MLINKS+= BIO_meth_new.3 BIO_meth_set_destroy.3 -MLINKS+= BIO_meth_new.3 BIO_meth_set_gets.3 -MLINKS+= BIO_meth_new.3 BIO_meth_set_puts.3 -MLINKS+= BIO_meth_new.3 BIO_meth_set_read.3 -MLINKS+= BIO_meth_new.3 BIO_meth_set_read_ex.3 -MLINKS+= BIO_meth_new.3 BIO_meth_set_write.3 -MLINKS+= BIO_meth_new.3 BIO_meth_set_write_ex.3 -MLINKS+= BIO_new.3 BIO_free.3 -MLINKS+= BIO_new.3 BIO_free_all.3 -MLINKS+= BIO_new.3 BIO_up_ref.3 -MLINKS+= BIO_new.3 BIO_vfree.3 -MLINKS+= BIO_parse_hostserv.3 BIO_hostserv_priorities.3 -MLINKS+= BIO_printf.3 BIO_snprintf.3 -MLINKS+= BIO_printf.3 BIO_vprintf.3 -MLINKS+= BIO_printf.3 BIO_vsnprintf.3 -MLINKS+= BIO_push.3 BIO_pop.3 -MLINKS+= BIO_push.3 BIO_set_next.3 -MLINKS+= BIO_read.3 BIO_gets.3 -MLINKS+= BIO_read.3 BIO_puts.3 -MLINKS+= BIO_read.3 BIO_read_ex.3 -MLINKS+= BIO_read.3 BIO_write.3 -MLINKS+= BIO_read.3 BIO_write_ex.3 -MLINKS+= BIO_s_accept.3 BIO_do_accept.3 -MLINKS+= BIO_s_accept.3 BIO_get_accept_ip_family.3 -MLINKS+= BIO_s_accept.3 BIO_get_accept_name.3 -MLINKS+= BIO_s_accept.3 BIO_get_accept_port.3 -MLINKS+= BIO_s_accept.3 BIO_get_bind_mode.3 -MLINKS+= BIO_s_accept.3 BIO_get_peer_name.3 -MLINKS+= BIO_s_accept.3 BIO_get_peer_port.3 -MLINKS+= BIO_s_accept.3 BIO_new_accept.3 -MLINKS+= BIO_s_accept.3 BIO_set_accept_bios.3 -MLINKS+= BIO_s_accept.3 BIO_set_accept_ip_family.3 -MLINKS+= BIO_s_accept.3 BIO_set_accept_name.3 -MLINKS+= BIO_s_accept.3 BIO_set_accept_port.3 -MLINKS+= BIO_s_accept.3 BIO_set_bind_mode.3 -MLINKS+= BIO_s_accept.3 BIO_set_nbio_accept.3 -MLINKS+= BIO_s_bio.3 BIO_ctrl_get_read_request.3 -MLINKS+= BIO_s_bio.3 BIO_ctrl_get_write_guarantee.3 -MLINKS+= BIO_s_bio.3 BIO_ctrl_reset_read_request.3 -MLINKS+= BIO_s_bio.3 BIO_destroy_bio_pair.3 -MLINKS+= BIO_s_bio.3 BIO_get_read_request.3 -MLINKS+= BIO_s_bio.3 BIO_get_write_buf_size.3 -MLINKS+= BIO_s_bio.3 BIO_get_write_guarantee.3 -MLINKS+= BIO_s_bio.3 BIO_make_bio_pair.3 -MLINKS+= BIO_s_bio.3 BIO_new_bio_pair.3 -MLINKS+= BIO_s_bio.3 BIO_set_write_buf_size.3 -MLINKS+= BIO_s_bio.3 BIO_shutdown_wr.3 -MLINKS+= BIO_s_connect.3 BIO_do_connect.3 -MLINKS+= BIO_s_connect.3 BIO_get_conn_address.3 -MLINKS+= BIO_s_connect.3 BIO_get_conn_hostname.3 -MLINKS+= BIO_s_connect.3 BIO_get_conn_ip_family.3 -MLINKS+= BIO_s_connect.3 BIO_get_conn_port.3 -MLINKS+= BIO_s_connect.3 BIO_new_connect.3 -MLINKS+= BIO_s_connect.3 BIO_set_conn_address.3 -MLINKS+= BIO_s_connect.3 BIO_set_conn_hostname.3 -MLINKS+= BIO_s_connect.3 BIO_set_conn_ip_family.3 -MLINKS+= BIO_s_connect.3 BIO_set_conn_port.3 -MLINKS+= BIO_s_connect.3 BIO_set_nbio.3 -MLINKS+= BIO_s_fd.3 BIO_get_fd.3 -MLINKS+= BIO_s_fd.3 BIO_new_fd.3 -MLINKS+= BIO_s_fd.3 BIO_set_fd.3 -MLINKS+= BIO_s_file.3 BIO_append_filename.3 -MLINKS+= BIO_s_file.3 BIO_get_fp.3 -MLINKS+= BIO_s_file.3 BIO_new_file.3 -MLINKS+= BIO_s_file.3 BIO_new_fp.3 -MLINKS+= BIO_s_file.3 BIO_read_filename.3 -MLINKS+= BIO_s_file.3 BIO_rw_filename.3 -MLINKS+= BIO_s_file.3 BIO_set_fp.3 -MLINKS+= BIO_s_file.3 BIO_write_filename.3 -MLINKS+= BIO_s_mem.3 BIO_get_mem_data.3 -MLINKS+= BIO_s_mem.3 BIO_get_mem_ptr.3 -MLINKS+= BIO_s_mem.3 BIO_new_mem_buf.3 -MLINKS+= BIO_s_mem.3 BIO_s_secmem.3 -MLINKS+= BIO_s_mem.3 BIO_set_mem_buf.3 -MLINKS+= BIO_s_mem.3 BIO_set_mem_eof_return.3 -MLINKS+= BIO_s_socket.3 BIO_new_socket.3 -MLINKS+= BIO_set_callback.3 BIO_callback_fn.3 -MLINKS+= BIO_set_callback.3 BIO_callback_fn_ex.3 -MLINKS+= BIO_set_callback.3 BIO_debug_callback.3 -MLINKS+= BIO_set_callback.3 BIO_get_callback.3 -MLINKS+= BIO_set_callback.3 BIO_get_callback_arg.3 -MLINKS+= BIO_set_callback.3 BIO_get_callback_ex.3 -MLINKS+= BIO_set_callback.3 BIO_set_callback_arg.3 -MLINKS+= BIO_set_callback.3 BIO_set_callback_ex.3 -MLINKS+= BIO_should_retry.3 BIO_get_retry_BIO.3 -MLINKS+= BIO_should_retry.3 BIO_get_retry_reason.3 -MLINKS+= BIO_should_retry.3 BIO_retry_type.3 -MLINKS+= BIO_should_retry.3 BIO_set_retry_reason.3 -MLINKS+= BIO_should_retry.3 BIO_should_io_special.3 -MLINKS+= BIO_should_retry.3 BIO_should_read.3 -MLINKS+= BIO_should_retry.3 BIO_should_write.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_convert.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_convert_ex.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_create_param.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_free.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_get_flags.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_invert.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_invert_ex.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_is_current_thread.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_lock.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_set_current_thread.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_set_flags.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_unlock.3 -MLINKS+= BN_BLINDING_new.3 BN_BLINDING_update.3 -MLINKS+= BN_CTX_new.3 BN_CTX_free.3 -MLINKS+= BN_CTX_new.3 BN_CTX_secure_new.3 -MLINKS+= BN_CTX_start.3 BN_CTX_end.3 -MLINKS+= BN_CTX_start.3 BN_CTX_get.3 -MLINKS+= BN_add.3 BN_div.3 -MLINKS+= BN_add.3 BN_exp.3 -MLINKS+= BN_add.3 BN_gcd.3 -MLINKS+= BN_add.3 BN_mod.3 -MLINKS+= BN_add.3 BN_mod_add.3 -MLINKS+= BN_add.3 BN_mod_exp.3 -MLINKS+= BN_add.3 BN_mod_mul.3 -MLINKS+= BN_add.3 BN_mod_sqr.3 -MLINKS+= BN_add.3 BN_mod_sub.3 -MLINKS+= BN_add.3 BN_mul.3 -MLINKS+= BN_add.3 BN_nnmod.3 -MLINKS+= BN_add.3 BN_sqr.3 -MLINKS+= BN_add.3 BN_sub.3 -MLINKS+= BN_add_word.3 BN_div_word.3 -MLINKS+= BN_add_word.3 BN_mod_word.3 -MLINKS+= BN_add_word.3 BN_mul_word.3 -MLINKS+= BN_add_word.3 BN_sub_word.3 -MLINKS+= BN_bn2bin.3 BN_bin2bn.3 -MLINKS+= BN_bn2bin.3 BN_bn2binpad.3 -MLINKS+= BN_bn2bin.3 BN_bn2dec.3 -MLINKS+= BN_bn2bin.3 BN_bn2hex.3 -MLINKS+= BN_bn2bin.3 BN_bn2lebinpad.3 -MLINKS+= BN_bn2bin.3 BN_bn2mpi.3 -MLINKS+= BN_bn2bin.3 BN_dec2bn.3 -MLINKS+= BN_bn2bin.3 BN_hex2bn.3 -MLINKS+= BN_bn2bin.3 BN_lebin2bn.3 -MLINKS+= BN_bn2bin.3 BN_mpi2bn.3 -MLINKS+= BN_bn2bin.3 BN_print.3 -MLINKS+= BN_bn2bin.3 BN_print_fp.3 -MLINKS+= BN_cmp.3 BN_is_odd.3 -MLINKS+= BN_cmp.3 BN_is_one.3 -MLINKS+= BN_cmp.3 BN_is_word.3 -MLINKS+= BN_cmp.3 BN_is_zero.3 -MLINKS+= BN_cmp.3 BN_ucmp.3 -MLINKS+= BN_copy.3 BN_dup.3 -MLINKS+= BN_copy.3 BN_with_flags.3 -MLINKS+= BN_generate_prime.3 BN_GENCB_call.3 -MLINKS+= BN_generate_prime.3 BN_GENCB_free.3 -MLINKS+= BN_generate_prime.3 BN_GENCB_get_arg.3 -MLINKS+= BN_generate_prime.3 BN_GENCB_new.3 -MLINKS+= BN_generate_prime.3 BN_GENCB_set.3 -MLINKS+= BN_generate_prime.3 BN_GENCB_set_old.3 -MLINKS+= BN_generate_prime.3 BN_generate_prime_ex.3 -MLINKS+= BN_generate_prime.3 BN_is_prime.3 -MLINKS+= BN_generate_prime.3 BN_is_prime_ex.3 -MLINKS+= BN_generate_prime.3 BN_is_prime_fasttest.3 -MLINKS+= BN_generate_prime.3 BN_is_prime_fasttest_ex.3 -MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_copy.3 -MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_free.3 -MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_new.3 -MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_set.3 -MLINKS+= BN_mod_mul_montgomery.3 BN_from_montgomery.3 -MLINKS+= BN_mod_mul_montgomery.3 BN_to_montgomery.3 -MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_free.3 -MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_new.3 -MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_set.3 -MLINKS+= BN_mod_mul_reciprocal.3 BN_div_recp.3 -MLINKS+= BN_new.3 BN_clear.3 -MLINKS+= BN_new.3 BN_clear_free.3 -MLINKS+= BN_new.3 BN_free.3 -MLINKS+= BN_new.3 BN_secure_new.3 -MLINKS+= BN_num_bytes.3 BN_num_bits.3 -MLINKS+= BN_num_bytes.3 BN_num_bits_word.3 -MLINKS+= BN_rand.3 BN_priv_rand.3 -MLINKS+= BN_rand.3 BN_priv_rand_range.3 -MLINKS+= BN_rand.3 BN_pseudo_rand.3 -MLINKS+= BN_rand.3 BN_pseudo_rand_range.3 -MLINKS+= BN_rand.3 BN_rand_range.3 -MLINKS+= BN_set_bit.3 BN_clear_bit.3 -MLINKS+= BN_set_bit.3 BN_is_bit_set.3 -MLINKS+= BN_set_bit.3 BN_lshift.3 -MLINKS+= BN_set_bit.3 BN_lshift1.3 -MLINKS+= BN_set_bit.3 BN_mask_bits.3 -MLINKS+= BN_set_bit.3 BN_rshift.3 -MLINKS+= BN_set_bit.3 BN_rshift1.3 -MLINKS+= BN_zero.3 BN_get_word.3 -MLINKS+= BN_zero.3 BN_one.3 -MLINKS+= BN_zero.3 BN_set_word.3 -MLINKS+= BN_zero.3 BN_value_one.3 -MLINKS+= BUF_MEM_new.3 BUF_MEM_free.3 -MLINKS+= BUF_MEM_new.3 BUF_MEM_grow.3 -MLINKS+= BUF_MEM_new.3 BUF_MEM_grow_clean.3 -MLINKS+= BUF_MEM_new.3 BUF_MEM_new_ex.3 -MLINKS+= BUF_MEM_new.3 BUF_reverse.3 -MLINKS+= CMS_add0_cert.3 CMS_add0_crl.3 -MLINKS+= CMS_add0_cert.3 CMS_add1_cert.3 -MLINKS+= CMS_add0_cert.3 CMS_add1_crl.3 -MLINKS+= CMS_add0_cert.3 CMS_get1_certs.3 -MLINKS+= CMS_add0_cert.3 CMS_get1_crls.3 -MLINKS+= CMS_add1_recipient_cert.3 CMS_add0_recipient_key.3 -MLINKS+= CMS_add1_signer.3 CMS_SignerInfo_sign.3 -MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_decrypt.3 -MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_encrypt.3 -MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_kekri_get0_id.3 -MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_kekri_id_cmp.3 -MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_cert_cmp.3 -MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_get0_signer_id.3 -MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_set0_key.3 -MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_set0_pkey.3 -MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_type.3 -MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_cert_cmp.3 -MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_get0_signature.3 -MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_get0_signer_id.3 -MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_set1_signer_cert.3 -MLINKS+= CMS_get0_type.3 CMS_get0_content.3 -MLINKS+= CMS_get0_type.3 CMS_get0_eContentType.3 -MLINKS+= CMS_get0_type.3 CMS_set1_eContentType.3 -MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_create0.3 -MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_get0_values.3 -MLINKS+= CMS_get1_ReceiptRequest.3 CMS_add1_ReceiptRequest.3 -MLINKS+= CMS_verify.3 CMS_get0_signers.3 -MLINKS+= CONF_modules_free.3 CONF_modules_finish.3 -MLINKS+= CONF_modules_free.3 CONF_modules_unload.3 -MLINKS+= CONF_modules_load_file.3 CONF_modules_load.3 -MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_lock_free.3 -MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_lock_new.3 -MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_read_lock.3 -MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_unlock.3 -MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_write_lock.3 -MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_atomic_add.3 -MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_EX_dup.3 -MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_EX_free.3 -MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_EX_new.3 -MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_free_ex_data.3 -MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_free_ex_index.3 -MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_get_ex_data.3 -MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_new_ex_data.3 -MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_set_ex_data.3 -MLINKS+= CTLOG_STORE_new.3 CTLOG_STORE_free.3 -MLINKS+= CTLOG_STORE_new.3 CTLOG_STORE_load_default_file.3 -MLINKS+= CTLOG_STORE_new.3 CTLOG_STORE_load_file.3 -MLINKS+= CTLOG_new.3 CTLOG_free.3 -MLINKS+= CTLOG_new.3 CTLOG_get0_log_id.3 -MLINKS+= CTLOG_new.3 CTLOG_get0_name.3 -MLINKS+= CTLOG_new.3 CTLOG_get0_public_key.3 -MLINKS+= CTLOG_new.3 CTLOG_new_from_base64.3 -MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_free.3 -MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_get0_cert.3 -MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_get0_issuer.3 -MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_get0_log_store.3 -MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_get_time.3 -MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_set1_cert.3 -MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_set1_issuer.3 -MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE.3 -MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_set_time.3 -MLINKS+= DEFINE_STACK_OF.3 DEFINE_SPECIAL_STACK_OF.3 -MLINKS+= DEFINE_STACK_OF.3 DEFINE_SPECIAL_STACK_OF_CONST.3 -MLINKS+= DEFINE_STACK_OF.3 DEFINE_STACK_OF_CONST.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_deep_copy.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_delete.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_delete_ptr.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_dup.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_find.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_find_ex.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_free.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_insert.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_is_sorted.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_new.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_new_null.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_new_reserve.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_num.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_pop.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_pop_free.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_push.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_reserve.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_set.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_set_cmp_func.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_shift.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_sort.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_unshift.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_value.3 -MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_zero.3 -MLINKS+= DES_random_key.3 DES_cbc_cksum.3 -MLINKS+= DES_random_key.3 DES_cfb64_encrypt.3 -MLINKS+= DES_random_key.3 DES_cfb_encrypt.3 -MLINKS+= DES_random_key.3 DES_crypt.3 -MLINKS+= DES_random_key.3 DES_ecb2_encrypt.3 -MLINKS+= DES_random_key.3 DES_ecb3_encrypt.3 -MLINKS+= DES_random_key.3 DES_ecb_encrypt.3 -MLINKS+= DES_random_key.3 DES_ede2_cbc_encrypt.3 -MLINKS+= DES_random_key.3 DES_ede2_cfb64_encrypt.3 -MLINKS+= DES_random_key.3 DES_ede2_ofb64_encrypt.3 -MLINKS+= DES_random_key.3 DES_ede3_cbc_encrypt.3 -MLINKS+= DES_random_key.3 DES_ede3_cfb64_encrypt.3 -MLINKS+= DES_random_key.3 DES_ede3_ofb64_encrypt.3 -MLINKS+= DES_random_key.3 DES_fcrypt.3 -MLINKS+= DES_random_key.3 DES_is_weak_key.3 -MLINKS+= DES_random_key.3 DES_key_sched.3 -MLINKS+= DES_random_key.3 DES_ncbc_encrypt.3 -MLINKS+= DES_random_key.3 DES_ofb64_encrypt.3 -MLINKS+= DES_random_key.3 DES_ofb_encrypt.3 -MLINKS+= DES_random_key.3 DES_pcbc_encrypt.3 -MLINKS+= DES_random_key.3 DES_quad_cksum.3 -MLINKS+= DES_random_key.3 DES_set_key.3 -MLINKS+= DES_random_key.3 DES_set_key_checked.3 -MLINKS+= DES_random_key.3 DES_set_key_unchecked.3 -MLINKS+= DES_random_key.3 DES_set_odd_parity.3 -MLINKS+= DES_random_key.3 DES_string_to_2keys.3 -MLINKS+= DES_random_key.3 DES_string_to_key.3 -MLINKS+= DES_random_key.3 DES_xcbc_encrypt.3 -MLINKS+= DH_generate_key.3 DH_compute_key.3 -MLINKS+= DH_generate_parameters.3 DH_check.3 -MLINKS+= DH_generate_parameters.3 DH_check_ex.3 -MLINKS+= DH_generate_parameters.3 DH_check_params.3 -MLINKS+= DH_generate_parameters.3 DH_check_params_ex.3 -MLINKS+= DH_generate_parameters.3 DH_check_pub_key_ex.3 -MLINKS+= DH_generate_parameters.3 DH_generate_parameters_ex.3 -MLINKS+= DH_get0_pqg.3 DH_clear_flags.3 -MLINKS+= DH_get0_pqg.3 DH_get0_engine.3 -MLINKS+= DH_get0_pqg.3 DH_get0_g.3 -MLINKS+= DH_get0_pqg.3 DH_get0_key.3 -MLINKS+= DH_get0_pqg.3 DH_get0_p.3 -MLINKS+= DH_get0_pqg.3 DH_get0_priv_key.3 -MLINKS+= DH_get0_pqg.3 DH_get0_pub_key.3 -MLINKS+= DH_get0_pqg.3 DH_get0_q.3 -MLINKS+= DH_get0_pqg.3 DH_get_length.3 -MLINKS+= DH_get0_pqg.3 DH_set0_key.3 -MLINKS+= DH_get0_pqg.3 DH_set0_pqg.3 -MLINKS+= DH_get0_pqg.3 DH_set_flags.3 -MLINKS+= DH_get0_pqg.3 DH_set_length.3 -MLINKS+= DH_get0_pqg.3 DH_test_flags.3 -MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_192.3 -MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_224.3 -MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_256.3 -MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_384.3 -MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_521.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc2409_prime_1024.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc2409_prime_768.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_1536.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_2048.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_3072.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_4096.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_6144.3 -MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_8192.3 -MLINKS+= DH_get_1024_160.3 DH_get_2048_224.3 -MLINKS+= DH_get_1024_160.3 DH_get_2048_256.3 -MLINKS+= DH_meth_new.3 DH_meth_dup.3 -MLINKS+= DH_meth_new.3 DH_meth_free.3 -MLINKS+= DH_meth_new.3 DH_meth_get0_app_data.3 -MLINKS+= DH_meth_new.3 DH_meth_get0_name.3 -MLINKS+= DH_meth_new.3 DH_meth_get_bn_mod_exp.3 -MLINKS+= DH_meth_new.3 DH_meth_get_compute_key.3 -MLINKS+= DH_meth_new.3 DH_meth_get_finish.3 -MLINKS+= DH_meth_new.3 DH_meth_get_flags.3 -MLINKS+= DH_meth_new.3 DH_meth_get_generate_key.3 -MLINKS+= DH_meth_new.3 DH_meth_get_generate_params.3 -MLINKS+= DH_meth_new.3 DH_meth_get_init.3 -MLINKS+= DH_meth_new.3 DH_meth_set0_app_data.3 -MLINKS+= DH_meth_new.3 DH_meth_set1_name.3 -MLINKS+= DH_meth_new.3 DH_meth_set_bn_mod_exp.3 -MLINKS+= DH_meth_new.3 DH_meth_set_compute_key.3 -MLINKS+= DH_meth_new.3 DH_meth_set_finish.3 -MLINKS+= DH_meth_new.3 DH_meth_set_flags.3 -MLINKS+= DH_meth_new.3 DH_meth_set_generate_key.3 -MLINKS+= DH_meth_new.3 DH_meth_set_generate_params.3 -MLINKS+= DH_meth_new.3 DH_meth_set_init.3 -MLINKS+= DH_new.3 DH_free.3 -MLINKS+= DH_new_by_nid.3 DH_get_nid.3 -MLINKS+= DH_set_method.3 DH_OpenSSL.3 -MLINKS+= DH_set_method.3 DH_get_default_method.3 -MLINKS+= DH_set_method.3 DH_new_method.3 -MLINKS+= DH_set_method.3 DH_set_default_method.3 -MLINKS+= DH_size.3 DH_bits.3 -MLINKS+= DH_size.3 DH_security_bits.3 -MLINKS+= DSA_SIG_new.3 DSA_SIG_free.3 -MLINKS+= DSA_SIG_new.3 DSA_SIG_get0.3 -MLINKS+= DSA_SIG_new.3 DSA_SIG_set0.3 -MLINKS+= DSA_do_sign.3 DSA_do_verify.3 -MLINKS+= DSA_generate_parameters.3 DSA_generate_parameters_ex.3 -MLINKS+= DSA_get0_pqg.3 DSA_clear_flags.3 -MLINKS+= DSA_get0_pqg.3 DSA_get0_engine.3 -MLINKS+= DSA_get0_pqg.3 DSA_get0_g.3 -MLINKS+= DSA_get0_pqg.3 DSA_get0_key.3 -MLINKS+= DSA_get0_pqg.3 DSA_get0_p.3 -MLINKS+= DSA_get0_pqg.3 DSA_get0_priv_key.3 -MLINKS+= DSA_get0_pqg.3 DSA_get0_pub_key.3 -MLINKS+= DSA_get0_pqg.3 DSA_get0_q.3 -MLINKS+= DSA_get0_pqg.3 DSA_set0_key.3 -MLINKS+= DSA_get0_pqg.3 DSA_set0_pqg.3 -MLINKS+= DSA_get0_pqg.3 DSA_set_flags.3 -MLINKS+= DSA_get0_pqg.3 DSA_test_flags.3 -MLINKS+= DSA_meth_new.3 DSA_meth_dup.3 -MLINKS+= DSA_meth_new.3 DSA_meth_free.3 -MLINKS+= DSA_meth_new.3 DSA_meth_get0_app_data.3 -MLINKS+= DSA_meth_new.3 DSA_meth_get0_name.3 -MLINKS+= DSA_meth_new.3 DSA_meth_get_bn_mod_exp.3 -MLINKS+= DSA_meth_new.3 DSA_meth_get_finish.3 -MLINKS+= DSA_meth_new.3 DSA_meth_get_flags.3 -MLINKS+= DSA_meth_new.3 DSA_meth_get_init.3 -MLINKS+= DSA_meth_new.3 DSA_meth_get_keygen.3 -MLINKS+= DSA_meth_new.3 DSA_meth_get_mod_exp.3 -MLINKS+= DSA_meth_new.3 DSA_meth_get_paramgen.3 -MLINKS+= DSA_meth_new.3 DSA_meth_get_sign.3 -MLINKS+= DSA_meth_new.3 DSA_meth_get_sign_setup.3 -MLINKS+= DSA_meth_new.3 DSA_meth_get_verify.3 -MLINKS+= DSA_meth_new.3 DSA_meth_set0_app_data.3 -MLINKS+= DSA_meth_new.3 DSA_meth_set1_name.3 -MLINKS+= DSA_meth_new.3 DSA_meth_set_bn_mod_exp.3 -MLINKS+= DSA_meth_new.3 DSA_meth_set_finish.3 -MLINKS+= DSA_meth_new.3 DSA_meth_set_flags.3 -MLINKS+= DSA_meth_new.3 DSA_meth_set_init.3 -MLINKS+= DSA_meth_new.3 DSA_meth_set_keygen.3 -MLINKS+= DSA_meth_new.3 DSA_meth_set_mod_exp.3 -MLINKS+= DSA_meth_new.3 DSA_meth_set_paramgen.3 -MLINKS+= DSA_meth_new.3 DSA_meth_set_sign.3 -MLINKS+= DSA_meth_new.3 DSA_meth_set_sign_setup.3 -MLINKS+= DSA_meth_new.3 DSA_meth_set_verify.3 -MLINKS+= DSA_new.3 DSA_free.3 -MLINKS+= DSA_set_method.3 DSA_OpenSSL.3 -MLINKS+= DSA_set_method.3 DSA_get_default_method.3 -MLINKS+= DSA_set_method.3 DSA_new_method.3 -MLINKS+= DSA_set_method.3 DSA_set_default_method.3 -MLINKS+= DSA_sign.3 DSA_sign_setup.3 -MLINKS+= DSA_sign.3 DSA_verify.3 -MLINKS+= DSA_size.3 DSA_bits.3 -MLINKS+= DSA_size.3 DSA_security_bits.3 -MLINKS+= DTLS_set_timer_cb.3 DTLS_timer_cb.3 -MLINKS+= DTLSv1_listen.3 SSL_stateless.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_free.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_get0.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_get0_r.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_get0_s.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_set0.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_do_sign.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_do_sign_ex.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_do_verify.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_sign.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_sign_ex.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_sign_setup.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_size.3 -MLINKS+= ECDSA_SIG_new.3 ECDSA_verify.3 -MLINKS+= ECPKParameters_print.3 ECPKParameters_print_fp.3 -MLINKS+= EC_GFp_simple_method.3 EC_GF2m_simple_method.3 -MLINKS+= EC_GFp_simple_method.3 EC_GFp_mont_method.3 -MLINKS+= EC_GFp_simple_method.3 EC_GFp_nist_method.3 -MLINKS+= EC_GFp_simple_method.3 EC_GFp_nistp224_method.3 -MLINKS+= EC_GFp_simple_method.3 EC_GFp_nistp256_method.3 -MLINKS+= EC_GFp_simple_method.3 EC_GFp_nistp521_method.3 -MLINKS+= EC_GFp_simple_method.3 EC_METHOD_get_field_type.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_check.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_check_discriminant.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_cmp.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_dup.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_cofactor.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_generator.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_order.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_seed.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_asn1_flag.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_basis_type.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_cofactor.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_curve_name.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_degree.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_order.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_pentanomial_basis.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_point_conversion_form.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_seed_len.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_trinomial_basis.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_method_of.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_order_bits.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_asn1_flag.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_curve_name.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_generator.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_point_conversion_form.3 -MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_seed.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_clear_free.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_free.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_get_curve.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_get_curve_GF2m.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_get_curve_GFp.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_get_ecparameters.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_get_ecpkparameters.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_new_by_curve_name.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_new_curve_GF2m.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_new_curve_GFp.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_new_from_ecparameters.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_new_from_ecpkparameters.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_set_curve.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_set_curve_GF2m.3 -MLINKS+= EC_GROUP_new.3 EC_GROUP_set_curve_GFp.3 -MLINKS+= EC_GROUP_new.3 EC_get_builtin_curves.3 -MLINKS+= EC_KEY_get_enc_flags.3 EC_KEY_set_enc_flags.3 -MLINKS+= EC_KEY_new.3 EC_KEY_check_key.3 -MLINKS+= EC_KEY_new.3 EC_KEY_clear_flags.3 -MLINKS+= EC_KEY_new.3 EC_KEY_copy.3 -MLINKS+= EC_KEY_new.3 EC_KEY_dup.3 -MLINKS+= EC_KEY_new.3 EC_KEY_free.3 -MLINKS+= EC_KEY_new.3 EC_KEY_generate_key.3 -MLINKS+= EC_KEY_new.3 EC_KEY_get0_engine.3 -MLINKS+= EC_KEY_new.3 EC_KEY_get0_group.3 -MLINKS+= EC_KEY_new.3 EC_KEY_get0_private_key.3 -MLINKS+= EC_KEY_new.3 EC_KEY_get0_public_key.3 -MLINKS+= EC_KEY_new.3 EC_KEY_get_conv_form.3 -MLINKS+= EC_KEY_new.3 EC_KEY_get_flags.3 -MLINKS+= EC_KEY_new.3 EC_KEY_get_method.3 -MLINKS+= EC_KEY_new.3 EC_KEY_key2buf.3 -MLINKS+= EC_KEY_new.3 EC_KEY_new_by_curve_name.3 -MLINKS+= EC_KEY_new.3 EC_KEY_oct2key.3 -MLINKS+= EC_KEY_new.3 EC_KEY_oct2priv.3 -MLINKS+= EC_KEY_new.3 EC_KEY_precompute_mult.3 -MLINKS+= EC_KEY_new.3 EC_KEY_priv2buf.3 -MLINKS+= EC_KEY_new.3 EC_KEY_priv2oct.3 -MLINKS+= EC_KEY_new.3 EC_KEY_set_asn1_flag.3 -MLINKS+= EC_KEY_new.3 EC_KEY_set_conv_form.3 -MLINKS+= EC_KEY_new.3 EC_KEY_set_flags.3 -MLINKS+= EC_KEY_new.3 EC_KEY_set_group.3 -MLINKS+= EC_KEY_new.3 EC_KEY_set_method.3 -MLINKS+= EC_KEY_new.3 EC_KEY_set_private_key.3 -MLINKS+= EC_KEY_new.3 EC_KEY_set_public_key.3 -MLINKS+= EC_KEY_new.3 EC_KEY_set_public_key_affine_coordinates.3 -MLINKS+= EC_KEY_new.3 EC_KEY_up_ref.3 -MLINKS+= EC_POINT_add.3 EC_GROUP_have_precompute_mult.3 -MLINKS+= EC_POINT_add.3 EC_GROUP_precompute_mult.3 -MLINKS+= EC_POINT_add.3 EC_POINT_cmp.3 -MLINKS+= EC_POINT_add.3 EC_POINT_dbl.3 -MLINKS+= EC_POINT_add.3 EC_POINT_invert.3 -MLINKS+= EC_POINT_add.3 EC_POINT_is_at_infinity.3 -MLINKS+= EC_POINT_add.3 EC_POINT_is_on_curve.3 -MLINKS+= EC_POINT_add.3 EC_POINT_make_affine.3 -MLINKS+= EC_POINT_add.3 EC_POINT_mul.3 -MLINKS+= EC_POINT_add.3 EC_POINTs_make_affine.3 -MLINKS+= EC_POINT_add.3 EC_POINTs_mul.3 -MLINKS+= EC_POINT_new.3 EC_POINT_bn2point.3 -MLINKS+= EC_POINT_new.3 EC_POINT_clear_free.3 -MLINKS+= EC_POINT_new.3 EC_POINT_copy.3 -MLINKS+= EC_POINT_new.3 EC_POINT_dup.3 -MLINKS+= EC_POINT_new.3 EC_POINT_free.3 -MLINKS+= EC_POINT_new.3 EC_POINT_get_Jprojective_coordinates_GFp.3 -MLINKS+= EC_POINT_new.3 EC_POINT_get_affine_coordinates.3 -MLINKS+= EC_POINT_new.3 EC_POINT_get_affine_coordinates_GF2m.3 -MLINKS+= EC_POINT_new.3 EC_POINT_get_affine_coordinates_GFp.3 -MLINKS+= EC_POINT_new.3 EC_POINT_hex2point.3 -MLINKS+= EC_POINT_new.3 EC_POINT_method_of.3 -MLINKS+= EC_POINT_new.3 EC_POINT_oct2point.3 -MLINKS+= EC_POINT_new.3 EC_POINT_point2bn.3 -MLINKS+= EC_POINT_new.3 EC_POINT_point2buf.3 -MLINKS+= EC_POINT_new.3 EC_POINT_point2hex.3 -MLINKS+= EC_POINT_new.3 EC_POINT_point2oct.3 -MLINKS+= EC_POINT_new.3 EC_POINT_set_Jprojective_coordinates_GFp.3 -MLINKS+= EC_POINT_new.3 EC_POINT_set_affine_coordinates.3 -MLINKS+= EC_POINT_new.3 EC_POINT_set_affine_coordinates_GF2m.3 -MLINKS+= EC_POINT_new.3 EC_POINT_set_affine_coordinates_GFp.3 -MLINKS+= EC_POINT_new.3 EC_POINT_set_compressed_coordinates.3 -MLINKS+= EC_POINT_new.3 EC_POINT_set_compressed_coordinates_GF2m.3 -MLINKS+= EC_POINT_new.3 EC_POINT_set_compressed_coordinates_GFp.3 -MLINKS+= EC_POINT_new.3 EC_POINT_set_to_infinity.3 -MLINKS+= ENGINE_add.3 ENGINE_by_id.3 -MLINKS+= ENGINE_add.3 ENGINE_cleanup.3 -MLINKS+= ENGINE_add.3 ENGINE_cmd_is_executable.3 -MLINKS+= ENGINE_add.3 ENGINE_ctrl.3 -MLINKS+= ENGINE_add.3 ENGINE_ctrl_cmd.3 -MLINKS+= ENGINE_add.3 ENGINE_ctrl_cmd_string.3 -MLINKS+= ENGINE_add.3 ENGINE_finish.3 -MLINKS+= ENGINE_add.3 ENGINE_free.3 -MLINKS+= ENGINE_add.3 ENGINE_get_DH.3 -MLINKS+= ENGINE_add.3 ENGINE_get_DSA.3 -MLINKS+= ENGINE_add.3 ENGINE_get_RAND.3 -MLINKS+= ENGINE_add.3 ENGINE_get_RSA.3 -MLINKS+= ENGINE_add.3 ENGINE_get_cipher.3 -MLINKS+= ENGINE_add.3 ENGINE_get_cipher_engine.3 -MLINKS+= ENGINE_add.3 ENGINE_get_ciphers.3 -MLINKS+= ENGINE_add.3 ENGINE_get_cmd_defns.3 -MLINKS+= ENGINE_add.3 ENGINE_get_ctrl_function.3 -MLINKS+= ENGINE_add.3 ENGINE_get_default_DH.3 -MLINKS+= ENGINE_add.3 ENGINE_get_default_DSA.3 -MLINKS+= ENGINE_add.3 ENGINE_get_default_RAND.3 -MLINKS+= ENGINE_add.3 ENGINE_get_default_RSA.3 -MLINKS+= ENGINE_add.3 ENGINE_get_destroy_function.3 -MLINKS+= ENGINE_add.3 ENGINE_get_digest.3 -MLINKS+= ENGINE_add.3 ENGINE_get_digest_engine.3 -MLINKS+= ENGINE_add.3 ENGINE_get_digests.3 -MLINKS+= ENGINE_add.3 ENGINE_get_finish_function.3 -MLINKS+= ENGINE_add.3 ENGINE_get_first.3 -MLINKS+= ENGINE_add.3 ENGINE_get_flags.3 -MLINKS+= ENGINE_add.3 ENGINE_get_id.3 -MLINKS+= ENGINE_add.3 ENGINE_get_init_function.3 -MLINKS+= ENGINE_add.3 ENGINE_get_last.3 -MLINKS+= ENGINE_add.3 ENGINE_get_load_privkey_function.3 -MLINKS+= ENGINE_add.3 ENGINE_get_load_pubkey_function.3 -MLINKS+= ENGINE_add.3 ENGINE_get_name.3 -MLINKS+= ENGINE_add.3 ENGINE_get_next.3 -MLINKS+= ENGINE_add.3 ENGINE_get_prev.3 -MLINKS+= ENGINE_add.3 ENGINE_get_table_flags.3 -MLINKS+= ENGINE_add.3 ENGINE_init.3 -MLINKS+= ENGINE_add.3 ENGINE_load_builtin_engines.3 -MLINKS+= ENGINE_add.3 ENGINE_load_private_key.3 -MLINKS+= ENGINE_add.3 ENGINE_load_public_key.3 -MLINKS+= ENGINE_add.3 ENGINE_new.3 -MLINKS+= ENGINE_add.3 ENGINE_register_DH.3 -MLINKS+= ENGINE_add.3 ENGINE_register_DSA.3 -MLINKS+= ENGINE_add.3 ENGINE_register_RAND.3 -MLINKS+= ENGINE_add.3 ENGINE_register_RSA.3 -MLINKS+= ENGINE_add.3 ENGINE_register_all_DH.3 -MLINKS+= ENGINE_add.3 ENGINE_register_all_DSA.3 -MLINKS+= ENGINE_add.3 ENGINE_register_all_RAND.3 -MLINKS+= ENGINE_add.3 ENGINE_register_all_RSA.3 -MLINKS+= ENGINE_add.3 ENGINE_register_all_ciphers.3 -MLINKS+= ENGINE_add.3 ENGINE_register_all_complete.3 -MLINKS+= ENGINE_add.3 ENGINE_register_all_digests.3 -MLINKS+= ENGINE_add.3 ENGINE_register_ciphers.3 -MLINKS+= ENGINE_add.3 ENGINE_register_complete.3 -MLINKS+= ENGINE_add.3 ENGINE_register_digests.3 -MLINKS+= ENGINE_add.3 ENGINE_remove.3 -MLINKS+= ENGINE_add.3 ENGINE_set_DH.3 -MLINKS+= ENGINE_add.3 ENGINE_set_DSA.3 -MLINKS+= ENGINE_add.3 ENGINE_set_RAND.3 -MLINKS+= ENGINE_add.3 ENGINE_set_RSA.3 -MLINKS+= ENGINE_add.3 ENGINE_set_ciphers.3 -MLINKS+= ENGINE_add.3 ENGINE_set_cmd_defns.3 -MLINKS+= ENGINE_add.3 ENGINE_set_ctrl_function.3 -MLINKS+= ENGINE_add.3 ENGINE_set_default.3 -MLINKS+= ENGINE_add.3 ENGINE_set_default_DH.3 -MLINKS+= ENGINE_add.3 ENGINE_set_default_DSA.3 -MLINKS+= ENGINE_add.3 ENGINE_set_default_RAND.3 -MLINKS+= ENGINE_add.3 ENGINE_set_default_RSA.3 -MLINKS+= ENGINE_add.3 ENGINE_set_default_ciphers.3 -MLINKS+= ENGINE_add.3 ENGINE_set_default_digests.3 -MLINKS+= ENGINE_add.3 ENGINE_set_default_string.3 -MLINKS+= ENGINE_add.3 ENGINE_set_destroy_function.3 -MLINKS+= ENGINE_add.3 ENGINE_set_digests.3 -MLINKS+= ENGINE_add.3 ENGINE_set_finish_function.3 -MLINKS+= ENGINE_add.3 ENGINE_set_flags.3 -MLINKS+= ENGINE_add.3 ENGINE_set_id.3 -MLINKS+= ENGINE_add.3 ENGINE_set_init_function.3 -MLINKS+= ENGINE_add.3 ENGINE_set_load_privkey_function.3 -MLINKS+= ENGINE_add.3 ENGINE_set_load_pubkey_function.3 -MLINKS+= ENGINE_add.3 ENGINE_set_name.3 -MLINKS+= ENGINE_add.3 ENGINE_set_table_flags.3 -MLINKS+= ENGINE_add.3 ENGINE_unregister_DH.3 -MLINKS+= ENGINE_add.3 ENGINE_unregister_DSA.3 -MLINKS+= ENGINE_add.3 ENGINE_unregister_RAND.3 -MLINKS+= ENGINE_add.3 ENGINE_unregister_RSA.3 -MLINKS+= ENGINE_add.3 ENGINE_unregister_ciphers.3 -MLINKS+= ENGINE_add.3 ENGINE_unregister_digests.3 -MLINKS+= ENGINE_add.3 ENGINE_up_ref.3 -MLINKS+= ERR_GET_LIB.3 ERR_FATAL_ERROR.3 -MLINKS+= ERR_GET_LIB.3 ERR_GET_FUNC.3 -MLINKS+= ERR_GET_LIB.3 ERR_GET_REASON.3 -MLINKS+= ERR_error_string.3 ERR_error_string_n.3 -MLINKS+= ERR_error_string.3 ERR_func_error_string.3 -MLINKS+= ERR_error_string.3 ERR_lib_error_string.3 -MLINKS+= ERR_error_string.3 ERR_reason_error_string.3 -MLINKS+= ERR_get_error.3 ERR_get_error_line.3 -MLINKS+= ERR_get_error.3 ERR_get_error_line_data.3 -MLINKS+= ERR_get_error.3 ERR_peek_error.3 -MLINKS+= ERR_get_error.3 ERR_peek_error_line.3 -MLINKS+= ERR_get_error.3 ERR_peek_error_line_data.3 -MLINKS+= ERR_get_error.3 ERR_peek_last_error.3 -MLINKS+= ERR_get_error.3 ERR_peek_last_error_line.3 -MLINKS+= ERR_get_error.3 ERR_peek_last_error_line_data.3 -MLINKS+= ERR_load_crypto_strings.3 ERR_free_strings.3 -MLINKS+= ERR_load_crypto_strings.3 SSL_load_error_strings.3 -MLINKS+= ERR_load_strings.3 ERR_PACK.3 -MLINKS+= ERR_load_strings.3 ERR_get_next_error_library.3 -MLINKS+= ERR_print_errors.3 ERR_print_errors_cb.3 -MLINKS+= ERR_print_errors.3 ERR_print_errors_fp.3 -MLINKS+= ERR_put_error.3 ERR_add_error_data.3 -MLINKS+= ERR_put_error.3 ERR_add_error_vdata.3 -MLINKS+= ERR_remove_state.3 ERR_remove_thread_state.3 -MLINKS+= ERR_set_mark.3 ERR_pop_to_mark.3 -MLINKS+= EVP_CIPHER_CTX_get_cipher_data.3 EVP_CIPHER_CTX_set_cipher_data.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_dup.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_free.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_cleanup.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_ctrl.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_do_cipher.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_get_asn1_params.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_init.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_set_asn1_params.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_cleanup.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_ctrl.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_do_cipher.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_flags.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_get_asn1_params.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_impl_ctx_size.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_init.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_iv_length.3 -MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_set_asn1_params.3 -MLINKS+= EVP_DigestInit.3 EVP_DigestFinal.3 -MLINKS+= EVP_DigestInit.3 EVP_DigestFinalXOF.3 -MLINKS+= EVP_DigestInit.3 EVP_DigestFinal_ex.3 -MLINKS+= EVP_DigestInit.3 EVP_DigestInit_ex.3 -MLINKS+= EVP_DigestInit.3 EVP_DigestUpdate.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_block_size.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_clear_flags.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_copy.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_copy_ex.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_ctrl.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_free.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_md.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_md_data.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_new.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_reset.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_set_flags.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_set_pkey_ctx.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_size.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_test_flags.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_type.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_block_size.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_pkey_type.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_size.3 -MLINKS+= EVP_DigestInit.3 EVP_MD_type.3 -MLINKS+= EVP_DigestInit.3 EVP_get_digestbyname.3 -MLINKS+= EVP_DigestInit.3 EVP_get_digestbynid.3 -MLINKS+= EVP_DigestInit.3 EVP_get_digestbyobj.3 -MLINKS+= EVP_DigestInit.3 EVP_md_null.3 -MLINKS+= EVP_DigestSignInit.3 EVP_DigestSign.3 -MLINKS+= EVP_DigestSignInit.3 EVP_DigestSignFinal.3 -MLINKS+= EVP_DigestSignInit.3 EVP_DigestSignUpdate.3 -MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerify.3 -MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerifyFinal.3 -MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerifyUpdate.3 -MLINKS+= EVP_EncodeInit.3 EVP_DecodeBlock.3 -MLINKS+= EVP_EncodeInit.3 EVP_DecodeFinal.3 -MLINKS+= EVP_EncodeInit.3 EVP_DecodeInit.3 -MLINKS+= EVP_EncodeInit.3 EVP_DecodeUpdate.3 -MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_copy.3 -MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_free.3 -MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_new.3 -MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_num.3 -MLINKS+= EVP_EncodeInit.3 EVP_EncodeBlock.3 -MLINKS+= EVP_EncodeInit.3 EVP_EncodeFinal.3 -MLINKS+= EVP_EncodeInit.3 EVP_EncodeUpdate.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_block_size.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_cipher.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_ctrl.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_flags.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_free.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_app_data.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_iv_length.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_key_length.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_mode.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_new.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_nid.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_reset.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_app_data.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_key_length.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_padding.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_type.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_asn1_to_param.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_block_size.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_flags.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_iv_length.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_key_length.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_mode.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_nid.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_param_to_asn1.3 -MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_type.3 -MLINKS+= EVP_EncryptInit.3 EVP_CipherFinal.3 -MLINKS+= EVP_EncryptInit.3 EVP_CipherFinal_ex.3 -MLINKS+= EVP_EncryptInit.3 EVP_CipherInit.3 -MLINKS+= EVP_EncryptInit.3 EVP_CipherInit_ex.3 -MLINKS+= EVP_EncryptInit.3 EVP_CipherUpdate.3 -MLINKS+= EVP_EncryptInit.3 EVP_DecryptFinal.3 -MLINKS+= EVP_EncryptInit.3 EVP_DecryptFinal_ex.3 -MLINKS+= EVP_EncryptInit.3 EVP_DecryptInit.3 -MLINKS+= EVP_EncryptInit.3 EVP_DecryptInit_ex.3 -MLINKS+= EVP_EncryptInit.3 EVP_DecryptUpdate.3 -MLINKS+= EVP_EncryptInit.3 EVP_EncryptFinal.3 -MLINKS+= EVP_EncryptInit.3 EVP_EncryptFinal_ex.3 -MLINKS+= EVP_EncryptInit.3 EVP_EncryptInit_ex.3 -MLINKS+= EVP_EncryptInit.3 EVP_EncryptUpdate.3 -MLINKS+= EVP_EncryptInit.3 EVP_enc_null.3 -MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbyname.3 -MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbynid.3 -MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbyobj.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_dup.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_free.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_app_datasize.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_cleanup.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_copy.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_ctrl.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_final.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_flags.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_init.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_input_blocksize.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_result_size.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_update.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_app_datasize.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_cleanup.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_copy.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_ctrl.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_final.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_flags.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_init.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_input_blocksize.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_result_size.3 -MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_update.3 -MLINKS+= EVP_OpenInit.3 EVP_OpenFinal.3 -MLINKS+= EVP_OpenInit.3 EVP_OpenUpdate.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_add0.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_add_alias.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_copy.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_free.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_new.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_check.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_ctrl.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_free.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_get_priv_key.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_get_pub_key.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_item.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_param.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_param_check.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_private.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_public.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_public_check.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_security_bits.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_set_priv_key.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_set_pub_key.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_siginf.3 -MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_get0_asn1.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_ctrl_str.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_ctrl_uint64.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_dh_kdf_oid.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_dh_kdf_ukm.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_rsa_oaep_label.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get1_id.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get1_id_len.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_md.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_outlen.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_type.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_cofactor_mode.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_md.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_outlen.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_type.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_mgf1_md.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_oaep_md.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_padding.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_pss_saltlen.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_signature_md.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_md.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_dh_kdf_oid.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_dh_kdf_ukm.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_rsa_oaep_label.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set1_id.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_md.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_outlen.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_type.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_nid.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_pad.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_generator.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_prime_len.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_subprime_len.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_type.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_rfc5114.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dhx_rfc5114.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dsa_paramgen_bits.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ec_param_enc.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_cofactor_mode.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_md.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_outlen.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_type.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_mac_key.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_bits.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_primes.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_pubexp.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_mgf1_md.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_oaep_md.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_padding.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_pss_saltlen.3 -MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_signature_md.3 -MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_dup.3 -MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_free.3 -MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_new_id.3 -MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_add1_hkdf_info.3 -MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_hkdf_mode.3 -MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_set1_hkdf_key.3 -MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_set1_hkdf_salt.3 -MLINKS+= EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.3 -MLINKS+= EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen.3 -MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set1_scrypt_salt.3 -MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set_scrypt_maxmem_bytes.3 -MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set_scrypt_p.3 -MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set_scrypt_r.3 -MLINKS+= EVP_PKEY_CTX_set_tls1_prf_md.3 EVP_PKEY_CTX_add1_tls1_prf_seed.3 -MLINKS+= EVP_PKEY_CTX_set_tls1_prf_md.3 EVP_PKEY_CTX_set1_tls1_prf_secret.3 -MLINKS+= EVP_PKEY_asn1_get_count.3 EVP_PKEY_asn1_find.3 -MLINKS+= EVP_PKEY_asn1_get_count.3 EVP_PKEY_asn1_find_str.3 -MLINKS+= EVP_PKEY_asn1_get_count.3 EVP_PKEY_asn1_get0.3 -MLINKS+= EVP_PKEY_asn1_get_count.3 EVP_PKEY_asn1_get0_info.3 -MLINKS+= EVP_PKEY_cmp.3 EVP_PKEY_cmp_parameters.3 -MLINKS+= EVP_PKEY_cmp.3 EVP_PKEY_copy_parameters.3 -MLINKS+= EVP_PKEY_cmp.3 EVP_PKEY_missing_parameters.3 -MLINKS+= EVP_PKEY_decrypt.3 EVP_PKEY_decrypt_init.3 -MLINKS+= EVP_PKEY_derive.3 EVP_PKEY_derive_init.3 -MLINKS+= EVP_PKEY_derive.3 EVP_PKEY_derive_set_peer.3 -MLINKS+= EVP_PKEY_encrypt.3 EVP_PKEY_encrypt_init.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_app_data.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_cb.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_keygen_info.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_set_app_data.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_set_cb.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_check.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_gen_cb.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_keygen_init.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_param_check.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_paramgen.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_paramgen_init.3 -MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_public_check.3 -MLINKS+= EVP_PKEY_meth_get_count.3 EVP_PKEY_meth_get0.3 -MLINKS+= EVP_PKEY_meth_get_count.3 EVP_PKEY_meth_get0_info.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_METHOD.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_add0.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_copy.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_find.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_free.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_check.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_cleanup.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_copy.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_ctrl.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_decrypt.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_derive.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_digest_custom.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_encrypt.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_init.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_keygen.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_param_check.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_paramgen.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_public_check.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_sign.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_signctx.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_verify.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_verify_recover.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_verifyctx.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_remove.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_check.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_cleanup.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_copy.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_ctrl.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_decrypt.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_derive.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_digest_custom.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_encrypt.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_init.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_keygen.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_param_check.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_paramgen.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_public_check.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_sign.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_signctx.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_verify.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_verify_recover.3 -MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_verifyctx.3 -MLINKS+= EVP_PKEY_new.3 EVP_PKEY_free.3 -MLINKS+= EVP_PKEY_new.3 EVP_PKEY_get_raw_private_key.3 -MLINKS+= EVP_PKEY_new.3 EVP_PKEY_get_raw_public_key.3 -MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_CMAC_key.3 -MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_mac_key.3 -MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_raw_private_key.3 -MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_raw_public_key.3 -MLINKS+= EVP_PKEY_new.3 EVP_PKEY_up_ref.3 -MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_params.3 -MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_public.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DH.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_EC_KEY.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_POLY1305.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_RSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_SIPHASH.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_base_id.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_DH.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_DSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_EC_KEY.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_RSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_engine.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_hmac.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_poly1305.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_siphash.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DH.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_EC_KEY.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_RSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_id.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_DH.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_DSA.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_EC_KEY.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_engine.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set_alias_type.3 -MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_type.3 -MLINKS+= EVP_PKEY_sign.3 EVP_PKEY_sign_init.3 -MLINKS+= EVP_PKEY_verify.3 EVP_PKEY_verify_init.3 -MLINKS+= EVP_PKEY_verify_recover.3 EVP_PKEY_verify_recover_init.3 -MLINKS+= EVP_SealInit.3 EVP_SealFinal.3 -MLINKS+= EVP_SealInit.3 EVP_SealUpdate.3 -MLINKS+= EVP_SignInit.3 EVP_PKEY_security_bits.3 -MLINKS+= EVP_SignInit.3 EVP_PKEY_size.3 -MLINKS+= EVP_SignInit.3 EVP_SignFinal.3 -MLINKS+= EVP_SignInit.3 EVP_SignInit_ex.3 -MLINKS+= EVP_SignInit.3 EVP_SignUpdate.3 -MLINKS+= EVP_VerifyInit.3 EVP_VerifyFinal.3 -MLINKS+= EVP_VerifyInit.3 EVP_VerifyInit_ex.3 -MLINKS+= EVP_VerifyInit.3 EVP_VerifyUpdate.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cbc.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cbc_hmac_sha1.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cbc_hmac_sha256.3 -MLINKS+= EVP_aes.3 EVP_aes_128_ccm.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cfb.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cfb1.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cfb128.3 -MLINKS+= EVP_aes.3 EVP_aes_128_cfb8.3 -MLINKS+= EVP_aes.3 EVP_aes_128_ctr.3 -MLINKS+= EVP_aes.3 EVP_aes_128_ecb.3 -MLINKS+= EVP_aes.3 EVP_aes_128_gcm.3 -MLINKS+= EVP_aes.3 EVP_aes_128_ocb.3 -MLINKS+= EVP_aes.3 EVP_aes_128_ofb.3 -MLINKS+= EVP_aes.3 EVP_aes_128_wrap.3 -MLINKS+= EVP_aes.3 EVP_aes_128_wrap_pad.3 -MLINKS+= EVP_aes.3 EVP_aes_128_xts.3 -MLINKS+= EVP_aes.3 EVP_aes_192_cbc.3 -MLINKS+= EVP_aes.3 EVP_aes_192_ccm.3 -MLINKS+= EVP_aes.3 EVP_aes_192_cfb.3 -MLINKS+= EVP_aes.3 EVP_aes_192_cfb1.3 -MLINKS+= EVP_aes.3 EVP_aes_192_cfb128.3 -MLINKS+= EVP_aes.3 EVP_aes_192_cfb8.3 -MLINKS+= EVP_aes.3 EVP_aes_192_ctr.3 -MLINKS+= EVP_aes.3 EVP_aes_192_ecb.3 -MLINKS+= EVP_aes.3 EVP_aes_192_gcm.3 -MLINKS+= EVP_aes.3 EVP_aes_192_ocb.3 -MLINKS+= EVP_aes.3 EVP_aes_192_ofb.3 -MLINKS+= EVP_aes.3 EVP_aes_192_wrap.3 -MLINKS+= EVP_aes.3 EVP_aes_192_wrap_pad.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cbc.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cbc_hmac_sha1.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cbc_hmac_sha256.3 -MLINKS+= EVP_aes.3 EVP_aes_256_ccm.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cfb.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cfb1.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cfb128.3 -MLINKS+= EVP_aes.3 EVP_aes_256_cfb8.3 -MLINKS+= EVP_aes.3 EVP_aes_256_ctr.3 -MLINKS+= EVP_aes.3 EVP_aes_256_ecb.3 -MLINKS+= EVP_aes.3 EVP_aes_256_gcm.3 -MLINKS+= EVP_aes.3 EVP_aes_256_ocb.3 -MLINKS+= EVP_aes.3 EVP_aes_256_ofb.3 -MLINKS+= EVP_aes.3 EVP_aes_256_wrap.3 -MLINKS+= EVP_aes.3 EVP_aes_256_wrap_pad.3 -MLINKS+= EVP_aes.3 EVP_aes_256_xts.3 -MLINKS+= EVP_aria.3 EVP_aria_128_cbc.3 -MLINKS+= EVP_aria.3 EVP_aria_128_ccm.3 -MLINKS+= EVP_aria.3 EVP_aria_128_cfb.3 -MLINKS+= EVP_aria.3 EVP_aria_128_cfb1.3 -MLINKS+= EVP_aria.3 EVP_aria_128_cfb128.3 -MLINKS+= EVP_aria.3 EVP_aria_128_cfb8.3 -MLINKS+= EVP_aria.3 EVP_aria_128_ctr.3 -MLINKS+= EVP_aria.3 EVP_aria_128_ecb.3 -MLINKS+= EVP_aria.3 EVP_aria_128_gcm.3 -MLINKS+= EVP_aria.3 EVP_aria_128_ofb.3 -MLINKS+= EVP_aria.3 EVP_aria_192_cbc.3 -MLINKS+= EVP_aria.3 EVP_aria_192_ccm.3 -MLINKS+= EVP_aria.3 EVP_aria_192_cfb.3 -MLINKS+= EVP_aria.3 EVP_aria_192_cfb1.3 -MLINKS+= EVP_aria.3 EVP_aria_192_cfb128.3 -MLINKS+= EVP_aria.3 EVP_aria_192_cfb8.3 -MLINKS+= EVP_aria.3 EVP_aria_192_ctr.3 -MLINKS+= EVP_aria.3 EVP_aria_192_ecb.3 -MLINKS+= EVP_aria.3 EVP_aria_192_gcm.3 -MLINKS+= EVP_aria.3 EVP_aria_192_ofb.3 -MLINKS+= EVP_aria.3 EVP_aria_256_cbc.3 -MLINKS+= EVP_aria.3 EVP_aria_256_ccm.3 -MLINKS+= EVP_aria.3 EVP_aria_256_cfb.3 -MLINKS+= EVP_aria.3 EVP_aria_256_cfb1.3 -MLINKS+= EVP_aria.3 EVP_aria_256_cfb128.3 -MLINKS+= EVP_aria.3 EVP_aria_256_cfb8.3 -MLINKS+= EVP_aria.3 EVP_aria_256_ctr.3 -MLINKS+= EVP_aria.3 EVP_aria_256_ecb.3 -MLINKS+= EVP_aria.3 EVP_aria_256_gcm.3 -MLINKS+= EVP_aria.3 EVP_aria_256_ofb.3 -MLINKS+= EVP_bf_cbc.3 EVP_bf_cfb.3 -MLINKS+= EVP_bf_cbc.3 EVP_bf_cfb64.3 -MLINKS+= EVP_bf_cbc.3 EVP_bf_ecb.3 -MLINKS+= EVP_bf_cbc.3 EVP_bf_ofb.3 -MLINKS+= EVP_blake2b512.3 EVP_blake2s256.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_cbc.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb1.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb128.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb8.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_ctr.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_ecb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_128_ofb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_cbc.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb1.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb128.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb8.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_ctr.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_ecb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_192_ofb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_cbc.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb1.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb128.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb8.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_ctr.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_ecb.3 -MLINKS+= EVP_camellia.3 EVP_camellia_256_ofb.3 -MLINKS+= EVP_cast5_cbc.3 EVP_cast5_cfb.3 -MLINKS+= EVP_cast5_cbc.3 EVP_cast5_cfb64.3 -MLINKS+= EVP_cast5_cbc.3 EVP_cast5_ecb.3 -MLINKS+= EVP_cast5_cbc.3 EVP_cast5_ofb.3 -MLINKS+= EVP_chacha20.3 EVP_chacha20_poly1305.3 -MLINKS+= EVP_des.3 EVP_des_cbc.3 -MLINKS+= EVP_des.3 EVP_des_cfb.3 -MLINKS+= EVP_des.3 EVP_des_cfb1.3 -MLINKS+= EVP_des.3 EVP_des_cfb64.3 -MLINKS+= EVP_des.3 EVP_des_cfb8.3 -MLINKS+= EVP_des.3 EVP_des_ecb.3 -MLINKS+= EVP_des.3 EVP_des_ede.3 -MLINKS+= EVP_des.3 EVP_des_ede3.3 -MLINKS+= EVP_des.3 EVP_des_ede3_cbc.3 -MLINKS+= EVP_des.3 EVP_des_ede3_cfb.3 -MLINKS+= EVP_des.3 EVP_des_ede3_cfb1.3 -MLINKS+= EVP_des.3 EVP_des_ede3_cfb64.3 -MLINKS+= EVP_des.3 EVP_des_ede3_cfb8.3 -MLINKS+= EVP_des.3 EVP_des_ede3_ecb.3 -MLINKS+= EVP_des.3 EVP_des_ede3_ofb.3 -MLINKS+= EVP_des.3 EVP_des_ede3_wrap.3 -MLINKS+= EVP_des.3 EVP_des_ede_cbc.3 -MLINKS+= EVP_des.3 EVP_des_ede_cfb.3 -MLINKS+= EVP_des.3 EVP_des_ede_cfb64.3 -MLINKS+= EVP_des.3 EVP_des_ede_ecb.3 -MLINKS+= EVP_des.3 EVP_des_ede_ofb.3 -MLINKS+= EVP_des.3 EVP_des_ofb.3 -MLINKS+= EVP_idea_cbc.3 EVP_idea_cfb.3 -MLINKS+= EVP_idea_cbc.3 EVP_idea_cfb64.3 -MLINKS+= EVP_idea_cbc.3 EVP_idea_ecb.3 -MLINKS+= EVP_idea_cbc.3 EVP_idea_ofb.3 -MLINKS+= EVP_md5.3 EVP_md5_sha1.3 -MLINKS+= EVP_rc2_cbc.3 EVP_rc2_40_cbc.3 -MLINKS+= EVP_rc2_cbc.3 EVP_rc2_64_cbc.3 -MLINKS+= EVP_rc2_cbc.3 EVP_rc2_cfb.3 -MLINKS+= EVP_rc2_cbc.3 EVP_rc2_cfb64.3 -MLINKS+= EVP_rc2_cbc.3 EVP_rc2_ecb.3 -MLINKS+= EVP_rc2_cbc.3 EVP_rc2_ofb.3 -MLINKS+= EVP_rc4.3 EVP_rc4_40.3 -MLINKS+= EVP_rc4.3 EVP_rc4_hmac_md5.3 -MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_cfb.3 -MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_cfb64.3 -MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_ecb.3 -MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_ofb.3 -MLINKS+= EVP_seed_cbc.3 EVP_seed_cfb.3 -MLINKS+= EVP_seed_cbc.3 EVP_seed_cfb128.3 -MLINKS+= EVP_seed_cbc.3 EVP_seed_ecb.3 -MLINKS+= EVP_seed_cbc.3 EVP_seed_ofb.3 -MLINKS+= EVP_sha224.3 EVP_sha256.3 -MLINKS+= EVP_sha224.3 EVP_sha384.3 -MLINKS+= EVP_sha224.3 EVP_sha512.3 -MLINKS+= EVP_sha224.3 EVP_sha512_224.3 -MLINKS+= EVP_sha224.3 EVP_sha512_256.3 -MLINKS+= EVP_sha3_224.3 EVP_sha3_256.3 -MLINKS+= EVP_sha3_224.3 EVP_sha3_384.3 -MLINKS+= EVP_sha3_224.3 EVP_sha3_512.3 -MLINKS+= EVP_sha3_224.3 EVP_shake128.3 -MLINKS+= EVP_sha3_224.3 EVP_shake256.3 -MLINKS+= EVP_sm4_cbc.3 EVP_sm4_cfb.3 -MLINKS+= EVP_sm4_cbc.3 EVP_sm4_cfb128.3 -MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ctr.3 -MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ecb.3 -MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ofb.3 -MLINKS+= HMAC.3 HMAC_CTX_copy.3 -MLINKS+= HMAC.3 HMAC_CTX_free.3 -MLINKS+= HMAC.3 HMAC_CTX_get_md.3 -MLINKS+= HMAC.3 HMAC_CTX_new.3 -MLINKS+= HMAC.3 HMAC_CTX_reset.3 -MLINKS+= HMAC.3 HMAC_CTX_set_flags.3 -MLINKS+= HMAC.3 HMAC_Final.3 -MLINKS+= HMAC.3 HMAC_Init.3 -MLINKS+= HMAC.3 HMAC_Init_ex.3 -MLINKS+= HMAC.3 HMAC_Update.3 -MLINKS+= HMAC.3 HMAC_size.3 -MLINKS+= MD5.3 MD2.3 -MLINKS+= MD5.3 MD2_Final.3 -MLINKS+= MD5.3 MD2_Init.3 -MLINKS+= MD5.3 MD2_Update.3 -MLINKS+= MD5.3 MD4.3 -MLINKS+= MD5.3 MD4_Final.3 -MLINKS+= MD5.3 MD4_Init.3 -MLINKS+= MD5.3 MD4_Update.3 -MLINKS+= MD5.3 MD5_Final.3 -MLINKS+= MD5.3 MD5_Init.3 -MLINKS+= MD5.3 MD5_Update.3 -MLINKS+= MDC2_Init.3 MDC2.3 -MLINKS+= MDC2_Init.3 MDC2_Final.3 -MLINKS+= MDC2_Init.3 MDC2_Update.3 -MLINKS+= OBJ_nid2obj.3 OBJ_cleanup.3 -MLINKS+= OBJ_nid2obj.3 OBJ_cmp.3 -MLINKS+= OBJ_nid2obj.3 OBJ_create.3 -MLINKS+= OBJ_nid2obj.3 OBJ_dup.3 -MLINKS+= OBJ_nid2obj.3 OBJ_get0_data.3 -MLINKS+= OBJ_nid2obj.3 OBJ_length.3 -MLINKS+= OBJ_nid2obj.3 OBJ_ln2nid.3 -MLINKS+= OBJ_nid2obj.3 OBJ_nid2ln.3 -MLINKS+= OBJ_nid2obj.3 OBJ_nid2sn.3 -MLINKS+= OBJ_nid2obj.3 OBJ_obj2nid.3 -MLINKS+= OBJ_nid2obj.3 OBJ_obj2txt.3 -MLINKS+= OBJ_nid2obj.3 OBJ_sn2nid.3 -MLINKS+= OBJ_nid2obj.3 OBJ_txt2nid.3 -MLINKS+= OBJ_nid2obj.3 OBJ_txt2obj.3 -MLINKS+= OBJ_nid2obj.3 i2t_ASN1_OBJECT.3 -MLINKS+= OCSP_REQUEST_new.3 OCSP_REQUEST_free.3 -MLINKS+= OCSP_REQUEST_new.3 OCSP_request_add0_id.3 -MLINKS+= OCSP_REQUEST_new.3 OCSP_request_add1_cert.3 -MLINKS+= OCSP_REQUEST_new.3 OCSP_request_onereq_count.3 -MLINKS+= OCSP_REQUEST_new.3 OCSP_request_onereq_get0.3 -MLINKS+= OCSP_REQUEST_new.3 OCSP_request_sign.3 -MLINKS+= OCSP_cert_to_id.3 OCSP_CERTID_free.3 -MLINKS+= OCSP_cert_to_id.3 OCSP_cert_id_new.3 -MLINKS+= OCSP_cert_to_id.3 OCSP_id_cmp.3 -MLINKS+= OCSP_cert_to_id.3 OCSP_id_get0_info.3 -MLINKS+= OCSP_cert_to_id.3 OCSP_id_issuer_cmp.3 -MLINKS+= OCSP_request_add1_nonce.3 OCSP_basic_add1_nonce.3 -MLINKS+= OCSP_request_add1_nonce.3 OCSP_check_nonce.3 -MLINKS+= OCSP_request_add1_nonce.3 OCSP_copy_nonce.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_basic_verify.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_check_validity.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_resp_count.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_resp_find.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_certs.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_id.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_produced_at.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_respdata.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_signature.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_signer.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_tbs_sigalg.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get1_id.3 -MLINKS+= OCSP_resp_find_status.3 OCSP_single_get0_status.3 -MLINKS+= OCSP_response_status.3 OCSP_RESPID_match.3 -MLINKS+= OCSP_response_status.3 OCSP_RESPID_set_by_key.3 -MLINKS+= OCSP_response_status.3 OCSP_RESPID_set_by_name.3 -MLINKS+= OCSP_response_status.3 OCSP_RESPONSE_free.3 -MLINKS+= OCSP_response_status.3 OCSP_basic_sign.3 -MLINKS+= OCSP_response_status.3 OCSP_basic_sign_ctx.3 -MLINKS+= OCSP_response_status.3 OCSP_response_create.3 -MLINKS+= OCSP_response_status.3 OCSP_response_get1_basic.3 -MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_add1_header.3 -MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_free.3 -MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_set1_req.3 -MLINKS+= OCSP_sendreq_new.3 OCSP_sendreq_bio.3 -MLINKS+= OCSP_sendreq_new.3 OCSP_sendreq_nbio.3 -MLINKS+= OCSP_sendreq_new.3 OCSP_set_max_response_length.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 DECLARE_LHASH_OF.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 IMPLEMENT_LHASH_COMP_FN.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 IMPLEMENT_LHASH_HASH_FN.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 LHASH.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 LHASH_DOALL_ARG_FN_TYPE.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_DOALL_FUNC.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_HASHFUNC.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_delete.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_doall.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_doall_arg.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_error.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_free.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_insert.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_new.3 -MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_retrieve.3 -MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_stats.3 -MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_stats_bio.3 -MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_usage_stats.3 -MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_usage_stats_bio.3 -MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_stats_bio.3 -MLINKS+= OPENSSL_VERSION_NUMBER.3 OPENSSL_VERSION_TEXT.3 -MLINKS+= OPENSSL_VERSION_NUMBER.3 OpenSSL_version.3 -MLINKS+= OPENSSL_VERSION_NUMBER.3 OpenSSL_version_num.3 -MLINKS+= OPENSSL_config.3 OPENSSL_no_config.3 -MLINKS+= OPENSSL_fork_prepare.3 OPENSSL_fork_child.3 -MLINKS+= OPENSSL_fork_prepare.3 OPENSSL_fork_parent.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_free.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_new.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_appname.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_file_flags.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_filename.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_atexit.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_cleanup.3 -MLINKS+= OPENSSL_init_crypto.3 OPENSSL_thread_stop.3 -MLINKS+= OPENSSL_instrument_bus.3 OPENSSL_instrument_bus2.3 -MLINKS+= OPENSSL_load_builtin_modules.3 ASN1_add_oid_module.3 -MLINKS+= OPENSSL_load_builtin_modules.3 ENGINE_add_conf_module.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_clear_free.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_clear_realloc.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_free.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_get_alloc_counts.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_get_mem_functions.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_malloc.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_ctrl.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_debug_pop.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_debug_push.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_leaks.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_leaks_cb.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_leaks_fp.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_realloc.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_set_mem_debug.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_set_mem_functions.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_strdup.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_strndup.3 -MLINKS+= OPENSSL_malloc.3 CRYPTO_zalloc.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_MALLOC_FAILURES.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_MALLOC_FD.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_buf2hexstr.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_cleanse.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_clear_free.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_clear_realloc.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_free.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_hexchar2int.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_hexstr2buf.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_malloc_init.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_mem_debug_pop.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_mem_debug_push.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_memdup.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_realloc.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_strdup.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_strlcat.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_strlcpy.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_strndup.3 -MLINKS+= OPENSSL_malloc.3 OPENSSL_zalloc.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_clear_free.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_free.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc_done.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc_init.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc_initialized.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_used.3 -MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_zalloc.3 -MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_actual_size.3 -MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_clear_free.3 -MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_free.3 -MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_zalloc.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_free.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_CERT.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_CRL.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_NAME.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_NAME_description.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_PARAMS.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_PKEY.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_CERT.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_CRL.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_NAME.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_NAME_description.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_PARAMS.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_PKEY.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get_type.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_CERT.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_CRL.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_NAME.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_PARAMS.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_PKEY.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_set0_NAME_description.3 -MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_type_string.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_CTX.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_free.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_get0_engine.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_get0_scheme.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_new.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_close.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_ctrl.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_eof.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_error.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_expect.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_find.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_load.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_open.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_close_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_ctrl_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_eof_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_error_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_expect_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_find_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_load_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_open_fn.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_register_loader.3 -MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_unregister_loader.3 -MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_by_alias.3 -MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_by_issuer_serial.3 -MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_by_key_fingerprint.3 -MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_by_name.3 -MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_free.3 -MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_bytes.3 -MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_digest.3 -MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_name.3 -MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_serial.3 -MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_string.3 -MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get_type.3 -MLINKS+= OSSL_STORE_expect.3 OSSL_STORE_find.3 -MLINKS+= OSSL_STORE_expect.3 OSSL_STORE_supports_search.3 -MLINKS+= OSSL_STORE_open.3 OSSL_STORE_CTX.3 -MLINKS+= OSSL_STORE_open.3 OSSL_STORE_close.3 -MLINKS+= OSSL_STORE_open.3 OSSL_STORE_ctrl.3 -MLINKS+= OSSL_STORE_open.3 OSSL_STORE_eof.3 -MLINKS+= OSSL_STORE_open.3 OSSL_STORE_error.3 -MLINKS+= OSSL_STORE_open.3 OSSL_STORE_load.3 -MLINKS+= OSSL_STORE_open.3 OSSL_STORE_post_process_info_fn.3 -MLINKS+= OpenSSL_add_all_algorithms.3 EVP_cleanup.3 -MLINKS+= OpenSSL_add_all_algorithms.3 OpenSSL_add_all_ciphers.3 -MLINKS+= OpenSSL_add_all_algorithms.3 OpenSSL_add_all_digests.3 -MLINKS+= PEM_bytes_read_bio.3 PEM_bytes_read_bio_secmem.3 -MLINKS+= PEM_read.3 PEM_do_header.3 -MLINKS+= PEM_read.3 PEM_get_EVP_CIPHER_INFO.3 -MLINKS+= PEM_read.3 PEM_read_bio.3 -MLINKS+= PEM_read.3 PEM_write.3 -MLINKS+= PEM_read.3 PEM_write_bio.3 -MLINKS+= PEM_read_CMS.3 DECLARE_PEM_rw.3 -MLINKS+= PEM_read_CMS.3 PEM_read_ECPKParameters.3 -MLINKS+= PEM_read_CMS.3 PEM_read_ECPrivateKey.3 -MLINKS+= PEM_read_CMS.3 PEM_read_EC_PUBKEY.3 -MLINKS+= PEM_read_CMS.3 PEM_read_NETSCAPE_CERT_SEQUENCE.3 -MLINKS+= PEM_read_CMS.3 PEM_read_PKCS8.3 -MLINKS+= PEM_read_CMS.3 PEM_read_PKCS8_PRIV_KEY_INFO.3 -MLINKS+= PEM_read_CMS.3 PEM_read_SSL_SESSION.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_CMS.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_ECPKParameters.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_EC_PUBKEY.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_PKCS8.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_PKCS8_PRIV_KEY_INFO.3 -MLINKS+= PEM_read_CMS.3 PEM_read_bio_SSL_SESSION.3 -MLINKS+= PEM_read_CMS.3 PEM_write_CMS.3 -MLINKS+= PEM_read_CMS.3 PEM_write_DHxparams.3 -MLINKS+= PEM_read_CMS.3 PEM_write_ECPKParameters.3 -MLINKS+= PEM_read_CMS.3 PEM_write_ECPrivateKey.3 -MLINKS+= PEM_read_CMS.3 PEM_write_EC_PUBKEY.3 -MLINKS+= PEM_read_CMS.3 PEM_write_NETSCAPE_CERT_SEQUENCE.3 -MLINKS+= PEM_read_CMS.3 PEM_write_PKCS8.3 -MLINKS+= PEM_read_CMS.3 PEM_write_PKCS8_PRIV_KEY_INFO.3 -MLINKS+= PEM_read_CMS.3 PEM_write_SSL_SESSION.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_CMS.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_DHxparams.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_ECPKParameters.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_ECPrivateKey.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_EC_PUBKEY.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_PKCS8.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_PKCS8_PRIV_KEY_INFO.3 -MLINKS+= PEM_read_CMS.3 PEM_write_bio_SSL_SESSION.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DHparams.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DSAPrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DSA_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DSAparams.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_PKCS7.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_PrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_RSAPrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_RSAPublicKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_RSA_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_X509.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_X509_AUX.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_X509_CRL.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_X509_REQ.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_DHparams.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_DSAPrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_DSA_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_DSAparams.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_PKCS7.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_RSAPrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_RSAPublicKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_RSA_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_X509.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_X509_AUX.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_X509_CRL.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_X509_REQ.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_DHparams.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_DSAPrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_DSA_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_DSAparams.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PKCS7.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PKCS8PrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PKCS8PrivateKey_nid.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_RSAPrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_RSAPublicKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_RSA_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509_AUX.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509_CRL.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509_REQ.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509_REQ_NEW.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_DHparams.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_DSAPrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_DSA_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_DSAparams.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS7.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS8PrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS8PrivateKey_nid.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PrivateKey_traditional.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_RSAPrivateKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_RSAPublicKey.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_RSA_PUBKEY.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_AUX.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_CRL.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ.3 -MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ_NEW.3 -MLINKS+= PEM_read_bio_PrivateKey.3 pem_password_cb.3 -MLINKS+= PEM_read_bio_ex.3 PEM_FLAG_EAY_COMPATIBLE.3 -MLINKS+= PEM_read_bio_ex.3 PEM_FLAG_ONLY_B64.3 -MLINKS+= PEM_read_bio_ex.3 PEM_FLAG_SECURE.3 -MLINKS+= PKCS5_PBKDF2_HMAC.3 PKCS5_PBKDF2_HMAC_SHA1.3 -MLINKS+= PKCS7_verify.3 PKCS7_get0_signers.3 -MLINKS+= RAND_DRBG_generate.3 RAND_DRBG_bytes.3 -MLINKS+= RAND_DRBG_get0_master.3 RAND_DRBG_get0_private.3 -MLINKS+= RAND_DRBG_get0_master.3 RAND_DRBG_get0_public.3 -MLINKS+= RAND_DRBG_new.3 RAND_DRBG_free.3 -MLINKS+= RAND_DRBG_new.3 RAND_DRBG_instantiate.3 -MLINKS+= RAND_DRBG_new.3 RAND_DRBG_secure_new.3 -MLINKS+= RAND_DRBG_new.3 RAND_DRBG_set.3 -MLINKS+= RAND_DRBG_new.3 RAND_DRBG_set_defaults.3 -MLINKS+= RAND_DRBG_new.3 RAND_DRBG_uninstantiate.3 -MLINKS+= RAND_DRBG_reseed.3 RAND_DRBG_set_reseed_defaults.3 -MLINKS+= RAND_DRBG_reseed.3 RAND_DRBG_set_reseed_interval.3 -MLINKS+= RAND_DRBG_reseed.3 RAND_DRBG_set_reseed_time_interval.3 -MLINKS+= RAND_DRBG_set_callbacks.3 RAND_DRBG_cleanup_entropy_fn.3 -MLINKS+= RAND_DRBG_set_callbacks.3 RAND_DRBG_cleanup_nonce_fn.3 -MLINKS+= RAND_DRBG_set_callbacks.3 RAND_DRBG_get_entropy_fn.3 -MLINKS+= RAND_DRBG_set_callbacks.3 RAND_DRBG_get_nonce_fn.3 -MLINKS+= RAND_DRBG_set_ex_data.3 RAND_DRBG_get_ex_data.3 -MLINKS+= RAND_DRBG_set_ex_data.3 RAND_DRBG_get_ex_new_index.3 -MLINKS+= RAND_add.3 RAND_event.3 -MLINKS+= RAND_add.3 RAND_keep_random_devices_open.3 -MLINKS+= RAND_add.3 RAND_poll.3 -MLINKS+= RAND_add.3 RAND_screen.3 -MLINKS+= RAND_add.3 RAND_seed.3 -MLINKS+= RAND_add.3 RAND_status.3 -MLINKS+= RAND_bytes.3 RAND_priv_bytes.3 -MLINKS+= RAND_bytes.3 RAND_pseudo_bytes.3 -MLINKS+= RAND_egd.3 RAND_egd_bytes.3 -MLINKS+= RAND_egd.3 RAND_query_egd_bytes.3 -MLINKS+= RAND_load_file.3 RAND_file_name.3 -MLINKS+= RAND_load_file.3 RAND_write_file.3 -MLINKS+= RAND_set_rand_method.3 RAND_OpenSSL.3 -MLINKS+= RAND_set_rand_method.3 RAND_get_rand_method.3 -MLINKS+= RC4_set_key.3 RC4.3 -MLINKS+= RIPEMD160_Init.3 RIPEMD160.3 -MLINKS+= RIPEMD160_Init.3 RIPEMD160_Final.3 -MLINKS+= RIPEMD160_Init.3 RIPEMD160_Update.3 -MLINKS+= RSA_blinding_on.3 RSA_blinding_off.3 -MLINKS+= RSA_check_key.3 RSA_check_key_ex.3 -MLINKS+= RSA_generate_key.3 RSA_generate_key_ex.3 -MLINKS+= RSA_generate_key.3 RSA_generate_multi_prime_key.3 -MLINKS+= RSA_get0_key.3 RSA_clear_flags.3 -MLINKS+= RSA_get0_key.3 RSA_get0_crt_params.3 -MLINKS+= RSA_get0_key.3 RSA_get0_d.3 -MLINKS+= RSA_get0_key.3 RSA_get0_dmp1.3 -MLINKS+= RSA_get0_key.3 RSA_get0_dmq1.3 -MLINKS+= RSA_get0_key.3 RSA_get0_e.3 -MLINKS+= RSA_get0_key.3 RSA_get0_engine.3 -MLINKS+= RSA_get0_key.3 RSA_get0_factors.3 -MLINKS+= RSA_get0_key.3 RSA_get0_iqmp.3 -MLINKS+= RSA_get0_key.3 RSA_get0_multi_prime_crt_params.3 -MLINKS+= RSA_get0_key.3 RSA_get0_multi_prime_factors.3 -MLINKS+= RSA_get0_key.3 RSA_get0_n.3 -MLINKS+= RSA_get0_key.3 RSA_get0_p.3 -MLINKS+= RSA_get0_key.3 RSA_get0_q.3 -MLINKS+= RSA_get0_key.3 RSA_get_multi_prime_extra_count.3 -MLINKS+= RSA_get0_key.3 RSA_get_version.3 -MLINKS+= RSA_get0_key.3 RSA_set0_crt_params.3 -MLINKS+= RSA_get0_key.3 RSA_set0_factors.3 -MLINKS+= RSA_get0_key.3 RSA_set0_key.3 -MLINKS+= RSA_get0_key.3 RSA_set0_multi_prime_params.3 -MLINKS+= RSA_get0_key.3 RSA_set_flags.3 -MLINKS+= RSA_get0_key.3 RSA_test_flags.3 -MLINKS+= RSA_meth_new.3 RSA_meth_dup.3 -MLINKS+= RSA_meth_new.3 RSA_meth_free.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get0_app_data.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get0_name.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_bn_mod_exp.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_finish.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_flags.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_init.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_keygen.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_mod_exp.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_multi_prime_keygen.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_priv_dec.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_priv_enc.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_pub_dec.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_pub_enc.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_sign.3 -MLINKS+= RSA_meth_new.3 RSA_meth_get_verify.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set0_app_data.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set1_name.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_bn_mod_exp.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_finish.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_flags.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_init.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_keygen.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_mod_exp.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_multi_prime_keygen.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_priv_dec.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_priv_enc.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_pub_dec.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_pub_enc.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_sign.3 -MLINKS+= RSA_meth_new.3 RSA_meth_set_verify.3 -MLINKS+= RSA_new.3 RSA_free.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_OAEP.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_OAEP_mgf1.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_type_2.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_SSLv23.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_none.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_OAEP.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_OAEP_mgf1.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_1.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_2.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_SSLv23.3 -MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_none.3 -MLINKS+= RSA_print.3 DHparams_print.3 -MLINKS+= RSA_print.3 DHparams_print_fp.3 -MLINKS+= RSA_print.3 DSA_print.3 -MLINKS+= RSA_print.3 DSA_print_fp.3 -MLINKS+= RSA_print.3 DSAparams_print.3 -MLINKS+= RSA_print.3 DSAparams_print_fp.3 -MLINKS+= RSA_print.3 RSA_print_fp.3 -MLINKS+= RSA_private_encrypt.3 RSA_public_decrypt.3 -MLINKS+= RSA_public_encrypt.3 RSA_private_decrypt.3 -MLINKS+= RSA_set_method.3 RSA_PKCS1_OpenSSL.3 -MLINKS+= RSA_set_method.3 RSA_flags.3 -MLINKS+= RSA_set_method.3 RSA_get_default_method.3 -MLINKS+= RSA_set_method.3 RSA_get_method.3 -MLINKS+= RSA_set_method.3 RSA_new_method.3 -MLINKS+= RSA_set_method.3 RSA_set_default_method.3 -MLINKS+= RSA_sign.3 RSA_verify.3 -MLINKS+= RSA_sign_ASN1_OCTET_STRING.3 RSA_verify_ASN1_OCTET_STRING.3 -MLINKS+= RSA_size.3 RSA_bits.3 -MLINKS+= RSA_size.3 RSA_security_bits.3 -MLINKS+= SCT_new.3 SCT_LIST_free.3 -MLINKS+= SCT_new.3 SCT_free.3 -MLINKS+= SCT_new.3 SCT_get0_extensions.3 -MLINKS+= SCT_new.3 SCT_get0_log_id.3 -MLINKS+= SCT_new.3 SCT_get0_signature.3 -MLINKS+= SCT_new.3 SCT_get_log_entry_type.3 -MLINKS+= SCT_new.3 SCT_get_signature_nid.3 -MLINKS+= SCT_new.3 SCT_get_source.3 -MLINKS+= SCT_new.3 SCT_get_timestamp.3 -MLINKS+= SCT_new.3 SCT_get_version.3 -MLINKS+= SCT_new.3 SCT_new_from_base64.3 -MLINKS+= SCT_new.3 SCT_set0_extensions.3 -MLINKS+= SCT_new.3 SCT_set0_log_id.3 -MLINKS+= SCT_new.3 SCT_set0_signature.3 -MLINKS+= SCT_new.3 SCT_set1_extensions.3 -MLINKS+= SCT_new.3 SCT_set1_log_id.3 -MLINKS+= SCT_new.3 SCT_set1_signature.3 -MLINKS+= SCT_new.3 SCT_set_log_entry_type.3 -MLINKS+= SCT_new.3 SCT_set_signature_nid.3 -MLINKS+= SCT_new.3 SCT_set_source.3 -MLINKS+= SCT_new.3 SCT_set_timestamp.3 -MLINKS+= SCT_new.3 SCT_set_version.3 -MLINKS+= SCT_print.3 SCT_LIST_print.3 -MLINKS+= SCT_print.3 SCT_validation_status_string.3 -MLINKS+= SCT_validate.3 SCT_LIST_validate.3 -MLINKS+= SCT_validate.3 SCT_get_validation_status.3 -MLINKS+= SHA256_Init.3 SHA1.3 -MLINKS+= SHA256_Init.3 SHA1_Final.3 -MLINKS+= SHA256_Init.3 SHA1_Init.3 -MLINKS+= SHA256_Init.3 SHA1_Update.3 -MLINKS+= SHA256_Init.3 SHA224.3 -MLINKS+= SHA256_Init.3 SHA224_Final.3 -MLINKS+= SHA256_Init.3 SHA224_Init.3 -MLINKS+= SHA256_Init.3 SHA224_Update.3 -MLINKS+= SHA256_Init.3 SHA256.3 -MLINKS+= SHA256_Init.3 SHA256_Final.3 -MLINKS+= SHA256_Init.3 SHA256_Update.3 -MLINKS+= SHA256_Init.3 SHA384.3 -MLINKS+= SHA256_Init.3 SHA384_Final.3 -MLINKS+= SHA256_Init.3 SHA384_Init.3 -MLINKS+= SHA256_Init.3 SHA384_Update.3 -MLINKS+= SHA256_Init.3 SHA512.3 -MLINKS+= SHA256_Init.3 SHA512_Final.3 -MLINKS+= SHA256_Init.3 SHA512_Init.3 -MLINKS+= SHA256_Init.3 SHA512_Update.3 -MLINKS+= SSL_CIPHER_get_name.3 OPENSSL_cipher_name.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_description.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_find.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_auth_nid.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_bits.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_cipher_nid.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_digest_nid.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_handshake_digest.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_id.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_kx_nid.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_protocol_id.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_version.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_is_aead.3 -MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_standard_name.3 -MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_free_compression_methods.3 -MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_get0_name.3 -MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_get_compression_methods.3 -MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_get_id.3 -MLINKS+= SSL_CONF_CTX_new.3 SSL_CONF_CTX_free.3 -MLINKS+= SSL_CONF_CTX_set_flags.3 SSL_CONF_CTX_clear_flags.3 -MLINKS+= SSL_CONF_CTX_set_ssl_ctx.3 SSL_CONF_CTX_set_ssl.3 -MLINKS+= SSL_CONF_cmd.3 SSL_CONF_cmd_value_type.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_add0_chain_cert.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_build_cert_chain.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_clear_chain_certs.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_get0_chain_certs.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_select_current_cert.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set0_chain.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set1_chain.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set_current_cert.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_add0_chain_cert.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_add1_chain_cert.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_build_cert_chain.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_clear_chain_certs.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_get0_chain_certs.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_select_current_cert.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set0_chain.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set1_chain.3 -MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set_current_cert.3 -MLINKS+= SSL_CTX_add_extra_chain_cert.3 SSL_CTX_clear_extra_chain_certs.3 -MLINKS+= SSL_CTX_add_session.3 SSL_CTX_remove_session.3 -MLINKS+= SSL_CTX_config.3 SSL_config.3 -MLINKS+= SSL_CTX_ctrl.3 SSL_CTX_callback_ctrl.3 -MLINKS+= SSL_CTX_ctrl.3 SSL_callback_ctrl.3 -MLINKS+= SSL_CTX_ctrl.3 SSL_ctrl.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_CTX_dane_clear_flags.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_CTX_dane_mtype_set.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_CTX_dane_set_flags.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_clear_flags.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_enable.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_set_flags.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_tlsa_add.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_get0_dane_authority.3 -MLINKS+= SSL_CTX_dane_enable.3 SSL_get0_dane_tlsa.3 -MLINKS+= SSL_CTX_get0_param.3 SSL_CTX_set1_param.3 -MLINKS+= SSL_CTX_get0_param.3 SSL_get0_param.3 -MLINKS+= SSL_CTX_get0_param.3 SSL_set1_param.3 -MLINKS+= SSL_CTX_get_verify_mode.3 SSL_CTX_get_verify_callback.3 -MLINKS+= SSL_CTX_get_verify_mode.3 SSL_CTX_get_verify_depth.3 -MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_callback.3 -MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_depth.3 -MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_mode.3 -MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_dir.3 -MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_file.3 -MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_paths.3 -MLINKS+= SSL_CTX_new.3 DTLS_client_method.3 -MLINKS+= SSL_CTX_new.3 DTLS_method.3 -MLINKS+= SSL_CTX_new.3 DTLS_server_method.3 -MLINKS+= SSL_CTX_new.3 DTLSv1_2_client_method.3 -MLINKS+= SSL_CTX_new.3 DTLSv1_2_method.3 -MLINKS+= SSL_CTX_new.3 DTLSv1_2_server_method.3 -MLINKS+= SSL_CTX_new.3 DTLSv1_client_method.3 -MLINKS+= SSL_CTX_new.3 DTLSv1_method.3 -MLINKS+= SSL_CTX_new.3 DTLSv1_server_method.3 -MLINKS+= SSL_CTX_new.3 SSL_CTX_up_ref.3 -MLINKS+= SSL_CTX_new.3 SSLv23_client_method.3 -MLINKS+= SSL_CTX_new.3 SSLv23_method.3 -MLINKS+= SSL_CTX_new.3 SSLv23_server_method.3 -MLINKS+= SSL_CTX_new.3 SSLv3_client_method.3 -MLINKS+= SSL_CTX_new.3 SSLv3_method.3 -MLINKS+= SSL_CTX_new.3 SSLv3_server_method.3 -MLINKS+= SSL_CTX_new.3 TLS_client_method.3 -MLINKS+= SSL_CTX_new.3 TLS_method.3 -MLINKS+= SSL_CTX_new.3 TLS_server_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_1_client_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_1_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_1_server_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_2_client_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_2_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_2_server_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_client_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_method.3 -MLINKS+= SSL_CTX_new.3 TLSv1_server_method.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_accept.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_accept_good.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_accept_renegotiate.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_cache_full.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_cb_hits.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_connect.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_connect_good.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_connect_renegotiate.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_hits.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_misses.3 -MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_timeouts.3 -MLINKS+= SSL_CTX_sess_set_cache_size.3 SSL_CTX_sess_get_cache_size.3 -MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_get_cb.3 -MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_new_cb.3 -MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_remove_cb.3 -MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_new_cb.3 -MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_remove_cb.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_add1_to_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_add_client_CA.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_get0_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_get_client_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_set_client_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_add1_to_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_add_client_CA.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get0_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get0_peer_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get_client_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_set0_CA_list.3 -MLINKS+= SSL_CTX_set0_CA_list.3 SSL_set_client_CA_list.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_curves_list.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_groups.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_groups_list.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_get1_curves.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_get1_groups.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_get_shared_curve.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_get_shared_group.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_curves.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_curves_list.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_groups.3 -MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_groups_list.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_CTX_set1_client_sigalgs.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_CTX_set1_client_sigalgs_list.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_CTX_set1_sigalgs_list.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_client_sigalgs.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_client_sigalgs_list.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_sigalgs.3 -MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_sigalgs_list.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set0_chain_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set0_verify_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set1_chain_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set0_chain_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set0_verify_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set1_chain_cert_store.3 -MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set1_verify_cert_store.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_CTX_set_alpn_protos.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_CTX_set_next_proto_select_cb.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_CTX_set_next_protos_advertised_cb.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_get0_alpn_selected.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_get0_next_proto_negotiated.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_select_next_proto.3 -MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_set_alpn_protos.3 -MLINKS+= SSL_CTX_set_cert_cb.3 SSL_set_cert_cb.3 -MLINKS+= SSL_CTX_set_cert_store.3 SSL_CTX_get_cert_store.3 -MLINKS+= SSL_CTX_set_cert_store.3 SSL_CTX_set1_cert_store.3 -MLINKS+= SSL_CTX_set_cipher_list.3 SSL_CTX_set_ciphersuites.3 -MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_cipher_list.3 -MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_ciphersuites.3 -MLINKS+= SSL_CTX_set_client_cert_cb.3 SSL_CTX_get_client_cert_cb.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_cb_fn.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_ciphers.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_compression_methods.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_ext.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_legacy_version.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_random.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_session_id.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get1_extensions_present.3 -MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_isv2.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_CTX_ct_is_enabled.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_CTX_disable_ct.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_CTX_enable_ct.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_ct_is_enabled.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_disable_ct.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_enable_ct.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_set_ct_validation_callback.3 -MLINKS+= SSL_CTX_set_ct_validation_callback.3 ssl_ct_validation_cb.3 -MLINKS+= SSL_CTX_set_ctlog_list_file.3 SSL_CTX_set_default_ctlog_list_file.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_get_default_passwd_cb.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_get_default_passwd_cb_userdata.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_default_passwd_cb_userdata.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_get_default_passwd_cb.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_get_default_passwd_cb_userdata.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_set_default_passwd_cb.3 -MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_set_default_passwd_cb_userdata.3 -MLINKS+= SSL_CTX_set_ex_data.3 SSL_CTX_get_ex_data.3 -MLINKS+= SSL_CTX_set_ex_data.3 SSL_get_ex_data.3 -MLINKS+= SSL_CTX_set_ex_data.3 SSL_set_ex_data.3 -MLINKS+= SSL_CTX_set_generate_session_id.3 GEN_SESSION_CB.3 -MLINKS+= SSL_CTX_set_generate_session_id.3 SSL_has_matching_session_id.3 -MLINKS+= SSL_CTX_set_generate_session_id.3 SSL_set_generate_session_id.3 -MLINKS+= SSL_CTX_set_info_callback.3 SSL_CTX_get_info_callback.3 -MLINKS+= SSL_CTX_set_info_callback.3 SSL_get_info_callback.3 -MLINKS+= SSL_CTX_set_info_callback.3 SSL_set_info_callback.3 -MLINKS+= SSL_CTX_set_keylog_callback.3 SSL_CTX_get_keylog_callback.3 -MLINKS+= SSL_CTX_set_keylog_callback.3 SSL_CTX_keylog_cb_func.3 -MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_CTX_get_max_cert_list.3 -MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_get_max_cert_list.3 -MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_set_max_cert_list.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_CTX_get_max_proto_version.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_CTX_get_min_proto_version.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_CTX_set_max_proto_version.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_get_max_proto_version.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_get_min_proto_version.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_set_max_proto_version.3 -MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_set_min_proto_version.3 -MLINKS+= SSL_CTX_set_mode.3 SSL_CTX_clear_mode.3 -MLINKS+= SSL_CTX_set_mode.3 SSL_CTX_get_mode.3 -MLINKS+= SSL_CTX_set_mode.3 SSL_clear_mode.3 -MLINKS+= SSL_CTX_set_mode.3 SSL_get_mode.3 -MLINKS+= SSL_CTX_set_mode.3 SSL_set_mode.3 -MLINKS+= SSL_CTX_set_msg_callback.3 SSL_CTX_set_msg_callback_arg.3 -MLINKS+= SSL_CTX_set_msg_callback.3 SSL_set_msg_callback.3 -MLINKS+= SSL_CTX_set_msg_callback.3 SSL_set_msg_callback_arg.3 -MLINKS+= SSL_CTX_set_num_tickets.3 SSL_CTX_get_num_tickets.3 -MLINKS+= SSL_CTX_set_num_tickets.3 SSL_get_num_tickets.3 -MLINKS+= SSL_CTX_set_num_tickets.3 SSL_set_num_tickets.3 -MLINKS+= SSL_CTX_set_options.3 SSL_CTX_clear_options.3 -MLINKS+= SSL_CTX_set_options.3 SSL_CTX_get_options.3 -MLINKS+= SSL_CTX_set_options.3 SSL_clear_options.3 -MLINKS+= SSL_CTX_set_options.3 SSL_get_options.3 -MLINKS+= SSL_CTX_set_options.3 SSL_get_secure_renegotiation_support.3 -MLINKS+= SSL_CTX_set_options.3 SSL_set_options.3 -MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_CTX_set_psk_use_session_callback.3 -MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_psk_client_cb_func.3 -MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_psk_use_session_cb_func.3 -MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_set_psk_client_callback.3 -MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_set_psk_use_session_callback.3 -MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_CTX_get_quiet_shutdown.3 -MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_get_quiet_shutdown.3 -MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_set_quiet_shutdown.3 -MLINKS+= SSL_CTX_set_read_ahead.3 SSL_CTX_get_default_read_ahead.3 -MLINKS+= SSL_CTX_set_read_ahead.3 SSL_CTX_get_read_ahead.3 -MLINKS+= SSL_CTX_set_read_ahead.3 SSL_get_read_ahead.3 -MLINKS+= SSL_CTX_set_read_ahead.3 SSL_set_read_ahead.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_CTX_get_record_padding_callback_arg.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_CTX_set_block_padding.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_CTX_set_record_padding_callback_arg.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_get_record_padding_callback_arg.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_set_block_padding.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_set_record_padding_callback.3 -MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_set_record_padding_callback_arg.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_get0_security_ex_data.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_get_security_callback.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_get_security_level.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_set0_security_ex_data.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_set_security_callback.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_get0_security_ex_data.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_get_security_callback.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_get_security_level.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_set0_security_ex_data.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_set_security_callback.3 -MLINKS+= SSL_CTX_set_security_level.3 SSL_set_security_level.3 -MLINKS+= SSL_CTX_set_session_cache_mode.3 SSL_CTX_get_session_cache_mode.3 -MLINKS+= SSL_CTX_set_session_id_context.3 SSL_set_session_id_context.3 -MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_CTX_decrypt_session_ticket_fn.3 -MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_CTX_generate_session_ticket_fn.3 -MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_SESSION_get0_ticket_appdata.3 -MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_SESSION_set1_ticket_appdata.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_default_read_buffer_len.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_max_pipelines.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_max_send_fragment.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_tlsext_max_fragment_length.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_SESSION_get_max_fragment_length.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_default_read_buffer_len.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_max_pipelines.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_max_send_fragment.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_split_send_fragment.3 -MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_tlsext_max_fragment_length.3 -MLINKS+= SSL_CTX_set_ssl_version.3 SSL_get_ssl_method.3 -MLINKS+= SSL_CTX_set_ssl_version.3 SSL_set_ssl_method.3 -MLINKS+= SSL_CTX_set_stateless_cookie_generate_cb.3 SSL_CTX_set_stateless_cookie_verify_cb.3 -MLINKS+= SSL_CTX_set_timeout.3 SSL_CTX_get_timeout.3 -MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_CTX_set_tlsext_servername_arg.3 -MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_get_servername.3 -MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_get_servername_type.3 -MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_set_tlsext_host_name.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_get_tlsext_status_arg.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_get_tlsext_status_cb.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_get_tlsext_status_type.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_set_tlsext_status_arg.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_set_tlsext_status_type.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_get_tlsext_status_ocsp_resp.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_get_tlsext_status_type.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_set_tlsext_status_ocsp_resp.3 -MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_set_tlsext_status_type.3 -MLINKS+= SSL_CTX_set_tlsext_use_srtp.3 SSL_get_selected_srtp_profile.3 -MLINKS+= SSL_CTX_set_tlsext_use_srtp.3 SSL_get_srtp_profiles.3 -MLINKS+= SSL_CTX_set_tlsext_use_srtp.3 SSL_set_tlsext_use_srtp.3 -MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_tmp_dh.3 -MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh.3 -MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh_callback.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_CTX_set_post_handshake_auth.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_CTX_set_verify_depth.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_get_ex_data_X509_STORE_CTX_idx.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_set_post_handshake_auth.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_set_verify.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_set_verify_depth.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_verify_cb.3 -MLINKS+= SSL_CTX_set_verify.3 SSL_verify_client_post_handshake.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_check_private_key.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey_ASN1.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey_file.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey_ASN1.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey_file.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_cert_and_key.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_ASN1.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_chain_file.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_file.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_check_private_key.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey_ASN1.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey_file.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_ASN1.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_file.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_cert_and_key.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_ASN1.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_chain_file.3 -MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_file.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_CTX_set_psk_find_session_callback.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_CTX_set_psk_server_callback.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_psk_find_session_cb_func.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_psk_server_cb_func.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_set_psk_find_session_callback.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_set_psk_server_callback.3 -MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_use_psk_identity_hint.3 -MLINKS+= SSL_CTX_use_serverinfo.3 SSL_CTX_use_serverinfo_ex.3 -MLINKS+= SSL_CTX_use_serverinfo.3 SSL_CTX_use_serverinfo_file.3 -MLINKS+= SSL_SESSION_free.3 SSL_SESSION_dup.3 -MLINKS+= SSL_SESSION_free.3 SSL_SESSION_new.3 -MLINKS+= SSL_SESSION_free.3 SSL_SESSION_up_ref.3 -MLINKS+= SSL_SESSION_get0_cipher.3 SSL_SESSION_set_cipher.3 -MLINKS+= SSL_SESSION_get0_hostname.3 SSL_SESSION_get0_alpn_selected.3 -MLINKS+= SSL_SESSION_get0_hostname.3 SSL_SESSION_set1_alpn_selected.3 -MLINKS+= SSL_SESSION_get0_hostname.3 SSL_SESSION_set1_hostname.3 -MLINKS+= SSL_SESSION_get0_id_context.3 SSL_SESSION_set1_id_context.3 -MLINKS+= SSL_SESSION_get_ex_data.3 SSL_SESSION_set_ex_data.3 -MLINKS+= SSL_SESSION_get_protocol_version.3 SSL_SESSION_set_protocol_version.3 -MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_get_timeout.3 -MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_set_time.3 -MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_set_timeout.3 -MLINKS+= SSL_SESSION_get_time.3 SSL_get_time.3 -MLINKS+= SSL_SESSION_get_time.3 SSL_get_timeout.3 -MLINKS+= SSL_SESSION_get_time.3 SSL_set_time.3 -MLINKS+= SSL_SESSION_get_time.3 SSL_set_timeout.3 -MLINKS+= SSL_SESSION_has_ticket.3 SSL_SESSION_get0_ticket.3 -MLINKS+= SSL_SESSION_has_ticket.3 SSL_SESSION_get_ticket_lifetime_hint.3 -MLINKS+= SSL_SESSION_print.3 SSL_SESSION_print_fp.3 -MLINKS+= SSL_SESSION_print.3 SSL_SESSION_print_keylog.3 -MLINKS+= SSL_SESSION_set1_id.3 SSL_SESSION_get_id.3 -MLINKS+= SSL_alert_type_string.3 SSL_alert_desc_string.3 -MLINKS+= SSL_alert_type_string.3 SSL_alert_desc_string_long.3 -MLINKS+= SSL_alert_type_string.3 SSL_alert_type_string_long.3 -MLINKS+= SSL_alloc_buffers.3 SSL_free_buffers.3 -MLINKS+= SSL_export_keying_material.3 SSL_export_keying_material_early.3 -MLINKS+= SSL_extension_supported.3 SSL_CTX_add_client_custom_ext.3 -MLINKS+= SSL_extension_supported.3 SSL_CTX_add_custom_ext.3 -MLINKS+= SSL_extension_supported.3 SSL_CTX_add_server_custom_ext.3 -MLINKS+= SSL_extension_supported.3 custom_ext_add_cb.3 -MLINKS+= SSL_extension_supported.3 custom_ext_free_cb.3 -MLINKS+= SSL_extension_supported.3 custom_ext_parse_cb.3 -MLINKS+= SSL_get_all_async_fds.3 SSL_get_changed_async_fds.3 -MLINKS+= SSL_get_all_async_fds.3 SSL_waiting_for_async.3 -MLINKS+= SSL_get_ciphers.3 SSL_CTX_get_ciphers.3 -MLINKS+= SSL_get_ciphers.3 SSL_bytes_to_cipher_list.3 -MLINKS+= SSL_get_ciphers.3 SSL_get1_supported_ciphers.3 -MLINKS+= SSL_get_ciphers.3 SSL_get_cipher_list.3 -MLINKS+= SSL_get_ciphers.3 SSL_get_client_ciphers.3 -MLINKS+= SSL_get_ciphers.3 SSL_get_shared_ciphers.3 -MLINKS+= SSL_get_client_random.3 SSL_SESSION_get_master_key.3 -MLINKS+= SSL_get_client_random.3 SSL_SESSION_set1_master_key.3 -MLINKS+= SSL_get_client_random.3 SSL_get_server_random.3 -MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher.3 -MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_bits.3 -MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_name.3 -MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_version.3 -MLINKS+= SSL_get_current_cipher.3 SSL_get_pending_cipher.3 -MLINKS+= SSL_get_fd.3 SSL_get_rfd.3 -MLINKS+= SSL_get_fd.3 SSL_get_wfd.3 -MLINKS+= SSL_get_peer_cert_chain.3 SSL_get0_verified_chain.3 -MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_peer_signature_type_nid.3 -MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_signature_nid.3 -MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_signature_type_nid.3 -MLINKS+= SSL_get_peer_tmp_key.3 SSL_get_server_tmp_key.3 -MLINKS+= SSL_get_peer_tmp_key.3 SSL_get_tmp_key.3 -MLINKS+= SSL_get_psk_identity.3 SSL_get_psk_identity_hint.3 -MLINKS+= SSL_get_rbio.3 SSL_get_wbio.3 -MLINKS+= SSL_get_session.3 SSL_get0_session.3 -MLINKS+= SSL_get_session.3 SSL_get1_session.3 -MLINKS+= SSL_get_shared_sigalgs.3 SSL_get_sigalgs.3 -MLINKS+= SSL_get_version.3 SSL_client_version.3 -MLINKS+= SSL_get_version.3 SSL_is_dtls.3 -MLINKS+= SSL_get_version.3 SSL_version.3 -MLINKS+= SSL_in_init.3 SSL_get_state.3 -MLINKS+= SSL_in_init.3 SSL_in_accept_init.3 -MLINKS+= SSL_in_init.3 SSL_in_before.3 -MLINKS+= SSL_in_init.3 SSL_in_connect_init.3 -MLINKS+= SSL_in_init.3 SSL_is_init_finished.3 -MLINKS+= SSL_key_update.3 SSL_get_key_update_type.3 -MLINKS+= SSL_key_update.3 SSL_renegotiate.3 -MLINKS+= SSL_key_update.3 SSL_renegotiate_abbreviated.3 -MLINKS+= SSL_key_update.3 SSL_renegotiate_pending.3 -MLINKS+= SSL_library_init.3 OpenSSL_add_ssl_algorithms.3 -MLINKS+= SSL_new.3 SSL_dup.3 -MLINKS+= SSL_new.3 SSL_up_ref.3 -MLINKS+= SSL_pending.3 SSL_has_pending.3 -MLINKS+= SSL_read.3 SSL_peek.3 -MLINKS+= SSL_read.3 SSL_peek_ex.3 -MLINKS+= SSL_read.3 SSL_read_ex.3 -MLINKS+= SSL_read_early_data.3 SSL_CTX_get_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_CTX_get_recv_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_CTX_set_allow_early_data_cb.3 -MLINKS+= SSL_read_early_data.3 SSL_CTX_set_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_CTX_set_recv_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_SESSION_get_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_SESSION_set_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_allow_early_data_cb_fn.3 -MLINKS+= SSL_read_early_data.3 SSL_get_early_data_status.3 -MLINKS+= SSL_read_early_data.3 SSL_get_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_get_recv_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_set_allow_early_data_cb.3 -MLINKS+= SSL_read_early_data.3 SSL_set_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_set_recv_max_early_data.3 -MLINKS+= SSL_read_early_data.3 SSL_write_early_data.3 -MLINKS+= SSL_rstate_string.3 SSL_rstate_string_long.3 -MLINKS+= SSL_set1_host.3 SSL_add1_host.3 -MLINKS+= SSL_set1_host.3 SSL_get0_peername.3 -MLINKS+= SSL_set1_host.3 SSL_set_hostflags.3 -MLINKS+= SSL_set_bio.3 SSL_set0_rbio.3 -MLINKS+= SSL_set_bio.3 SSL_set0_wbio.3 -MLINKS+= SSL_set_connect_state.3 SSL_is_server.3 -MLINKS+= SSL_set_connect_state.3 SSL_set_accept_state.3 -MLINKS+= SSL_set_fd.3 SSL_set_rfd.3 -MLINKS+= SSL_set_fd.3 SSL_set_wfd.3 -MLINKS+= SSL_set_shutdown.3 SSL_get_shutdown.3 -MLINKS+= SSL_state_string.3 SSL_state_string_long.3 -MLINKS+= SSL_want.3 SSL_want_async.3 -MLINKS+= SSL_want.3 SSL_want_async_job.3 -MLINKS+= SSL_want.3 SSL_want_client_hello_cb.3 -MLINKS+= SSL_want.3 SSL_want_nothing.3 -MLINKS+= SSL_want.3 SSL_want_read.3 -MLINKS+= SSL_want.3 SSL_want_write.3 -MLINKS+= SSL_want.3 SSL_want_x509_lookup.3 -MLINKS+= SSL_write.3 SSL_write_ex.3 -MLINKS+= UI_STRING.3 UI_get0_action_string.3 -MLINKS+= UI_STRING.3 UI_get0_output_string.3 -MLINKS+= UI_STRING.3 UI_get0_result_string.3 -MLINKS+= UI_STRING.3 UI_get0_test_string.3 -MLINKS+= UI_STRING.3 UI_get_input_flags.3 -MLINKS+= UI_STRING.3 UI_get_result_maxsize.3 -MLINKS+= UI_STRING.3 UI_get_result_minsize.3 -MLINKS+= UI_STRING.3 UI_get_result_string_length.3 -MLINKS+= UI_STRING.3 UI_get_string_type.3 -MLINKS+= UI_STRING.3 UI_set_result.3 -MLINKS+= UI_STRING.3 UI_set_result_ex.3 -MLINKS+= UI_STRING.3 UI_string_types.3 -MLINKS+= UI_UTIL_read_pw.3 UI_UTIL_read_pw_string.3 -MLINKS+= UI_UTIL_read_pw.3 UI_UTIL_wrap_read_pem_callback.3 -MLINKS+= UI_create_method.3 UI_METHOD.3 -MLINKS+= UI_create_method.3 UI_destroy_method.3 -MLINKS+= UI_create_method.3 UI_method_get_closer.3 -MLINKS+= UI_create_method.3 UI_method_get_data_destructor.3 -MLINKS+= UI_create_method.3 UI_method_get_data_duplicator.3 -MLINKS+= UI_create_method.3 UI_method_get_ex_data.3 -MLINKS+= UI_create_method.3 UI_method_get_flusher.3 -MLINKS+= UI_create_method.3 UI_method_get_opener.3 -MLINKS+= UI_create_method.3 UI_method_get_prompt_constructor.3 -MLINKS+= UI_create_method.3 UI_method_get_reader.3 -MLINKS+= UI_create_method.3 UI_method_get_writer.3 -MLINKS+= UI_create_method.3 UI_method_set_closer.3 -MLINKS+= UI_create_method.3 UI_method_set_data_duplicator.3 -MLINKS+= UI_create_method.3 UI_method_set_ex_data.3 -MLINKS+= UI_create_method.3 UI_method_set_flusher.3 -MLINKS+= UI_create_method.3 UI_method_set_opener.3 -MLINKS+= UI_create_method.3 UI_method_set_prompt_constructor.3 -MLINKS+= UI_create_method.3 UI_method_set_reader.3 -MLINKS+= UI_create_method.3 UI_method_set_writer.3 -MLINKS+= UI_new.3 UI.3 -MLINKS+= UI_new.3 UI_OpenSSL.3 -MLINKS+= UI_new.3 UI_add_error_string.3 -MLINKS+= UI_new.3 UI_add_info_string.3 -MLINKS+= UI_new.3 UI_add_input_boolean.3 -MLINKS+= UI_new.3 UI_add_input_string.3 -MLINKS+= UI_new.3 UI_add_user_data.3 -MLINKS+= UI_new.3 UI_add_verify_string.3 -MLINKS+= UI_new.3 UI_construct_prompt.3 -MLINKS+= UI_new.3 UI_ctrl.3 -MLINKS+= UI_new.3 UI_dup_error_string.3 -MLINKS+= UI_new.3 UI_dup_info_string.3 -MLINKS+= UI_new.3 UI_dup_input_boolean.3 -MLINKS+= UI_new.3 UI_dup_input_string.3 -MLINKS+= UI_new.3 UI_dup_user_data.3 -MLINKS+= UI_new.3 UI_dup_verify_string.3 -MLINKS+= UI_new.3 UI_free.3 -MLINKS+= UI_new.3 UI_get0_result.3 -MLINKS+= UI_new.3 UI_get0_user_data.3 -MLINKS+= UI_new.3 UI_get_default_method.3 -MLINKS+= UI_new.3 UI_get_method.3 -MLINKS+= UI_new.3 UI_get_result_length.3 -MLINKS+= UI_new.3 UI_new_method.3 -MLINKS+= UI_new.3 UI_null.3 -MLINKS+= UI_new.3 UI_process.3 -MLINKS+= UI_new.3 UI_set_default_method.3 -MLINKS+= UI_new.3 UI_set_method.3 -MLINKS+= X509V3_get_d2i.3 X509V3_EXT_d2i.3 -MLINKS+= X509V3_get_d2i.3 X509V3_EXT_i2d.3 -MLINKS+= X509V3_get_d2i.3 X509V3_add1_i2d.3 -MLINKS+= X509V3_get_d2i.3 X509_CRL_add1_ext_i2d.3 -MLINKS+= X509V3_get_d2i.3 X509_CRL_get0_extensions.3 -MLINKS+= X509V3_get_d2i.3 X509_CRL_get_ext_d2i.3 -MLINKS+= X509V3_get_d2i.3 X509_REVOKED_add1_ext_i2d.3 -MLINKS+= X509V3_get_d2i.3 X509_REVOKED_get0_extensions.3 -MLINKS+= X509V3_get_d2i.3 X509_REVOKED_get_ext_d2i.3 -MLINKS+= X509V3_get_d2i.3 X509_add1_ext_i2d.3 -MLINKS+= X509V3_get_d2i.3 X509_get0_extensions.3 -MLINKS+= X509V3_get_d2i.3 X509_get_ext_d2i.3 -MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_cmp.3 -MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_get0.3 -MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_set0.3 -MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_set_md.3 -MLINKS+= X509_CRL_get0_by_serial.3 X509_CRL_add0_revoked.3 -MLINKS+= X509_CRL_get0_by_serial.3 X509_CRL_get0_by_cert.3 -MLINKS+= X509_CRL_get0_by_serial.3 X509_CRL_get_REVOKED.3 -MLINKS+= X509_CRL_get0_by_serial.3 X509_CRL_sort.3 -MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_get0_revocationDate.3 -MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_get0_serialNumber.3 -MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_set_revocationDate.3 -MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_set_serialNumber.3 -MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_create_by_NID.3 -MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_create_by_OBJ.3 -MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_get_critical.3 -MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_get_data.3 -MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_get_object.3 -MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_set_critical.3 -MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_set_data.3 -MLINKS+= X509_LOOKUP_hash_dir.3 X509_LOOKUP_file.3 -MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_cert_crl_file.3 -MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_cert_file.3 -MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_crl_file.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_ctrl_fn.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_by_alias_fn.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_by_fingerprint_fn.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_by_issuer_serial_fn.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_by_subject_fn.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_method_data.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_store.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_free.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_ctrl.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_free.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_get_by_alias.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_get_by_fingerprint.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_get_by_issuer_serial.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_get_by_subject.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_init.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_new_item.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_shutdown.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_ctrl.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_free.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_get_by_alias.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_get_by_fingerprint.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_get_by_issuer_serial.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_get_by_subject.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_init.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_new_item.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_shutdown.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_set_method_data.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_OBJECT_set1_X509.3 -MLINKS+= X509_LOOKUP_meth_new.3 X509_OBJECT_set1_X509_CRL.3 -MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_NID.3 -MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_OBJ.3 -MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_txt.3 -MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_get_data.3 -MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_set_data.3 -MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_set_object.3 -MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry.3 -MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry_by_NID.3 -MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry_by_OBJ.3 -MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_delete_entry.3 -MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_entry_count.3 -MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_entry.3 -MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_index_by_OBJ.3 -MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_text_by_NID.3 -MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_text_by_OBJ.3 -MLINKS+= X509_NAME_print_ex.3 X509_NAME_oneline.3 -MLINKS+= X509_NAME_print_ex.3 X509_NAME_print.3 -MLINKS+= X509_NAME_print_ex.3 X509_NAME_print_ex_fp.3 -MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_free.3 -MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_get.3 -MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_get0.3 -MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_get0_param.3 -MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_set.3 -MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_set0_param.3 -MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY.3 -MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY_bio.3 -MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY_fp.3 -MLINKS+= X509_PUBKEY_new.3 i2d_PUBKEY.3 -MLINKS+= X509_PUBKEY_new.3 i2d_PUBKEY_bio.3 -MLINKS+= X509_PUBKEY_new.3 i2d_PUBKEY_fp.3 -MLINKS+= X509_SIG_get0.3 X509_SIG_getm.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get0_cert.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get1_chain.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get_current_cert.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get_error_depth.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_current_cert.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_error.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_error_depth.3 -MLINKS+= X509_STORE_CTX_get_error.3 X509_verify_cert_error_string.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_cleanup.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_free.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get0_chain.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get0_param.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get0_untrusted.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get_num_untrusted.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_init.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_crls.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_param.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_trusted_stack.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_untrusted.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_verified_chain.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_cert.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_default.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_verify.3 -MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_verify_fn.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_cert_crl.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_crl.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_issued.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_policy.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_revocation.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_cleanup.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_get_crl.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_get_issuer.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_lookup_certs.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_lookup_crls.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_verify_cb.3 -MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_verify_cb.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_add_crl.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_load_locations.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_default_paths.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_depth.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_flags.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_purpose.3 -MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_trust.3 -MLINKS+= X509_STORE_get0_param.3 X509_STORE_get0_objects.3 -MLINKS+= X509_STORE_get0_param.3 X509_STORE_set1_param.3 -MLINKS+= X509_STORE_new.3 X509_STORE_free.3 -MLINKS+= X509_STORE_new.3 X509_STORE_lock.3 -MLINKS+= X509_STORE_new.3 X509_STORE_unlock.3 -MLINKS+= X509_STORE_new.3 X509_STORE_up_ref.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_cert_crl_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_crl_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_issued_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_policy_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_revocation_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_cleanup_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get_crl_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get_issuer_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get_verify.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_lookup_certs_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_lookup_crls_fn.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_cert_crl.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_check_crl.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_check_issued.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_check_policy.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_check_revocation.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_cleanup.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_get_crl.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_get_issuer.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_lookup_certs.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_lookup_crls.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_verify_cb.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_cert_crl.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_check_crl.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_check_issued.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_check_policy.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_check_revocation.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_cleanup.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_get_crl.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_get_issuer.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_lookup_certs.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_lookup_crls.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_lookup_crls_cb.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_verify.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_verify_cb.3 -MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_verify_func.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_add0_policy.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_add1_host.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_clear_flags.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get0_peername.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_auth_level.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_depth.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_flags.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_hostflags.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_inh_flags.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_time.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set1_email.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set1_host.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set1_ip.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set1_ip_asc.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set1_policies.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_auth_level.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_depth.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_hostflags.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_inh_flags.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_purpose.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_time.3 -MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_trust.3 -MLINKS+= X509_check_host.3 X509_check_email.3 -MLINKS+= X509_check_host.3 X509_check_ip.3 -MLINKS+= X509_check_host.3 X509_check_ip_asc.3 -MLINKS+= X509_check_private_key.3 X509_REQ_check_private_key.3 -MLINKS+= X509_cmp.3 X509_CRL_cmp.3 -MLINKS+= X509_cmp.3 X509_CRL_match.3 -MLINKS+= X509_cmp.3 X509_NAME_cmp.3 -MLINKS+= X509_cmp.3 X509_issuer_and_serial_cmp.3 -MLINKS+= X509_cmp.3 X509_issuer_name_cmp.3 -MLINKS+= X509_cmp.3 X509_subject_name_cmp.3 -MLINKS+= X509_cmp_time.3 X509_cmp_current_time.3 -MLINKS+= X509_cmp_time.3 X509_time_adj.3 -MLINKS+= X509_cmp_time.3 X509_time_adj_ex.3 -MLINKS+= X509_digest.3 PKCS7_ISSUER_AND_SERIAL_digest.3 -MLINKS+= X509_digest.3 X509_CRL_digest.3 -MLINKS+= X509_digest.3 X509_NAME_digest.3 -MLINKS+= X509_digest.3 X509_REQ_digest.3 -MLINKS+= X509_digest.3 X509_pubkey_digest.3 -MLINKS+= X509_dup.3 ACCESS_DESCRIPTION_free.3 -MLINKS+= X509_dup.3 ACCESS_DESCRIPTION_new.3 -MLINKS+= X509_dup.3 ADMISSIONS_free.3 -MLINKS+= X509_dup.3 ADMISSIONS_new.3 -MLINKS+= X509_dup.3 ADMISSION_SYNTAX_free.3 -MLINKS+= X509_dup.3 ADMISSION_SYNTAX_new.3 -MLINKS+= X509_dup.3 ASIdOrRange_free.3 -MLINKS+= X509_dup.3 ASIdOrRange_new.3 -MLINKS+= X509_dup.3 ASIdentifierChoice_free.3 -MLINKS+= X509_dup.3 ASIdentifierChoice_new.3 -MLINKS+= X509_dup.3 ASIdentifiers_free.3 -MLINKS+= X509_dup.3 ASIdentifiers_new.3 -MLINKS+= X509_dup.3 ASN1_ITEM.3 -MLINKS+= X509_dup.3 ASRange_free.3 -MLINKS+= X509_dup.3 ASRange_new.3 -MLINKS+= X509_dup.3 AUTHORITY_INFO_ACCESS_free.3 -MLINKS+= X509_dup.3 AUTHORITY_INFO_ACCESS_new.3 -MLINKS+= X509_dup.3 AUTHORITY_KEYID_free.3 -MLINKS+= X509_dup.3 AUTHORITY_KEYID_new.3 -MLINKS+= X509_dup.3 BASIC_CONSTRAINTS_free.3 -MLINKS+= X509_dup.3 BASIC_CONSTRAINTS_new.3 -MLINKS+= X509_dup.3 CERTIFICATEPOLICIES_free.3 -MLINKS+= X509_dup.3 CERTIFICATEPOLICIES_new.3 -MLINKS+= X509_dup.3 CMS_ContentInfo_free.3 -MLINKS+= X509_dup.3 CMS_ContentInfo_new.3 -MLINKS+= X509_dup.3 CMS_ContentInfo_print_ctx.3 -MLINKS+= X509_dup.3 CMS_ReceiptRequest_free.3 -MLINKS+= X509_dup.3 CMS_ReceiptRequest_new.3 -MLINKS+= X509_dup.3 CRL_DIST_POINTS_free.3 -MLINKS+= X509_dup.3 CRL_DIST_POINTS_new.3 -MLINKS+= X509_dup.3 DECLARE_ASN1_FUNCTIONS.3 -MLINKS+= X509_dup.3 DIRECTORYSTRING_free.3 -MLINKS+= X509_dup.3 DIRECTORYSTRING_new.3 -MLINKS+= X509_dup.3 DISPLAYTEXT_free.3 -MLINKS+= X509_dup.3 DISPLAYTEXT_new.3 -MLINKS+= X509_dup.3 DIST_POINT_NAME_free.3 -MLINKS+= X509_dup.3 DIST_POINT_NAME_new.3 -MLINKS+= X509_dup.3 DIST_POINT_free.3 -MLINKS+= X509_dup.3 DIST_POINT_new.3 -MLINKS+= X509_dup.3 DSAparams_dup.3 -MLINKS+= X509_dup.3 ECPARAMETERS_free.3 -MLINKS+= X509_dup.3 ECPARAMETERS_new.3 -MLINKS+= X509_dup.3 ECPKPARAMETERS_free.3 -MLINKS+= X509_dup.3 ECPKPARAMETERS_new.3 -MLINKS+= X509_dup.3 EDIPARTYNAME_free.3 -MLINKS+= X509_dup.3 EDIPARTYNAME_new.3 -MLINKS+= X509_dup.3 ESS_CERT_ID_dup.3 -MLINKS+= X509_dup.3 ESS_CERT_ID_free.3 -MLINKS+= X509_dup.3 ESS_CERT_ID_new.3 -MLINKS+= X509_dup.3 ESS_ISSUER_SERIAL_dup.3 -MLINKS+= X509_dup.3 ESS_ISSUER_SERIAL_free.3 -MLINKS+= X509_dup.3 ESS_ISSUER_SERIAL_new.3 -MLINKS+= X509_dup.3 ESS_SIGNING_CERT_dup.3 -MLINKS+= X509_dup.3 ESS_SIGNING_CERT_free.3 -MLINKS+= X509_dup.3 ESS_SIGNING_CERT_new.3 -MLINKS+= X509_dup.3 EXTENDED_KEY_USAGE_free.3 -MLINKS+= X509_dup.3 EXTENDED_KEY_USAGE_new.3 -MLINKS+= X509_dup.3 GENERAL_NAMES_free.3 -MLINKS+= X509_dup.3 GENERAL_NAMES_new.3 -MLINKS+= X509_dup.3 GENERAL_NAME_dup.3 -MLINKS+= X509_dup.3 GENERAL_NAME_free.3 -MLINKS+= X509_dup.3 GENERAL_NAME_new.3 -MLINKS+= X509_dup.3 GENERAL_SUBTREE_free.3 -MLINKS+= X509_dup.3 GENERAL_SUBTREE_new.3 -MLINKS+= X509_dup.3 IMPLEMENT_ASN1_FUNCTIONS.3 -MLINKS+= X509_dup.3 IPAddressChoice_free.3 -MLINKS+= X509_dup.3 IPAddressChoice_new.3 -MLINKS+= X509_dup.3 IPAddressFamily_free.3 -MLINKS+= X509_dup.3 IPAddressFamily_new.3 -MLINKS+= X509_dup.3 IPAddressOrRange_free.3 -MLINKS+= X509_dup.3 IPAddressOrRange_new.3 -MLINKS+= X509_dup.3 IPAddressRange_free.3 -MLINKS+= X509_dup.3 IPAddressRange_new.3 -MLINKS+= X509_dup.3 ISSUING_DIST_POINT_free.3 -MLINKS+= X509_dup.3 ISSUING_DIST_POINT_new.3 -MLINKS+= X509_dup.3 NAME_CONSTRAINTS_free.3 -MLINKS+= X509_dup.3 NAME_CONSTRAINTS_new.3 -MLINKS+= X509_dup.3 NAMING_AUTHORITY_free.3 -MLINKS+= X509_dup.3 NAMING_AUTHORITY_new.3 -MLINKS+= X509_dup.3 NETSCAPE_CERT_SEQUENCE_free.3 -MLINKS+= X509_dup.3 NETSCAPE_CERT_SEQUENCE_new.3 -MLINKS+= X509_dup.3 NETSCAPE_SPKAC_free.3 -MLINKS+= X509_dup.3 NETSCAPE_SPKAC_new.3 -MLINKS+= X509_dup.3 NETSCAPE_SPKI_free.3 -MLINKS+= X509_dup.3 NETSCAPE_SPKI_new.3 -MLINKS+= X509_dup.3 NOTICEREF_free.3 -MLINKS+= X509_dup.3 NOTICEREF_new.3 -MLINKS+= X509_dup.3 OCSP_BASICRESP_free.3 -MLINKS+= X509_dup.3 OCSP_BASICRESP_new.3 -MLINKS+= X509_dup.3 OCSP_CERTID_dup.3 -MLINKS+= X509_dup.3 OCSP_CERTID_new.3 -MLINKS+= X509_dup.3 OCSP_CERTSTATUS_free.3 -MLINKS+= X509_dup.3 OCSP_CERTSTATUS_new.3 -MLINKS+= X509_dup.3 OCSP_CRLID_free.3 -MLINKS+= X509_dup.3 OCSP_CRLID_new.3 -MLINKS+= X509_dup.3 OCSP_ONEREQ_free.3 -MLINKS+= X509_dup.3 OCSP_ONEREQ_new.3 -MLINKS+= X509_dup.3 OCSP_REQINFO_free.3 -MLINKS+= X509_dup.3 OCSP_REQINFO_new.3 -MLINKS+= X509_dup.3 OCSP_RESPBYTES_free.3 -MLINKS+= X509_dup.3 OCSP_RESPBYTES_new.3 -MLINKS+= X509_dup.3 OCSP_RESPDATA_free.3 -MLINKS+= X509_dup.3 OCSP_RESPDATA_new.3 -MLINKS+= X509_dup.3 OCSP_RESPID_free.3 -MLINKS+= X509_dup.3 OCSP_RESPID_new.3 -MLINKS+= X509_dup.3 OCSP_RESPONSE_new.3 -MLINKS+= X509_dup.3 OCSP_REVOKEDINFO_free.3 -MLINKS+= X509_dup.3 OCSP_REVOKEDINFO_new.3 -MLINKS+= X509_dup.3 OCSP_SERVICELOC_free.3 -MLINKS+= X509_dup.3 OCSP_SERVICELOC_new.3 -MLINKS+= X509_dup.3 OCSP_SIGNATURE_free.3 -MLINKS+= X509_dup.3 OCSP_SIGNATURE_new.3 -MLINKS+= X509_dup.3 OCSP_SINGLERESP_free.3 -MLINKS+= X509_dup.3 OCSP_SINGLERESP_new.3 -MLINKS+= X509_dup.3 OTHERNAME_free.3 -MLINKS+= X509_dup.3 OTHERNAME_new.3 -MLINKS+= X509_dup.3 PBE2PARAM_free.3 -MLINKS+= X509_dup.3 PBE2PARAM_new.3 -MLINKS+= X509_dup.3 PBEPARAM_free.3 -MLINKS+= X509_dup.3 PBEPARAM_new.3 -MLINKS+= X509_dup.3 PBKDF2PARAM_free.3 -MLINKS+= X509_dup.3 PBKDF2PARAM_new.3 -MLINKS+= X509_dup.3 PKCS12_BAGS_free.3 -MLINKS+= X509_dup.3 PKCS12_BAGS_new.3 -MLINKS+= X509_dup.3 PKCS12_MAC_DATA_free.3 -MLINKS+= X509_dup.3 PKCS12_MAC_DATA_new.3 -MLINKS+= X509_dup.3 PKCS12_SAFEBAG_free.3 -MLINKS+= X509_dup.3 PKCS12_SAFEBAG_new.3 -MLINKS+= X509_dup.3 PKCS12_free.3 -MLINKS+= X509_dup.3 PKCS12_new.3 -MLINKS+= X509_dup.3 PKCS7_DIGEST_free.3 -MLINKS+= X509_dup.3 PKCS7_DIGEST_new.3 -MLINKS+= X509_dup.3 PKCS7_ENCRYPT_free.3 -MLINKS+= X509_dup.3 PKCS7_ENCRYPT_new.3 -MLINKS+= X509_dup.3 PKCS7_ENC_CONTENT_free.3 -MLINKS+= X509_dup.3 PKCS7_ENC_CONTENT_new.3 -MLINKS+= X509_dup.3 PKCS7_ENVELOPE_free.3 -MLINKS+= X509_dup.3 PKCS7_ENVELOPE_new.3 -MLINKS+= X509_dup.3 PKCS7_ISSUER_AND_SERIAL_free.3 -MLINKS+= X509_dup.3 PKCS7_ISSUER_AND_SERIAL_new.3 -MLINKS+= X509_dup.3 PKCS7_RECIP_INFO_free.3 -MLINKS+= X509_dup.3 PKCS7_RECIP_INFO_new.3 -MLINKS+= X509_dup.3 PKCS7_SIGNED_free.3 -MLINKS+= X509_dup.3 PKCS7_SIGNED_new.3 -MLINKS+= X509_dup.3 PKCS7_SIGNER_INFO_free.3 -MLINKS+= X509_dup.3 PKCS7_SIGNER_INFO_new.3 -MLINKS+= X509_dup.3 PKCS7_SIGN_ENVELOPE_free.3 -MLINKS+= X509_dup.3 PKCS7_SIGN_ENVELOPE_new.3 -MLINKS+= X509_dup.3 PKCS7_dup.3 -MLINKS+= X509_dup.3 PKCS7_free.3 -MLINKS+= X509_dup.3 PKCS7_new.3 -MLINKS+= X509_dup.3 PKCS7_print_ctx.3 -MLINKS+= X509_dup.3 PKCS8_PRIV_KEY_INFO_free.3 -MLINKS+= X509_dup.3 PKCS8_PRIV_KEY_INFO_new.3 -MLINKS+= X509_dup.3 PKEY_USAGE_PERIOD_free.3 -MLINKS+= X509_dup.3 PKEY_USAGE_PERIOD_new.3 -MLINKS+= X509_dup.3 POLICYINFO_free.3 -MLINKS+= X509_dup.3 POLICYINFO_new.3 -MLINKS+= X509_dup.3 POLICYQUALINFO_free.3 -MLINKS+= X509_dup.3 POLICYQUALINFO_new.3 -MLINKS+= X509_dup.3 POLICY_CONSTRAINTS_free.3 -MLINKS+= X509_dup.3 POLICY_CONSTRAINTS_new.3 -MLINKS+= X509_dup.3 POLICY_MAPPING_free.3 -MLINKS+= X509_dup.3 POLICY_MAPPING_new.3 -MLINKS+= X509_dup.3 PROFESSION_INFOS_free.3 -MLINKS+= X509_dup.3 PROFESSION_INFOS_new.3 -MLINKS+= X509_dup.3 PROFESSION_INFO_free.3 -MLINKS+= X509_dup.3 PROFESSION_INFO_new.3 -MLINKS+= X509_dup.3 PROXY_CERT_INFO_EXTENSION_free.3 -MLINKS+= X509_dup.3 PROXY_CERT_INFO_EXTENSION_new.3 -MLINKS+= X509_dup.3 PROXY_POLICY_free.3 -MLINKS+= X509_dup.3 PROXY_POLICY_new.3 -MLINKS+= X509_dup.3 RSAPrivateKey_dup.3 -MLINKS+= X509_dup.3 RSAPublicKey_dup.3 -MLINKS+= X509_dup.3 RSA_OAEP_PARAMS_free.3 -MLINKS+= X509_dup.3 RSA_OAEP_PARAMS_new.3 -MLINKS+= X509_dup.3 RSA_PSS_PARAMS_free.3 -MLINKS+= X509_dup.3 RSA_PSS_PARAMS_new.3 -MLINKS+= X509_dup.3 SCRYPT_PARAMS_free.3 -MLINKS+= X509_dup.3 SCRYPT_PARAMS_new.3 -MLINKS+= X509_dup.3 SXNETID_free.3 -MLINKS+= X509_dup.3 SXNETID_new.3 -MLINKS+= X509_dup.3 SXNET_free.3 -MLINKS+= X509_dup.3 SXNET_new.3 -MLINKS+= X509_dup.3 TLS_FEATURE_free.3 -MLINKS+= X509_dup.3 TLS_FEATURE_new.3 -MLINKS+= X509_dup.3 TS_ACCURACY_dup.3 -MLINKS+= X509_dup.3 TS_ACCURACY_free.3 -MLINKS+= X509_dup.3 TS_ACCURACY_new.3 -MLINKS+= X509_dup.3 TS_MSG_IMPRINT_dup.3 -MLINKS+= X509_dup.3 TS_MSG_IMPRINT_free.3 -MLINKS+= X509_dup.3 TS_MSG_IMPRINT_new.3 -MLINKS+= X509_dup.3 TS_REQ_dup.3 -MLINKS+= X509_dup.3 TS_REQ_free.3 -MLINKS+= X509_dup.3 TS_REQ_new.3 -MLINKS+= X509_dup.3 TS_RESP_dup.3 -MLINKS+= X509_dup.3 TS_RESP_free.3 -MLINKS+= X509_dup.3 TS_RESP_new.3 -MLINKS+= X509_dup.3 TS_STATUS_INFO_dup.3 -MLINKS+= X509_dup.3 TS_STATUS_INFO_free.3 -MLINKS+= X509_dup.3 TS_STATUS_INFO_new.3 -MLINKS+= X509_dup.3 TS_TST_INFO_dup.3 -MLINKS+= X509_dup.3 TS_TST_INFO_free.3 -MLINKS+= X509_dup.3 TS_TST_INFO_new.3 -MLINKS+= X509_dup.3 USERNOTICE_free.3 -MLINKS+= X509_dup.3 USERNOTICE_new.3 -MLINKS+= X509_dup.3 X509_ALGOR_free.3 -MLINKS+= X509_dup.3 X509_ALGOR_new.3 -MLINKS+= X509_dup.3 X509_ATTRIBUTE_dup.3 -MLINKS+= X509_dup.3 X509_ATTRIBUTE_free.3 -MLINKS+= X509_dup.3 X509_ATTRIBUTE_new.3 -MLINKS+= X509_dup.3 X509_CERT_AUX_free.3 -MLINKS+= X509_dup.3 X509_CERT_AUX_new.3 -MLINKS+= X509_dup.3 X509_CINF_free.3 -MLINKS+= X509_dup.3 X509_CINF_new.3 -MLINKS+= X509_dup.3 X509_CRL_INFO_free.3 -MLINKS+= X509_dup.3 X509_CRL_INFO_new.3 -MLINKS+= X509_dup.3 X509_CRL_dup.3 -MLINKS+= X509_dup.3 X509_CRL_free.3 -MLINKS+= X509_dup.3 X509_CRL_new.3 -MLINKS+= X509_dup.3 X509_EXTENSION_dup.3 -MLINKS+= X509_dup.3 X509_EXTENSION_free.3 -MLINKS+= X509_dup.3 X509_EXTENSION_new.3 -MLINKS+= X509_dup.3 X509_NAME_ENTRY_dup.3 -MLINKS+= X509_dup.3 X509_NAME_ENTRY_free.3 -MLINKS+= X509_dup.3 X509_NAME_ENTRY_new.3 -MLINKS+= X509_dup.3 X509_NAME_dup.3 -MLINKS+= X509_dup.3 X509_NAME_free.3 -MLINKS+= X509_dup.3 X509_NAME_new.3 -MLINKS+= X509_dup.3 X509_REQ_INFO_free.3 -MLINKS+= X509_dup.3 X509_REQ_INFO_new.3 -MLINKS+= X509_dup.3 X509_REQ_dup.3 -MLINKS+= X509_dup.3 X509_REQ_free.3 -MLINKS+= X509_dup.3 X509_REQ_new.3 -MLINKS+= X509_dup.3 X509_REVOKED_dup.3 -MLINKS+= X509_dup.3 X509_REVOKED_free.3 -MLINKS+= X509_dup.3 X509_REVOKED_new.3 -MLINKS+= X509_dup.3 X509_SIG_free.3 -MLINKS+= X509_dup.3 X509_SIG_new.3 -MLINKS+= X509_dup.3 X509_VAL_free.3 -MLINKS+= X509_dup.3 X509_VAL_new.3 -MLINKS+= X509_get0_notBefore.3 X509_CRL_get0_lastUpdate.3 -MLINKS+= X509_get0_notBefore.3 X509_CRL_get0_nextUpdate.3 -MLINKS+= X509_get0_notBefore.3 X509_CRL_set1_lastUpdate.3 -MLINKS+= X509_get0_notBefore.3 X509_CRL_set1_nextUpdate.3 -MLINKS+= X509_get0_notBefore.3 X509_get0_notAfter.3 -MLINKS+= X509_get0_notBefore.3 X509_getm_notAfter.3 -MLINKS+= X509_get0_notBefore.3 X509_getm_notBefore.3 -MLINKS+= X509_get0_notBefore.3 X509_set1_notAfter.3 -MLINKS+= X509_get0_notBefore.3 X509_set1_notBefore.3 -MLINKS+= X509_get0_signature.3 X509_CRL_get0_signature.3 -MLINKS+= X509_get0_signature.3 X509_CRL_get_signature_nid.3 -MLINKS+= X509_get0_signature.3 X509_REQ_get0_signature.3 -MLINKS+= X509_get0_signature.3 X509_REQ_get_signature_nid.3 -MLINKS+= X509_get0_signature.3 X509_SIG_INFO_get.3 -MLINKS+= X509_get0_signature.3 X509_SIG_INFO_set.3 -MLINKS+= X509_get0_signature.3 X509_get0_tbs_sigalg.3 -MLINKS+= X509_get0_signature.3 X509_get_signature_info.3 -MLINKS+= X509_get0_signature.3 X509_get_signature_nid.3 -MLINKS+= X509_get_extension_flags.3 X509_get0_authority_issuer.3 -MLINKS+= X509_get_extension_flags.3 X509_get0_authority_key_id.3 -MLINKS+= X509_get_extension_flags.3 X509_get0_authority_serial.3 -MLINKS+= X509_get_extension_flags.3 X509_get0_subject_key_id.3 -MLINKS+= X509_get_extension_flags.3 X509_get_extended_key_usage.3 -MLINKS+= X509_get_extension_flags.3 X509_get_key_usage.3 -MLINKS+= X509_get_extension_flags.3 X509_get_pathlen.3 -MLINKS+= X509_get_extension_flags.3 X509_get_proxy_pathlen.3 -MLINKS+= X509_get_extension_flags.3 X509_set_proxy_flag.3 -MLINKS+= X509_get_extension_flags.3 X509_set_proxy_pathlen.3 -MLINKS+= X509_get_pubkey.3 X509_REQ_get0_pubkey.3 -MLINKS+= X509_get_pubkey.3 X509_REQ_get_X509_PUBKEY.3 -MLINKS+= X509_get_pubkey.3 X509_REQ_get_pubkey.3 -MLINKS+= X509_get_pubkey.3 X509_REQ_set_pubkey.3 -MLINKS+= X509_get_pubkey.3 X509_get0_pubkey.3 -MLINKS+= X509_get_pubkey.3 X509_get_X509_PUBKEY.3 -MLINKS+= X509_get_pubkey.3 X509_set_pubkey.3 -MLINKS+= X509_get_serialNumber.3 X509_get0_serialNumber.3 -MLINKS+= X509_get_serialNumber.3 X509_set_serialNumber.3 -MLINKS+= X509_get_subject_name.3 X509_CRL_get_issuer.3 -MLINKS+= X509_get_subject_name.3 X509_CRL_set_issuer_name.3 -MLINKS+= X509_get_subject_name.3 X509_REQ_get_subject_name.3 -MLINKS+= X509_get_subject_name.3 X509_REQ_set_subject_name.3 -MLINKS+= X509_get_subject_name.3 X509_get_issuer_name.3 -MLINKS+= X509_get_subject_name.3 X509_set_issuer_name.3 -MLINKS+= X509_get_subject_name.3 X509_set_subject_name.3 -MLINKS+= X509_get_version.3 X509_CRL_get_version.3 -MLINKS+= X509_get_version.3 X509_CRL_set_version.3 -MLINKS+= X509_get_version.3 X509_REQ_get_version.3 -MLINKS+= X509_get_version.3 X509_REQ_set_version.3 -MLINKS+= X509_get_version.3 X509_set_version.3 -MLINKS+= X509_new.3 X509_chain_up_ref.3 -MLINKS+= X509_new.3 X509_free.3 -MLINKS+= X509_new.3 X509_up_ref.3 -MLINKS+= X509_sign.3 X509_CRL_sign.3 -MLINKS+= X509_sign.3 X509_CRL_sign_ctx.3 -MLINKS+= X509_sign.3 X509_CRL_verify.3 -MLINKS+= X509_sign.3 X509_REQ_sign.3 -MLINKS+= X509_sign.3 X509_REQ_sign_ctx.3 -MLINKS+= X509_sign.3 X509_REQ_verify.3 -MLINKS+= X509_sign.3 X509_sign_ctx.3 -MLINKS+= X509_sign.3 X509_verify.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_add_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_delete_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_by_NID.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_by_OBJ.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_by_critical.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_count.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_add_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_delete_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_by_NID.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_by_OBJ.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_by_critical.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_count.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_add_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_delete_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_by_NID.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_by_OBJ.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_by_critical.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_count.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509v3_add_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509v3_delete_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509v3_get_ext.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509v3_get_ext_by_OBJ.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509v3_get_ext_by_critical.3 -MLINKS+= X509v3_get_ext_by_NID.3 X509v3_get_ext_count.3 -MLINKS+= d2i_DHparams.3 i2d_DHparams.3 -MLINKS+= d2i_PKCS8PrivateKey_bio.3 d2i_PKCS8PrivateKey_fp.3 -MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_bio.3 -MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_fp.3 -MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_nid_bio.3 -MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_nid_fp.3 -MLINKS+= d2i_PrivateKey.3 d2i_AutoPrivateKey.3 -MLINKS+= d2i_PrivateKey.3 d2i_PrivateKey_bio.3 -MLINKS+= d2i_PrivateKey.3 d2i_PrivateKey_fp.3 -MLINKS+= d2i_PrivateKey.3 d2i_PublicKey.3 -MLINKS+= d2i_PrivateKey.3 i2d_PrivateKey.3 -MLINKS+= d2i_PrivateKey.3 i2d_PublicKey.3 -MLINKS+= d2i_SSL_SESSION.3 i2d_SSL_SESSION.3 -MLINKS+= d2i_X509.3 d2i_ACCESS_DESCRIPTION.3 -MLINKS+= d2i_X509.3 d2i_ADMISSIONS.3 -MLINKS+= d2i_X509.3 d2i_ADMISSION_SYNTAX.3 -MLINKS+= d2i_X509.3 d2i_ASIdOrRange.3 -MLINKS+= d2i_X509.3 d2i_ASIdentifierChoice.3 -MLINKS+= d2i_X509.3 d2i_ASIdentifiers.3 -MLINKS+= d2i_X509.3 d2i_ASN1_BIT_STRING.3 -MLINKS+= d2i_X509.3 d2i_ASN1_BMPSTRING.3 -MLINKS+= d2i_X509.3 d2i_ASN1_ENUMERATED.3 -MLINKS+= d2i_X509.3 d2i_ASN1_GENERALIZEDTIME.3 -MLINKS+= d2i_X509.3 d2i_ASN1_GENERALSTRING.3 -MLINKS+= d2i_X509.3 d2i_ASN1_IA5STRING.3 -MLINKS+= d2i_X509.3 d2i_ASN1_INTEGER.3 -MLINKS+= d2i_X509.3 d2i_ASN1_NULL.3 -MLINKS+= d2i_X509.3 d2i_ASN1_OBJECT.3 -MLINKS+= d2i_X509.3 d2i_ASN1_OCTET_STRING.3 -MLINKS+= d2i_X509.3 d2i_ASN1_PRINTABLE.3 -MLINKS+= d2i_X509.3 d2i_ASN1_PRINTABLESTRING.3 -MLINKS+= d2i_X509.3 d2i_ASN1_SEQUENCE_ANY.3 -MLINKS+= d2i_X509.3 d2i_ASN1_SET_ANY.3 -MLINKS+= d2i_X509.3 d2i_ASN1_T61STRING.3 -MLINKS+= d2i_X509.3 d2i_ASN1_TIME.3 -MLINKS+= d2i_X509.3 d2i_ASN1_TYPE.3 -MLINKS+= d2i_X509.3 d2i_ASN1_UINTEGER.3 -MLINKS+= d2i_X509.3 d2i_ASN1_UNIVERSALSTRING.3 -MLINKS+= d2i_X509.3 d2i_ASN1_UTCTIME.3 -MLINKS+= d2i_X509.3 d2i_ASN1_UTF8STRING.3 -MLINKS+= d2i_X509.3 d2i_ASN1_VISIBLESTRING.3 -MLINKS+= d2i_X509.3 d2i_ASRange.3 -MLINKS+= d2i_X509.3 d2i_AUTHORITY_INFO_ACCESS.3 -MLINKS+= d2i_X509.3 d2i_AUTHORITY_KEYID.3 -MLINKS+= d2i_X509.3 d2i_BASIC_CONSTRAINTS.3 -MLINKS+= d2i_X509.3 d2i_CERTIFICATEPOLICIES.3 -MLINKS+= d2i_X509.3 d2i_CMS_ContentInfo.3 -MLINKS+= d2i_X509.3 d2i_CMS_ReceiptRequest.3 -MLINKS+= d2i_X509.3 d2i_CMS_bio.3 -MLINKS+= d2i_X509.3 d2i_CRL_DIST_POINTS.3 -MLINKS+= d2i_X509.3 d2i_DHxparams.3 -MLINKS+= d2i_X509.3 d2i_DIRECTORYSTRING.3 -MLINKS+= d2i_X509.3 d2i_DISPLAYTEXT.3 -MLINKS+= d2i_X509.3 d2i_DIST_POINT.3 -MLINKS+= d2i_X509.3 d2i_DIST_POINT_NAME.3 -MLINKS+= d2i_X509.3 d2i_DSAPrivateKey.3 -MLINKS+= d2i_X509.3 d2i_DSAPrivateKey_bio.3 -MLINKS+= d2i_X509.3 d2i_DSAPrivateKey_fp.3 -MLINKS+= d2i_X509.3 d2i_DSAPublicKey.3 -MLINKS+= d2i_X509.3 d2i_DSA_PUBKEY.3 -MLINKS+= d2i_X509.3 d2i_DSA_PUBKEY_bio.3 -MLINKS+= d2i_X509.3 d2i_DSA_PUBKEY_fp.3 -MLINKS+= d2i_X509.3 d2i_DSA_SIG.3 -MLINKS+= d2i_X509.3 d2i_DSAparams.3 -MLINKS+= d2i_X509.3 d2i_ECDSA_SIG.3 -MLINKS+= d2i_X509.3 d2i_ECPKParameters.3 -MLINKS+= d2i_X509.3 d2i_ECParameters.3 -MLINKS+= d2i_X509.3 d2i_ECPrivateKey.3 -MLINKS+= d2i_X509.3 d2i_ECPrivateKey_bio.3 -MLINKS+= d2i_X509.3 d2i_ECPrivateKey_fp.3 -MLINKS+= d2i_X509.3 d2i_EC_PUBKEY.3 -MLINKS+= d2i_X509.3 d2i_EC_PUBKEY_bio.3 -MLINKS+= d2i_X509.3 d2i_EC_PUBKEY_fp.3 -MLINKS+= d2i_X509.3 d2i_EDIPARTYNAME.3 -MLINKS+= d2i_X509.3 d2i_ESS_CERT_ID.3 -MLINKS+= d2i_X509.3 d2i_ESS_ISSUER_SERIAL.3 -MLINKS+= d2i_X509.3 d2i_ESS_SIGNING_CERT.3 -MLINKS+= d2i_X509.3 d2i_EXTENDED_KEY_USAGE.3 -MLINKS+= d2i_X509.3 d2i_GENERAL_NAME.3 -MLINKS+= d2i_X509.3 d2i_GENERAL_NAMES.3 -MLINKS+= d2i_X509.3 d2i_IPAddressChoice.3 -MLINKS+= d2i_X509.3 d2i_IPAddressFamily.3 -MLINKS+= d2i_X509.3 d2i_IPAddressOrRange.3 -MLINKS+= d2i_X509.3 d2i_IPAddressRange.3 -MLINKS+= d2i_X509.3 d2i_ISSUING_DIST_POINT.3 -MLINKS+= d2i_X509.3 d2i_NAMING_AUTHORITY.3 -MLINKS+= d2i_X509.3 d2i_NETSCAPE_CERT_SEQUENCE.3 -MLINKS+= d2i_X509.3 d2i_NETSCAPE_SPKAC.3 -MLINKS+= d2i_X509.3 d2i_NETSCAPE_SPKI.3 -MLINKS+= d2i_X509.3 d2i_NOTICEREF.3 -MLINKS+= d2i_X509.3 d2i_OCSP_BASICRESP.3 -MLINKS+= d2i_X509.3 d2i_OCSP_CERTID.3 -MLINKS+= d2i_X509.3 d2i_OCSP_CERTSTATUS.3 -MLINKS+= d2i_X509.3 d2i_OCSP_CRLID.3 -MLINKS+= d2i_X509.3 d2i_OCSP_ONEREQ.3 -MLINKS+= d2i_X509.3 d2i_OCSP_REQINFO.3 -MLINKS+= d2i_X509.3 d2i_OCSP_REQUEST.3 -MLINKS+= d2i_X509.3 d2i_OCSP_RESPBYTES.3 -MLINKS+= d2i_X509.3 d2i_OCSP_RESPDATA.3 -MLINKS+= d2i_X509.3 d2i_OCSP_RESPID.3 -MLINKS+= d2i_X509.3 d2i_OCSP_RESPONSE.3 -MLINKS+= d2i_X509.3 d2i_OCSP_REVOKEDINFO.3 -MLINKS+= d2i_X509.3 d2i_OCSP_SERVICELOC.3 -MLINKS+= d2i_X509.3 d2i_OCSP_SIGNATURE.3 -MLINKS+= d2i_X509.3 d2i_OCSP_SINGLERESP.3 -MLINKS+= d2i_X509.3 d2i_OTHERNAME.3 -MLINKS+= d2i_X509.3 d2i_PBE2PARAM.3 -MLINKS+= d2i_X509.3 d2i_PBEPARAM.3 -MLINKS+= d2i_X509.3 d2i_PBKDF2PARAM.3 -MLINKS+= d2i_X509.3 d2i_PKCS12.3 -MLINKS+= d2i_X509.3 d2i_PKCS12_BAGS.3 -MLINKS+= d2i_X509.3 d2i_PKCS12_MAC_DATA.3 -MLINKS+= d2i_X509.3 d2i_PKCS12_SAFEBAG.3 -MLINKS+= d2i_X509.3 d2i_PKCS12_bio.3 -MLINKS+= d2i_X509.3 d2i_PKCS12_fp.3 -MLINKS+= d2i_X509.3 d2i_PKCS7.3 -MLINKS+= d2i_X509.3 d2i_PKCS7_DIGEST.3 -MLINKS+= d2i_X509.3 d2i_PKCS7_ENCRYPT.3 -MLINKS+= d2i_X509.3 d2i_PKCS7_ENC_CONTENT.3 -MLINKS+= d2i_X509.3 d2i_PKCS7_ENVELOPE.3 -MLINKS+= d2i_X509.3 d2i_PKCS7_ISSUER_AND_SERIAL.3 -MLINKS+= d2i_X509.3 d2i_PKCS7_RECIP_INFO.3 -MLINKS+= d2i_X509.3 d2i_PKCS7_SIGNED.3 -MLINKS+= d2i_X509.3 d2i_PKCS7_SIGNER_INFO.3 -MLINKS+= d2i_X509.3 d2i_PKCS7_SIGN_ENVELOPE.3 -MLINKS+= d2i_X509.3 d2i_PKCS7_bio.3 -MLINKS+= d2i_X509.3 d2i_PKCS7_fp.3 -MLINKS+= d2i_X509.3 d2i_PKCS8_PRIV_KEY_INFO.3 -MLINKS+= d2i_X509.3 d2i_PKCS8_PRIV_KEY_INFO_bio.3 -MLINKS+= d2i_X509.3 d2i_PKCS8_PRIV_KEY_INFO_fp.3 -MLINKS+= d2i_X509.3 d2i_PKCS8_bio.3 -MLINKS+= d2i_X509.3 d2i_PKCS8_fp.3 -MLINKS+= d2i_X509.3 d2i_PKEY_USAGE_PERIOD.3 -MLINKS+= d2i_X509.3 d2i_POLICYINFO.3 -MLINKS+= d2i_X509.3 d2i_POLICYQUALINFO.3 -MLINKS+= d2i_X509.3 d2i_PROFESSION_INFO.3 -MLINKS+= d2i_X509.3 d2i_PROXY_CERT_INFO_EXTENSION.3 -MLINKS+= d2i_X509.3 d2i_PROXY_POLICY.3 -MLINKS+= d2i_X509.3 d2i_RSAPrivateKey.3 -MLINKS+= d2i_X509.3 d2i_RSAPrivateKey_bio.3 -MLINKS+= d2i_X509.3 d2i_RSAPrivateKey_fp.3 -MLINKS+= d2i_X509.3 d2i_RSAPublicKey.3 -MLINKS+= d2i_X509.3 d2i_RSAPublicKey_bio.3 -MLINKS+= d2i_X509.3 d2i_RSAPublicKey_fp.3 -MLINKS+= d2i_X509.3 d2i_RSA_OAEP_PARAMS.3 -MLINKS+= d2i_X509.3 d2i_RSA_PSS_PARAMS.3 -MLINKS+= d2i_X509.3 d2i_RSA_PUBKEY.3 -MLINKS+= d2i_X509.3 d2i_RSA_PUBKEY_bio.3 -MLINKS+= d2i_X509.3 d2i_RSA_PUBKEY_fp.3 -MLINKS+= d2i_X509.3 d2i_SCRYPT_PARAMS.3 -MLINKS+= d2i_X509.3 d2i_SCT_LIST.3 -MLINKS+= d2i_X509.3 d2i_SXNET.3 -MLINKS+= d2i_X509.3 d2i_SXNETID.3 -MLINKS+= d2i_X509.3 d2i_TS_ACCURACY.3 -MLINKS+= d2i_X509.3 d2i_TS_MSG_IMPRINT.3 -MLINKS+= d2i_X509.3 d2i_TS_MSG_IMPRINT_bio.3 -MLINKS+= d2i_X509.3 d2i_TS_MSG_IMPRINT_fp.3 -MLINKS+= d2i_X509.3 d2i_TS_REQ.3 -MLINKS+= d2i_X509.3 d2i_TS_REQ_bio.3 -MLINKS+= d2i_X509.3 d2i_TS_REQ_fp.3 -MLINKS+= d2i_X509.3 d2i_TS_RESP.3 -MLINKS+= d2i_X509.3 d2i_TS_RESP_bio.3 -MLINKS+= d2i_X509.3 d2i_TS_RESP_fp.3 -MLINKS+= d2i_X509.3 d2i_TS_STATUS_INFO.3 -MLINKS+= d2i_X509.3 d2i_TS_TST_INFO.3 -MLINKS+= d2i_X509.3 d2i_TS_TST_INFO_bio.3 -MLINKS+= d2i_X509.3 d2i_TS_TST_INFO_fp.3 -MLINKS+= d2i_X509.3 d2i_USERNOTICE.3 -MLINKS+= d2i_X509.3 d2i_X509_ALGOR.3 -MLINKS+= d2i_X509.3 d2i_X509_ALGORS.3 -MLINKS+= d2i_X509.3 d2i_X509_ATTRIBUTE.3 -MLINKS+= d2i_X509.3 d2i_X509_CERT_AUX.3 -MLINKS+= d2i_X509.3 d2i_X509_CINF.3 -MLINKS+= d2i_X509.3 d2i_X509_CRL.3 -MLINKS+= d2i_X509.3 d2i_X509_CRL_INFO.3 -MLINKS+= d2i_X509.3 d2i_X509_CRL_bio.3 -MLINKS+= d2i_X509.3 d2i_X509_CRL_fp.3 -MLINKS+= d2i_X509.3 d2i_X509_EXTENSION.3 -MLINKS+= d2i_X509.3 d2i_X509_EXTENSIONS.3 -MLINKS+= d2i_X509.3 d2i_X509_NAME.3 -MLINKS+= d2i_X509.3 d2i_X509_NAME_ENTRY.3 -MLINKS+= d2i_X509.3 d2i_X509_PUBKEY.3 -MLINKS+= d2i_X509.3 d2i_X509_REQ.3 -MLINKS+= d2i_X509.3 d2i_X509_REQ_INFO.3 -MLINKS+= d2i_X509.3 d2i_X509_REQ_bio.3 -MLINKS+= d2i_X509.3 d2i_X509_REQ_fp.3 -MLINKS+= d2i_X509.3 d2i_X509_REVOKED.3 -MLINKS+= d2i_X509.3 d2i_X509_SIG.3 -MLINKS+= d2i_X509.3 d2i_X509_VAL.3 -MLINKS+= d2i_X509.3 i2d_ACCESS_DESCRIPTION.3 -MLINKS+= d2i_X509.3 i2d_ADMISSIONS.3 -MLINKS+= d2i_X509.3 i2d_ADMISSION_SYNTAX.3 -MLINKS+= d2i_X509.3 i2d_ASIdOrRange.3 -MLINKS+= d2i_X509.3 i2d_ASIdentifierChoice.3 -MLINKS+= d2i_X509.3 i2d_ASIdentifiers.3 -MLINKS+= d2i_X509.3 i2d_ASN1_BIT_STRING.3 -MLINKS+= d2i_X509.3 i2d_ASN1_BMPSTRING.3 -MLINKS+= d2i_X509.3 i2d_ASN1_ENUMERATED.3 -MLINKS+= d2i_X509.3 i2d_ASN1_GENERALIZEDTIME.3 -MLINKS+= d2i_X509.3 i2d_ASN1_GENERALSTRING.3 -MLINKS+= d2i_X509.3 i2d_ASN1_IA5STRING.3 -MLINKS+= d2i_X509.3 i2d_ASN1_INTEGER.3 -MLINKS+= d2i_X509.3 i2d_ASN1_NULL.3 -MLINKS+= d2i_X509.3 i2d_ASN1_OBJECT.3 -MLINKS+= d2i_X509.3 i2d_ASN1_OCTET_STRING.3 -MLINKS+= d2i_X509.3 i2d_ASN1_PRINTABLE.3 -MLINKS+= d2i_X509.3 i2d_ASN1_PRINTABLESTRING.3 -MLINKS+= d2i_X509.3 i2d_ASN1_SEQUENCE_ANY.3 -MLINKS+= d2i_X509.3 i2d_ASN1_SET_ANY.3 -MLINKS+= d2i_X509.3 i2d_ASN1_T61STRING.3 -MLINKS+= d2i_X509.3 i2d_ASN1_TIME.3 -MLINKS+= d2i_X509.3 i2d_ASN1_TYPE.3 -MLINKS+= d2i_X509.3 i2d_ASN1_UNIVERSALSTRING.3 -MLINKS+= d2i_X509.3 i2d_ASN1_UTCTIME.3 -MLINKS+= d2i_X509.3 i2d_ASN1_UTF8STRING.3 -MLINKS+= d2i_X509.3 i2d_ASN1_VISIBLESTRING.3 -MLINKS+= d2i_X509.3 i2d_ASN1_bio_stream.3 -MLINKS+= d2i_X509.3 i2d_ASRange.3 -MLINKS+= d2i_X509.3 i2d_AUTHORITY_INFO_ACCESS.3 -MLINKS+= d2i_X509.3 i2d_AUTHORITY_KEYID.3 -MLINKS+= d2i_X509.3 i2d_BASIC_CONSTRAINTS.3 -MLINKS+= d2i_X509.3 i2d_CERTIFICATEPOLICIES.3 -MLINKS+= d2i_X509.3 i2d_CMS_ContentInfo.3 -MLINKS+= d2i_X509.3 i2d_CMS_ReceiptRequest.3 -MLINKS+= d2i_X509.3 i2d_CMS_bio.3 -MLINKS+= d2i_X509.3 i2d_CRL_DIST_POINTS.3 -MLINKS+= d2i_X509.3 i2d_DHxparams.3 -MLINKS+= d2i_X509.3 i2d_DIRECTORYSTRING.3 -MLINKS+= d2i_X509.3 i2d_DISPLAYTEXT.3 -MLINKS+= d2i_X509.3 i2d_DIST_POINT.3 -MLINKS+= d2i_X509.3 i2d_DIST_POINT_NAME.3 -MLINKS+= d2i_X509.3 i2d_DSAPrivateKey.3 -MLINKS+= d2i_X509.3 i2d_DSAPrivateKey_bio.3 -MLINKS+= d2i_X509.3 i2d_DSAPrivateKey_fp.3 -MLINKS+= d2i_X509.3 i2d_DSAPublicKey.3 -MLINKS+= d2i_X509.3 i2d_DSA_PUBKEY.3 -MLINKS+= d2i_X509.3 i2d_DSA_PUBKEY_bio.3 -MLINKS+= d2i_X509.3 i2d_DSA_PUBKEY_fp.3 -MLINKS+= d2i_X509.3 i2d_DSA_SIG.3 -MLINKS+= d2i_X509.3 i2d_DSAparams.3 -MLINKS+= d2i_X509.3 i2d_ECDSA_SIG.3 -MLINKS+= d2i_X509.3 i2d_ECPKParameters.3 -MLINKS+= d2i_X509.3 i2d_ECParameters.3 -MLINKS+= d2i_X509.3 i2d_ECPrivateKey.3 -MLINKS+= d2i_X509.3 i2d_ECPrivateKey_bio.3 -MLINKS+= d2i_X509.3 i2d_ECPrivateKey_fp.3 -MLINKS+= d2i_X509.3 i2d_EC_PUBKEY.3 -MLINKS+= d2i_X509.3 i2d_EC_PUBKEY_bio.3 -MLINKS+= d2i_X509.3 i2d_EC_PUBKEY_fp.3 -MLINKS+= d2i_X509.3 i2d_EDIPARTYNAME.3 -MLINKS+= d2i_X509.3 i2d_ESS_CERT_ID.3 -MLINKS+= d2i_X509.3 i2d_ESS_ISSUER_SERIAL.3 -MLINKS+= d2i_X509.3 i2d_ESS_SIGNING_CERT.3 -MLINKS+= d2i_X509.3 i2d_EXTENDED_KEY_USAGE.3 -MLINKS+= d2i_X509.3 i2d_GENERAL_NAME.3 -MLINKS+= d2i_X509.3 i2d_GENERAL_NAMES.3 -MLINKS+= d2i_X509.3 i2d_IPAddressChoice.3 -MLINKS+= d2i_X509.3 i2d_IPAddressFamily.3 -MLINKS+= d2i_X509.3 i2d_IPAddressOrRange.3 -MLINKS+= d2i_X509.3 i2d_IPAddressRange.3 -MLINKS+= d2i_X509.3 i2d_ISSUING_DIST_POINT.3 -MLINKS+= d2i_X509.3 i2d_NAMING_AUTHORITY.3 -MLINKS+= d2i_X509.3 i2d_NETSCAPE_CERT_SEQUENCE.3 -MLINKS+= d2i_X509.3 i2d_NETSCAPE_SPKAC.3 -MLINKS+= d2i_X509.3 i2d_NETSCAPE_SPKI.3 -MLINKS+= d2i_X509.3 i2d_NOTICEREF.3 -MLINKS+= d2i_X509.3 i2d_OCSP_BASICRESP.3 -MLINKS+= d2i_X509.3 i2d_OCSP_CERTID.3 -MLINKS+= d2i_X509.3 i2d_OCSP_CERTSTATUS.3 -MLINKS+= d2i_X509.3 i2d_OCSP_CRLID.3 -MLINKS+= d2i_X509.3 i2d_OCSP_ONEREQ.3 -MLINKS+= d2i_X509.3 i2d_OCSP_REQINFO.3 -MLINKS+= d2i_X509.3 i2d_OCSP_REQUEST.3 -MLINKS+= d2i_X509.3 i2d_OCSP_RESPBYTES.3 -MLINKS+= d2i_X509.3 i2d_OCSP_RESPDATA.3 -MLINKS+= d2i_X509.3 i2d_OCSP_RESPID.3 -MLINKS+= d2i_X509.3 i2d_OCSP_RESPONSE.3 -MLINKS+= d2i_X509.3 i2d_OCSP_REVOKEDINFO.3 -MLINKS+= d2i_X509.3 i2d_OCSP_SERVICELOC.3 -MLINKS+= d2i_X509.3 i2d_OCSP_SIGNATURE.3 -MLINKS+= d2i_X509.3 i2d_OCSP_SINGLERESP.3 -MLINKS+= d2i_X509.3 i2d_OTHERNAME.3 -MLINKS+= d2i_X509.3 i2d_PBE2PARAM.3 -MLINKS+= d2i_X509.3 i2d_PBEPARAM.3 -MLINKS+= d2i_X509.3 i2d_PBKDF2PARAM.3 -MLINKS+= d2i_X509.3 i2d_PKCS12.3 -MLINKS+= d2i_X509.3 i2d_PKCS12_BAGS.3 -MLINKS+= d2i_X509.3 i2d_PKCS12_MAC_DATA.3 -MLINKS+= d2i_X509.3 i2d_PKCS12_SAFEBAG.3 -MLINKS+= d2i_X509.3 i2d_PKCS12_bio.3 -MLINKS+= d2i_X509.3 i2d_PKCS12_fp.3 -MLINKS+= d2i_X509.3 i2d_PKCS7.3 -MLINKS+= d2i_X509.3 i2d_PKCS7_DIGEST.3 -MLINKS+= d2i_X509.3 i2d_PKCS7_ENCRYPT.3 -MLINKS+= d2i_X509.3 i2d_PKCS7_ENC_CONTENT.3 -MLINKS+= d2i_X509.3 i2d_PKCS7_ENVELOPE.3 -MLINKS+= d2i_X509.3 i2d_PKCS7_ISSUER_AND_SERIAL.3 -MLINKS+= d2i_X509.3 i2d_PKCS7_NDEF.3 -MLINKS+= d2i_X509.3 i2d_PKCS7_RECIP_INFO.3 -MLINKS+= d2i_X509.3 i2d_PKCS7_SIGNED.3 -MLINKS+= d2i_X509.3 i2d_PKCS7_SIGNER_INFO.3 -MLINKS+= d2i_X509.3 i2d_PKCS7_SIGN_ENVELOPE.3 -MLINKS+= d2i_X509.3 i2d_PKCS7_bio.3 -MLINKS+= d2i_X509.3 i2d_PKCS7_fp.3 -MLINKS+= d2i_X509.3 i2d_PKCS8PrivateKeyInfo_bio.3 -MLINKS+= d2i_X509.3 i2d_PKCS8PrivateKeyInfo_fp.3 -MLINKS+= d2i_X509.3 i2d_PKCS8_PRIV_KEY_INFO.3 -MLINKS+= d2i_X509.3 i2d_PKCS8_PRIV_KEY_INFO_bio.3 -MLINKS+= d2i_X509.3 i2d_PKCS8_PRIV_KEY_INFO_fp.3 -MLINKS+= d2i_X509.3 i2d_PKCS8_bio.3 -MLINKS+= d2i_X509.3 i2d_PKCS8_fp.3 -MLINKS+= d2i_X509.3 i2d_PKEY_USAGE_PERIOD.3 -MLINKS+= d2i_X509.3 i2d_POLICYINFO.3 -MLINKS+= d2i_X509.3 i2d_POLICYQUALINFO.3 -MLINKS+= d2i_X509.3 i2d_PROFESSION_INFO.3 -MLINKS+= d2i_X509.3 i2d_PROXY_CERT_INFO_EXTENSION.3 -MLINKS+= d2i_X509.3 i2d_PROXY_POLICY.3 -MLINKS+= d2i_X509.3 i2d_RSAPrivateKey.3 -MLINKS+= d2i_X509.3 i2d_RSAPrivateKey_bio.3 -MLINKS+= d2i_X509.3 i2d_RSAPrivateKey_fp.3 -MLINKS+= d2i_X509.3 i2d_RSAPublicKey.3 -MLINKS+= d2i_X509.3 i2d_RSAPublicKey_bio.3 -MLINKS+= d2i_X509.3 i2d_RSAPublicKey_fp.3 -MLINKS+= d2i_X509.3 i2d_RSA_OAEP_PARAMS.3 -MLINKS+= d2i_X509.3 i2d_RSA_PSS_PARAMS.3 -MLINKS+= d2i_X509.3 i2d_RSA_PUBKEY.3 -MLINKS+= d2i_X509.3 i2d_RSA_PUBKEY_bio.3 -MLINKS+= d2i_X509.3 i2d_RSA_PUBKEY_fp.3 -MLINKS+= d2i_X509.3 i2d_SCRYPT_PARAMS.3 -MLINKS+= d2i_X509.3 i2d_SCT_LIST.3 -MLINKS+= d2i_X509.3 i2d_SXNET.3 -MLINKS+= d2i_X509.3 i2d_SXNETID.3 -MLINKS+= d2i_X509.3 i2d_TS_ACCURACY.3 -MLINKS+= d2i_X509.3 i2d_TS_MSG_IMPRINT.3 -MLINKS+= d2i_X509.3 i2d_TS_MSG_IMPRINT_bio.3 -MLINKS+= d2i_X509.3 i2d_TS_MSG_IMPRINT_fp.3 -MLINKS+= d2i_X509.3 i2d_TS_REQ.3 -MLINKS+= d2i_X509.3 i2d_TS_REQ_bio.3 -MLINKS+= d2i_X509.3 i2d_TS_REQ_fp.3 -MLINKS+= d2i_X509.3 i2d_TS_RESP.3 -MLINKS+= d2i_X509.3 i2d_TS_RESP_bio.3 -MLINKS+= d2i_X509.3 i2d_TS_RESP_fp.3 -MLINKS+= d2i_X509.3 i2d_TS_STATUS_INFO.3 -MLINKS+= d2i_X509.3 i2d_TS_TST_INFO.3 -MLINKS+= d2i_X509.3 i2d_TS_TST_INFO_bio.3 -MLINKS+= d2i_X509.3 i2d_TS_TST_INFO_fp.3 -MLINKS+= d2i_X509.3 i2d_USERNOTICE.3 -MLINKS+= d2i_X509.3 i2d_X509.3 -MLINKS+= d2i_X509.3 i2d_X509_ALGOR.3 -MLINKS+= d2i_X509.3 i2d_X509_ALGORS.3 -MLINKS+= d2i_X509.3 i2d_X509_ATTRIBUTE.3 -MLINKS+= d2i_X509.3 i2d_X509_CERT_AUX.3 -MLINKS+= d2i_X509.3 i2d_X509_CINF.3 -MLINKS+= d2i_X509.3 i2d_X509_CRL.3 -MLINKS+= d2i_X509.3 i2d_X509_CRL_INFO.3 -MLINKS+= d2i_X509.3 i2d_X509_CRL_bio.3 -MLINKS+= d2i_X509.3 i2d_X509_CRL_fp.3 -MLINKS+= d2i_X509.3 i2d_X509_EXTENSION.3 -MLINKS+= d2i_X509.3 i2d_X509_EXTENSIONS.3 -MLINKS+= d2i_X509.3 i2d_X509_NAME.3 -MLINKS+= d2i_X509.3 i2d_X509_NAME_ENTRY.3 -MLINKS+= d2i_X509.3 i2d_X509_PUBKEY.3 -MLINKS+= d2i_X509.3 i2d_X509_REQ.3 -MLINKS+= d2i_X509.3 i2d_X509_REQ_INFO.3 -MLINKS+= d2i_X509.3 i2d_X509_REQ_bio.3 -MLINKS+= d2i_X509.3 i2d_X509_REQ_fp.3 -MLINKS+= d2i_X509.3 i2d_X509_REVOKED.3 -MLINKS+= d2i_X509.3 i2d_X509_SIG.3 -MLINKS+= d2i_X509.3 i2d_X509_VAL.3 -MLINKS+= i2d_re_X509_tbs.3 d2i_X509_AUX.3 -MLINKS+= i2d_re_X509_tbs.3 i2d_X509_AUX.3 -MLINKS+= i2d_re_X509_tbs.3 i2d_re_X509_CRL_tbs.3 -MLINKS+= i2d_re_X509_tbs.3 i2d_re_X509_REQ_tbs.3 -MLINKS+= o2i_SCT_LIST.3 i2o_SCT.3 -MLINKS+= o2i_SCT_LIST.3 i2o_SCT_LIST.3 -MLINKS+= o2i_SCT_LIST.3 o2i_SCT.3 +.for m in 3 5 7 +.include "man/man${m}/Makefile" +.PATH: ${.CURDIR}/man/man${m} +.endfor diff --git a/secure/lib/libcrypto/man/ADMISSIONS.3 b/secure/lib/libcrypto/man/ADMISSIONS.3 deleted file mode 100644 index 9bee22d7dbae..000000000000 --- a/secure/lib/libcrypto/man/ADMISSIONS.3 +++ /dev/null @@ -1,280 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ADMISSIONS 3" -.TH ADMISSIONS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ADMISSIONS, ADMISSIONS_get0_admissionAuthority, ADMISSIONS_get0_namingAuthority, ADMISSIONS_get0_professionInfos, ADMISSIONS_set0_admissionAuthority, ADMISSIONS_set0_namingAuthority, ADMISSIONS_set0_professionInfos, ADMISSION_SYNTAX, ADMISSION_SYNTAX_get0_admissionAuthority, ADMISSION_SYNTAX_get0_contentsOfAdmissions, ADMISSION_SYNTAX_set0_admissionAuthority, ADMISSION_SYNTAX_set0_contentsOfAdmissions, NAMING_AUTHORITY, NAMING_AUTHORITY_get0_authorityId, NAMING_AUTHORITY_get0_authorityURL, NAMING_AUTHORITY_get0_authorityText, NAMING_AUTHORITY_set0_authorityId, NAMING_AUTHORITY_set0_authorityURL, NAMING_AUTHORITY_set0_authorityText, PROFESSION_INFO, PROFESSION_INFOS, PROFESSION_INFO_get0_addProfessionInfo, PROFESSION_INFO_get0_namingAuthority, PROFESSION_INFO_get0_professionItems, PROFESSION_INFO_get0_professionOIDs, PROFESSION_INFO_get0_registrationNumber, PROFESSION_INFO_set0_addProfessionInfo, PROFESSION_INFO_set0_namingAuthority, PROFESSION_INFO_set0_professionItems, PROFESSION_INFO_set0_professionOIDs, PROFESSION_INFO_set0_registrationNumber \&\- Accessors and settors for ADMISSION_SYNTAX -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 5 -\& typedef struct NamingAuthority_st NAMING_AUTHORITY; -\& typedef struct ProfessionInfo_st PROFESSION_INFO; -\& typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; -\& typedef struct Admissions_st ADMISSIONS; -\& typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; -\& -\& const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( -\& const NAMING_AUTHORITY *n); -\& void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, -\& ASN1_OBJECT* namingAuthorityId); -\& const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( -\& const NAMING_AUTHORITY *n); -\& void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, -\& ASN1_IA5STRING* namingAuthorityUrl); -\& const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( -\& const NAMING_AUTHORITY *n); -\& void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, -\& ASN1_STRING* namingAuthorityText); -\& -\& const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( -\& const ADMISSION_SYNTAX *as); -\& void ADMISSION_SYNTAX_set0_admissionAuthority( -\& ADMISSION_SYNTAX *as, GENERAL_NAME *aa); -\& const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( -\& const ADMISSION_SYNTAX *as); -\& void ADMISSION_SYNTAX_set0_contentsOfAdmissions( -\& ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); -\& -\& const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); -\& void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); -\& const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); -\& void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); -\& const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); -\& void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); -\& -\& const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( -\& const PROFESSION_INFO *pi); -\& void PROFESSION_INFO_set0_addProfessionInfo( -\& PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); -\& const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( -\& const PROFESSION_INFO *pi); -\& void PROFESSION_INFO_set0_namingAuthority( -\& PROFESSION_INFO *pi, NAMING_AUTHORITY *na); -\& const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( -\& const PROFESSION_INFO *pi); -\& void PROFESSION_INFO_set0_professionItems( -\& PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); -\& const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( -\& const PROFESSION_INFO *pi); -\& void PROFESSION_INFO_set0_professionOIDs( -\& PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); -\& const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( -\& const PROFESSION_INFO *pi); -\& void PROFESSION_INFO_set0_registrationNumber( -\& PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1PROFESSION_INFOS\s0\fR, \fB\s-1ADMISSION_SYNTAX\s0\fR, \fB\s-1ADMISSIONS\s0\fR, and -\&\fB\s-1PROFESSION_INFO\s0\fR types are opaque structures representing the -analogous types defined in the Common \s-1PKI\s0 Specification published -by . -Knowledge of those structures and their semantics is assumed. -.PP -The conventional routines to convert between \s-1DER\s0 and the local format -are described in \fBd2i_X509\fR\|(3). -The conventional routines to allocate and free the types are defined -in \fBX509_dup\fR\|(3). -.PP -The \fB\s-1PROFESSION_INFOS\s0\fR type is a stack of \fB\s-1PROFESSION_INFO\s0\fR; see -\&\s-1\fBDEFINE_STACK_OF\s0\fR\|(3) for details. -.PP -The \fB\s-1NAMING_AUTHORITY\s0\fR type has an authority \s-1ID\s0 and \s-1URL,\s0 and text fields. -The \fBNAMING_AUTHORITY_get0_authorityId()\fR, -\&\fBNAMING_AUTHORITY_get0_get0_authorityURL()\fR, and -\&\fBNAMING_AUTHORITY_get0_get0_authorityText()\fR, functions return pointers -to those values within the object. -The \fBNAMING_AUTHORITY_set0_authorityId()\fR, -\&\fBNAMING_AUTHORITY_set0_get0_authorityURL()\fR, and -\&\fBNAMING_AUTHORITY_set0_get0_authorityText()\fR, -functions free any existing value and set the pointer to the specified value. -.PP -The \fB\s-1ADMISSION_SYNTAX\s0\fR type has an authority name and a stack of -\&\fB\s-1ADMISSION\s0\fR objects. -The \fBADMISSION_SYNTAX_get0_admissionAuthority()\fR -and \fBADMISSION_SYNTAX_get0_contentsOfAdmissions()\fR functions return pointers -to those values within the object. -The -\&\fBADMISSION_SYNTAX_set0_admissionAuthority()\fR and -\&\fBADMISSION_SYNTAX_set0_contentsOfAdmissions()\fR -functions free any existing value and set the pointer to the specified value. -.PP -The \fB\s-1ADMISSION\s0\fR type has an authority name, authority object, and a -stack of \fB\s-1PROFESSION_INFO\s0\fR items. -The \fBADMISSIONS_get0_admissionAuthority()\fR, \fBADMISSIONS_get0_namingAuthority()\fR, -and \fBADMISSIONS_get0_professionInfos()\fR -functions return pointers to those values within the object. -The -\&\fBADMISSIONS_set0_admissionAuthority()\fR, -\&\fBADMISSIONS_set0_namingAuthority()\fR, and -\&\fBADMISSIONS_set0_professionInfos()\fR -functions free any existing value and set the pointer to the specified value. -.PP -The \fB\s-1PROFESSION_INFO\s0\fR type has a name authority, stacks of -profession Items and OIDs, a registration number, and additional -profession info. -The functions \fBPROFESSION_INFO_get0_addProfessionInfo()\fR, -\&\fBPROFESSION_INFO_get0_namingAuthority()\fR, \fBPROFESSION_INFO_get0_professionItems()\fR, -\&\fBPROFESSION_INFO_get0_professionOIDs()\fR, and -\&\fBPROFESSION_INFO_get0_registrationNumber()\fR -functions return pointers to those values within the object. -The -\&\fBPROFESSION_INFO_set0_addProfessionInfo()\fR, -\&\fBPROFESSION_INFO_set0_namingAuthority()\fR, -\&\fBPROFESSION_INFO_set0_professionItems()\fR, -\&\fBPROFESSION_INFO_set0_professionOIDs()\fR, and -\&\fBPROFESSION_INFO_set0_registrationNumber()\fR -functions free any existing value and set the pointer to the specified value. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Described above. -Note that all of the \fIget0\fR functions return a pointer to the internal data -structure and must not be freed. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_dup\fR\|(3), -\&\fBd2i_X509\fR\|(3), -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 b/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 deleted file mode 100644 index e50043241150..000000000000 --- a/secure/lib/libcrypto/man/ASN1_INTEGER_get_int64.3 +++ /dev/null @@ -1,260 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ASN1_INTEGER_GET_INT64 3" -.TH ASN1_INTEGER_GET_INT64 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN \&\- ASN.1 INTEGER and ENUMERATED utilities -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); -\& long ASN1_INTEGER_get(const ASN1_INTEGER *a); -\& -\& int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); -\& int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v); -\& -\& int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); -\& int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); -\& -\& ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); -\& BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); -\& -\& int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_INTEGER *a); -\& long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); -\& -\& int ASN1_ENUMERATED_set_int64(ASN1_INTEGER *a, int64_t r); -\& int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); -\& -\& ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); -\& BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions convert to and from \fB\s-1ASN1_INTEGER\s0\fR and \fB\s-1ASN1_ENUMERATED\s0\fR -structures. -.PP -\&\fBASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type -If successful it returns 1 and sets \fB*pr\fR to the value of \fBa\fR. If it fails -(due to invalid type or the value being too big to fit into an \fBint64_t\fR type) -it returns 0. -.PP -\&\fBASN1_INTEGER_get_uint64()\fR is similar to \fBASN1_INTEGER_get_int64_t()\fR except it -converts to a \fBuint64_t\fR type and an error is returned if the passed integer -is negative. -.PP -\&\fBASN1_INTEGER_get()\fR also returns the value of \fBa\fR but it returns 0 if \fBa\fR is -\&\s-1NULL\s0 and \-1 on error (which is ambiguous because \-1 is a legitimate value for -an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fBASN1_INTEGER_get_int64()\fR -instead. -.PP -\&\fBASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the -\&\fBint64_t\fR value \fBr\fR. -.PP -\&\fBASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the -\&\fBuint64_t\fR value \fBr\fR. -.PP -\&\fBASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \fBlong\fR value -\&\fBv\fR. -.PP -\&\fBBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fBbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fBai\fR -is \s-1NULL\s0 a new \fB\s-1ASN1_INTEGER\s0\fR structure is returned. If \fBai\fR is not \s-1NULL\s0 then -the existing structure will be used instead. -.PP -\&\fBASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fBai\fR into a \fB\s-1BIGNUM\s0\fR. If \fBbn\fR is -\&\s-1NULL\s0 a new \fB\s-1BIGNUM\s0\fR structure is returned. If \fBbn\fR is not \s-1NULL\s0 then the -existing structure will be used instead. -.PP -\&\fBASN1_ENUMERATED_get_int64()\fR, \fBASN1_ENUMERATED_set_int64()\fR, -\&\fBASN1_ENUMERATED_set()\fR, \fBBN_to_ASN1_ENUMERATED()\fR and \fBASN1_ENUMERATED_to_BN()\fR -behave in an identical way to their \s-1ASN1_INTEGER\s0 counterparts except they -operate on an \fB\s-1ASN1_ENUMERATED\s0\fR value. -.PP -\&\fBASN1_ENUMERATED_get()\fR returns the value of \fBa\fR in a similar way to -\&\fBASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fBa\fR will not -fit in a long type. New applications should use \fBASN1_ENUMERATED_get_int64()\fR -instead. -.SH "NOTES" -.IX Header "NOTES" -In general an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1ASN1_ENUMERATED\s0\fR type can contain an -integer of almost arbitrary size and so cannot always be represented by a C -\&\fBint64_t\fR type. However in many cases (for example version numbers) they -represent small integers which can be more easily manipulated if converted to -an appropriate C integer type. -.SH "BUGS" -.IX Header "BUGS" -The ambiguous return values of \fBASN1_INTEGER_get()\fR and \fBASN1_ENUMERATED_get()\fR -mean these functions should be avoided if possible. They are retained for -compatibility. Normally the ambiguous return values are not legitimate -values for the fields they represent. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_set()\fR, \fBASN1_ENUMERATED_set_int64()\fR and -\&\fBASN1_ENUMERATED_set()\fR return 1 for success and 0 for failure. They will only -fail if a memory allocation error occurs. -.PP -\&\fBASN1_INTEGER_get_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR return 1 for success -and 0 for failure. They will fail if the passed type is incorrect (this will -only happen if there is a programming error) or if the value exceeds the range -of an \fBint64_t\fR type. -.PP -\&\fBBN_to_ASN1_INTEGER()\fR and \fBBN_to_ASN1_ENUMERATED()\fR return an \fB\s-1ASN1_INTEGER\s0\fR or -\&\fB\s-1ASN1_ENUMERATED\s0\fR structure respectively or \s-1NULL\s0 if an error occurs. They will -only fail due to a memory allocation error. -.PP -\&\fBASN1_INTEGER_to_BN()\fR and \fBASN1_ENUMERATED_to_BN()\fR return a \fB\s-1BIGNUM\s0\fR structure -of \s-1NULL\s0 if an error occurs. They can fail if the passed type is incorrect -(due to programming error) or due to a memory allocation failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_get_int64()\fR, -\&\fBASN1_ENUMERATED_set_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR -were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 b/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 deleted file mode 100644 index 6032080cc5e6..000000000000 --- a/secure/lib/libcrypto/man/ASN1_ITEM_lookup.3 +++ /dev/null @@ -1,171 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ASN1_ITEM_LOOKUP 3" -.TH ASN1_ITEM_LOOKUP 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ASN1_ITEM_lookup, ASN1_ITEM_get \- lookup ASN.1 structures -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); -\& const ASN1_ITEM *ASN1_ITEM_get(size_t i); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0 name\fR. -.PP -\&\fBASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fBi\fR. This function -returns \fB\s-1NULL\s0\fR if the index \fBi\fR is out of range. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBASN1_ITEM_lookup()\fR and \fBASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure -or \fB\s-1NULL\s0\fR if an error occurred. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 deleted file mode 100644 index ee517b0ace52..000000000000 --- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ASN1_OBJECT_NEW 3" -.TH ASN1_OBJECT_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ASN1_OBJECT_new, ASN1_OBJECT_free \- object allocation functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& ASN1_OBJECT *ASN1_OBJECT_new(void); -\& void ASN1_OBJECT_free(ASN1_OBJECT *a); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an -\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 -.PP -\&\fBASN1_OBJECT_new()\fR allocates and initializes an \s-1ASN1_OBJECT\s0 structure. -.PP -\&\fBASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. -If \fBa\fR is \s-1NULL,\s0 nothing is done. -.SH "NOTES" -.IX Header "NOTES" -Although \fBASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it -is almost never used in applications. The \s-1ASN1\s0 object utility functions -such as \fBOBJ_nid2obj()\fR are used instead. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -If the allocation fails, \fBASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fBERR_get_error\fR\|(3). -Otherwise it returns a pointer to the newly allocated structure. -.PP -\&\fBASN1_OBJECT_free()\fR returns no value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBd2i_ASN1_OBJECT\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 b/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 deleted file mode 100644 index fa1a7bc2a4b2..000000000000 --- a/secure/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 +++ /dev/null @@ -1,195 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ASN1_STRING_TABLE_ADD 3" -.TH ASN1_STRING_TABLE_ADD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TABLE_cleanup \- ASN1_STRING_TABLE manipulation functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef struct asn1_string_table_st ASN1_STRING_TABLE; -\& -\& int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, -\& unsigned long mask, unsigned long flags); -\& ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid); -\& void ASN1_STRING_TABLE_cleanup(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -.SS "Types" -.IX Subsection "Types" -\&\fB\s-1ASN1_STRING_TABLE\s0\fR is a table which holds string information -(basically minimum size, maximum size, type and etc) for a \s-1NID\s0 object. -.SS "Functions" -.IX Subsection "Functions" -\&\fBASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the -local \s-1ASN1\s0 string table based on the \fBnid\fR along with other parameters. -.PP -If the item is already in the table, fields of \fB\s-1ASN1_STRING_TABLE\s0\fR are -updated (depending on the values of those parameters, e.g., \fBminsize\fR -and \fBmaxsize\fR >= 0, \fBmask\fR and \fBflags\fR != 0). If the \fBnid\fR is standard, -a copy of the standard \fB\s-1ASN1_STRING_TABLE\s0\fR is created and updated with -other parameters. -.PP -\&\fBASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based -on \fBnid\fR. It will search the local table first, then the standard one. -.PP -\&\fBASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added -by \fBASN1_STRING_TABLE_add()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred. -.PP -\&\fBASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure -or \fB\s-1NULL\s0\fR if nothing is found. -.PP -\&\fBASN1_STRING_TABLE_cleanup()\fR does not return a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 deleted file mode 100644 index 84f0edf194f4..000000000000 --- a/secure/lib/libcrypto/man/ASN1_STRING_length.3 +++ /dev/null @@ -1,242 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ASN1_STRING_LENGTH 3" -.TH ASN1_STRING_LENGTH 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, ASN1_STRING_to_UTF8 \- ASN1_STRING utility functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int ASN1_STRING_length(ASN1_STRING *x); -\& const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x); -\& unsigned char * ASN1_STRING_data(ASN1_STRING *x); -\& -\& ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); -\& -\& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); -\& -\& int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); -\& -\& int ASN1_STRING_type(const ASN1_STRING *x); -\& -\& int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. -.PP -\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. -.PP -\&\fBASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fBx\fR. -Since this is an internal pointer it should \fBnot\fR be freed or -modified in any way. -.PP -\&\fBASN1_STRING_data()\fR is similar to \fBASN1_STRING_get0_data()\fR except the -returned value is not constant. This function is deprecated: -applications should use \fBASN1_STRING_get0_data()\fR instead. -.PP -\&\fBASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. -.PP -\&\fBASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two -are identical. The string types and content are compared. -.PP -\&\fBASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer -\&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR -is \-1 then the length is determined by strlen(data). -.PP -\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants -such as \fBV_ASN1_OCTET_STRING\fR. -.PP -\&\fBASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the -converted data is allocated in a buffer in \fB*out\fR. The length of -\&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR -should be freed using \fBOPENSSL_free()\fR. -.SH "NOTES" -.IX Header "NOTES" -Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR -structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedef'ed -to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents. -\&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist -entirely of primitive string types such as \fBDirectoryString\fR and -\&\fBTime\fR. -.PP -These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR -or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR -utility functions should be used instead. -.PP -In general it cannot be assumed that the data returned by \fBASN1_STRING_data()\fR -is null terminated or does not contain embedded nulls. The actual format -of the data will depend on the actual string type itself: for example -for an IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per -character in big endian format, and for an UTF8String it will be in \s-1UTF8\s0 format. -.PP -Similar care should be take to ensure the data is in the correct format -when calling \fBASN1_STRING_set()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. -.PP -\&\fBASN1_STRING_get0_data()\fR and \fBASN1_STRING_data()\fR return an internal pointer to -the data of \fBx\fR. -.PP -\&\fBASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if an -error occurred. -.PP -\&\fBASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0, -according to whether \fBa\fR is greater than, equal to, or less than \fBb\fR. -.PP -\&\fBASN1_STRING_set()\fR returns 1 on success or 0 on error. -.PP -\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR. -.PP -\&\fBASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fBout\fR or a -negative value if an error occurred. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 deleted file mode 100644 index ce20d45b163c..000000000000 --- a/secure/lib/libcrypto/man/ASN1_STRING_new.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ASN1_STRING_NEW 3" -.TH ASN1_STRING_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- ASN1_STRING allocation functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& ASN1_STRING * ASN1_STRING_new(void); -\& ASN1_STRING * ASN1_STRING_type_new(int type); -\& void ASN1_STRING_free(ASN1_STRING *a); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type -is undefined. -.PP -\&\fBASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of -type \fBtype\fR. -.PP -\&\fBASN1_STRING_free()\fR frees up \fBa\fR. -If \fBa\fR is \s-1NULL\s0 nothing is done. -.SH "NOTES" -.IX Header "NOTES" -Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example -\&\fBASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBASN1_STRING_new()\fR and \fBASN1_STRING_type_new()\fR return a valid -\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBASN1_STRING_free()\fR does not return a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 deleted file mode 100644 index 96d4ab74a23b..000000000000 --- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 +++ /dev/null @@ -1,245 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ASN1_STRING_PRINT_EX 3" -.TH ASN1_STRING_PRINT_EX 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print \&\- ASN1_STRING output routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); -\& int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); -\& int ASN1_STRING_print(BIO *out, const ASN1_STRING *str); -\& -\& const char *ASN1_tag2str(int tag); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to -represent all the \s-1ASN1\s0 string types. -.PP -\&\fBASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by -the options \fBflags\fR. \fBASN1_STRING_print_ex_fp()\fR is identical except it outputs -to \fBfp\fR instead. -.PP -\&\fBASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to -\&\fBASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) -with '.'. -.PP -\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. -.SH "NOTES" -.IX Header "NOTES" -\&\fBASN1_STRING_print()\fR is a deprecated function which should be avoided; use -\&\fBASN1_STRING_print_ex()\fR instead. -.PP -Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is -suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR. -.PP -The complete set of supported options for \fBflags\fR is listed below. -.PP -Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters -determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control -characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the -\&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly -interprets \s-1UTF8\s0 sequences. -.PP -Escaping takes several forms. -.PP -If the character being escaped is a 16 bit character then the form \*(L"\eUXXXX\*(R" is used -using exactly four characters for the hex representation. If it is 32 bits then -\&\*(L"\eWXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms -will only be used if \s-1UTF8\s0 conversion is not set (see below). -.PP -Printable characters are normally escaped using the backslash '\e' character. If -\&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by -double quote characters: this is arguably more readable than the backslash -notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex -representation. -.PP -If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0 -format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this -option will correctly display multi byte characters. -.PP -If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at -all: everything is assumed to be one byte per character. This is primarily for -debugging purposes and can result in confusing output in multi character strings. -.PP -If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out -before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fBASN1_tag2str()\fR. -.PP -The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just -outputs the value of the string using the form #XXXX using hex format for each -octet. -.PP -If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. -.PP -Normally non character string types (such as \s-1OCTET STRING\s0) are assumed to be -one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will -be dumped instead. -.PP -When a type is dumped normally just the content octets are printed, if -\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped -instead (including tag and length octets). -.PP -\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253.\s0 It is -equivalent to: - \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | - \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBASN1_STRING_print_ex()\fR and \fBASN1_STRING_print_ex_fp()\fR return the number of -characters written or \-1 if an error occurred. -.PP -\&\fBASN1_STRING_print()\fR returns 1 on success or 0 on error. -.PP -\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBASN1_tag2str\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ASN1_TIME_set.3 b/secure/lib/libcrypto/man/ASN1_TIME_set.3 deleted file mode 100644 index c4089fa027ae..000000000000 --- a/secure/lib/libcrypto/man/ASN1_TIME_set.3 +++ /dev/null @@ -1,380 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ASN1_TIME_SET 3" -.TH ASN1_TIME_SET 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, ASN1_TIME_set_string_X509, ASN1_TIME_normalize, ASN1_TIME_to_tm, ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, ASN1_TIME_diff, ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, ASN1_TIME_compare, ASN1_TIME_to_generalizedtime \- ASN.1 Time functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 4 -\& ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); -\& ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); -\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, -\& time_t t); -\& -\& ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, -\& long offset_sec); -\& ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, -\& int offset_day, long offset_sec); -\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, -\& time_t t, int offset_day, -\& long offset_sec); -\& -\& int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); -\& int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); -\& int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); -\& int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, -\& const char *str); -\& -\& int ASN1_TIME_normalize(ASN1_TIME *s); -\& -\& int ASN1_TIME_check(const ASN1_TIME *t); -\& int ASN1_UTCTIME_check(const ASN1_UTCTIME *t); -\& int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t); -\& -\& int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); -\& int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s); -\& int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s); -\& -\& int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); -\& int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, -\& const ASN1_TIME *to); -\& -\& int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); -\& int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); -\& -\& int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); -\& -\& ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, -\& ASN1_GENERALIZEDTIME **out); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR and \fBASN1_GENERALIZEDTIME_set()\fR -functions set the structure \fBs\fR to the time represented by the time_t -value \fBt\fR. If \fBs\fR is \s-1NULL\s0 a new time structure is allocated and returned. -.PP -The \fBASN1_TIME_adj()\fR, \fBASN1_UTCTIME_adj()\fR and \fBASN1_GENERALIZEDTIME_adj()\fR -functions set the time structure \fBs\fR to the time represented -by the time \fBoffset_day\fR and \fBoffset_sec\fR after the time_t value \fBt\fR. -The values of \fBoffset_day\fR or \fBoffset_sec\fR can be negative to set a -time before \fBt\fR. The \fBoffset_sec\fR value can also exceed the number of -seconds in a day. If \fBs\fR is \s-1NULL\s0 a new structure is allocated -and returned. -.PP -The \fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR and -\&\fBASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fBs\fR -to the time represented by string \fBstr\fR which must be in appropriate \s-1ASN.1\s0 -time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). If \fBs\fR is \s-1NULL\s0 -this function performs a format check on \fBstr\fR only. The string \fBstr\fR -is copied into \fBs\fR. -.PP -\&\fBASN1_TIME_set_string_X509()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time -represented by string \fBstr\fR which must be in appropriate time format -that \s-1RFC 5280\s0 requires, which means it only allows \s-1YYMMDDHHMMSSZ\s0 and -\&\s-1YYYYMMDDHHMMSSZ\s0 (leap second is rejected), all other \s-1ASN.1\s0 time format -are not allowed. If \fBs\fR is \s-1NULL\s0 this function performs a format check -on \fBstr\fR only. -.PP -The \fBASN1_TIME_normalize()\fR function converts an \s-1ASN1_GENERALIZEDTIME\s0 or -\&\s-1ASN1_UTCTIME\s0 into a time value that can be used in a certificate. It -should be used after the \fBASN1_TIME_set_string()\fR functions and before -\&\fBASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results. -.PP -The \fBASN1_TIME_check()\fR, \fBASN1_UTCTIME_check()\fR and \fBASN1_GENERALIZEDTIME_check()\fR -functions check the syntax of the time structure \fBs\fR. -.PP -The \fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR -functions print the time structure \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable -format. It will be of the format \s-1MMM DD HH:MM:SS YYYY\s0 [\s-1GMT\s0], for example -\&\*(L"Feb 3 00:55:52 2015 \s-1GMT\*(R"\s0 it does not include a newline. If the time -structure has invalid format it prints out \*(L"Bad time value\*(R" and returns -an error. The output for generalized time may include a fractional part -following the second. -.PP -\&\fBASN1_TIME_to_tm()\fR converts the time \fBs\fR to the standard \fBtm\fR structure. -If \fBs\fR is \s-1NULL,\s0 then the current time is converted. The output time is \s-1GMT.\s0 -The \fBtm_sec\fR, \fBtm_min\fR, \fBtm_hour\fR, \fBtm_mday\fR, \fBtm_wday\fR, \fBtm_yday\fR, -\&\fBtm_mon\fR and \fBtm_year\fR fields of \fBtm\fR structure are set to proper values, -whereas all other fields are set to 0. If \fBtm\fR is \s-1NULL\s0 this function performs -a format check on \fBs\fR only. If \fBs\fR is in Generalized format with fractional -seconds, e.g. \s-1YYYYMMDDHHMMSS.SSSZ,\s0 the fractional seconds will be lost while -converting \fBs\fR to \fBtm\fR structure. -.PP -\&\fBASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between -\&\fBfrom\fR and \fBto\fR. If \fBto\fR represents a time later than \fBfrom\fR then -one or both (depending on the time difference) of \fB*pday\fR and \fB*psec\fR -will be positive. If \fBto\fR represents a time earlier than \fBfrom\fR then -one or both of \fB*pday\fR and \fB*psec\fR will be negative. If \fBto\fR and \fBfrom\fR -represent the same time then \fB*pday\fR and \fB*psec\fR will both be zero. -If both \fB*pday\fR and \fB*psec\fR are non-zero they will always have the same -sign. The value of \fB*psec\fR will always be less than the number of seconds -in a day. If \fBfrom\fR or \fBto\fR is \s-1NULL\s0 the current time is used. -.PP -The \fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR functions compare -the two times represented by the time structure \fBs\fR and the time_t \fBt\fR. -.PP -The \fBASN1_TIME_compare()\fR function compares the two times represented by the -time structures \fBa\fR and \fBb\fR. -.PP -The \fBASN1_TIME_to_generalizedtime()\fR function converts an \s-1ASN1_TIME\s0 to an -\&\s-1ASN1_GENERALIZEDTIME,\s0 regardless of year. If either \fBout\fR or -\&\fB*out\fR are \s-1NULL,\s0 then a new object is allocated and must be freed after use. -.SH "NOTES" -.IX Header "NOTES" -The \s-1ASN1_TIME\s0 structure corresponds to the \s-1ASN.1\s0 structure \fBTime\fR -defined in \s-1RFC5280\s0 et al. The time setting functions obey the rules outlined -in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else -GeneralizedTime is used. -.PP -The \s-1ASN1_TIME, ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 structures are represented -as an \s-1ASN1_STRING\s0 internally and can be freed up using \fBASN1_STRING_free()\fR. -.PP -The \s-1ASN1_TIME\s0 structure can represent years from 0000 to 9999 but no attempt -is made to correct ancient calendar changes (for example from Julian to -Gregorian calendars). -.PP -\&\s-1ASN1_UTCTIME\s0 is limited to a year range of 1950 through 2049. -.PP -Some applications add offset times directly to a time_t value and pass the -results to \fBASN1_TIME_set()\fR (or equivalent). This can cause problems as the -time_t value can overflow on some systems resulting in unexpected results. -New applications should use \fBASN1_TIME_adj()\fR instead and pass the offset value -in the \fBoffset_sec\fR and \fBoffset_day\fR parameters instead of directly -manipulating a time_t value. -.PP -\&\fBASN1_TIME_adj()\fR may change the type from \s-1ASN1_GENERALIZEDTIME\s0 to \s-1ASN1_UTCTIME,\s0 -or vice versa, based on the resulting year. The \fBASN1_GENERALIZEDTIME_adj()\fR and -\&\fBASN1_UTCTIME_adj()\fR functions will not modify the type of the return structure. -.PP -It is recommended that functions starting with \s-1ASN1_TIME\s0 be used instead of -those starting with \s-1ASN1_UTCTIME\s0 or \s-1ASN1_GENERALIZEDTIME.\s0 The functions -starting with \s-1ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 act only on that specific -time format. The functions starting with \s-1ASN1_TIME\s0 will operate on either -format. -.SH "BUGS" -.IX Header "BUGS" -\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR -do not print out the time zone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all -certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway. -.PP -Use the \fBASN1_TIME_normalize()\fR function to normalize the time value before -printing to get \s-1GMT\s0 results. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR, \fBASN1_GENERALIZEDTIME_set()\fR, \fBASN1_TIME_adj()\fR, -ASN1_UTCTIME_adj and ASN1_GENERALIZEDTIME_set return a pointer to a time structure -or \s-1NULL\s0 if an error occurred. -.PP -\&\fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR, \fBASN1_GENERALIZEDTIME_set_string()\fR -\&\fBASN1_TIME_set_string_X509()\fR return 1 if the time value is successfully set and 0 otherwise. -.PP -\&\fBASN1_TIME_normalize()\fR returns 1 on success, and 0 on error. -.PP -\&\fBASN1_TIME_check()\fR, ASN1_UTCTIME_check and \fBASN1_GENERALIZEDTIME_check()\fR return 1 -if the structure is syntactically correct and 0 otherwise. -.PP -\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR return 1 -if the time is successfully printed out and 0 if an error occurred (I/O error or -invalid time format). -.PP -\&\fBASN1_TIME_to_tm()\fR returns 1 if the time is successfully parsed and 0 if an -error occurred (invalid time format). -.PP -\&\fBASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the -passed-in time structure has invalid syntax, for example. -.PP -\&\fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fBs\fR is -before \fBt\fR, 0 if \fBs\fR equals \fBt\fR, or 1 if \fBs\fR is after \fBt\fR. \-2 is returned -on error. -.PP -\&\fBASN1_TIME_compare()\fR returns \-1 if \fBa\fR is before \fBb\fR, 0 if \fBa\fR equals \fBb\fR, or 1 if \fBa\fR is after \fBb\fR. \-2 is returned on error. -.PP -\&\fBASN1_TIME_to_generalizedtime()\fR returns a pointer to -the appropriate time structure on success or \s-1NULL\s0 if an error occurred. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Set a time structure to one hour after the current time and print it out: -.PP -.Vb 2 -\& #include -\& #include -\& -\& ASN1_TIME *tm; -\& time_t t; -\& BIO *b; -\& -\& t = time(NULL); -\& tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); -\& b = BIO_new_fp(stdout, BIO_NOCLOSE); -\& ASN1_TIME_print(b, tm); -\& ASN1_STRING_free(tm); -\& BIO_free(b); -.Ve -.PP -Determine if one time is later or sooner than the current time: -.PP -.Vb 1 -\& int day, sec; -\& -\& if (!ASN1_TIME_diff(&day, &sec, NULL, to)) -\& /* Invalid time format */ -\& -\& if (day > 0 || sec > 0) -\& printf("Later\en"); -\& else if (day < 0 || sec < 0) -\& printf("Sooner\en"); -\& else -\& printf("Same\en"); -.Ve -.SH "HISTORY" -.IX Header "HISTORY" -The \fBASN1_TIME_to_tm()\fR function was added in OpenSSL 1.1.1. -The \fBASN1_TIME_set_string_X509()\fR function was added in OpenSSL 1.1.1. -The \fBASN1_TIME_normalize()\fR function was added in OpenSSL 1.1.1. -The \fBASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1. -The \fBASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ASN1_TYPE_get.3 b/secure/lib/libcrypto/man/ASN1_TYPE_get.3 deleted file mode 100644 index bdaa21551c1c..000000000000 --- a/secure/lib/libcrypto/man/ASN1_TYPE_get.3 +++ /dev/null @@ -1,231 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ASN1_TYPE_GET 3" -.TH ASN1_TYPE_GET 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence \- ASN1_TYPE utility functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int ASN1_TYPE_get(const ASN1_TYPE *a); -\& void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); -\& int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); -\& int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); -\& -\& void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); -\& ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, -\& ASN1_TYPE **t); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions allow an \s-1ASN1_TYPE\s0 structure to be manipulated. The -\&\s-1ASN1_TYPE\s0 structure can contain any \s-1ASN.1\s0 type or constructed type -such as a \s-1SEQUENCE:\s0 it is effectively equivalent to the \s-1ASN.1 ANY\s0 type. -.PP -\&\fBASN1_TYPE_get()\fR returns the type of \fBa\fR. -.PP -\&\fBASN1_TYPE_set()\fR sets the value of \fBa\fR to \fBtype\fR and \fBvalue\fR. This -function uses the pointer \fBvalue\fR internally so it must \fBnot\fR be freed -up after the call. -.PP -\&\fBASN1_TYPE_set1()\fR sets the value of \fBa\fR to \fBtype\fR a copy of \fBvalue\fR. -.PP -\&\fBASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fBa\fR and \fBb\fR and returns 0 if -they are identical and non-zero otherwise. -.PP -\&\fBASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in -\&\fBt\fR using the \s-1ASN.1\s0 structure \fBit\fR. If successful it returns a pointer -to the \s-1ASN.1\s0 structure corresponding to \fBit\fR which must be freed by the -caller. If it fails it return \s-1NULL.\s0 -.PP -\&\fBASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN.1\s0 structure \fBs\fR -corresponding to \fBit\fR into an \s-1ASN1_TYPE.\s0 If successful the encoded -\&\s-1ASN1_TYPE\s0 is returned. If \fBt\fR and \fB*t\fR are not \s-1NULL\s0 the encoded type -is written to \fBt\fR overwriting any existing data. If \fBt\fR is not \s-1NULL\s0 -but \fB*t\fR is \s-1NULL\s0 the returned \s-1ASN1_TYPE\s0 is written to \fB*t\fR. -.SH "NOTES" -.IX Header "NOTES" -The type and meaning of the \fBvalue\fR parameter for \fBASN1_TYPE_set()\fR and -\&\fBASN1_TYPE_set1()\fR is determined by the \fBtype\fR parameter. -If \fBtype\fR is V_ASN1_NULL \fBvalue\fR is ignored. If \fBtype\fR is V_ASN1_BOOLEAN -then the boolean is set to \s-1TRUE\s0 if \fBvalue\fR is not \s-1NULL.\s0 If \fBtype\fR is -V_ASN1_OBJECT then value is an \s-1ASN1_OBJECT\s0 structure. Otherwise \fBtype\fR -is and \s-1ASN1_STRING\s0 structure. If \fBtype\fR corresponds to a primitive type -(or a string type) then the contents of the \s-1ASN1_STRING\s0 contain the content -octets of the type. If \fBtype\fR corresponds to a constructed type or -a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the -\&\s-1ASN1_STRING\s0 contains the entire \s-1ASN.1\s0 encoding verbatim (including tag and -length octets). -.PP -\&\fBASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have -different encodings. For example the single content octet of the boolean \s-1TRUE\s0 -value under \s-1BER\s0 can have any non-zero encoding but \fBASN1_TYPE_cmp()\fR will -only return zero if the values are the same. -.PP -If either or both of the parameters passed to \fBASN1_TYPE_cmp()\fR is \s-1NULL\s0 the -return value is non-zero. Technically if both parameters are \s-1NULL\s0 the two -types could be absent \s-1OPTIONAL\s0 fields and so should match, however passing -\&\s-1NULL\s0 values could also indicate a programming error (for example an -unparseable type which returns \s-1NULL\s0) for types which do \fBnot\fR match. So -applications should handle the case of two absent values separately. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBASN1_TYPE_get()\fR returns the type of the \s-1ASN1_TYPE\s0 argument. -.PP -\&\fBASN1_TYPE_set()\fR does not return a value. -.PP -\&\fBASN1_TYPE_set1()\fR returns 1 for success and 0 for failure. -.PP -\&\fBASN1_TYPE_cmp()\fR returns 0 if the types are identical and non-zero otherwise. -.PP -\&\fBASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN.1\s0 structure or -\&\s-1NULL\s0 on failure. -.PP -\&\fBASN1_TYPE_pack_sequence()\fR return an \s-1ASN1_TYPE\s0 structure if it succeeds or -\&\s-1NULL\s0 on failure. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 deleted file mode 100644 index 835adc7b3be1..000000000000 --- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 +++ /dev/null @@ -1,381 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ASN1_GENERATE_NCONF 3" -.TH ASN1_GENERATE_NCONF 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 generation functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); -\& ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions generate the \s-1ASN1\s0 encoding of a string -in an \fB\s-1ASN1_TYPE\s0\fR structure. -.PP -\&\fBstr\fR contains the string to encode \fBnconf\fR or \fBcnf\fR contains -the optional configuration information where additional strings -will be read from. \fBnconf\fR will typically come from a config -file whereas \fBcnf\fR is obtained from an \fBX509V3_CTX\fR structure -which will typically be used by X509 v3 certificate extension -functions. \fBcnf\fR or \fBnconf\fR can be set to \fB\s-1NULL\s0\fR if no additional -configuration will be used. -.SH "GENERATION STRING FORMAT" -.IX Header "GENERATION STRING FORMAT" -The actual data encoded is determined by the string \fBstr\fR and -the configuration information. The general format of the string -is: -.IP "\fB[modifier,]type[:value]\fR" 4 -.IX Item "[modifier,]type[:value]" -.PP -That is zero or more comma separated modifiers followed by a type -followed by an optional colon and a value. The formats of \fBtype\fR, -\&\fBvalue\fR and \fBmodifier\fR are explained below. -.SS "Supported Types" -.IX Subsection "Supported Types" -The supported types are listed below. Unless otherwise specified -only the \fB\s-1ASCII\s0\fR format is permissible. -.IP "\fB\s-1BOOLEAN\s0\fR, \fB\s-1BOOL\s0\fR" 4 -.IX Item "BOOLEAN, BOOL" -This encodes a boolean type. The \fBvalue\fR string is mandatory and -should be \fB\s-1TRUE\s0\fR or \fB\s-1FALSE\s0\fR. Additionally \fB\s-1TRUE\s0\fR, \fBtrue\fR, \fBY\fR, -\&\fBy\fR, \fB\s-1YES\s0\fR, \fByes\fR, \fB\s-1FALSE\s0\fR, \fBfalse\fR, \fBN\fR, \fBn\fR, \fB\s-1NO\s0\fR and \fBno\fR -are acceptable. -.IP "\fB\s-1NULL\s0\fR" 4 -.IX Item "NULL" -Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present. -.IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 4 -.IX Item "INTEGER, INT" -Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents -the value of the integer, it can be prefaced by a minus sign and -is normally interpreted as a decimal value unless the prefix \fB0x\fR -is included. -.IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 4 -.IX Item "ENUMERATED, ENUM" -Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to -\&\fB\s-1INTEGER\s0\fR. -.IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 4 -.IX Item "OBJECT, OID" -Encodes an \s-1ASN1\s0 \fB\s-1OBJECT IDENTIFIER\s0\fR, the \fBvalue\fR string can be -a short name, a long name or numerical format. -.IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 4 -.IX Item "UTCTIME, UTC" -Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in -the format \fB\s-1YYMMDDHHMMSSZ\s0\fR. -.IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 4 -.IX Item "GENERALIZEDTIME, GENTIME" -Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in -the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. -.IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 4 -.IX Item "OCTETSTRING, OCT" -Encodes an \s-1ASN1\s0 \fB\s-1OCTET STRING\s0\fR. \fBvalue\fR represents the contents -of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be -used to specify the format of \fBvalue\fR. -.IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 4 -.IX Item "BITSTRING, BITSTR" -Encodes an \s-1ASN1\s0 \fB\s-1BIT STRING\s0\fR. \fBvalue\fR represents the contents -of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR -can be used to specify the format of \fBvalue\fR. -.Sp -If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused -bits is set to zero. -.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 4 -.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC" -These encode the corresponding string types. \fBvalue\fR represents the -contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. -.IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 4 -.IX Item "SEQUENCE, SEQ, SET" -Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR -should be a section name which will contain the contents. The -field names in the section are ignored and the values are in the -generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0 -will be encoded. -.SS "Modifiers" -.IX Subsection "Modifiers" -Modifiers affect the following structure, they can be used to -add \s-1EXPLICIT\s0 or \s-1IMPLICIT\s0 tagging, add wrappers or to change -the string format of the final type and value. The supported -formats are documented below. -.IP "\fB\s-1EXPLICIT\s0\fR, \fB\s-1EXP\s0\fR" 4 -.IX Item "EXPLICIT, EXP" -Add an explicit tag to the following structure. This string -should be followed by a colon and the tag value to use as a -decimal value. -.Sp -By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL, -APPLICATION, PRIVATE\s0 or \s-1CONTEXT SPECIFIC\s0 tagging can be used, -the default is \s-1CONTEXT SPECIFIC.\s0 -.IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 4 -.IX Item "IMPLICIT, IMP" -This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used -instead. -.IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 4 -.IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP" -The following structure is surrounded by an \s-1OCTET STRING,\s0 a \s-1SEQUENCE,\s0 -a \s-1SET\s0 or a \s-1BIT STRING\s0 respectively. For a \s-1BIT STRING\s0 the number of unused -bits is set to zero. -.IP "\fB\s-1FORMAT\s0\fR" 4 -.IX Item "FORMAT" -This specifies the format of the ultimate value. It should be followed -by a colon and one of the strings \fB\s-1ASCII\s0\fR, \fB\s-1UTF8\s0\fR, \fB\s-1HEX\s0\fR or \fB\s-1BITLIST\s0\fR. -.Sp -If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is -specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the -output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT -STRING\s0) is a comma separated list of the indices of the set bits, all other -bits are zero. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR return the encoded -data as an \fB\s-1ASN1_TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. -.PP -The error codes that can be obtained by \fBERR_get_error\fR\|(3). -.SH "EXAMPLES" -.IX Header "EXAMPLES" -A simple IA5String: -.PP -.Vb 1 -\& IA5STRING:Hello World -.Ve -.PP -An IA5String explicitly tagged: -.PP -.Vb 1 -\& EXPLICIT:0,IA5STRING:Hello World -.Ve -.PP -An IA5String explicitly tagged using \s-1APPLICATION\s0 tagging: -.PP -.Vb 1 -\& EXPLICIT:0A,IA5STRING:Hello World -.Ve -.PP -A \s-1BITSTRING\s0 with bits 1 and 5 set and all others zero: -.PP -.Vb 1 -\& FORMAT:BITLIST,BITSTRING:1,5 -.Ve -.PP -A more complex example using a config file to produce a -\&\s-1SEQUENCE\s0 consisting of a \s-1BOOL\s0 an \s-1OID\s0 and a UTF8String: -.PP -.Vb 1 -\& asn1 = SEQUENCE:seq_section -\& -\& [seq_section] -\& -\& field1 = BOOLEAN:TRUE -\& field2 = OID:commonName -\& field3 = UTF8:Third field -.Ve -.PP -This example produces an RSAPrivateKey structure, this is the -key contained in the file client.pem in all OpenSSL distributions -(note: the field names such as 'coeff' are ignored and are present just -for clarity): -.PP -.Vb 3 -\& asn1=SEQUENCE:private_key -\& [private_key] -\& version=INTEGER:0 -\& -\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e -\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 -\& -\& e=INTEGER:0x010001 -\& -\& d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\e -\& F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D -\& -\& p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\e -\& D4BD57 -\& -\& q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\e -\& 46EC4F -\& -\& exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\e -\& 9C0A39B9 -\& -\& exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e -\& E7B2458F -\& -\& coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e -\& 628657053A -.Ve -.PP -This example is the corresponding public key in a SubjectPublicKeyInfo -structure: -.PP -.Vb 2 -\& # Start with a SEQUENCE -\& asn1=SEQUENCE:pubkeyinfo -\& -\& # pubkeyinfo contains an algorithm identifier and the public key wrapped -\& # in a BIT STRING -\& [pubkeyinfo] -\& algorithm=SEQUENCE:rsa_alg -\& pubkey=BITWRAP,SEQUENCE:rsapubkey -\& -\& # algorithm ID for RSA is just an OID and a NULL -\& [rsa_alg] -\& algorithm=OID:rsaEncryption -\& parameter=NULL -\& -\& # Actual public key: modulus and exponent -\& [rsapubkey] -\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e -\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 -\& -\& e=INTEGER:0x010001 -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 b/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 deleted file mode 100644 index 3e45ef782019..000000000000 --- a/secure/lib/libcrypto/man/ASYNC_WAIT_CTX_new.3 +++ /dev/null @@ -1,270 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ASYNC_WAIT_CTX_NEW 3" -.TH ASYNC_WAIT_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd \- functions to manage waiting for asynchronous jobs to complete -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); -\& void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); -\& int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, -\& OSSL_ASYNC_FD fd, -\& void *custom_data, -\& void (*cleanup)(ASYNC_WAIT_CTX *, const void *, -\& OSSL_ASYNC_FD, void *)); -\& int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, -\& OSSL_ASYNC_FD *fd, void **custom_data); -\& int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, -\& size_t *numfds); -\& int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, -\& size_t *numaddfds, OSSL_ASYNC_FD *delfd, -\& size_t *numdelfds); -\& int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -For an overview of how asynchronous operations are implemented in OpenSSL see -\&\fBASYNC_start_job\fR\|(3). An \s-1ASYNC_WAIT_CTX\s0 object represents an asynchronous -\&\*(L"session\*(R", i.e. a related set of crypto operations. For example in \s-1SSL\s0 terms -this would have a one-to-one correspondence with an \s-1SSL\s0 connection. -.PP -Application code must create an \s-1ASYNC_WAIT_CTX\s0 using the \fBASYNC_WAIT_CTX_new()\fR -function prior to calling \fBASYNC_start_job()\fR (see \fBASYNC_start_job\fR\|(3)). When -the job is started it is associated with the \s-1ASYNC_WAIT_CTX\s0 for the duration of -that job. An \s-1ASYNC_WAIT_CTX\s0 should only be used for one \s-1ASYNC_JOB\s0 at any one -time, but can be reused after an \s-1ASYNC_JOB\s0 has finished for a subsequent -\&\s-1ASYNC_JOB.\s0 When the session is complete (e.g. the \s-1SSL\s0 connection is closed), -application code cleans up with \fBASYNC_WAIT_CTX_free()\fR. -.PP -ASYNC_WAIT_CTXs can have \*(L"wait\*(R" file descriptors associated with them. Calling -\&\fBASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an \s-1ASYNC_WAIT_CTX\s0 in -the \fBctx\fR parameter will return the wait file descriptors associated with that -job in \fB*fd\fR. The number of file descriptors returned will be stored in -\&\fB*numfds\fR. It is the caller's responsibility to ensure that sufficient memory -has been allocated in \fB*fd\fR to receive all the file descriptors. Calling -\&\fBASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fBfd\fR value will return no file -descriptors but will still populate \fB*numfds\fR. Therefore application code is -typically expected to call this function twice: once to get the number of fds, -and then again when sufficient memory has been allocated. If only one -asynchronous engine is being used then normally this call will only ever return -one fd. If multiple asynchronous engines are being used then more could be -returned. -.PP -The function \fBASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds -have changed since the last call time \fBASYNC_start_job()\fR returned an \s-1ASYNC_PAUSE\s0 -result (or since the \s-1ASYNC_WAIT_CTX\s0 was created if no \s-1ASYNC_PAUSE\s0 result has -been received). The \fBnumaddfds\fR and \fBnumdelfds\fR parameters will be populated -with the number of fds added or deleted respectively. \fB*addfd\fR and \fB*delfd\fR -will be populated with the list of added and deleted fds respectively. Similarly -to \fBASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL,\s0 but if they are not -\&\s-1NULL\s0 then the caller is responsible for ensuring sufficient memory is allocated. -.PP -Implementors of async aware code (e.g. engines) are encouraged to return a -stable fd for the lifetime of the \s-1ASYNC_WAIT_CTX\s0 in order to reduce the \*(L"churn\*(R" -of regularly changing fds \- although no guarantees of this are provided to -applications. -.PP -Applications can wait for the file descriptor to be ready for \*(L"read\*(R" using a -system function call such as select or poll (being ready for \*(L"read\*(R" indicates -that the job should be resumed). If no file descriptor is made available then an -application will have to periodically \*(L"poll\*(R" the job by attempting to restart it -to see if it is ready to continue. -.PP -Async aware code (e.g. engines) can get the current \s-1ASYNC_WAIT_CTX\s0 from the job -via \fBASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for waiting -on by calling \fBASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done by an -engine immediately prior to calling \fBASYNC_pause_job()\fR and not by end user code. -An existing association with a file descriptor can be obtained using -\&\fBASYNC_WAIT_CTX_get_fd()\fR and cleared using \fBASYNC_WAIT_CTX_clear_fd()\fR. Both of -these functions requires a \fBkey\fR value which is unique to the async aware -code. This could be any unique value but a good candidate might be the -\&\fB\s-1ENGINE\s0 *\fR for the engine. The \fBcustom_data\fR parameter can be any value, and -will be returned in a subsequent call to \fBASYNC_WAIT_CTX_get_fd()\fR. The -\&\fBASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R" -routine. This can be \s-1NULL\s0 but if provided will automatically get called when -the \s-1ASYNC_WAIT_CTX\s0 is freed, and gives the engine the opportunity to close the -fd or any other resources. Note: The \*(L"cleanup\*(R" routine does not get called if -the fd is cleared directly via a call to \fBASYNC_WAIT_CTX_clear_fd()\fR. -.PP -An example of typical usage might be an async capable engine. User code would -initiate cryptographic operations. The engine would initiate those operations -asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd()\fR followed by -\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then -perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other -similar function on the wait file descriptor. The engine can signal to the user -code that the job should be resumed by making the wait file descriptor -\&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait -file descriptor. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \s-1ASYNC_WAIT_CTX\s0 or -\&\s-1NULL\s0 on error. -.PP -ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, -ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on -success or 0 on error. -.SH "NOTES" -.IX Header "NOTES" -On Windows platforms the openssl/async.h header is dependent on some -of the types customarily made available by including windows.h. The -application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore -it is defined as an application developer's responsibility to include -windows.h prior to async.h. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), \fBASYNC_start_job\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBASYNC_WAIT_CTX_new()\fR, \fBASYNC_WAIT_CTX_free()\fR, \fBASYNC_WAIT_CTX_set_wait_fd()\fR, -\&\fBASYNC_WAIT_CTX_get_fd()\fR, \fBASYNC_WAIT_CTX_get_all_fds()\fR, -\&\fBASYNC_WAIT_CTX_get_changed_fds()\fR and \fBASYNC_WAIT_CTX_clear_fd()\fR -were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ASYNC_start_job.3 b/secure/lib/libcrypto/man/ASYNC_start_job.3 deleted file mode 100644 index c55195c6ea00..000000000000 --- a/secure/lib/libcrypto/man/ASYNC_start_job.3 +++ /dev/null @@ -1,453 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ASYNC_START_JOB 3" -.TH ASYNC_START_JOB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ASYNC_get_wait_ctx, ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable \&\- asynchronous job management functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int ASYNC_init_thread(size_t max_size, size_t init_size); -\& void ASYNC_cleanup_thread(void); -\& -\& int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, -\& int (*func)(void *), void *args, size_t size); -\& int ASYNC_pause_job(void); -\& -\& ASYNC_JOB *ASYNC_get_current_job(void); -\& ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); -\& void ASYNC_block_pause(void); -\& void ASYNC_unblock_pause(void); -\& -\& int ASYNC_is_capable(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -OpenSSL implements asynchronous capabilities through an \s-1ASYNC_JOB.\s0 This -represents code that can be started and executes until some event occurs. At -that point the code can be paused and control returns to user code until some -subsequent event indicates that the job can be resumed. -.PP -The creation of an \s-1ASYNC_JOB\s0 is a relatively expensive operation. Therefore, for -efficiency reasons, jobs can be created up front and reused many times. They are -held in a pool until they are needed, at which point they are removed from the -pool, used, and then returned to the pool when the job completes. If the user -application is multi-threaded, then \fBASYNC_init_thread()\fR may be called for each -thread that will initiate asynchronous jobs. Before -user code exits per-thread resources need to be cleaned up. This will normally -occur automatically (see \fBOPENSSL_init_crypto\fR\|(3)) but may be explicitly -initiated by using \fBASYNC_cleanup_thread()\fR. No asynchronous jobs must be -outstanding for the thread when \fBASYNC_cleanup_thread()\fR is called. Failing to -ensure this will result in memory leaks. -.PP -The \fBmax_size\fR argument limits the number of ASYNC_JOBs that will be held in -the pool. If \fBmax_size\fR is set to 0 then no upper limit is set. When an -\&\s-1ASYNC_JOB\s0 is needed but there are none available in the pool already then one -will be automatically created, as long as the total of ASYNC_JOBs managed by the -pool does not exceed \fBmax_size\fR. When the pool is first initialised -\&\fBinit_size\fR ASYNC_JOBs will be created immediately. If \fBASYNC_init_thread()\fR is -not called before the pool is first used then it will be called automatically -with a \fBmax_size\fR of 0 (no upper limit) and an \fBinit_size\fR of 0 (no ASYNC_JOBs -created up front). -.PP -An asynchronous job is started by calling the \fBASYNC_start_job()\fR function. -Initially \fB*job\fR should be \s-1NULL.\s0 \fBctx\fR should point to an \s-1ASYNC_WAIT_CTX\s0 -object created through the \fBASYNC_WAIT_CTX_new\fR\|(3) function. \fBret\fR should -point to a location where the return value of the asynchronous function should -be stored on completion of the job. \fBfunc\fR represents the function that should -be started asynchronously. The data pointed to by \fBargs\fR and of size \fBsize\fR -will be copied and then passed as an argument to \fBfunc\fR when the job starts. -ASYNC_start_job will return one of the following values: -.IP "\fB\s-1ASYNC_ERR\s0\fR" 4 -.IX Item "ASYNC_ERR" -An error occurred trying to start the job. Check the OpenSSL error queue (e.g. -see \fBERR_print_errors\fR\|(3)) for more details. -.IP "\fB\s-1ASYNC_NO_JOBS\s0\fR" 4 -.IX Item "ASYNC_NO_JOBS" -There are no jobs currently available in the pool. This call can be retried -again at a later time. -.IP "\fB\s-1ASYNC_PAUSE\s0\fR" 4 -.IX Item "ASYNC_PAUSE" -The job was successfully started but was \*(L"paused\*(R" before it completed (see -\&\fBASYNC_pause_job()\fR below). A handle to the job is placed in \fB*job\fR. Other work -can be performed (if desired) and the job restarted at a later time. To restart -a job call \fBASYNC_start_job()\fR again passing the job handle in \fB*job\fR. The -\&\fBfunc\fR, \fBargs\fR and \fBsize\fR parameters will be ignored when restarting a job. -When restarting a job \fBASYNC_start_job()\fR \fBmust\fR be called from the same thread -that the job was originally started from. -.IP "\fB\s-1ASYNC_FINISH\s0\fR" 4 -.IX Item "ASYNC_FINISH" -The job completed. \fB*job\fR will be \s-1NULL\s0 and the return value from \fBfunc\fR will -be placed in \fB*ret\fR. -.PP -At any one time there can be a maximum of one job actively running per thread -(you can have many that are paused). \fBASYNC_get_current_job()\fR can be used to get -a pointer to the currently executing \s-1ASYNC_JOB.\s0 If no job is currently executing -then this will return \s-1NULL.\s0 -.PP -If executing within the context of a job (i.e. having been called directly or -indirectly by the function \*(L"func\*(R" passed as an argument to \fBASYNC_start_job()\fR) -then \fBASYNC_pause_job()\fR will immediately return control to the calling -application with \s-1ASYNC_PAUSE\s0 returned from the \fBASYNC_start_job()\fR call. A -subsequent call to ASYNC_start_job passing in the relevant \s-1ASYNC_JOB\s0 in the -\&\fB*job\fR parameter will resume execution from the \fBASYNC_pause_job()\fR call. If -\&\fBASYNC_pause_job()\fR is called whilst not within the context of a job then no -action is taken and \fBASYNC_pause_job()\fR returns immediately. -.PP -\&\fBASYNC_get_wait_ctx()\fR can be used to get a pointer to the \s-1ASYNC_WAIT_CTX\s0 -for the \fBjob\fR. ASYNC_WAIT_CTXs can have a \*(L"wait\*(R" file descriptor associated -with them. Applications can wait for the file descriptor to be ready for \*(L"read\*(R" -using a system function call such as select or poll (being ready for \*(L"read\*(R" -indicates that the job should be resumed). If no file descriptor is made -available then an application will have to periodically \*(L"poll\*(R" the job by -attempting to restart it to see if it is ready to continue. -.PP -An example of typical usage might be an async capable engine. User code would -initiate cryptographic operations. The engine would initiate those operations -asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd\fR\|(3) followed by -\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then -perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other -similar function on the wait file descriptor. The engine can signal to the user -code that the job should be resumed by making the wait file descriptor -\&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait -file descriptor. -.PP -The \fBASYNC_block_pause()\fR function will prevent the currently active job from -pausing. The block will remain in place until a subsequent call to -\&\fBASYNC_unblock_pause()\fR. These functions can be nested, e.g. if you call -\&\fBASYNC_block_pause()\fR twice then you must call \fBASYNC_unblock_pause()\fR twice in -order to re-enable pausing. If these functions are called while there is no -currently active job then they have no effect. This functionality can be useful -to avoid deadlock scenarios. For example during the execution of an \s-1ASYNC_JOB\s0 an -application acquires a lock. It then calls some cryptographic function which -invokes \fBASYNC_pause_job()\fR. This returns control back to the code that created -the \s-1ASYNC_JOB.\s0 If that code then attempts to acquire the same lock before -resuming the original job then a deadlock can occur. By calling -\&\fBASYNC_block_pause()\fR immediately after acquiring the lock and -\&\fBASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot -occur. -.PP -Some platforms cannot support async operations. The \fBASYNC_is_capable()\fR function -can be used to detect whether the current platform is async capable or not. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -ASYNC_init_thread returns 1 on success or 0 otherwise. -.PP -ASYNC_start_job returns one of \s-1ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE\s0 or -\&\s-1ASYNC_FINISH\s0 as described above. -.PP -ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when -not within the context of an \s-1ASYNC_JOB\s0 then this is counted as success so 1 is -returned. -.PP -ASYNC_get_current_job returns a pointer to the currently executing \s-1ASYNC_JOB\s0 or -\&\s-1NULL\s0 if not within the context of a job. -.PP -\&\fBASYNC_get_wait_ctx()\fR returns a pointer to the \s-1ASYNC_WAIT_CTX\s0 for the job. -.PP -\&\fBASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0 -otherwise. -.SH "NOTES" -.IX Header "NOTES" -On Windows platforms the openssl/async.h header is dependent on some -of the types customarily made available by including windows.h. The -application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore -it is defined as an application developer's responsibility to include -windows.h prior to async.h. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -The following example demonstrates how to use most of the core async APIs: -.PP -.Vb 7 -\& #ifdef _WIN32 -\& # include -\& #endif -\& #include -\& #include -\& #include -\& #include -\& -\& int unique = 0; -\& -\& void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw) -\& { -\& OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw; -\& -\& close(r); -\& close(*w); -\& OPENSSL_free(w); -\& } -\& -\& int jobfunc(void *arg) -\& { -\& ASYNC_JOB *currjob; -\& unsigned char *msg; -\& int pipefds[2] = {0, 0}; -\& OSSL_ASYNC_FD *wptr; -\& char buf = \*(AqX\*(Aq; -\& -\& currjob = ASYNC_get_current_job(); -\& if (currjob != NULL) { -\& printf("Executing within a job\en"); -\& } else { -\& printf("Not executing within a job \- should not happen\en"); -\& return 0; -\& } -\& -\& msg = (unsigned char *)arg; -\& printf("Passed in message is: %s\en", msg); -\& -\& if (pipe(pipefds) != 0) { -\& printf("Failed to create pipe\en"); -\& return 0; -\& } -\& wptr = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD)); -\& if (wptr == NULL) { -\& printf("Failed to malloc\en"); -\& return 0; -\& } -\& *wptr = pipefds[1]; -\& ASYNC_WAIT_CTX_set_wait_fd(ASYNC_get_wait_ctx(currjob), &unique, -\& pipefds[0], wptr, cleanup); -\& -\& /* -\& * Normally some external event would cause this to happen at some -\& * later point \- but we do it here for demo purposes, i.e. -\& * immediately signalling that the job is ready to be woken up after -\& * we return to main via ASYNC_pause_job(). -\& */ -\& write(pipefds[1], &buf, 1); -\& -\& /* Return control back to main */ -\& ASYNC_pause_job(); -\& -\& /* Clear the wake signal */ -\& read(pipefds[0], &buf, 1); -\& -\& printf ("Resumed the job after a pause\en"); -\& -\& return 1; -\& } -\& -\& int main(void) -\& { -\& ASYNC_JOB *job = NULL; -\& ASYNC_WAIT_CTX *ctx = NULL; -\& int ret; -\& OSSL_ASYNC_FD waitfd; -\& fd_set waitfdset; -\& size_t numfds; -\& unsigned char msg[13] = "Hello world!"; -\& -\& printf("Starting...\en"); -\& -\& ctx = ASYNC_WAIT_CTX_new(); -\& if (ctx == NULL) { -\& printf("Failed to create ASYNC_WAIT_CTX\en"); -\& abort(); -\& } -\& -\& for (;;) { -\& switch (ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) { -\& case ASYNC_ERR: -\& case ASYNC_NO_JOBS: -\& printf("An error occurred\en"); -\& goto end; -\& case ASYNC_PAUSE: -\& printf("Job was paused\en"); -\& break; -\& case ASYNC_FINISH: -\& printf("Job finished with return value %d\en", ret); -\& goto end; -\& } -\& -\& /* Wait for the job to be woken */ -\& printf("Waiting for the job to be woken up\en"); -\& -\& if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds) -\& || numfds > 1) { -\& printf("Unexpected number of fds\en"); -\& abort(); -\& } -\& ASYNC_WAIT_CTX_get_all_fds(ctx, &waitfd, &numfds); -\& FD_ZERO(&waitfdset); -\& FD_SET(waitfd, &waitfdset); -\& select(waitfd + 1, &waitfdset, NULL, NULL, NULL); -\& } -\& -\& end: -\& ASYNC_WAIT_CTX_free(ctx); -\& printf("Finishing\en"); -\& -\& return 0; -\& } -.Ve -.PP -The expected output from executing the above example program is: -.PP -.Vb 8 -\& Starting... -\& Executing within a job -\& Passed in message is: Hello world! -\& Job was paused -\& Waiting for the job to be woken up -\& Resumed the job after a pause -\& Job finished with return value 1 -\& Finishing -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), \fBERR_print_errors\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -ASYNC_init_thread, ASYNC_cleanup_thread, -ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fBASYNC_get_wait_ctx()\fR, -\&\fBASYNC_block_pause()\fR, \fBASYNC_unblock_pause()\fR and \fBASYNC_is_capable()\fR were first -added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BF_encrypt.3 b/secure/lib/libcrypto/man/BF_encrypt.3 deleted file mode 100644 index 6b3e3291d2f3..000000000000 --- a/secure/lib/libcrypto/man/BF_encrypt.3 +++ /dev/null @@ -1,249 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BF_ENCRYPT 3" -.TH BF_ENCRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void BF_set_key(BF_KEY *key, int len, const unsigned char *data); -\& -\& void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, -\& BF_KEY *key, int enc); -\& void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, -\& long length, BF_KEY *schedule, -\& unsigned char *ivec, int enc); -\& void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, BF_KEY *schedule, -\& unsigned char *ivec, int *num, int enc); -\& void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, BF_KEY *schedule, -\& unsigned char *ivec, int *num); -\& const char *BF_options(void); -\& -\& void BF_encrypt(BF_LONG *data, const BF_KEY *key); -\& void BF_decrypt(BF_LONG *data, const BF_KEY *key); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This library implements the Blowfish cipher, which was invented and described -by Counterpane (see http://www.counterpane.com/blowfish.html ). -.PP -Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. -It uses a variable size key, but typically, 128 bit (16 byte) keys are -considered good for strong encryption. Blowfish can be used in the same -modes as \s-1DES\s0 (see \fBdes_modes\fR\|(7)). Blowfish is currently one -of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much -faster than \s-1IDEA\s0 or \s-1RC2.\s0 -.PP -Blowfish consists of a key setup phase and the actual encryption or decryption -phase. -.PP -\&\fBBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key -at \fBdata\fR. -.PP -\&\fBBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. -It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR, -putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) -or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. The vector pointed at by -\&\fBin\fR and \fBout\fR must be 64 bits in length, no less. If they are larger, -everything after the first 64 bits is ignored. -.PP -The mode functions \fBBF_cbc_encrypt()\fR, \fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR -all operate on variable length data. They all take an initialization vector -\&\fBivec\fR which needs to be passed along into the next call of the same function -for the same message. \fBivec\fR may be initialized with anything, but the -recipient needs to know what it was initialized with, or it won't be able -to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where -\&\fBivec\fR is simply initialized to zero. -\&\fBBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while -\&\fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR are used to encrypt an variable -number of bytes (the amount does not have to be an exact multiple of 8). The -purpose of the latter two is to simulate stream ciphers, and therefore, they -need the parameter \fBnum\fR, which is a pointer to an integer where the current -offset in \fBivec\fR is stored between calls. This integer must be initialized -to zero when \fBivec\fR is initialized. -.PP -\&\fBBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It -encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR, -putting the result in \fBout\fR. \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or -decryption (\s-1BF_DECRYPT\s0) shall be performed. \fBivec\fR must point at an 8 byte -long initialization vector. -.PP -\&\fBBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. -It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR, -putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) -or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. \fBivec\fR must point at an -8 byte long initialization vector. \fBnum\fR must point at an integer which must -be initially zero. -.PP -\&\fBBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. -It uses the same parameters as \fBBF_cfb64_encrypt()\fR, which must be initialized -the same way. -.PP -\&\fBBF_encrypt()\fR and \fBBF_decrypt()\fR are the lowest level functions for Blowfish -encryption. They encrypt/decrypt the first 64 bits of the vector pointed by -\&\fBdata\fR, using the key \fBkey\fR. These functions should not be used unless you -implement 'modes' of Blowfish. The alternative is to use \fBBF_ecb_encrypt()\fR. -If you still want to use these functions, you should be aware that they take -each 32\-bit chunk in host-byte order, which is little-endian on little-endian -platforms and big-endian on big-endian ones. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -None of the functions presented here return any value. -.SH "NOTE" -.IX Header "NOTE" -Applications should use the higher level functions -\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these -functions directly. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBdes_modes\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_ADDR.3 b/secure/lib/libcrypto/man/BIO_ADDR.3 deleted file mode 100644 index 3cbe4dd42cd9..000000000000 --- a/secure/lib/libcrypto/man/BIO_ADDR.3 +++ /dev/null @@ -1,253 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_ADDR 3" -.TH BIO_ADDR 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, BIO_ADDR_hostname_string, BIO_ADDR_service_string, BIO_ADDR_path_string \- BIO_ADDR routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 2 -\& #include -\& #include -\& -\& typedef union bio_addr_st BIO_ADDR; -\& -\& BIO_ADDR *BIO_ADDR_new(void); -\& void BIO_ADDR_free(BIO_ADDR *); -\& void BIO_ADDR_clear(BIO_ADDR *ap); -\& int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, -\& const void *where, size_t wherelen, unsigned short port); -\& int BIO_ADDR_family(const BIO_ADDR *ap); -\& int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); -\& unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); -\& char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); -\& char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); -\& char *BIO_ADDR_path_string(const BIO_ADDR *ap); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1BIO_ADDR\s0\fR type is a wrapper around all types of socket -addresses that OpenSSL deals with, currently transparently -supporting \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX\s0 according to what's -available on the platform at hand. -.PP -\&\fBBIO_ADDR_new()\fR creates a new unfilled \fB\s-1BIO_ADDR\s0\fR, to be used -with routines that will fill it with information, such as -\&\fBBIO_accept_ex()\fR. -.PP -\&\fBBIO_ADDR_free()\fR frees a \fB\s-1BIO_ADDR\s0\fR created with \fBBIO_ADDR_new()\fR. -.PP -\&\fBBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets -it back to an uninitialised state. -.PP -\&\fBBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, an byte array of -size \fBwherelen\fR with an address in network byte order pointed at -by \fBwhere\fR and a port number in network byte order in \fBport\fR (except -for the \fB\s-1AF_UNIX\s0\fR protocol family, where \fBport\fR is meaningless and -therefore ignored) and populates the given \fB\s-1BIO_ADDR\s0\fR with them. -In case this creates a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBwherelen\fR is expected -to be the length of the path string (not including the terminating -\&\s-1NUL,\s0 such as the result of a call to \fBstrlen()\fR). -\&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. -.PP -\&\fBBIO_ADDR_family()\fR returns the protocol family of the given -\&\fB\s-1BIO_ADDR\s0\fR. The possible non-error results are one of the -constants \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 It will also return \s-1AF_UNSPEC\s0 if the -\&\s-1BIO_ADDR\s0 has not been initialised. -.PP -\&\fBBIO_ADDR_rawaddress()\fR will write the raw address of the given -\&\fB\s-1BIO_ADDR\s0\fR in the area pointed at by \fBp\fR if \fBp\fR is non-NULL, -and will set \fB*l\fR to be the amount of bytes the raw address -takes up if \fBl\fR is non-NULL. -A technique to only find out the size of the address is a call -with \fBp\fR set to \fB\s-1NULL\s0\fR. The raw address will be in network byte -order, most significant byte first. -In case this is a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBl\fR gets the length of the -path string (not including the terminating \s-1NUL,\s0 such as the result of -a call to \fBstrlen()\fR). -\&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. -.PP -\&\fBBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR. -The raw port will be in network byte order. -.PP -\&\fBBIO_ADDR_hostname_string()\fR returns a character string with the -hostname of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR is 1, the string -will contain the numerical form of the address. This only works for -\&\fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The -returned string has been allocated on the heap and must be freed -with \fBOPENSSL_free()\fR. -.PP -\&\fBBIO_ADDR_service_string()\fR returns a character string with the -service name of the port of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR -is 1, the string will contain the port number. This only works -for \fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The -returned string has been allocated on the heap and must be freed -with \fBOPENSSL_free()\fR. -.PP -\&\fBBIO_ADDR_path_string()\fR returns a character string with the path -of the given \fB\s-1BIO_ADDR\s0\fR. This only works for \fB\s-1BIO_ADDR\s0\fR of the -protocol family \s-1AF_UNIX.\s0 The returned string has been allocated -on the heap and must be freed with \fBOPENSSL_free()\fR. -.SH "RAW ADDRESSES" -.IX Header "RAW ADDRESSES" -Both \fBBIO_ADDR_rawmake()\fR and \fBBIO_ADDR_rawaddress()\fR take a pointer to a -network byte order address of a specific site. Internally, those are -treated as a pointer to \fBstruct in_addr\fR (for \fB\s-1AF_INET\s0\fR), \fBstruct -in6_addr\fR (for \fB\s-1AF_INET6\s0\fR) or \fBchar *\fR (for \fB\s-1AF_UNIX\s0\fR), all -depending on the protocol family the address is for. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The string producing functions \fBBIO_ADDR_hostname_string()\fR, -\&\fBBIO_ADDR_service_string()\fR and \fBBIO_ADDR_path_string()\fR will -return \fB\s-1NULL\s0\fR on error and leave an error indication on the -OpenSSL error stack. -.PP -All other functions described here return 0 or \fB\s-1NULL\s0\fR when the -information they should return isn't available. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBBIO_connect\fR\|(3), \fBBIO_s_connect\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_ADDRINFO.3 b/secure/lib/libcrypto/man/BIO_ADDRINFO.3 deleted file mode 100644 index c51453898071..000000000000 --- a/secure/lib/libcrypto/man/BIO_ADDRINFO.3 +++ /dev/null @@ -1,239 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_ADDRINFO 3" -.TH BIO_ADDRINFO 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_lookup_type, BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, BIO_ADDRINFO_address, BIO_lookup_ex, BIO_lookup \&\- BIO_ADDRINFO type and routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 2 -\& #include -\& #include -\& -\& typedef union bio_addrinfo_st BIO_ADDRINFO; -\& -\& enum BIO_lookup_type { -\& BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER -\& }; -\& -\& int BIO_lookup_ex(const char *host, const char *service, int lookup_type, -\& int family, int socktype, int protocol, BIO_ADDRINFO **res); -\& int BIO_lookup(const char *node, const char *service, -\& enum BIO_lookup_type lookup_type, -\& int family, int socktype, BIO_ADDRINFO **res); -\& -\& const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); -\& int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); -\& int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); -\& int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); -\& const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); -\& void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1BIO_ADDRINFO\s0\fR type is a wrapper for address information -types provided on your platform. -.PP -\&\fB\s-1BIO_ADDRINFO\s0\fR normally forms a chain of several that can be -picked at one by one. -.PP -\&\fBBIO_lookup_ex()\fR looks up a specified \fBhost\fR and \fBservice\fR, and -uses \fBlookup_type\fR to determine what the default address should -be if \fBhost\fR is \fB\s-1NULL\s0\fR. \fBfamily\fR, \fBsocktype\fR and \fBprotocol\fR are used to -determine what protocol family, socket type and protocol should be used for -the lookup. \fBfamily\fR can be any of \s-1AF_INET, AF_INET6, AF_UNIX\s0 and -\&\s-1AF_UNSPEC.\s0 \fBsocktype\fR can be \s-1SOCK_STREAM, SOCK_DGRAM\s0 or 0. Specifying 0 -indicates that any type can be used. \fBprotocol\fR specifies a protocol such as -\&\s-1IPPROTO_TCP, IPPROTO_UDP\s0 or \s-1IPPORTO_SCTP.\s0 If set to 0 than any protocol can be -used. \fBres\fR points at a pointer to hold the start of a \fB\s-1BIO_ADDRINFO\s0\fR -chain. -.PP -For the family \fB\s-1AF_UNIX\s0\fR, \fBBIO_lookup_ex()\fR will ignore the \fBservice\fR -parameter and expects the \fBnode\fR parameter to hold the path to the -socket file. -.PP -\&\fBBIO_lookup()\fR does the same as \fBBIO_lookup_ex()\fR but does not provide the ability -to select based on the protocol (any protocol may be returned). -.PP -\&\fBBIO_ADDRINFO_family()\fR returns the family of the given -\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants -\&\s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 -.PP -\&\fBBIO_ADDRINFO_socktype()\fR returns the socket type of the given -\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants -\&\s-1SOCK_STREAM\s0 and \s-1SOCK_DGRAM.\s0 -.PP -\&\fBBIO_ADDRINFO_protocol()\fR returns the protocol id of the given -\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants -\&\s-1IPPROTO_TCP\s0 and \s-1IPPROTO_UDP.\s0 -.PP -\&\fBBIO_ADDRINFO_address()\fR returns the underlying \fB\s-1BIO_ADDR\s0\fR -of the given \fB\s-1BIO_ADDRINFO\s0\fR. -.PP -\&\fBBIO_ADDRINFO_next()\fR returns the next \fB\s-1BIO_ADDRINFO\s0\fR in the chain -from the given one. -.PP -\&\fBBIO_ADDRINFO_free()\fR frees the chain of \fB\s-1BIO_ADDRINFO\s0\fR starting -with the given one. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_lookup_ex()\fR and \fBBIO_lookup()\fR return 1 on success and 0 when an error -occurred, and will leave an error indication on the OpenSSL error stack in that -case. -.PP -All other functions described here return 0 or \fB\s-1NULL\s0\fR when the -information they should return isn't available. -.SH "NOTES" -.IX Header "NOTES" -The \fBBIO_lookup_ex()\fR implementation uses the platform provided \fBgetaddrinfo()\fR -function. On Linux it is known that specifying 0 for the protocol will not -return any \s-1SCTP\s0 based addresses when calling \fBgetaddrinfo()\fR. Therefore if an \s-1SCTP\s0 -address is required then the \fBprotocol\fR parameter to \fBBIO_lookup_ex()\fR should be -explicitly set to \s-1IPPROTO_SCTP.\s0 The same may be true on other platforms. -.SH "HISTORY" -.IX Header "HISTORY" -The \fBBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_connect.3 b/secure/lib/libcrypto/man/BIO_connect.3 deleted file mode 100644 index b1664b43884d..000000000000 --- a/secure/lib/libcrypto/man/BIO_connect.3 +++ /dev/null @@ -1,240 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_CONNECT 3" -.TH BIO_CONNECT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket \- BIO socket communication setup routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BIO_socket(int domain, int socktype, int protocol, int options); -\& int BIO_bind(int sock, const BIO_ADDR *addr, int options); -\& int BIO_connect(int sock, const BIO_ADDR *addr, int options); -\& int BIO_listen(int sock, const BIO_ADDR *addr, int options); -\& int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options); -\& int BIO_closesocket(int sock); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_socket()\fR creates a socket in the domain \fBdomain\fR, of type -\&\fBsocktype\fR and \fBprotocol\fR. Socket \fBoptions\fR are currently unused, -but is present for future use. -.PP -\&\fBBIO_bind()\fR binds the source address and service to a socket and -may be useful before calling \fBBIO_connect()\fR. The options may include -\&\fB\s-1BIO_SOCK_REUSEADDR\s0\fR, which is described in \*(L"\s-1FLAGS\*(R"\s0 below. -.PP -\&\fBBIO_connect()\fR connects \fBsock\fR to the address and service given by -\&\fBaddr\fR. Connection \fBoptions\fR may be zero or any combination of -\&\fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR and \fB\s-1BIO_SOCK_NODELAY\s0\fR. -The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. -.PP -\&\fBBIO_listen()\fR has \fBsock\fR start listening on the address and service -given by \fBaddr\fR. Connection \fBoptions\fR may be zero or any -combination of \fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, -\&\fB\s-1BIO_SOCK_NODELAY\s0\fR, \fB\s-1BIO_SOCK_REUSEADDR\s0\fR and \fB\s-1BIO_SOCK_V6_ONLY\s0\fR. -The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. -.PP -\&\fBBIO_accept_ex()\fR waits for an incoming connections on the given -socket \fBaccept_sock\fR. When it gets a connection, the address and -port of the peer gets stored in \fBpeer\fR if that one is non-NULL. -Accept \fBoptions\fR may be zero or \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, and is applied -on the accepted socket. The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. -.PP -\&\fBBIO_closesocket()\fR closes \fBsock\fR. -.SH "FLAGS" -.IX Header "FLAGS" -.IP "\s-1BIO_SOCK_KEEPALIVE\s0" 4 -.IX Item "BIO_SOCK_KEEPALIVE" -Enables regular sending of keep-alive messages. -.IP "\s-1BIO_SOCK_NONBLOCK\s0" 4 -.IX Item "BIO_SOCK_NONBLOCK" -Sets the socket to non-blocking mode. -.IP "\s-1BIO_SOCK_NODELAY\s0" 4 -.IX Item "BIO_SOCK_NODELAY" -Corresponds to \fB\s-1TCP_NODELAY\s0\fR, and disables the Nagle algorithm. With -this set, any data will be sent as soon as possible instead of being -buffered until there's enough for the socket to send out in one go. -.IP "\s-1BIO_SOCK_REUSEADDR\s0" 4 -.IX Item "BIO_SOCK_REUSEADDR" -Try to reuse the address and port combination for a recently closed -port. -.IP "\s-1BIO_SOCK_V6_ONLY\s0" 4 -.IX Item "BIO_SOCK_V6_ONLY" -When creating an IPv6 socket, make it only listen for IPv6 addresses -and not IPv4 addresses mapped to IPv6. -.PP -These flags are bit flags, so they are to be combined with the -\&\f(CW\*(C`|\*(C'\fR operator, for example: -.PP -.Vb 1 -\& BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK); -.Ve -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_socket()\fR returns the socket number on success or \fB\s-1INVALID_SOCKET\s0\fR -(\-1) on error. When an error has occurred, the OpenSSL error stack -will hold the error data and errno has the system error. -.PP -\&\fBBIO_bind()\fR, \fBBIO_connect()\fR and \fBBIO_listen()\fR return 1 on success or 0 on error. -When an error has occurred, the OpenSSL error stack will hold the error -data and errno has the system error. -.PP -\&\fBBIO_accept_ex()\fR returns the accepted socket on success or -\&\fB\s-1INVALID_SOCKET\s0\fR (\-1) on error. When an error has occurred, the -OpenSSL error stack will hold the error data and errno has the system -error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\s-1\fBBIO_ADDR\s0\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBBIO_gethostname()\fR, \fBBIO_get_port()\fR, \fBBIO_get_host_ip()\fR, -\&\fBBIO_get_accept_socket()\fR and \fBBIO_accept()\fR were deprecated in OpenSSL 1.1.0. -Use the functions described above instead. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 deleted file mode 100644 index 287f73cefc4d..000000000000 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ /dev/null @@ -1,263 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_CTRL 3" -.TH BIO_CTRL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb \&\- BIO control operations -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef int BIO_info_cb(BIO *b, int state, int res); -\& -\& long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); -\& long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb); -\& char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); -\& long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); -\& -\& int BIO_reset(BIO *b); -\& int BIO_seek(BIO *b, int ofs); -\& int BIO_tell(BIO *b); -\& int BIO_flush(BIO *b); -\& int BIO_eof(BIO *b); -\& int BIO_set_close(BIO *b, long flag); -\& int BIO_get_close(BIO *b); -\& int BIO_pending(BIO *b); -\& int BIO_wpending(BIO *b); -\& size_t BIO_ctrl_pending(BIO *b); -\& size_t BIO_ctrl_wpending(BIO *b); -\& -\& int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp); -\& int BIO_set_info_callback(BIO *b, BIO_info_cb *cb); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_ctrl()\fR, \fBBIO_callback_ctrl()\fR, \fBBIO_ptr_ctrl()\fR and \fBBIO_int_ctrl()\fR -are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. -These functions are not normally called directly, various macros -are used instead. The standard macros are described below, macros -specific to a particular type of \s-1BIO\s0 are described in the specific -BIOs manual page as well as any special features of the standard -calls. -.PP -\&\fBBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case -of file related BIOs for example it rewinds the file pointer to the -start of the file. -.PP -\&\fBBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and -\&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. -.PP -\&\fBBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0 -.PP -\&\fBBIO_flush()\fR normally writes out any internally buffered data, in some -cases it is used to signal \s-1EOF\s0 and that no more data will be written. -.PP -\&\fBBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of -\&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type. -.PP -\&\fBBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can -take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used -in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should -be closed when the \s-1BIO\s0 is freed. -.PP -\&\fBBIO_get_close()\fR returns the BIOs close flag. -.PP -\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR -return the number of pending characters in the BIOs read and write buffers. -Not all BIOs support these calls. \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR -return a size_t type and are functions, \fBBIO_pending()\fR and \fBBIO_wpending()\fR are -macros which call \fBBIO_ctrl()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File -BIOs are an exception, they return 0 for success and \-1 for failure. -.PP -\&\fBBIO_seek()\fR and \fBBIO_tell()\fR both return the current file position on success -and \-1 for failure, except file BIOs which for \fBBIO_seek()\fR always return 0 -for success and \-1 for failure. -.PP -\&\fBBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. -.PP -\&\fBBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. -.PP -\&\fBBIO_set_close()\fR always returns 1. -.PP -\&\fBBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 -.PP -\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR -return the amount of pending data. -.SH "NOTES" -.IX Header "NOTES" -\&\fBBIO_flush()\fR, because it can write data may return 0 or \-1 indicating -that the call should be retried later in a similar manner to \fBBIO_write_ex()\fR. -The \fBBIO_should_retry()\fR call should be used and appropriate action taken -is the call fails. -.PP -The return values of \fBBIO_pending()\fR and \fBBIO_wpending()\fR may not reliably -determine the amount of pending data in all cases. For example in the -case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures -internal buffers but it is not possible to determine this in a -portably way. For other types of \s-1BIO\s0 they may not be supported. -.PP -Filter BIOs if they do not internally handle a particular \fBBIO_ctrl()\fR -operation usually pass the operation to the next \s-1BIO\s0 in the chain. -This often means there is no need to locate the required \s-1BIO\s0 for -a particular operation, it can be called on a chain and it will -be automatically passed to the relevant \s-1BIO.\s0 However this can cause -unexpected results: for example no current filter BIOs implement -\&\fBBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 -or file descriptor \s-1BIO.\s0 -.PP -Source/sink BIOs return an 0 if they do not recognize the \fBBIO_ctrl()\fR -operation. -.SH "BUGS" -.IX Header "BUGS" -Some of the return values are ambiguous and care should be taken. In -particular a return value of 0 can be returned if an operation is not -supported, if an error occurred, if \s-1EOF\s0 has not been reached and in -the case of \fBBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 deleted file mode 100644 index bed5432e7681..000000000000 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ /dev/null @@ -1,223 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_F_BASE64 3" -.TH BIO_F_BASE64 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_f_base64 \- base64 BIO filter -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 2 -\& #include -\& #include -\& -\& const BIO_METHOD *BIO_f_base64(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter -\&\s-1BIO\s0 that base64 encodes any data written through it and decodes -any data read through it. -.PP -Base64 BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. -.PP -\&\fBBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is -used to signal that no more data is to be encoded: this is used -to flush the final block through the \s-1BIO.\s0 -.PP -The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fBBIO_set_flags()\fR -to encode the data all on one line or expect the data to be all -on one line. -.SH "NOTES" -.IX Header "NOTES" -Because of the format of base64 encoding the end of the encoded -block cannot always be reliably determined. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Base64 encode the string \*(L"Hello World\en\*(R" and write the result -to standard output: -.PP -.Vb 2 -\& BIO *bio, *b64; -\& char message[] = "Hello World \en"; -\& -\& b64 = BIO_new(BIO_f_base64()); -\& bio = BIO_new_fp(stdout, BIO_NOCLOSE); -\& BIO_push(b64, bio); -\& BIO_write(b64, message, strlen(message)); -\& BIO_flush(b64); -\& -\& BIO_free_all(b64); -.Ve -.PP -Read Base64 encoded data from standard input and write the decoded -data to standard output: -.PP -.Vb 3 -\& BIO *bio, *b64, *bio_out; -\& char inbuf[512]; -\& int inlen; -\& -\& b64 = BIO_new(BIO_f_base64()); -\& bio = BIO_new_fp(stdin, BIO_NOCLOSE); -\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); -\& BIO_push(b64, bio); -\& while ((inlen = BIO_read(b64, inbuf, 512)) > 0) -\& BIO_write(bio_out, inbuf, inlen); -\& -\& BIO_flush(bio_out); -\& BIO_free_all(b64); -.Ve -.SH "BUGS" -.IX Header "BUGS" -The ambiguity of \s-1EOF\s0 in base64 encoded data can cause additional -data following the base64 encoded block to be misinterpreted. -.PP -There should be some way of specifying a test that the \s-1BIO\s0 can perform -to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary). -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 deleted file mode 100644 index cc79eb36244f..000000000000 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ /dev/null @@ -1,217 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_F_BUFFER 3" -.TH BIO_F_BUFFER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_get_buffer_num_lines, BIO_set_read_buffer_size, BIO_set_write_buffer_size, BIO_set_buffer_size, BIO_set_buffer_read_data, BIO_f_buffer \&\- buffering BIO -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const BIO_METHOD *BIO_f_buffer(void); -\& -\& long BIO_get_buffer_num_lines(BIO *b); -\& long BIO_set_read_buffer_size(BIO *b, long size); -\& long BIO_set_write_buffer_size(BIO *b, long size); -\& long BIO_set_buffer_size(BIO *b, long size); -\& long BIO_set_buffer_read_data(BIO *b, void *buf, long num); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. -.PP -Data written to a buffering \s-1BIO\s0 is buffered and periodically written -to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from -an internal buffer which is filled from the next \s-1BIO\s0 in the chain. -Both \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported. -.PP -Calling \fBBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. -.PP -\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. -.PP -\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR -set the read, write or both read and write buffer sizes to \fBsize\fR. The initial -buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the -buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared -when the buffer is resized. -.PP -\&\fBBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR -bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer -is expanded. -.SH "NOTES" -.IX Header "NOTES" -These functions, other than \fBBIO_f_buffer()\fR, are implemented as macros. -.PP -Buffering BIOs implement \fBBIO_gets()\fR by using \fBBIO_read_ex()\fR operations on the -next \s-1BIO\s0 in the chain. By prepending a buffering \s-1BIO\s0 to a chain it is therefore -possible to provide \fBBIO_gets()\fR functionality if the following BIOs do not -support it (for example \s-1SSL\s0 BIOs). -.PP -Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills -or when \fBBIO_flush()\fR is called. It is therefore important to call \fBBIO_flush()\fR -whenever any pending data should be written such as when removing a buffering -\&\s-1BIO\s0 using \fBBIO_pop()\fR. \fBBIO_flush()\fR may need to be retried if the ultimate -source/sink \s-1BIO\s0 is non blocking. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. -.PP -\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). -.PP -\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR -return 1 if the buffer was successfully resized or 0 for failure. -.PP -\&\fBBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if -there was an error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBbio\fR\|(7), -\&\fBBIO_reset\fR\|(3), -\&\fBBIO_flush\fR\|(3), -\&\fBBIO_pop\fR\|(3), -\&\fBBIO_ctrl\fR\|(3). -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 deleted file mode 100644 index f7831722b60e..000000000000 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ /dev/null @@ -1,211 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_F_CIPHER 3" -.TH BIO_F_CIPHER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher BIO filter -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 2 -\& #include -\& #include -\& -\& const BIO_METHOD *BIO_f_cipher(void); -\& void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher, -\& unsigned char *key, unsigned char *iv, int enc); -\& int BIO_get_cipher_status(BIO *b) -\& int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter -\&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data -read from it. It is a \s-1BIO\s0 wrapper for the cipher routines -\&\fBEVP_CipherInit()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal()\fR. -.PP -Cipher BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. -.PP -\&\fBBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is -used to signal that no more data is to be encrypted: this is used -to flush and possibly pad the final block through the \s-1BIO.\s0 -.PP -\&\fBBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR -and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for -decryption. -.PP -When reading from an encryption \s-1BIO\s0 the final block is automatically -decrypted and checked when \s-1EOF\s0 is detected. \fBBIO_get_cipher_status()\fR -is a \fBBIO_ctrl()\fR macro which can be called to determine whether the -decryption operation was successful. -.PP -\&\fBBIO_get_cipher_ctx()\fR is a \fBBIO_ctrl()\fR macro which retrieves the internal -\&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction -with the standard cipher routines to set it up. This is useful when -\&\fBBIO_set_cipher()\fR is not flexible enough for the applications needs. -.SH "NOTES" -.IX Header "NOTES" -When encrypting \fBBIO_flush()\fR \fBmust\fR be called to flush the final block -through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent -decrypt. -.PP -When decrypting an error on the final block is signaled by a zero -return value from the read operation. A successful decrypt followed -by \s-1EOF\s0 will also return zero for the final read. \fBBIO_get_cipher_status()\fR -should be called to determine if the decrypt was successful. -.PP -As always, if \fBBIO_gets()\fR or \fBBIO_puts()\fR support is needed then it can -be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. -.PP -\&\fBBIO_set_cipher()\fR does not return a value. -.PP -\&\fBBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 -for failure. -.PP -\&\fBBIO_get_cipher_ctx()\fR currently always returns 1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 deleted file mode 100644 index 0a8eeed7a5d3..000000000000 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ /dev/null @@ -1,295 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_F_MD 3" -.TH BIO_F_MD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 2 -\& #include -\& #include -\& -\& const BIO_METHOD *BIO_f_md(void); -\& int BIO_set_md(BIO *b, EVP_MD *md); -\& int BIO_get_md(BIO *b, EVP_MD **mdp); -\& int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter -\&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper -for the digest routines \fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR -and \fBEVP_DigestFinal()\fR. -.PP -Any data written or read through a digest \s-1BIO\s0 using \fBBIO_read_ex()\fR and -\&\fBBIO_write_ex()\fR is digested. -.PP -\&\fBBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the -digest calculation and returns the digest value. \fBBIO_puts()\fR is -not supported. -.PP -\&\fBBIO_reset()\fR reinitialises a digest \s-1BIO.\s0 -.PP -\&\fBBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this -must be called to initialize a digest \s-1BIO\s0 before any data is -passed through it. It is a \fBBIO_ctrl()\fR macro. -.PP -\&\fBBIO_get_md()\fR places the a pointer to the digest BIOs digest method -in \fBmdp\fR, it is a \fBBIO_ctrl()\fR macro. -.PP -\&\fBBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. -.SH "NOTES" -.IX Header "NOTES" -The context returned by \fBBIO_get_md_ctx()\fR can be used in calls -to \fBEVP_DigestFinal()\fR and also the signature routines \fBEVP_SignFinal()\fR -and \fBEVP_VerifyFinal()\fR. -.PP -The context returned by \fBBIO_get_md_ctx()\fR is an internal context -structure. Changes made to this context will affect the digest -\&\s-1BIO\s0 itself and the context pointer will become invalid when the digest -\&\s-1BIO\s0 is freed. -.PP -After the digest has been retrieved from a digest \s-1BIO\s0 it must be -reinitialized by calling \fBBIO_reset()\fR, or \fBBIO_set_md()\fR before any more -data is passed through it. -.PP -If an application needs to call \fBBIO_gets()\fR or \fBBIO_puts()\fR through -a chain containing digest BIOs then this can be done by prepending -a buffering \s-1BIO.\s0 -.PP -Calling \fBBIO_get_md_ctx()\fR will return the context and initialize the \s-1BIO\s0 -state. This allows applications to initialize the context externally -if the standard calls such as \fBBIO_set_md()\fR are not sufficiently flexible. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_f_md()\fR returns the digest \s-1BIO\s0 method. -.PP -\&\fBBIO_set_md()\fR, \fBBIO_get_md()\fR and \fBBIO_md_ctx()\fR return 1 for success and -0 for failure. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -The following example creates a \s-1BIO\s0 chain containing an \s-1SHA1\s0 and \s-1MD5\s0 -digest \s-1BIO\s0 and passes the string \*(L"Hello World\*(R" through it. Error -checking has been omitted for clarity. -.PP -.Vb 2 -\& BIO *bio, *mdtmp; -\& char message[] = "Hello World"; -\& -\& bio = BIO_new(BIO_s_null()); -\& mdtmp = BIO_new(BIO_f_md()); -\& BIO_set_md(mdtmp, EVP_sha1()); -\& /* -\& * For BIO_push() we want to append the sink BIO and keep a note of -\& * the start of the chain. -\& */ -\& bio = BIO_push(mdtmp, bio); -\& mdtmp = BIO_new(BIO_f_md()); -\& BIO_set_md(mdtmp, EVP_md5()); -\& bio = BIO_push(mdtmp, bio); -\& /* Note: mdtmp can now be discarded */ -\& BIO_write(bio, message, strlen(message)); -.Ve -.PP -The next example digests data by reading through a chain instead: -.PP -.Vb 3 -\& BIO *bio, *mdtmp; -\& char buf[1024]; -\& int rdlen; -\& -\& bio = BIO_new_file(file, "rb"); -\& mdtmp = BIO_new(BIO_f_md()); -\& BIO_set_md(mdtmp, EVP_sha1()); -\& bio = BIO_push(mdtmp, bio); -\& mdtmp = BIO_new(BIO_f_md()); -\& BIO_set_md(mdtmp, EVP_md5()); -\& bio = BIO_push(mdtmp, bio); -\& do { -\& rdlen = BIO_read(bio, buf, sizeof(buf)); -\& /* Might want to do something with the data here */ -\& } while (rdlen > 0); -.Ve -.PP -This next example retrieves the message digests from a \s-1BIO\s0 chain and -outputs them. This could be used with the examples above. -.PP -.Vb 4 -\& BIO *mdtmp; -\& unsigned char mdbuf[EVP_MAX_MD_SIZE]; -\& int mdlen; -\& int i; -\& -\& mdtmp = bio; /* Assume bio has previously been set up */ -\& do { -\& EVP_MD *md; -\& -\& mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD); -\& if (!mdtmp) -\& break; -\& BIO_get_md(mdtmp, &md); -\& printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); -\& mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); -\& for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]); -\& printf("\en"); -\& mdtmp = BIO_next(mdtmp); -\& } while (mdtmp); -\& -\& BIO_free_all(bio); -.Ve -.SH "BUGS" -.IX Header "BUGS" -The lack of support for \fBBIO_puts()\fR and the non standard behaviour of -\&\fBBIO_gets()\fR could be regarded as anomalous. It could be argued that \fBBIO_gets()\fR -and \fBBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest -the data passed through and that digests should be retrieved using a -separate \fBBIO_ctrl()\fR call. -.SH "HISTORY" -.IX Header "HISTORY" -Before OpenSSL 1.0.0., the call to \fBBIO_get_md_ctx()\fR would only work if the -\&\s-1BIO\s0 was initialized first. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 deleted file mode 100644 index d6d168dad204..000000000000 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ /dev/null @@ -1,171 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_F_NULL 3" -.TH BIO_F_NULL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_f_null \- null filter -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const BIO_METHOD *BIO_f_null(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 -that does nothing. -.PP -All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in -the chain: this means that a \s-1BIO\s0 chain containing a null filter \s-1BIO\s0 -behaves just as though the \s-1BIO\s0 was not there. -.SH "NOTES" -.IX Header "NOTES" -As may be apparent a null filter \s-1BIO\s0 is not particularly useful. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 deleted file mode 100644 index e131f3a1dd1f..000000000000 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ /dev/null @@ -1,435 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_F_SSL 3" -.TH BIO_F_SSL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_do_handshake, BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, BIO_ssl_shutdown \- SSL BIO -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 2 -\& #include -\& #include -\& -\& const BIO_METHOD *BIO_f_ssl(void); -\& -\& long BIO_set_ssl(BIO *b, SSL *ssl, long c); -\& long BIO_get_ssl(BIO *b, SSL **sslp); -\& long BIO_set_ssl_mode(BIO *b, long client); -\& long BIO_set_ssl_renegotiate_bytes(BIO *b, long num); -\& long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds); -\& long BIO_get_num_renegotiates(BIO *b); -\& -\& BIO *BIO_new_ssl(SSL_CTX *ctx, int client); -\& BIO *BIO_new_ssl_connect(SSL_CTX *ctx); -\& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); -\& int BIO_ssl_copy_session_id(BIO *to, BIO *from); -\& void BIO_ssl_shutdown(BIO *bio); -\& -\& long BIO_do_handshake(BIO *b); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which -is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to -\&\s-1SSL I/O.\s0 -.PP -I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol with -the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established -then an attempt is made to establish one on the first I/O call. -.PP -If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fBBIO_push()\fR it is automatically -used as the \s-1SSL\s0 BIOs read and write BIOs. -.PP -Calling \fBBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection -by calling \fBSSL_shutdown()\fR. \fBBIO_reset()\fR is then sent to the next \s-1BIO\s0 in -the chain: this will typically disconnect the underlying transport. -The \s-1SSL BIO\s0 is then reset to the initial accept or connect state. -.PP -If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal -\&\s-1SSL\s0 structure is also freed using \fBSSL_free()\fR. -.PP -\&\fBBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using -the close flag \fBc\fR. -.PP -\&\fBBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be -manipulated using the standard \s-1SSL\s0 library functions. -.PP -\&\fBBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR -is 1 client mode is set. If \fBclient\fR is 0 server mode is set. -.PP -\&\fBBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count -to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) -the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at -least 512 bytes. -.PP -\&\fBBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to -\&\fBseconds\fR. When the renegotiate timeout elapses the session is -automatically renegotiated. -.PP -\&\fBBIO_get_num_renegotiates()\fR returns the total number of session -renegotiations due to I/O or timeout. -.PP -\&\fBBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using -client mode if \fBclient\fR is non zero. -.PP -\&\fBBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an -\&\s-1SSL BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO.\s0 -.PP -\&\fBBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting -of a buffering \s-1BIO,\s0 an \s-1SSL BIO\s0 (using \fBctx\fR) and a connect -\&\s-1BIO.\s0 -.PP -\&\fBBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between -\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the -\&\s-1SSL\s0 BIOs in each chain and calling \fBSSL_copy_session_id()\fR on -the internal \s-1SSL\s0 pointer. -.PP -\&\fBBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 -chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the -chain and calling \fBSSL_shutdown()\fR on its internal \s-1SSL\s0 -pointer. -.PP -\&\fBBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the -supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 -if the connection was established successfully. A zero or negative -value is returned if the connection could not be established, the -call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs -to determine if the call should be retried. If an \s-1SSL\s0 connection has -already been established this call has no effect. -.SH "NOTES" -.IX Header "NOTES" -\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport -is non blocking they can still request a retry in exceptional -circumstances. Specifically this will happen if a session -renegotiation takes place during a \fBBIO_read_ex()\fR operation, one -case where this happens is when step up occurs. -.PP -The \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be -set to disable this behaviour. That is when this flag is set -an \s-1SSL BIO\s0 using a blocking transport will never request a -retry. -.PP -Since unknown \fBBIO_ctrl()\fR operations are sent through filter -BIOs the servers name and port can be set using \fBBIO_set_host()\fR -on the \s-1BIO\s0 returned by \fBBIO_new_ssl_connect()\fR without having -to locate the connect \s-1BIO\s0 first. -.PP -Applications do not have to call \fBBIO_do_handshake()\fR but may wish -to do so to separate the handshake process from other I/O -processing. -.PP -\&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, -\&\fBBIO_set_ssl_renegotiate_bytes()\fR, \fBBIO_set_ssl_renegotiate_timeout()\fR, -\&\fBBIO_get_num_renegotiates()\fR, and \fBBIO_do_handshake()\fR are implemented as macros. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_f_ssl()\fR returns the \s-1SSL\s0 \fB\s-1BIO_METHOD\s0\fR structure. -.PP -\&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, \fBBIO_set_ssl_renegotiate_bytes()\fR, -\&\fBBIO_set_ssl_renegotiate_timeout()\fR and \fBBIO_get_num_renegotiates()\fR return 1 on -success or a value which is less than or equal to 0 if an error occurred. -.PP -\&\fBBIO_new_ssl()\fR, \fBBIO_new_ssl_connect()\fR and \fBBIO_new_buffer_ssl_connect()\fR return -a valid \fB\s-1BIO\s0\fR structure on success or \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBBIO_ssl_copy_session_id()\fR returns 1 on success or 0 on error. -.PP -\&\fBBIO_do_handshake()\fR returns 1 if the connection was established successfully. -A zero or negative value is returned if the connection could not be established. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -This \s-1SSL/TLS\s0 client example attempts to retrieve a page from an -\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the -unencrypted example in \fBBIO_s_connect\fR\|(3). -.PP -.Vb 5 -\& BIO *sbio, *out; -\& int len; -\& char tmpbuf[1024]; -\& SSL_CTX *ctx; -\& SSL *ssl; -\& -\& /* XXX Seed the PRNG if needed. */ -\& -\& ctx = SSL_CTX_new(TLS_client_method()); -\& -\& /* XXX Set verify paths and mode here. */ -\& -\& sbio = BIO_new_ssl_connect(ctx); -\& BIO_get_ssl(sbio, &ssl); -\& if (ssl == NULL) { -\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -\& -\& /* Don\*(Aqt want any retries */ -\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); -\& -\& /* XXX We might want to do other things with ssl here */ -\& -\& /* An empty host part means the loopback address */ -\& BIO_set_conn_hostname(sbio, ":https"); -\& -\& out = BIO_new_fp(stdout, BIO_NOCLOSE); -\& if (BIO_do_connect(sbio) <= 0) { -\& fprintf(stderr, "Error connecting to server\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -\& if (BIO_do_handshake(sbio) <= 0) { -\& fprintf(stderr, "Error establishing SSL connection\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -\& -\& /* XXX Could examine ssl here to get connection info */ -\& -\& BIO_puts(sbio, "GET / HTTP/1.0\en\en"); -\& for (;;) { -\& len = BIO_read(sbio, tmpbuf, 1024); -\& if (len <= 0) -\& break; -\& BIO_write(out, tmpbuf, len); -\& } -\& BIO_free_all(sbio); -\& BIO_free(out); -.Ve -.PP -Here is a simple server example. It makes use of a buffering -\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL BIO\s0 using BIO_gets. -It creates a pseudo web page containing the actual request from -a client and also echoes the request to standard output. -.PP -.Vb 5 -\& BIO *sbio, *bbio, *acpt, *out; -\& int len; -\& char tmpbuf[1024]; -\& SSL_CTX *ctx; -\& SSL *ssl; -\& -\& /* XXX Seed the PRNG if needed. */ -\& -\& ctx = SSL_CTX_new(TLS_server_method()); -\& if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM) -\& || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM) -\& || !SSL_CTX_check_private_key(ctx)) { -\& fprintf(stderr, "Error setting up SSL_CTX\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -\& -\& /* XXX Other things like set verify locations, EDH temp callbacks. */ -\& -\& /* New SSL BIO setup as server */ -\& sbio = BIO_new_ssl(ctx, 0); -\& BIO_get_ssl(sbio, &ssl); -\& if (ssl == NULL) { -\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -\& -\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); -\& bbio = BIO_new(BIO_f_buffer()); -\& sbio = BIO_push(bbio, sbio); -\& acpt = BIO_new_accept("4433"); -\& -\& /* -\& * By doing this when a new connection is established -\& * we automatically have sbio inserted into it. The -\& * BIO chain is now \*(Aqswallowed\*(Aq by the accept BIO and -\& * will be freed when the accept BIO is freed. -\& */ -\& BIO_set_accept_bios(acpt, sbio); -\& out = BIO_new_fp(stdout, BIO_NOCLOSE); -\& -\& /* Setup accept BIO */ -\& if (BIO_do_accept(acpt) <= 0) { -\& fprintf(stderr, "Error setting up accept BIO\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -\& -\& /* We only want one connection so remove and free accept BIO */ -\& sbio = BIO_pop(acpt); -\& BIO_free_all(acpt); -\& -\& if (BIO_do_handshake(sbio) <= 0) { -\& fprintf(stderr, "Error in SSL handshake\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -\& -\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent\-type: text/plain\er\en\er\en"); -\& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en"); -\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); -\& -\& for (;;) { -\& len = BIO_gets(sbio, tmpbuf, 1024); -\& if (len <= 0) -\& break; -\& BIO_write(sbio, tmpbuf, len); -\& BIO_write(out, tmpbuf, len); -\& /* Look for blank line signifying end of headers*/ -\& if (tmpbuf[0] == \*(Aq\er\*(Aq || tmpbuf[0] == \*(Aq\en\*(Aq) -\& break; -\& } -\& -\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); -\& BIO_puts(sbio, "\er\en"); -\& BIO_flush(sbio); -\& BIO_free_all(sbio); -.Ve -.SH "HISTORY" -.IX Header "HISTORY" -In OpenSSL before 1.0.0 the \fBBIO_pop()\fR call was handled incorrectly, -the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of -decremented) and dissociated with the \s-1SSL BIO\s0 even if the \s-1SSL BIO\s0 was not -explicitly being popped (e.g. a pop higher up the chain). Applications which -included workarounds for this bug (e.g. freeing BIOs more than once) should -be modified to handle this fix or they may free up an already freed \s-1BIO.\s0 -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 deleted file mode 100644 index 534534d17c2e..000000000000 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ /dev/null @@ -1,203 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_FIND_TYPE 3" -.TH BIO_FIND_TYPE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BIO *BIO_find_type(BIO *b, int bio_type); -\& BIO *BIO_next(BIO *b); -\& int BIO_method_type(const BIO *b); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting -at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \fB\s-1BIO_TYPE_MEM\s0\fR) then a search -is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as -\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is -searched for. \fBBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is -found. -.PP -The following general types are defined: -\&\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR, \fB\s-1BIO_TYPE_FILTER\s0\fR, and \fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR. -.PP -For a list of the specific types, see the \fBopenssl/bio.h\fR header file. -.PP -\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs -in a chain or used in conjunction with \fBBIO_find_type()\fR to find all BIOs of a -certain type. -.PP -\&\fBBIO_method_type()\fR returns the type of a \s-1BIO.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. -.PP -\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. -.PP -\&\fBBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Traverse a chain looking for digest BIOs: -.PP -.Vb 1 -\& BIO *btmp; -\& -\& btmp = in_bio; /* in_bio is chain to search through */ -\& do { -\& btmp = BIO_find_type(btmp, BIO_TYPE_MD); -\& if (btmp == NULL) -\& break; /* Not found */ -\& /* btmp is a digest BIO, do something with it ...*/ -\& ... -\& -\& btmp = BIO_next(btmp); -\& } while (btmp); -.Ve -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_get_data.3 b/secure/lib/libcrypto/man/BIO_get_data.3 deleted file mode 100644 index bc46e7b22155..000000000000 --- a/secure/lib/libcrypto/man/BIO_get_data.3 +++ /dev/null @@ -1,195 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_GET_DATA 3" -.TH BIO_GET_DATA 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, BIO_get_shutdown \- functions for managing BIO state information -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void BIO_set_data(BIO *a, void *ptr); -\& void *BIO_get_data(BIO *a); -\& void BIO_set_init(BIO *a, int init); -\& int BIO_get_init(BIO *a); -\& void BIO_set_shutdown(BIO *a, int shut); -\& int BIO_get_shutdown(BIO *a); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions are mainly useful when implementing a custom \s-1BIO.\s0 -.PP -The \fBBIO_set_data()\fR function associates the custom data pointed to by \fBptr\fR with -the \s-1BIO.\s0 This data can subsequently be retrieved via a call to \fBBIO_get_data()\fR. -This can be used by custom BIOs for storing implementation specific information. -.PP -The \fBBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate -whether initialisation has been completed for this \s-1BIO\s0 or not. A non-zero value -indicates that initialisation is complete, whilst zero indicates that it is not. -Often initialisation will complete during initial construction of the \s-1BIO.\s0 For -some BIOs however, initialisation may not complete until after additional steps -have occurred (for example through calling custom ctrls). The \fBBIO_get_init()\fR -function returns the value of the \*(L"init\*(R" flag. -.PP -The \fBBIO_set_shutdown()\fR and \fBBIO_get_shutdown()\fR functions set and get the state of -this \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. If set then the underlying resource -is also closed when the \s-1BIO\s0 is freed. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_get_data()\fR returns a pointer to the implementation specific custom data -associated with this \s-1BIO,\s0 or \s-1NULL\s0 if none has been set. -.PP -\&\fBBIO_get_init()\fR returns the state of the \s-1BIO\s0's init flag. -.PP -\&\fBBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -bio, BIO_meth_new -.SH "HISTORY" -.IX Header "HISTORY" -The functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 b/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 deleted file mode 100644 index 2b0092d60bfd..000000000000 --- a/secure/lib/libcrypto/man/BIO_get_ex_new_index.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_GET_EX_NEW_INDEX 3" -.TH BIO_GET_EX_NEW_INDEX 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data, X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \&\- application\-specific data -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int TYPE_get_ex_new_index(long argl, void *argp, -\& CRYPTO_EX_new *new_func, -\& CRYPTO_EX_dup *dup_func, -\& CRYPTO_EX_free *free_func); -\& -\& int TYPE_set_ex_data(TYPE *d, int idx, void *arg); -\& -\& void *TYPE_get_ex_data(TYPE *d, int idx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -In the description here, \fI\s-1TYPE\s0\fR is used a placeholder -for any of the OpenSSL datatypes listed in -\&\fBCRYPTO_get_ex_new_index\fR\|(3). -.PP -These functions handle application-specific data for OpenSSL data -structures. -.PP -\&\fBTYPE_get_new_ex_index()\fR is a macro that calls \fBCRYPTO_get_ex_new_index()\fR -with the correct \fBindex\fR value. -.PP -\&\fBTYPE_set_ex_data()\fR is a function that calls \fBCRYPTO_set_ex_data()\fR with -an offset into the opaque exdata part of the \s-1TYPE\s0 object. -.PP -\&\fBTYPE_get_ex_data()\fR is a function that calls \fBCRYPTO_get_ex_data()\fR with -an offset into the opaque exdata part of the \s-1TYPE\s0 object. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBTYPE_get_new_ex_index()\fR returns a new index on success or \-1 on error. -.PP -\&\fBTYPE_set_ex_data()\fR returns 1 on success or 0 on error. -.PP -\&\fBTYPE_get_ex_data()\fR returns the application data or \s-1NULL\s0 if an error occurred. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBCRYPTO_get_ex_new_index\fR\|(3). -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_meth_new.3 b/secure/lib/libcrypto/man/BIO_meth_new.3 deleted file mode 100644 index 306a62eb8eb0..000000000000 --- a/secure/lib/libcrypto/man/BIO_meth_new.3 +++ /dev/null @@ -1,288 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_METH_NEW 3" -.TH BIO_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_get_new_index, BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, BIO_meth_set_callback_ctrl \- Routines to build up BIO methods -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BIO_get_new_index(void); -\& -\& BIO_METHOD *BIO_meth_new(int type, const char *name); -\& -\& void BIO_meth_free(BIO_METHOD *biom); -\& -\& int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t, -\& size_t *); -\& int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int); -\& int BIO_meth_set_write_ex(BIO_METHOD *biom, -\& int (*bwrite)(BIO *, const char *, size_t, size_t *)); -\& int BIO_meth_set_write(BIO_METHOD *biom, -\& int (*write)(BIO *, const char *, int)); -\& -\& int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *); -\& int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int); -\& int BIO_meth_set_read_ex(BIO_METHOD *biom, -\& int (*bread)(BIO *, char *, size_t, size_t *)); -\& int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int)); -\& -\& int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *); -\& int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *)); -\& -\& int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int); -\& int BIO_meth_set_gets(BIO_METHOD *biom, -\& int (*gets)(BIO *, char *, int)); -\& -\& long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *); -\& int BIO_meth_set_ctrl(BIO_METHOD *biom, -\& long (*ctrl)(BIO *, int, long, void *)); -\& -\& int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *); -\& int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)); -\& -\& int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *); -\& int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)); -\& -\& long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *); -\& int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, -\& long (*callback_ctrl)(BIO *, int, BIO_info_cb *)); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1BIO_METHOD\s0\fR type is a structure used for the implementation of new \s-1BIO\s0 -types. It provides a set of functions used by OpenSSL for the implementation -of the various \s-1BIO\s0 capabilities. See the bio page for more information. -.PP -\&\fBBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a -unique integer \fBtype\fR and a string that represents its \fBname\fR. -Use \fBBIO_get_new_index()\fR to get the value for \fBtype\fR. -.PP -The set of -standard OpenSSL provided \s-1BIO\s0 types is provided in \fBbio.h\fR. Some examples -include \fB\s-1BIO_TYPE_BUFFER\s0\fR and \fB\s-1BIO_TYPE_CIPHER\s0\fR. Filter BIOs should have a -type which have the \*(L"filter\*(R" bit set (\fB\s-1BIO_TYPE_FILTER\s0\fR). Source/sink BIOs -should have the \*(L"source/sink\*(R" bit set (\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR). File descriptor -based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the -\&\*(L"descriptor\*(R" bit set (\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR). See the BIO_find_type page for -more information. -.PP -\&\fBBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory -associated with it. -.PP -\&\fBBIO_meth_get_write_ex()\fR and \fBBIO_meth_set_write_ex()\fR get and set the function -used for writing arbitrary length data to the \s-1BIO\s0 respectively. This function -will be called in response to the application calling \fBBIO_write_ex()\fR or -\&\fBBIO_write()\fR. The parameters for the function have the same meaning as for -\&\fBBIO_write_ex()\fR. Older code may call \fBBIO_meth_get_write()\fR and -\&\fBBIO_meth_set_write()\fR instead. Applications should not call both -\&\fBBIO_meth_set_write_ex()\fR and \fBBIO_meth_set_write()\fR or call \fBBIO_meth_get_write()\fR -when the function was set with \fBBIO_meth_set_write_ex()\fR. -.PP -\&\fBBIO_meth_get_read_ex()\fR and \fBBIO_meth_set_read_ex()\fR get and set the function used -for reading arbitrary length data from the \s-1BIO\s0 respectively. This function will -be called in response to the application calling \fBBIO_read_ex()\fR or \fBBIO_read()\fR. -The parameters for the function have the same meaning as for \fBBIO_read_ex()\fR. -Older code may call \fBBIO_meth_get_read()\fR and \fBBIO_meth_set_read()\fR instead. -Applications should not call both \fBBIO_meth_set_read_ex()\fR and \fBBIO_meth_set_read()\fR -or call \fBBIO_meth_get_read()\fR when the function was set with -\&\fBBIO_meth_set_read_ex()\fR. -.PP -\&\fBBIO_meth_get_puts()\fR and \fBBIO_meth_set_puts()\fR get and set the function used for -writing a \s-1NULL\s0 terminated string to the \s-1BIO\s0 respectively. This function will be -called in response to the application calling \fBBIO_puts()\fR. The parameters for -the function have the same meaning as for \fBBIO_puts()\fR. -.PP -\&\fBBIO_meth_get_gets()\fR and \fBBIO_meth_set_gets()\fR get and set the function typically -used for reading a line of data from the \s-1BIO\s0 respectively (see the \fBBIO_gets\fR\|(3) -page for more information). This function will be called in response to the -application calling \fBBIO_gets()\fR. The parameters for the function have the same -meaning as for \fBBIO_gets()\fR. -.PP -\&\fBBIO_meth_get_ctrl()\fR and \fBBIO_meth_set_ctrl()\fR get and set the function used for -processing ctrl messages in the \s-1BIO\s0 respectively. See the BIO_ctrl page for -more information. This function will be called in response to the application -calling \fBBIO_ctrl()\fR. The parameters for the function have the same meaning as for -\&\fBBIO_ctrl()\fR. -.PP -\&\fBBIO_meth_get_create()\fR and \fBBIO_meth_set_create()\fR get and set the function used -for creating a new instance of the \s-1BIO\s0 respectively. This function will be -called in response to the application calling \fBBIO_new()\fR and passing -in a pointer to the current \s-1BIO_METHOD.\s0 The \fBBIO_new()\fR function will allocate the -memory for the new \s-1BIO,\s0 and a pointer to this newly allocated structure will -be passed as a parameter to the function. -.PP -\&\fBBIO_meth_get_destroy()\fR and \fBBIO_meth_set_destroy()\fR get and set the function used -for destroying an instance of a \s-1BIO\s0 respectively. This function will be -called in response to the application calling \fBBIO_free()\fR. A pointer to the \s-1BIO\s0 -to be destroyed is passed as a parameter. The destroy function should be used -for \s-1BIO\s0 specific clean up. The memory for the \s-1BIO\s0 itself should not be freed by -this function. -.PP -\&\fBBIO_meth_get_callback_ctrl()\fR and \fBBIO_meth_set_callback_ctrl()\fR get and set the -function used for processing callback ctrl messages in the \s-1BIO\s0 respectively. See -the \fBBIO_callback_ctrl\fR\|(3) page for more information. This function will be called -in response to the application calling \fBBIO_callback_ctrl()\fR. The parameters for -the function have the same meaning as for \fBBIO_callback_ctrl()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_get_new_index()\fR returns the new \s-1BIO\s0 type value or \-1 if an error occurred. -.PP -BIO_meth_new(int type, const char *name) returns a valid \fB\s-1BIO_METHOD\s0\fR or \s-1NULL\s0 -if an error occurred. -.PP -The \fBBIO_meth_set\fR functions return 1 on success or 0 on error. -.PP -The \fBBIO_meth_get\fR functions return the corresponding function pointers. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -bio, BIO_find_type, BIO_ctrl, BIO_read_ex, BIO_new -.SH "HISTORY" -.IX Header "HISTORY" -The functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 deleted file mode 100644 index 6cb997f31e10..000000000000 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ /dev/null @@ -1,202 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_NEW 3" -.TH BIO_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all \&\- BIO allocation and freeing functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BIO * BIO_new(const BIO_METHOD *type); -\& int BIO_up_ref(BIO *a); -\& int BIO_free(BIO *a); -\& void BIO_vfree(BIO *a); -\& void BIO_free_all(BIO *a); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. -.PP -\&\fBBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object. -.PP -\&\fBBIO_free()\fR frees up a single \s-1BIO,\s0 \fBBIO_vfree()\fR also frees up a single \s-1BIO\s0 -but it does not return a value. -If \fBa\fR is \s-1NULL\s0 nothing is done. -Calling \fBBIO_free()\fR may also have some effect -on the underlying I/O structure, for example it may close the file being -referred to under certain circumstances. For more details see the individual -\&\s-1BIO_METHOD\s0 descriptions. -.PP -\&\fBBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error -occurs freeing up an individual \s-1BIO\s0 in the chain. -If \fBa\fR is \s-1NULL\s0 nothing is done. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. -.PP -\&\fBBIO_up_ref()\fR and \fBBIO_free()\fR return 1 for success and 0 for failure. -.PP -\&\fBBIO_free_all()\fR and \fBBIO_vfree()\fR do not return values. -.SH "NOTES" -.IX Header "NOTES" -If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting -in a memory leak. -.PP -Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling \fBBIO_free()\fR -on it other than the discarded return value. -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Create a memory \s-1BIO:\s0 -.PP -.Vb 1 -\& BIO *mem = BIO_new(BIO_s_mem()); -.Ve -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3 deleted file mode 100644 index e59a0a3b7581..000000000000 --- a/secure/lib/libcrypto/man/BIO_new_CMS.3 +++ /dev/null @@ -1,204 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_NEW_CMS 3" -.TH BIO_NEW_CMS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_new_CMS \- CMS streaming filter BIO -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output -of the filter is written to \fBout\fR. Any data written to the chain is -automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type. -.SH "NOTES" -.IX Header "NOTES" -The chain returned by this function behaves like a standard filter \s-1BIO.\s0 It -supports non blocking I/O. Content is processed and streamed on the fly and not -all held in memory at once: so it is possible to encode very large structures. -After all content has been written through the chain \fBBIO_flush()\fR must be called -to finalise the structure. -.PP -The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR -parameter of the \fBcms\fR creation function. -.PP -If an application wishes to write additional data to \fBout\fR BIOs should be -removed from the chain using \fBBIO_pop()\fR and freed with \fBBIO_free()\fR until \fBout\fR -is reached. If no additional data needs to be written \fBBIO_free_all()\fR can be -called to free up the whole chain. -.PP -Any content written through the filter is used verbatim: no canonical -translation is performed. -.PP -It is possible to chain multiple BIOs to, for example, create a triple wrapped -signed, enveloped, signed structure. In this case it is the applications -responsibility to set the inner content type of any outer CMS_ContentInfo -structures. -.PP -Large numbers of small writes through the chain should be avoided as this will -produce an output consisting of lots of \s-1OCTET STRING\s0 structures. Prepending -a \fBBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. -.SH "BUGS" -.IX Header "BUGS" -There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode -a \s-1CMS\s0 structure on the fly. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), -\&\fBCMS_encrypt\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBBIO_new_CMS()\fR function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_parse_hostserv.3 b/secure/lib/libcrypto/man/BIO_parse_hostserv.3 deleted file mode 100644 index 747fbc19cc6c..000000000000 --- a/secure/lib/libcrypto/man/BIO_parse_hostserv.3 +++ /dev/null @@ -1,212 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_PARSE_HOSTSERV 3" -.TH BIO_PARSE_HOSTSERV 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_hostserv_priorities, BIO_parse_hostserv \&\- utility routines to parse a standard host and service string -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& enum BIO_hostserv_priorities { -\& BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV -\& }; -\& int BIO_parse_hostserv(const char *hostserv, char **host, char **service, -\& enum BIO_hostserv_priorities hostserv_prio); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR, -create strings with the host name and service name and give those -back via \fBhost\fR and \fBservice\fR. Those will need to be freed after -they are used. \fBhostserv_prio\fR helps determine if \fBhostserv\fR shall -be interpreted primarily as a host name or a service name in ambiguous -cases. -.PP -The syntax the \fBBIO_parse_hostserv()\fR recognises is: -.PP -.Vb 7 -\& host + \*(Aq:\*(Aq + service -\& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq -\& host + \*(Aq:\*(Aq -\& \*(Aq:\*(Aq + service -\& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service -\& host -\& service -.Ve -.PP -The host part can be a name or an \s-1IP\s0 address. If it's a IPv6 -address, it \s-1MUST\s0 be enclosed in brackets, such as '[::1]'. -.PP -The service part can be a service name or its port number. -.PP -The returned values will depend on the given \fBhostserv\fR string -and \fBhostserv_prio\fR, as follows: -.PP -.Vb 5 -\& host + \*(Aq:\*(Aq + service => *host = "host", *service = "service" -\& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq => *host = "host", *service = NULL -\& host + \*(Aq:\*(Aq => *host = "host", *service = NULL -\& \*(Aq:\*(Aq + service => *host = NULL, *service = "service" -\& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service => *host = NULL, *service = "service" -\& -\& in case no \*(Aq:\*(Aq is present in the string, the result depends on -\& hostserv_prio, as follows: -\& -\& when hostserv_prio == BIO_PARSE_PRIO_HOST -\& host => *host = "host", *service untouched -\& -\& when hostserv_prio == BIO_PARSE_PRIO_SERV -\& service => *host untouched, *service = "service" -.Ve -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_parse_hostserv()\fR returns 1 on success or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\s-1\fBBIO_ADDRINFO\s0\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_printf.3 b/secure/lib/libcrypto/man/BIO_printf.3 deleted file mode 100644 index d68262148fff..000000000000 --- a/secure/lib/libcrypto/man/BIO_printf.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_PRINTF 3" -.TH BIO_PRINTF 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf \&\- formatted output to a BIO -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BIO_printf(BIO *bio, const char *format, ...) -\& int BIO_vprintf(BIO *bio, const char *format, va_list args) -\& -\& int BIO_snprintf(char *buf, size_t n, const char *format, ...) -\& int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_printf()\fR is similar to the standard C \fBprintf()\fR function, except that -the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard -output. All common format specifiers are supported. -.PP -\&\fBBIO_vprintf()\fR is similar to the \fBvprintf()\fR function found on many platforms, -the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard -output. All common format specifiers are supported. The argument -list \fBargs\fR is a stdarg argument list. -.PP -\&\fBBIO_snprintf()\fR is for platforms that do not have the common \fBsnprintf()\fR -function. It is like \fBsprintf()\fR except that the size parameter, \fBn\fR, -specifies the size of the output buffer. -.PP -\&\fBBIO_vsnprintf()\fR is to \fBBIO_snprintf()\fR as \fBBIO_vprintf()\fR is to \fBBIO_printf()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All functions return the number of bytes written, or \-1 on error. -For \fBBIO_snprintf()\fR and \fBBIO_vsnprintf()\fR this includes when the output -buffer is too small. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 deleted file mode 100644 index 56cf8c42036b..000000000000 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ /dev/null @@ -1,224 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_PUSH 3" -.TH BIO_PUSH 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_push, BIO_pop, BIO_set_next \- add and remove BIOs from a chain -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BIO *BIO_push(BIO *b, BIO *append); -\& BIO *BIO_pop(BIO *b); -\& void BIO_set_next(BIO *b, BIO *next); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns -\&\fBb\fR. -.PP -\&\fBBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 -in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then -becomes a single \s-1BIO\s0 with no association with the original chain, -it can thus be freed or attached to a different chain. -.PP -\&\fBBIO_set_next()\fR replaces the existing next \s-1BIO\s0 in a chain with the \s-1BIO\s0 pointed to -by \fBnext\fR. The new chain may include some of the same BIOs from the old chain -or it may be completely different. -.SH "NOTES" -.IX Header "NOTES" -The names of these functions are perhaps a little misleading. \fBBIO_push()\fR -joins two \s-1BIO\s0 chains whereas \fBBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, -the deleted \s-1BIO\s0 does not need to be at the end of a chain. -.PP -The process of calling \fBBIO_push()\fR and \fBBIO_pop()\fR on a \s-1BIO\s0 may have additional -consequences (a control call is made to the affected BIOs) any effects will -be noted in the descriptions of individual BIOs. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_push()\fR returns the end of the chain, \fBb\fR. -.PP -\&\fBBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next -\&\s-1BIO.\s0 -.SH "EXAMPLES" -.IX Header "EXAMPLES" -For these examples suppose \fBmd1\fR and \fBmd2\fR are digest BIOs, \fBb64\fR is -a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO.\s0 -.PP -If the call: -.PP -.Vb 1 -\& BIO_push(b64, f); -.Ve -.PP -is made then the new chain will be \fBb64\-f\fR. After making the calls -.PP -.Vb 2 -\& BIO_push(md2, b64); -\& BIO_push(md1, md2); -.Ve -.PP -the new chain is \fBmd1\-md2\-b64\-f\fR. Data written to \fBmd1\fR will be digested -by \fBmd1\fR and \fBmd2\fR, \fBbase64\fR encoded and written to \fBf\fR. -.PP -It should be noted that reading causes data to pass in the reverse -direction, that is data is read from \fBf\fR, base64 \fBdecoded\fR and digested -by \fBmd1\fR and \fBmd2\fR. If the call: -.PP -.Vb 1 -\& BIO_pop(md2); -.Ve -.PP -The call will return \fBb64\fR and the new chain will be \fBmd1\-b64\-f\fR data can -be written to \fBmd1\fR as before. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -bio -.SH "HISTORY" -.IX Header "HISTORY" -The \fBBIO_set_next()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 deleted file mode 100644 index e138ff703a2c..000000000000 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ /dev/null @@ -1,226 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_READ 3" -.TH BIO_READ 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts \&\- BIO I/O functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); -\& int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); -\& -\& int BIO_read(BIO *b, void *data, int dlen); -\& int BIO_gets(BIO *b, char *buf, int size); -\& int BIO_write(BIO *b, const void *data, int dlen); -\& int BIO_puts(BIO *b, const char *buf); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_read_ex()\fR attempts to read \fBdlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data -in \fBdata\fR. If any bytes were successfully read then the number of bytes read is -stored in \fB*readbytes\fR. -.PP -\&\fBBIO_write_ex()\fR attempts to write \fBdlen\fR bytes from \fBdata\fR to \s-1BIO\s0 \fBb\fR. If -successful then the number of bytes written is stored in \fB*written\fR. -.PP -\&\fBBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places -the data in \fBbuf\fR. -.PP -\&\fBBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data -in \fBbuf\fR. Usually this operation will attempt to read a line of data -from the \s-1BIO\s0 of maximum length \fBsize\-1\fR. There are exceptions to this, -however; for example, \fBBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and -return the digest and other BIOs may not support \fBBIO_gets()\fR at all. -The returned string is always NUL-terminated and the '\en' is preserved -if present in the input data. -.PP -\&\fBBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. -.PP -\&\fBBIO_puts()\fR attempts to write a NUL-terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR return 1 if data was successfully read or -written, and 0 otherwise. -.PP -All other functions return either the amount of data successfully read or -written (if the return value is positive) or that no data was successfully -read or written if the result is 0 or \-1. If the return value is \-2 then -the operation is not implemented in the specific \s-1BIO\s0 type. The trailing -\&\s-1NUL\s0 is not included in the length returned by \fBBIO_gets()\fR. -.SH "NOTES" -.IX Header "NOTES" -A 0 or \-1 return is not necessarily an indication of an error. In -particular when the source/sink is non-blocking or of a certain type -it may merely be an indication that no data is currently available and that -the application should retry the operation later. -.PP -One technique sometimes used with blocking sockets is to use a system call -(such as \fBselect()\fR, \fBpoll()\fR or equivalent) to determine when data is available -and then call \fBread()\fR to read the data. The equivalent with BIOs (that is call -\&\fBselect()\fR on the underlying I/O structure and then call \fBBIO_read()\fR to -read the data) should \fBnot\fR be used because a single call to \fBBIO_read()\fR -can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying -I/O structure and may block as a result. Instead \fBselect()\fR (or equivalent) -should be combined with non blocking I/O so successive reads will request -a retry instead of blocking. -.PP -See \fBBIO_should_retry\fR\|(3) for details of how to -determine the cause of a retry and other I/O issues. -.PP -If the \fBBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to -work around this by adding a buffering \s-1BIO\s0 \fBBIO_f_buffer\fR\|(3) -to the chain. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBBIO_should_retry\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBBIO_gets()\fR on 1.1.0 and older when called on \fBBIO_fd()\fR based \s-1BIO\s0 does not -keep the '\en' at the end of the line in the buffer. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 deleted file mode 100644 index 8f4e156d897e..000000000000 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ /dev/null @@ -1,365 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_S_ACCEPT 3" -.TH BIO_S_ACCEPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_get_peer_name, BIO_get_peer_port, BIO_get_accept_ip_family, BIO_set_accept_ip_family, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept BIO -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const BIO_METHOD *BIO_s_accept(void); -\& -\& long BIO_set_accept_name(BIO *b, char *name); -\& char *BIO_get_accept_name(BIO *b); -\& -\& long BIO_set_accept_port(BIO *b, char *port); -\& char *BIO_get_accept_port(BIO *b); -\& -\& BIO *BIO_new_accept(char *host_port); -\& -\& long BIO_set_nbio_accept(BIO *b, int n); -\& long BIO_set_accept_bios(BIO *b, char *bio); -\& -\& char *BIO_get_peer_name(BIO *b); -\& char *BIO_get_peer_port(BIO *b); -\& long BIO_get_accept_ip_family(BIO *b); -\& long BIO_set_accept_ip_family(BIO *b, long family); -\& -\& long BIO_set_bind_mode(BIO *b, long mode); -\& long BIO_get_bind_mode(BIO *b); -\& -\& int BIO_do_accept(BIO *b); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper -round the platform's \s-1TCP/IP\s0 socket accept routines. -.PP -Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data -transferred using only \s-1BIO\s0 routines. In this way any platform -specific operations are hidden by the \s-1BIO\s0 abstraction. -.PP -Read and write operations on an accept \s-1BIO\s0 will perform I/O -on the underlying connection. If no connection is established -and the port (see below) is set up properly then the \s-1BIO\s0 -waits for an incoming connection. -.PP -Accept BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. -.PP -If the close flag is set on an accept \s-1BIO\s0 then any active -connection on that chain is shutdown and the socket closed when -the \s-1BIO\s0 is freed. -.PP -Calling \fBBIO_reset()\fR on an accept \s-1BIO\s0 will close any active -connection and reset the \s-1BIO\s0 into a state where it awaits another -incoming connection. -.PP -\&\fBBIO_get_fd()\fR and \fBBIO_set_fd()\fR can be called to retrieve or set -the accept socket. See \fBBIO_s_fd\fR\|(3) -.PP -\&\fBBIO_set_accept_name()\fR uses the string \fBname\fR to set the accept -name. The name is represented as a string of the form \*(L"host:port\*(R", -where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. -The host can be \*(L"*\*(R" or empty which is interpreted as meaning -any interface. If the host is an IPv6 address, it has to be -enclosed in brackets, for example \*(L"[::1]:https\*(R". \*(L"port\*(R" has the -same syntax as the port specified in \fBBIO_set_conn_port()\fR for -connect BIOs, that is it can be a numerical port string or a -string to lookup using \fBgetservbyname()\fR and a string table. -.PP -\&\fBBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept -port. \*(L"port\*(R" has the same syntax as the port specified in -\&\fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical -port string or a string to lookup using \fBgetservbyname()\fR and a string -table. -.PP -\&\fBBIO_new_accept()\fR combines \fBBIO_new()\fR and \fBBIO_set_accept_name()\fR into -a single call: that is it creates a new accept \s-1BIO\s0 with port -\&\fBhost_port\fR. -.PP -\&\fBBIO_set_nbio_accept()\fR sets the accept socket to blocking mode -(the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1. -.PP -\&\fBBIO_set_accept_bios()\fR can be used to set a chain of BIOs which -will be duplicated and prepended to the chain when an incoming -connection is received. This is useful if, for example, a -buffering or \s-1SSL BIO\s0 is required for each connection. The -chain of BIOs must not be freed after this call, they will -be automatically freed when the accept \s-1BIO\s0 is freed. -.PP -\&\fBBIO_set_bind_mode()\fR and \fBBIO_get_bind_mode()\fR set and retrieve -the current bind mode. If \fB\s-1BIO_BIND_NORMAL\s0\fR (the default) is set -then another socket cannot be bound to the same port. If -\&\fB\s-1BIO_BIND_REUSEADDR\s0\fR is set then other sockets can bind to the -same port. If \fB\s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0\fR is set then and -attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails -and the port is not in use then a second attempt is made -using \fB\s-1BIO_BIND_REUSEADDR\s0\fR. -.PP -\&\fBBIO_do_accept()\fR serves two functions. When it is first -called, after the accept \s-1BIO\s0 has been setup, it will attempt -to create the accept socket and bind an address to it. Second -and subsequent calls to \fBBIO_do_accept()\fR will await an incoming -connection, or request a retry in non blocking mode. -.SH "NOTES" -.IX Header "NOTES" -When an accept \s-1BIO\s0 is at the end of a chain it will await an -incoming connection before processing I/O calls. When an accept -\&\s-1BIO\s0 is not at then end of a chain it passes I/O calls to the next -\&\s-1BIO\s0 in the chain. -.PP -When a connection is established a new socket \s-1BIO\s0 is created for -the connection and appended to the chain. That is the chain is now -accept\->socket. This effectively means that attempting I/O on -an initial accept socket will await an incoming connection then -perform I/O on it. -.PP -If any additional BIOs have been set using \fBBIO_set_accept_bios()\fR -then they are placed between the socket and the accept \s-1BIO,\s0 -that is the chain will be accept\->otherbios\->socket. -.PP -If a server wishes to process multiple connections (as is normally -the case) then the accept \s-1BIO\s0 must be made available for further -incoming connections. This can be done by waiting for a connection and -then calling: -.PP -.Vb 1 -\& connection = BIO_pop(accept); -.Ve -.PP -After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently -established connection and \fBaccept\fR will now be a single \s-1BIO\s0 -again which can be used to await further incoming connections. -If no further connections will be accepted the \fBaccept\fR can -be freed using \fBBIO_free()\fR. -.PP -If only a single connection will be processed it is possible to -perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable -however because the accept \s-1BIO\s0 will still accept additional incoming -connections. This can be resolved by using \fBBIO_pop()\fR (see above) -and freeing up the accept \s-1BIO\s0 after the initial connection. -.PP -If the underlying accept socket is non-blocking and \fBBIO_do_accept()\fR is -called to await an incoming connection it is possible for -\&\fBBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens -then it is an indication that an accept attempt would block: the application -should take appropriate action to wait until the underlying socket has -accepted a connection and retry the call. -.PP -\&\fBBIO_set_accept_name()\fR, \fBBIO_get_accept_name()\fR, \fBBIO_set_accept_port()\fR, -\&\fBBIO_get_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, \fBBIO_set_accept_bios()\fR, -\&\fBBIO_get_peer_name()\fR, \fBBIO_get_peer_port()\fR, -\&\fBBIO_get_accept_ip_family()\fR, \fBBIO_set_accept_ip_family()\fR, -\&\fBBIO_set_bind_mode()\fR, \fBBIO_get_bind_mode()\fR and \fBBIO_do_accept()\fR are macros. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_do_accept()\fR, -\&\fBBIO_set_accept_name()\fR, \fBBIO_set_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, -\&\fBBIO_set_accept_bios()\fR, \fBBIO_set_accept_ip_family()\fR, and \fBBIO_set_bind_mode()\fR -return 1 for success and 0 or \-1 for failure. -.PP -\&\fBBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error. -\&\fBBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error. -.PP -\&\fBBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error. -\&\fBBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error. -\&\fBBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or \-1 on error. -.PP -\&\fBBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or \-1 on failure. -.PP -\&\fBBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -This example accepts two connections on port 4444, sends messages -down each and finally closes both down. -.PP -.Vb 1 -\& BIO *abio, *cbio, *cbio2; -\& -\& /* First call to BIO_accept() sets up accept BIO */ -\& abio = BIO_new_accept("4444"); -\& if (BIO_do_accept(abio) <= 0) { -\& fprintf(stderr, "Error setting up accept\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -\& -\& /* Wait for incoming connection */ -\& if (BIO_do_accept(abio) <= 0) { -\& fprintf(stderr, "Error accepting connection\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -\& fprintf(stderr, "Connection 1 established\en"); -\& -\& /* Retrieve BIO for connection */ -\& cbio = BIO_pop(abio); -\& BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\en"); -\& fprintf(stderr, "Sent out data on connection 1\en"); -\& -\& /* Wait for another connection */ -\& if (BIO_do_accept(abio) <= 0) { -\& fprintf(stderr, "Error accepting connection\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -\& fprintf(stderr, "Connection 2 established\en"); -\& -\& /* Close accept BIO to refuse further connections */ -\& cbio2 = BIO_pop(abio); -\& BIO_free(abio); -\& BIO_puts(cbio2, "Connection 2: Sending out Data on second\en"); -\& fprintf(stderr, "Sent out data on connection 2\en"); -\& -\& BIO_puts(cbio, "Connection 1: Second connection established\en"); -\& -\& /* Close the two established connections */ -\& BIO_free(cbio); -\& BIO_free(cbio2); -.Ve -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 deleted file mode 100644 index 43f2206bfce2..000000000000 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ /dev/null @@ -1,329 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_S_BIO 3" -.TH BIO_S_BIO 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const BIO_METHOD *BIO_s_bio(void); -\& -\& int BIO_make_bio_pair(BIO *b1, BIO *b2); -\& int BIO_destroy_bio_pair(BIO *b); -\& int BIO_shutdown_wr(BIO *b); -\& -\& int BIO_set_write_buf_size(BIO *b, long size); -\& size_t BIO_get_write_buf_size(BIO *b, long size); -\& -\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); -\& -\& int BIO_get_write_guarantee(BIO *b); -\& size_t BIO_ctrl_get_write_guarantee(BIO *b); -\& int BIO_get_read_request(BIO *b); -\& size_t BIO_ctrl_get_read_request(BIO *b); -\& int BIO_ctrl_reset_read_request(BIO *b); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink -BIOs where data written to either half of the pair is buffered and can be read from -the other half. Both halves must usually by handled by the same application thread -since no locking is done on the internal data structures. -.PP -Since \s-1BIO\s0 chains typically end in a source/sink \s-1BIO\s0 it is possible to make this -one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application -control. -.PP -One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under application control, this -can be used when the application wishes to use a non standard transport for -\&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. -.PP -Calls to \fBBIO_read_ex()\fR will read data from the buffer or request a retry if no -data is available. -.PP -Calls to \fBBIO_write_ex()\fR will place data in the buffer or request a retry if the -buffer is full. -.PP -The standard calls \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR can be used to -determine the amount of pending data in the read or write buffer. -.PP -\&\fBBIO_reset()\fR clears any data in the write buffer. -.PP -\&\fBBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair. -.PP -\&\fBBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing -up any half of the pair will automatically destroy the association. -.PP -\&\fBBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further -writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other -half of the pair will return any pending data or \s-1EOF\s0 when all pending data has -been read. -.PP -\&\fBBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. -If the size is not initialized a default value is used. This is currently -17K, sufficient for a maximum size \s-1TLS\s0 record. -.PP -\&\fBBIO_get_write_buf_size()\fR returns the size of the write buffer. -.PP -\&\fBBIO_new_bio_pair()\fR combines the calls to \fBBIO_new()\fR, \fBBIO_make_bio_pair()\fR and -\&\fBBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR -with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is -zero then the default size is used. \fBBIO_new_bio_pair()\fR does not check whether -\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten, -\&\fBBIO_free()\fR is not called. -.PP -\&\fBBIO_get_write_guarantee()\fR and \fBBIO_ctrl_get_write_guarantee()\fR return the maximum -length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this -value will return a value from \fBBIO_write_ex()\fR less than the amount requested or -if the buffer is full request a retry. \fBBIO_ctrl_get_write_guarantee()\fR is a -function whereas \fBBIO_get_write_guarantee()\fR is a macro. -.PP -\&\fBBIO_get_read_request()\fR and \fBBIO_ctrl_get_read_request()\fR return the -amount of data requested, or the buffer size if it is less, if the -last read attempt at the other half of the \s-1BIO\s0 pair failed due to an -empty buffer. This can be used to determine how much data should be -written to the \s-1BIO\s0 so the next read will succeed: this is most useful -in \s-1TLS/SSL\s0 applications where the amount of data read is usually -meaningful rather than just a buffer size. After a successful read -this call will return zero. It also will return zero once new data -has been written satisfying the read request or part of it. -Note that \fBBIO_get_read_request()\fR never returns an amount larger -than that returned by \fBBIO_get_write_guarantee()\fR. -.PP -\&\fBBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by -\&\fBBIO_get_read_request()\fR to zero. -.SH "NOTES" -.IX Header "NOTES" -Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit -freed due to a \fBBIO_free_all()\fR or \fBSSL_free()\fR call the other half needs to be freed. -.PP -When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to -flush any data in the write buffer. This can be done by calling \fBBIO_pending()\fR -on the other half of the pair and, if any data is pending, reading it and sending -it to the underlying transport. This must be done before any normal processing -(such as calling \fBselect()\fR ) due to a request and \fBBIO_should_read()\fR being true. -.PP -To see why this is important consider a case where a request is sent using -\&\fBBIO_write_ex()\fR and a response read with \fBBIO_read_ex()\fR, this can occur during an -\&\s-1TLS/SSL\s0 handshake for example. \fBBIO_write_ex()\fR will succeed and place data in the -write buffer. \fBBIO_read_ex()\fR will initially fail and \fBBIO_should_read()\fR will be -true. If the application then waits for data to be available on the underlying -transport before flushing the write buffer it will never succeed because the -request was never sent! -.PP -\&\fBBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been -shutdown. -.PP -\&\fBBIO_make_bio_pair()\fR, \fBBIO_destroy_bio_pair()\fR, \fBBIO_shutdown_wr()\fR, -\&\fBBIO_set_write_buf_size()\fR, \fBBIO_get_write_buf_size()\fR, -\&\fBBIO_get_write_guarantee()\fR, and \fBBIO_get_read_request()\fR are implemented -as macros. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in -\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the -locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. -.PP -[\s-1XXXXX:\s0 More return values need to be added here] -.SH "EXAMPLES" -.IX Header "EXAMPLES" -The \s-1BIO\s0 pair can be used to have full control over the network access of an -application. The application can call \fBselect()\fR on the socket as required -without having to go through the SSL-interface. -.PP -.Vb 1 -\& BIO *internal_bio, *network_bio; -\& -\& ... -\& BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); -\& SSL_set_bio(ssl, internal_bio, internal_bio); -\& SSL_operations(); /* e.g SSL_read and SSL_write */ -\& ... -\& -\& application | TLS\-engine -\& | | -\& +\-\-\-\-\-\-\-\-\-\-> SSL_operations() -\& | /\e || -\& | || \e/ -\& | BIO\-pair (internal_bio) -\& | BIO\-pair (network_bio) -\& | || /\e -\& | \e/ || -\& +\-\-\-\-\-\-\-\-\-\-\-< BIO_operations() -\& | | -\& | | -\& socket -\& -\& ... -\& SSL_free(ssl); /* implicitly frees internal_bio */ -\& BIO_free(network_bio); -\& ... -.Ve -.PP -As the \s-1BIO\s0 pair will only buffer the data and never directly access the -connection, it behaves non-blocking and will return as soon as the write -buffer is full or the read buffer is drained. Then the application has to -flush the write buffer and/or fill the read buffer. -.PP -Use the \fBBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 -and must be transferred to the network. Use \fBBIO_ctrl_get_read_request()\fR to -find out, how many bytes must be written into the buffer before the -\&\fBSSL_operation()\fR can successfully be continued. -.SH "WARNINGS" -.IX Header "WARNINGS" -As the data is buffered, \fBSSL_operation()\fR may return with an \s-1ERROR_SSL_WANT_READ\s0 -condition, but there is still data in the write buffer. An application must -not rely on the error value of \fBSSL_operation()\fR but must assure that the -write buffer is always flushed first. Otherwise a deadlock may occur as -the peer might be waiting for the data before being able to continue. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), -\&\fBBIO_should_retry\fR\|(3), \fBBIO_read_ex\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 deleted file mode 100644 index c74545f610b0..000000000000 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ /dev/null @@ -1,338 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_S_CONNECT 3" -.TH BIO_S_CONNECT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_set_conn_address, BIO_get_conn_address, BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, BIO_set_conn_ip_family, BIO_get_conn_ip_family, BIO_get_conn_hostname, BIO_get_conn_port, BIO_set_nbio, BIO_do_connect \- connect BIO -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const BIO_METHOD * BIO_s_connect(void); -\& -\& BIO *BIO_new_connect(char *name); -\& -\& long BIO_set_conn_hostname(BIO *b, char *name); -\& long BIO_set_conn_port(BIO *b, char *port); -\& long BIO_set_conn_address(BIO *b, BIO_ADDR *addr); -\& long BIO_set_conn_ip_family(BIO *b, long family); -\& const char *BIO_get_conn_hostname(BIO *b); -\& const char *BIO_get_conn_port(BIO *b); -\& const BIO_ADDR *BIO_get_conn_address(BIO *b); -\& const long BIO_get_conn_ip_family(BIO *b); -\& -\& long BIO_set_nbio(BIO *b, long n); -\& -\& int BIO_do_connect(BIO *b); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper -round the platform's \s-1TCP/IP\s0 socket connection routines. -.PP -Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data -transferred using only \s-1BIO\s0 routines. In this way any platform -specific operations are hidden by the \s-1BIO\s0 abstraction. -.PP -Read and write operations on a connect \s-1BIO\s0 will perform I/O -on the underlying connection. If no connection is established -and the port and hostname (see below) is set up properly then -a connection is established first. -.PP -Connect BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. -.PP -If the close flag is set on a connect \s-1BIO\s0 then any active -connection is shutdown and the socket closed when the \s-1BIO\s0 -is freed. -.PP -Calling \fBBIO_reset()\fR on a connect \s-1BIO\s0 will close any active -connection and reset the \s-1BIO\s0 into a state where it can connect -to the same host again. -.PP -\&\fBBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0 -it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of -type (int *). -.PP -\&\fBBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. -The hostname can be an \s-1IP\s0 address; if the address is an IPv6 one, it -must be enclosed with brackets. The hostname can also include the -port in the form hostname:port. -.PP -\&\fBBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the -numerical form or a string such as \*(L"http\*(R". A string will be looked -up first using \fBgetservbyname()\fR on the host platform but if that -fails a standard table of port names will be used. This internal -list is http, telnet, socks, https, ssl, ftp, and gopher. -.PP -\&\fBBIO_set_conn_address()\fR sets the address and port information using -a \s-1\fBBIO_ADDR\s0\fR\|(3ssl). -.PP -\&\fBBIO_set_conn_ip_family()\fR sets the \s-1IP\s0 family. -.PP -\&\fBBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or -\&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set. -This return value is an internal pointer which should not be modified. -.PP -\&\fBBIO_get_conn_port()\fR returns the port as a string. -This return value is an internal pointer which should not be modified. -.PP -\&\fBBIO_get_conn_address()\fR returns the address information as a \s-1BIO_ADDR.\s0 -This return value is an internal pointer which should not be modified. -.PP -\&\fBBIO_get_conn_ip_family()\fR returns the \s-1IP\s0 family of the connect \s-1BIO.\s0 -.PP -\&\fBBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is -zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O -is set. Blocking I/O is the default. The call to \fBBIO_set_nbio()\fR -should be made before the connection is established because -non blocking I/O is set during the connect process. -.PP -\&\fBBIO_new_connect()\fR combines \fBBIO_new()\fR and \fBBIO_set_conn_hostname()\fR into -a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. -.PP -\&\fBBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1 -if the connection was established successfully. A zero or negative -value is returned if the connection could not be established, the -call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs -to determine if the call should be retried. -.SH "NOTES" -.IX Header "NOTES" -If blocking I/O is set then a non positive return value from any -I/O call is caused by an error condition, although a zero return -will normally mean that the connection was closed. -.PP -If the port name is supplied as part of the host name then this will -override any value set with \fBBIO_set_conn_port()\fR. This may be undesirable -if the application does not wish to allow connection to arbitrary -ports. This can be avoided by checking for the presence of the ':' -character in the passed hostname and either indicating an error or -truncating the string at that point. -.PP -The values returned by \fBBIO_get_conn_hostname()\fR, \fBBIO_get_conn_address()\fR, -and \fBBIO_get_conn_port()\fR are updated when a connection attempt is made. -Before any connection attempt the values returned are those set by the -application itself. -.PP -Applications do not have to call \fBBIO_do_connect()\fR but may wish to do -so to separate the connection process from other I/O processing. -.PP -If non blocking I/O is set then retries will be requested as appropriate. -.PP -It addition to \fBBIO_should_read()\fR and \fBBIO_should_write()\fR it is also -possible for \fBBIO_should_io_special()\fR to be true during the initial -connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned -then this is an indication that a connection attempt would block, -the application should then take appropriate action to wait until -the underlying socket has connected and retry the call. -.PP -\&\fBBIO_set_conn_hostname()\fR, \fBBIO_set_conn_port()\fR, \fBBIO_get_conn_hostname()\fR, -\&\fBBIO_set_conn_address()\fR, \fBBIO_get_conn_port()\fR, \fBBIO_get_conn_address()\fR, -\&\fBBIO_set_conn_ip_family()\fR, \fBBIO_get_conn_ip_family()\fR, -\&\fBBIO_set_nbio()\fR, and \fBBIO_do_connect()\fR are macros. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. -.PP -\&\fBBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not -been initialized. -.PP -\&\fBBIO_set_conn_address()\fR, \fBBIO_set_conn_port()\fR, and \fBBIO_set_conn_ip_family()\fR -always return 1. -.PP -\&\fBBIO_set_conn_hostname()\fR returns 1 on success and 0 on failure. -.PP -\&\fBBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none -was set. -.PP -\&\fBBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 if -none was set. -.PP -\&\fBBIO_get_conn_ip_family()\fR returns the address family or \-1 if none was set. -.PP -\&\fBBIO_get_conn_port()\fR returns a string representing the connected -port or \s-1NULL\s0 if not set. -.PP -\&\fBBIO_set_nbio()\fR always returns 1. -.PP -\&\fBBIO_do_connect()\fR returns 1 if the connection was successfully -established and 0 or \-1 if the connection failed. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -This is example connects to a webserver on the local host and attempts -to retrieve a page and copy the result to standard output. -.PP -.Vb 3 -\& BIO *cbio, *out; -\& int len; -\& char tmpbuf[1024]; -\& -\& cbio = BIO_new_connect("localhost:http"); -\& out = BIO_new_fp(stdout, BIO_NOCLOSE); -\& if (BIO_do_connect(cbio) <= 0) { -\& fprintf(stderr, "Error connecting to server\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -\& BIO_puts(cbio, "GET / HTTP/1.0\en\en"); -\& for (;;) { -\& len = BIO_read(cbio, tmpbuf, 1024); -\& if (len <= 0) -\& break; -\& BIO_write(out, tmpbuf, len); -\& } -\& BIO_free(cbio); -\& BIO_free(out); -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\s-1\fBBIO_ADDR\s0\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBBIO_set_conn_int_port()\fR, \fBBIO_get_conn_int_port()\fR, \fBBIO_set_conn_ip()\fR, and \fBBIO_get_conn_ip()\fR -were removed in OpenSSL 1.1.0. -Use \fBBIO_set_conn_address()\fR and \fBBIO_get_conn_address()\fR instead. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 deleted file mode 100644 index 924f962a5a2b..000000000000 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ /dev/null @@ -1,230 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_S_FD 3" -.TH BIO_S_FD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const BIO_METHOD *BIO_s_fd(void); -\& -\& int BIO_set_fd(BIO *b, int fd, int c); -\& int BIO_get_fd(BIO *b, int *c); -\& -\& BIO *BIO_new_fd(int fd, int close_flag); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper -round the platforms file descriptor routines such as \fBread()\fR and \fBwrite()\fR. -.PP -\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying descriptor. -\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. -.PP -If the close flag is set then \fBclose()\fR is called on the underlying -file descriptor when the \s-1BIO\s0 is freed. -.PP -\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file -such as by using \fBlseek(fd, 0, 0)\fR. -.PP -\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file -such as by using \fBlseek(fd, ofs, 0)\fR. -.PP -\&\fBBIO_tell()\fR returns the current file position such as by calling -\&\fBlseek(fd, 0, 1)\fR. -.PP -\&\fBBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close -flag to \fBc\fR. -.PP -\&\fBBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also -returns the file descriptor. -.PP -\&\fBBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. -.SH "NOTES" -.IX Header "NOTES" -The behaviour of \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR depends on the behavior of the -platforms \fBread()\fR and \fBwrite()\fR calls on the descriptor. If the underlying -file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the -manner described in the \fBBIO_read_ex\fR\|(3) and \fBBIO_should_retry\fR\|(3) -manual pages. -.PP -File descriptor BIOs should not be used for socket I/O. Use socket BIOs -instead. -.PP -\&\fBBIO_set_fd()\fR and \fBBIO_get_fd()\fR are implemented as macros. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. -.PP -\&\fBBIO_set_fd()\fR always returns 1. -.PP -\&\fBBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not -been initialized. -.PP -\&\fBBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error -occurred. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R": -.PP -.Vb 1 -\& BIO *out; -\& -\& out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE); -\& BIO_printf(out, "Hello World\en"); -\& BIO_free(out); -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), -\&\fBBIO_reset\fR\|(3), \fBBIO_read_ex\fR\|(3), -\&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), -\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), -\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 deleted file mode 100644 index 1f301d5c6138..000000000000 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ /dev/null @@ -1,303 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_S_FILE 3" -.TH BIO_S_FILE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename, BIO_write_filename, BIO_append_filename, BIO_rw_filename \- FILE bio -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const BIO_METHOD *BIO_s_file(void); -\& BIO *BIO_new_file(const char *filename, const char *mode); -\& BIO *BIO_new_fp(FILE *stream, int flags); -\& -\& BIO_set_fp(BIO *b, FILE *fp, int flags); -\& BIO_get_fp(BIO *b, FILE **fpp); -\& -\& int BIO_read_filename(BIO *b, char *name) -\& int BIO_write_filename(BIO *b, char *name) -\& int BIO_append_filename(BIO *b, char *name) -\& int BIO_rw_filename(BIO *b, char *name) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it -is a wrapper round the stdio \s-1FILE\s0 structure and it is a -source/sink \s-1BIO.\s0 -.PP -Calls to \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read and write data to the -underlying stream. \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported on file BIOs. -.PP -\&\fBBIO_flush()\fR on a file \s-1BIO\s0 calls the \fBfflush()\fR function on the wrapped -stream. -.PP -\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file -using fseek(stream, 0, 0). -.PP -\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file -using fseek(stream, ofs, 0). -.PP -\&\fBBIO_eof()\fR calls \fBfeof()\fR. -.PP -Setting the \s-1BIO_CLOSE\s0 flag calls \fBfclose()\fR on the stream when the \s-1BIO\s0 -is freed. -.PP -\&\fBBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning -of \fBmode\fR is the same as the stdio function \fBfopen()\fR. The \s-1BIO_CLOSE\s0 -flag is set on the returned \s-1BIO.\s0 -.PP -\&\fBBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: -\&\s-1BIO_CLOSE, BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying -stream to text mode, default is binary: this only has any effect under -Win32). -.PP -\&\fBBIO_set_fp()\fR sets the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same -meaning as in \fBBIO_new_fp()\fR, it is a macro. -.PP -\&\fBBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro. -.PP -\&\fBBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes -from the start of file. -.PP -\&\fBBIO_tell()\fR returns the value of the position pointer. -.PP -\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and -\&\fBBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for -reading, writing, append or read write respectively. -.SH "NOTES" -.IX Header "NOTES" -When wrapping stdout, stdin or stderr the underlying stream should not -normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set. -.PP -Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks -in stdio behaviour will be mirrored by the corresponding \s-1BIO.\s0 -.PP -On Windows BIO_new_files reserves for the filename argument to be -\&\s-1UTF\-8\s0 encoded. In other words if you have to make it work in multi\- -lingual environment, encode file names in \s-1UTF\-8.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_s_file()\fR returns the file \s-1BIO\s0 method. -.PP -\&\fBBIO_new_file()\fR and \fBBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error -occurred. -.PP -\&\fBBIO_set_fp()\fR and \fBBIO_get_fp()\fR return 1 for success or 0 for failure -(although the current implementation never return 0). -.PP -\&\fBBIO_seek()\fR returns the same value as the underlying \fBfseek()\fR function: -0 for success or \-1 for failure. -.PP -\&\fBBIO_tell()\fR returns the current file position. -.PP -\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and -\&\fBBIO_rw_filename()\fR return 1 for success or 0 for failure. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -File \s-1BIO\s0 \*(L"hello world\*(R": -.PP -.Vb 1 -\& BIO *bio_out; -\& -\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); -\& BIO_printf(bio_out, "Hello World\en"); -.Ve -.PP -Alternative technique: -.PP -.Vb 1 -\& BIO *bio_out; -\& -\& bio_out = BIO_new(BIO_s_file()); -\& if (bio_out == NULL) -\& /* Error */ -\& if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) -\& /* Error */ -\& BIO_printf(bio_out, "Hello World\en"); -.Ve -.PP -Write to a file: -.PP -.Vb 1 -\& BIO *out; -\& -\& out = BIO_new_file("filename.txt", "w"); -\& if (!out) -\& /* Error */ -\& BIO_printf(out, "Hello World\en"); -\& BIO_free(out); -.Ve -.PP -Alternative technique: -.PP -.Vb 1 -\& BIO *out; -\& -\& out = BIO_new(BIO_s_file()); -\& if (out == NULL) -\& /* Error */ -\& if (!BIO_write_filename(out, "filename.txt")) -\& /* Error */ -\& BIO_printf(out, "Hello World\en"); -\& BIO_free(out); -.Ve -.SH "BUGS" -.IX Header "BUGS" -\&\fBBIO_reset()\fR and \fBBIO_seek()\fR are implemented using \fBfseek()\fR on the underlying -stream. The return value for \fBfseek()\fR is 0 for success or \-1 if an error -occurred this differs from other types of \s-1BIO\s0 which will typically return -1 for success and a non positive value if an error occurred. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), -\&\fBBIO_reset\fR\|(3), \fBBIO_flush\fR\|(3), -\&\fBBIO_read_ex\fR\|(3), -\&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), -\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), -\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 deleted file mode 100644 index 5e8070620550..000000000000 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ /dev/null @@ -1,297 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_S_MEM 3" -.TH BIO_S_MEM 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_s_secmem, BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const BIO_METHOD *BIO_s_mem(void); -\& const BIO_METHOD *BIO_s_secmem(void); -\& -\& BIO_set_mem_eof_return(BIO *b, int v) -\& long BIO_get_mem_data(BIO *b, char **pp) -\& BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c) -\& BIO_get_mem_ptr(BIO *b, BUF_MEM **pp) -\& -\& BIO *BIO_new_mem_buf(const void *buf, int len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_s_mem()\fR returns the memory \s-1BIO\s0 method function. -.PP -A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data -written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended -as appropriate to accommodate the stored data. -.PP -\&\fBBIO_s_secmem()\fR is like \fBBIO_s_mem()\fR except that the secure heap is used -for buffer storage. -.PP -Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. -Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from -the \s-1BIO.\s0 -.PP -Memory BIOs support \fBBIO_gets()\fR and \fBBIO_puts()\fR. -.PP -If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying -\&\s-1BUF_MEM\s0 structure is also freed. -.PP -Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it if the -flag \s-1BIO_FLAGS_NONCLEAR_RST\s0 is not set, otherwise it just restores the read -pointer to the state it was just after the last write was performed and the -data can be read again. On a read only \s-1BIO\s0 it similarly restores the \s-1BIO\s0 to -its original state and the read only data can be read again. -.PP -\&\fBBIO_eof()\fR is true if no data is in the \s-1BIO.\s0 -.PP -\&\fBBIO_ctrl_pending()\fR returns the number of bytes currently stored. -.PP -\&\fBBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is -empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is -it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non -zero then it will return \fBv\fR when it is empty and it will set the read retry -flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal -positive return value \fBv\fR should be set to a negative value, typically \-1. -.PP -\&\fBBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data -and returns the total amount of data available. It is implemented as a macro. -.PP -\&\fBBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the -close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 -It is a macro. -.PP -\&\fBBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is -a macro. -.PP -\&\fBBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, -if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be nul terminated and its -length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and -as a result cannot be written to. This is useful when some data needs to be -made available from a static area of memory in the form of a \s-1BIO.\s0 The -supplied data is read directly from the supplied buffer: it is \fBnot\fR copied -first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed. -.SH "NOTES" -.IX Header "NOTES" -Writes to memory BIOs will always succeed if memory is available: that is -their size can grow indefinitely. -.PP -Every write after partial read (not all data in the memory buffer was read) -to a read write memory \s-1BIO\s0 will have to move the unread data with an internal -copy operation, if a \s-1BIO\s0 contains a lot of data and it is read in small -chunks intertwined with writes the operation can be very slow. Adding -a buffering \s-1BIO\s0 to the chain can speed up the process. -.PP -Calling \fBBIO_set_mem_buf()\fR on a \s-1BIO\s0 created with \fBBIO_new_secmem()\fR will -give undefined results, including perhaps a program crash. -.PP -Switching the memory \s-1BIO\s0 from read write to read only is not supported and -can give undefined results including a program crash. There are two notable -exceptions to the rule. The first one is to assign a static memory buffer -immediately after \s-1BIO\s0 creation and set the \s-1BIO\s0 as read only. -.PP -The other supported sequence is to start with read write \s-1BIO\s0 then temporarily -switch it to read only and call \fBBIO_reset()\fR on the read only \s-1BIO\s0 immediately -before switching it back to read write. Before the \s-1BIO\s0 is freed it must be -switched back to the read write mode. -.PP -Calling \fBBIO_get_mem_ptr()\fR on read only \s-1BIO\s0 will return a \s-1BUF_MEM\s0 that -contains only the remaining data to be read. If the close status of the -\&\s-1BIO\s0 is set to \s-1BIO_NOCLOSE,\s0 before freeing the \s-1BUF_MEM\s0 the data pointer -in it must be set to \s-1NULL\s0 as the data pointer does not point to an -allocated memory. -.PP -Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 with \s-1BIO_FLAGS_NONCLEAR_RST\s0 -flag set can have unexpected outcome when the reads and writes to the -\&\s-1BIO\s0 are intertwined. As documented above the \s-1BIO\s0 will be reset to the -state after the last completed write operation. The effects of reads -preceding that write operation cannot be undone. -.PP -Calling \fBBIO_get_mem_ptr()\fR prior to a \fBBIO_reset()\fR call with -\&\s-1BIO_FLAGS_NONCLEAR_RST\s0 set has the same effect as a write operation. -.SH "BUGS" -.IX Header "BUGS" -There should be an option to set the maximum size of a memory \s-1BIO.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_s_mem()\fR and \fBBIO_s_secmem()\fR return a valid memory \fB\s-1BIO_METHOD\s0\fR structure. -.PP -\&\fBBIO_set_mem_eof_return()\fR, \fBBIO_set_mem_buf()\fR and \fBBIO_get_mem_ptr()\fR -return 1 on success or a value which is less than or equal to 0 if an error occurred. -.PP -\&\fBBIO_get_mem_data()\fR returns the total number of bytes available on success, -0 if b is \s-1NULL,\s0 or a negative value in case of other errors. -.PP -\&\fBBIO_new_mem_buf()\fR returns a valid \fB\s-1BIO\s0\fR structure on success or \s-1NULL\s0 on error. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Create a memory \s-1BIO\s0 and write some data to it: -.PP -.Vb 1 -\& BIO *mem = BIO_new(BIO_s_mem()); -\& -\& BIO_puts(mem, "Hello World\en"); -.Ve -.PP -Create a read only memory \s-1BIO:\s0 -.PP -.Vb 2 -\& char data[] = "Hello World"; -\& BIO *mem = BIO_new_mem_buf(data, \-1); -.Ve -.PP -Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up the \s-1BIO:\s0 -.PP -.Vb 1 -\& BUF_MEM *bptr; -\& -\& BIO_get_mem_ptr(mem, &bptr); -\& BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */ -\& BIO_free(mem); -.Ve -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 deleted file mode 100644 index d122e432ff84..000000000000 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ /dev/null @@ -1,176 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_S_NULL 3" -.TH BIO_S_NULL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_s_null \- null data sink -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const BIO_METHOD *BIO_s_null(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to -the null sink is discarded, reads return \s-1EOF.\s0 -.SH "NOTES" -.IX Header "NOTES" -A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null -device. -.PP -A null bio can be placed on the end of a chain to discard any data -passed through it. -.PP -A null sink is useful if, for example, an application wishes to digest some -data by writing through a digest bio but not send the digested data anywhere. -Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can be achieved -by adding a null sink \s-1BIO\s0 to the end of the chain -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 deleted file mode 100644 index 8e66ed794404..000000000000 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_S_SOCKET 3" -.TH BIO_S_SOCKET 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_s_socket, BIO_new_socket \- socket BIO -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const BIO_METHOD *BIO_s_socket(void); -\& -\& BIO *BIO_new_socket(int sock, int close_flag); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper -round the platform's socket routines. -.PP -\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying socket. -\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. -.PP -If the close flag is set then the socket is shut down and closed -when the \s-1BIO\s0 is freed. -.PP -\&\fBBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. -.SH "NOTES" -.IX Header "NOTES" -Socket BIOs also support any relevant functionality of file descriptor -BIOs. -.PP -The reason for having separate file descriptor and socket BIOs is that on some -platforms sockets are not file descriptors and use distinct I/O routines, -Windows is one such platform. Any code mixing the two will not work on -all platforms. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. -.PP -\&\fBBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error -occurred. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 deleted file mode 100644 index 844e35ac4930..000000000000 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ /dev/null @@ -1,392 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_SET_CALLBACK 3" -.TH BIO_SET_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, BIO_callback_fn_ex, BIO_callback_fn \&\- BIO callback functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, -\& size_t len, int argi, -\& long argl, int ret, size_t *processed); -\& typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, -\& long argl, long ret); -\& -\& void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); -\& BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); -\& -\& void BIO_set_callback(BIO *b, BIO_callback_fn cb); -\& BIO_callback_fn BIO_get_callback(BIO *b); -\& void BIO_set_callback_arg(BIO *b, char *arg); -\& char *BIO_get_callback_arg(const BIO *b); -\& -\& long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, -\& long argl, long ret); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBIO_set_callback_ex()\fR and \fBBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0 -callback. The callback is called during most high level \s-1BIO\s0 operations. It can -be used for debugging purposes to trace operations on a \s-1BIO\s0 or to modify its -operation. -.PP -\&\fBBIO_set_callback()\fR and \fBBIO_get_callback()\fR set and retrieve the old format \s-1BIO\s0 -callback. New code should not use these functions, but they are retained for -backwards compatibility. Any callback set via \fBBIO_set_callback_ex()\fR will get -called in preference to any set by \fBBIO_set_callback()\fR. -.PP -\&\fBBIO_set_callback_arg()\fR and \fBBIO_get_callback_arg()\fR are macros which can be -used to set and retrieve an argument for use in the callback. -.PP -\&\fBBIO_debug_callback()\fR is a standard debugging callback which prints -out information relating to each \s-1BIO\s0 operation. If the callback -argument is set it is interpreted as a \s-1BIO\s0 to send the information -to, otherwise stderr is used. -.PP -\&\fBBIO_callback_fn_ex()\fR is the type of the callback function and \fBBIO_callback_fn()\fR -is the type of the old format callback function. The meaning of each argument -is described below: -.IP "\fBb\fR" 4 -.IX Item "b" -The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR. -.IP "\fBoper\fR" 4 -.IX Item "oper" -\&\fBoper\fR is set to the operation being performed. For some operations -the callback is called twice, once before and once after the actual -operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN.\s0 -.IP "\fBlen\fR" 4 -.IX Item "len" -The length of the data requested to be read or written. This is only useful if -\&\fBoper\fR is \s-1BIO_CB_READ, BIO_CB_WRITE\s0 or \s-1BIO_CB_GETS.\s0 -.IP "\fBargp\fR \fBargi\fR \fBargl\fR" 4 -.IX Item "argp argi argl" -The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on -the value of \fBoper\fR, that is the operation being performed. -.IP "\fBprocessed\fR" 4 -.IX Item "processed" -\&\fBprocessed\fR is a pointer to a location which will be updated with the amount of -data that was actually read or written. Only used for \s-1BIO_CB_READ, BIO_CB_WRITE, -BIO_CB_GETS\s0 and \s-1BIO_CB_PUTS.\s0 -.IP "\fBret\fR" 4 -.IX Item "ret" -\&\fBret\fR is the return value that would be returned to the -application if no callback were present. The actual value returned -is the return value of the callback itself. In the case of callbacks -called before the actual \s-1BIO\s0 operation 1 is placed in \fBret\fR, if -the return value is not positive it will be immediately returned to -the application and the \s-1BIO\s0 operation will not be performed. -.PP -The callback should normally simply return \fBret\fR when it has -finished processing, unless it specifically wishes to modify the -value returned to the application. -.SH "CALLBACK OPERATIONS" -.IX Header "CALLBACK OPERATIONS" -In the notes below, \fBcallback\fR defers to the actual callback -function that is called. -.IP "\fBBIO_free(b)\fR" 4 -.IX Item "BIO_free(b)" -.Vb 1 -\& callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL) -.Ve -.Sp -or -.Sp -.Vb 1 -\& callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L) -.Ve -.Sp -is called before the free operation. -.IP "\fBBIO_read_ex(b, data, dlen, readbytes)\fR" 4 -.IX Item "BIO_read_ex(b, data, dlen, readbytes)" -.Vb 1 -\& callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, NULL) -.Ve -.Sp -or -.Sp -.Vb 1 -\& callback(b, BIO_CB_READ, data, dlen, 0L, 1L) -.Ve -.Sp -is called before the read and -.Sp -.Vb 2 -\& callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, -\& &readbytes) -.Ve -.Sp -or -.Sp -.Vb 1 -\& callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue) -.Ve -.Sp -after. -.IP "\fBBIO_write(b, data, dlen, written)\fR" 4 -.IX Item "BIO_write(b, data, dlen, written)" -.Vb 1 -\& callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, NULL) -.Ve -.Sp -or -.Sp -.Vb 1 -\& callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L) -.Ve -.Sp -is called before the write and -.Sp -.Vb 2 -\& callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, -\& &written) -.Ve -.Sp -or -.Sp -.Vb 1 -\& callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue) -.Ve -.Sp -after. -.IP "\fBBIO_gets(b, buf, size)\fR" 4 -.IX Item "BIO_gets(b, buf, size)" -.Vb 1 -\& callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL) -.Ve -.Sp -or -.Sp -.Vb 1 -\& callback(b, BIO_CB_GETS, buf, size, 0L, 1L) -.Ve -.Sp -is called before the operation and -.Sp -.Vb 2 -\& callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue, -\& &readbytes) -.Ve -.Sp -or -.Sp -.Vb 1 -\& callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue) -.Ve -.Sp -after. -.IP "\fBBIO_puts(b, buf)\fR" 4 -.IX Item "BIO_puts(b, buf)" -.Vb 1 -\& callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL); -.Ve -.Sp -or -.Sp -.Vb 1 -\& callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L) -.Ve -.Sp -is called before the operation and -.Sp -.Vb 1 -\& callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, &written) -.Ve -.Sp -or -.Sp -.Vb 1 -\& callback(b, BIO_CB_PUTS|BIO_CB_RETURN, buf, 0, 0L, retvalue) -.Ve -.Sp -after. -.IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4 -.IX Item "BIO_ctrl(BIO *b, int cmd, long larg, void *parg)" -.Vb 1 -\& callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL) -.Ve -.Sp -or -.Sp -.Vb 1 -\& callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L) -.Ve -.Sp -is called before the call and -.Sp -.Vb 1 -\& callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL) -.Ve -.Sp -or -.Sp -.Vb 1 -\& callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret) -.Ve -.Sp -after. -.Sp -Note: \fBcmd\fR == \fB\s-1BIO_CTRL_SET_CALLBACK\s0\fR is special, because \fBparg\fR is not the -argument of type \fBBIO_info_cb\fR itself. In this case \fBparg\fR is a pointer to -the actual call parameter, see \fBBIO_callback_ctrl\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_get_callback_ex()\fR and \fBBIO_get_callback()\fR return the callback function -previously set by a call to \fBBIO_set_callback_ex()\fR and \fBBIO_set_callback()\fR -respectively. -.PP -\&\fBBIO_get_callback_arg()\fR returns a \fBchar\fR pointer to the value previously set -via a call to \fBBIO_set_callback_arg()\fR. -.PP -\&\fBBIO_debug_callback()\fR returns 1 or \fBret\fR if it's called after specific \s-1BIO\s0 -operations. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -The \fBBIO_debug_callback()\fR function is a good example, its source is -in crypto/bio/bio_cb.c -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 deleted file mode 100644 index c2e0991d6d87..000000000000 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ /dev/null @@ -1,273 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BIO_SHOULD_RETRY 3" -.TH BIO_SHOULD_RETRY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BIO_should_read, BIO_should_write, BIO_should_io_special, BIO_retry_type, BIO_should_retry, BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason \- BIO retry functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BIO_should_read(BIO *b); -\& int BIO_should_write(BIO *b); -\& int BIO_should_io_special(iBIO *b); -\& int BIO_retry_type(BIO *b); -\& int BIO_should_retry(BIO *b); -\& -\& BIO *BIO_get_retry_BIO(BIO *bio, int *reason); -\& int BIO_get_retry_reason(BIO *bio); -\& void BIO_set_retry_reason(BIO *bio, int reason); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions determine why a \s-1BIO\s0 is not able to read or write data. -They will typically be called after a failed \fBBIO_read_ex()\fR or \fBBIO_write_ex()\fR -call. -.PP -\&\fBBIO_should_retry()\fR is true if the call that produced this condition -should then be retried at a later time. -.PP -If \fBBIO_should_retry()\fR is false then the cause is an error condition. -.PP -\&\fBBIO_should_read()\fR is true if the cause of the condition is that the \s-1BIO\s0 -has insufficient data to return. Check for readability and/or retry the -last operation. -.PP -\&\fBBIO_should_write()\fR is true if the cause of the condition is that the \s-1BIO\s0 -has pending data to write. Check for writability and/or retry the -last operation. -.PP -\&\fBBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a -reason other than reading or writing is the cause of the condition. -.PP -\&\fBBIO_retry_type()\fR returns a mask of the cause of a retry condition -consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR, -\&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of -these. -.PP -\&\fBBIO_get_retry_BIO()\fR determines the precise reason for the special -condition, it returns the \s-1BIO\s0 that caused this condition and if -\&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of -the reason code and the action that should be taken depends on -the type of \s-1BIO\s0 that resulted in this condition. -.PP -\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition if -passed the relevant \s-1BIO,\s0 for example as returned by \fBBIO_get_retry_BIO()\fR. -.PP -\&\fBBIO_set_retry_reason()\fR sets the retry reason for a special condition for a given -\&\s-1BIO.\s0 This would usually only be called by \s-1BIO\s0 implementations. -.SH "NOTES" -.IX Header "NOTES" -\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, -\&\fBBIO_retry_type()\fR, and \fBBIO_should_retry()\fR, are implemented as macros. -.PP -If \fBBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" -depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0 -operation. For example if a call to \fBBIO_read_ex()\fR on a socket \s-1BIO\s0 returns -0 and \fBBIO_should_retry()\fR is false then the cause will be that the -connection closed. A similar condition on a file \s-1BIO\s0 will mean that it -has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on -the error queue. For more details see the individual \s-1BIO\s0 type manual -pages. -.PP -If the underlying I/O structure is in a blocking mode almost all current -\&\s-1BIO\s0 types will not request a retry, because the underlying I/O -calls will not. If the application knows that the \s-1BIO\s0 type will never -signal a retry then it need not call \fBBIO_should_retry()\fR after a failed -\&\s-1BIO I/O\s0 call. This is typically done with file BIOs. -.PP -\&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a -retry even if the underlying I/O structure is blocking, if a handshake -occurs during a call to \fBBIO_read()\fR. An application can retry the failed -call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0 -on the underlying \s-1SSL\s0 structure. -.PP -While an application may retry a failed non blocking call immediately -this is likely to be very inefficient because the call will fail -repeatedly until data can be processed or is available. An application -will normally wait until the necessary condition is satisfied. How -this is done depends on the underlying I/O structure. -.PP -For example if the cause is ultimately a socket and \fBBIO_should_read()\fR -is true then a call to \fBselect()\fR may be made to wait until data is -available and then retry the \s-1BIO\s0 operation. By combining the retry -conditions of several non blocking BIOs in a single \fBselect()\fR call -it is possible to service several BIOs in a single thread, though -the performance may be poor if \s-1SSL\s0 BIOs are present because long delays -can occur during the initial handshake process. -.PP -It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O -structure cannot process or return any data. This depends on the behaviour of -the platforms I/O functions. This is often not desirable: one solution -is to use non blocking I/O and use a timeout on the \fBselect()\fR (or -equivalent) call. -.SH "BUGS" -.IX Header "BUGS" -The OpenSSL \s-1ASN1\s0 functions cannot gracefully deal with non blocking I/O: -that is they cannot retry after a partial read or write. This is usually -worked around by only passing the relevant data to \s-1ASN1\s0 functions when -the entire structure can be read or written. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, and -\&\fBBIO_should_retry()\fR return either 1 or 0 based on the actual conditions -of the \fB\s-1BIO\s0\fR. -.PP -\&\fBBIO_retry_type()\fR returns a flag combination presenting the cause of a retry -condition or false if there is no retry condition. -.PP -\&\fBBIO_get_retry_BIO()\fR returns a valid \fB\s-1BIO\s0\fR structure. -.PP -\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -bio -.SH "HISTORY" -.IX Header "HISTORY" -The \fBBIO_get_retry_reason()\fR and \fBBIO_set_retry_reason()\fR functions were added in -OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3 deleted file mode 100644 index 958fa5df3da4..000000000000 --- a/secure/lib/libcrypto/man/BN_BLINDING_new.3 +++ /dev/null @@ -1,254 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_BLINDING_NEW 3" -.TH BN_BLINDING_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param \- blinding related BIGNUM functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, -\& BIGNUM *mod); -\& void BN_BLINDING_free(BN_BLINDING *b); -\& int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); -\& int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); -\& int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); -\& int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, -\& BN_CTX *ctx); -\& int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, -\& BN_CTX *ctx); -\& int BN_BLINDING_is_current_thread(BN_BLINDING *b); -\& void BN_BLINDING_set_current_thread(BN_BLINDING *b); -\& int BN_BLINDING_lock(BN_BLINDING *b); -\& int BN_BLINDING_unlock(BN_BLINDING *b); -\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); -\& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); -\& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, -\& const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, -\& int (*bn_mod_exp)(BIGNUM *r, -\& const BIGNUM *a, -\& const BIGNUM *p, -\& const BIGNUM *m, -\& BN_CTX *ctx, -\& BN_MONT_CTX *m_ctx), -\& BN_MONT_CTX *m_ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies -the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object. -.PP -\&\fBBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. -If \fBb\fR is \s-1NULL,\s0 nothing is done. -.PP -\&\fBBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring -the \fBA\fR and \fBAi\fR or, after specific number of uses and if the -necessary parameters are set, by re-creating the blinding parameters. -.PP -\&\fBBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. -If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be -returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared among -several threads). \fBBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the -inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as -the inverse blinding. -.PP -\&\fBBN_BLINDING_convert()\fR and \fBBN_BLINDING_invert()\fR are wrapper -functions for \fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR -with \fBr\fR set to \s-1NULL.\s0 -.PP -\&\fBBN_BLINDING_is_current_thread()\fR returns whether the \fB\s-1BN_BLINDING\s0\fR -structure is owned by the current thread. This is to help users -provide proper locking if needed for multi-threaded use. -.PP -\&\fBBN_BLINDING_set_current_thread()\fR sets the current thread as the -owner of the \fB\s-1BN_BLINDING\s0\fR structure. -.PP -\&\fBBN_BLINDING_lock()\fR locks the \fB\s-1BN_BLINDING\s0\fR structure. -.PP -\&\fBBN_BLINDING_unlock()\fR unlocks the \fB\s-1BN_BLINDING\s0\fR structure. -.PP -\&\fBBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently -there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and -\&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the -automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use -and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation -of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently -32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set. -\&\fBBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. -.PP -\&\fBBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters -using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and -\&\fBm_ctx\fR can be used to pass special functions for exponentiation -(normally \fBBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure -or \s-1NULL\s0 in case of an error. -.PP -\&\fBBN_BLINDING_update()\fR, \fBBN_BLINDING_convert()\fR, \fBBN_BLINDING_invert()\fR, -\&\fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR return 1 on -success and 0 if an error occurred. -.PP -\&\fBBN_BLINDING_is_current_thread()\fR returns 1 if the current thread owns -the \fB\s-1BN_BLINDING\s0\fR object, 0 otherwise. -.PP -\&\fBBN_BLINDING_set_current_thread()\fR doesn't return anything. -.PP -\&\fBBN_BLINDING_lock()\fR, \fBBN_BLINDING_unlock()\fR return 1 if the operation -succeeded or 0 on error. -.PP -\&\fBBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags -(a \fBunsigned long\fR value). -.PP -\&\fBBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR -parameters or \s-1NULL\s0 on error. -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBBN_BLINDING_thread_id()\fR was first introduced in OpenSSL 1.0.0, and it -deprecates \fBBN_BLINDING_set_thread_id()\fR and \fBBN_BLINDING_get_thread_id()\fR. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2005\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 deleted file mode 100644 index 374136f5f513..000000000000 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ /dev/null @@ -1,213 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_CTX_NEW 3" -.TH BN_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_CTX_new, BN_CTX_secure_new, BN_CTX_free \- allocate and free BN_CTX structures -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BN_CTX *BN_CTX_new(void); -\& -\& BN_CTX *BN_CTX_secure_new(void); -\& -\& void BN_CTX_free(BN_CTX *c); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A \fB\s-1BN_CTX\s0\fR is a structure that holds \fB\s-1BIGNUM\s0\fR temporary variables used by -library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fRs -is rather expensive when used in conjunction with repeated subroutine -calls, the \fB\s-1BN_CTX\s0\fR structure is used. -.PP -\&\fBBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure. -\&\fBBN_CTX_secure_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure -but uses the secure heap (see \fBCRYPTO_secure_malloc\fR\|(3)) to hold the -\&\fB\s-1BIGNUM\s0\fRs. -.PP -\&\fBBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself. -Since \fBBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the -\&\fB\s-1BN_CTX\s0\fR, in most cases \fBBN_CTX_end()\fR must be called before the \fB\s-1BN_CTX\s0\fR may -be freed by \fBBN_CTX_free()\fR. If \fBc\fR is \s-1NULL,\s0 nothing is done. -.PP -A given \fB\s-1BN_CTX\s0\fR must only be used by a single thread of execution. No -locking is performed, and the internal pool allocator will not properly handle -multiple threads of execution. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_CTX_new()\fR and \fBBN_CTX_secure_new()\fR return a pointer to the \fB\s-1BN_CTX\s0\fR. -If the allocation fails, -they return \fB\s-1NULL\s0\fR and sets an error code that can be obtained by -\&\fBERR_get_error\fR\|(3). -.PP -\&\fBBN_CTX_free()\fR has no return values. -.SH "REMOVED FUNCTIONALITY" -.IX Header "REMOVED FUNCTIONALITY" -.Vb 1 -\& void BN_CTX_init(BN_CTX *c); -.Ve -.PP -\&\fBBN_CTX_init()\fR is no longer available as of OpenSSL 1.1.0. Applications should -replace use of BN_CTX_init with BN_CTX_new instead: -.PP -.Vb 6 -\& BN_CTX *ctx; -\& ctx = BN_CTX_new(); -\& if (!ctx) -\& /* error */ -\& ... -\& BN_CTX_free(ctx); -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), -\&\fBBN_CTX_start\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBBN_CTX_init()\fR was removed in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 deleted file mode 100644 index e4fb021d3e24..000000000000 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ /dev/null @@ -1,189 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_CTX_START 3" -.TH BN_CTX_START 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void BN_CTX_start(BN_CTX *ctx); -\& -\& BIGNUM *BN_CTX_get(BN_CTX *ctx); -\& -\& void BN_CTX_end(BN_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from -a \fB\s-1BN_CTX\s0\fR (which can been created by using \fBBN_CTX_new\fR\|(3)) -in order to save the overhead of repeatedly creating and -freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop. -.PP -A function must call \fBBN_CTX_start()\fR first. Then, \fBBN_CTX_get()\fR may be -called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fBBN_CTX_get()\fR -calls must be made before calling any other functions that use the -\&\fBctx\fR as an argument. -.PP -Finally, \fBBN_CTX_end()\fR must be called before returning from the function. -If \fBctx\fR is \s-1NULL,\s0 nothing is done. -When \fBBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from -\&\fBBN_CTX_get()\fR become invalid. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_CTX_start()\fR and \fBBN_CTX_end()\fR return no values. -.PP -\&\fBBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. -Once \fBBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR -as well, so it is sufficient to check the return value of the last -\&\fBBN_CTX_get()\fR call. In case of an error, an error code is set, which -can be obtained by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBBN_CTX_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 deleted file mode 100644 index 9683f020b1b1..000000000000 --- a/secure/lib/libcrypto/man/BN_add.3 +++ /dev/null @@ -1,259 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_ADD 3" -.TH BN_ADD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -\& -\& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); -\& -\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); -\& -\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); -\& -\& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, -\& BN_CTX *ctx); -\& -\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); -\& -\& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); -\& -\& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, -\& BN_CTX *ctx); -\& -\& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, -\& BN_CTX *ctx); -\& -\& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, -\& BN_CTX *ctx); -\& -\& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); -\& -\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); -\& -\& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, -\& const BIGNUM *m, BN_CTX *ctx); -\& -\& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). -\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. -.PP -\&\fBBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). -\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. -.PP -\&\fBBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). -\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. -For multiplication by powers of 2, use \fBBN_lshift\fR\|(3). -.PP -\&\fBBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR -(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. -This function is faster than BN_mul(r,a,a). -.PP -\&\fBBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the -remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may -be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. -The result is rounded towards zero; thus if \fIa\fR is negative, the -remainder will be zero or negative. -For division by powers of 2, use \fBBN_rshift\fR\|(3). -.PP -\&\fBBN_mod()\fR corresponds to \fBBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. -.PP -\&\fBBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative -remainder in \fIr\fR. -.PP -\&\fBBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative -result in \fIr\fR. -.PP -\&\fBBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the -non-negative result in \fIr\fR. -.PP -\&\fBBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative -remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be -the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for -repeated computations using the same modulus, see -\&\fBBN_mod_mul_montgomery\fR\|(3) and -\&\fBBN_mod_mul_reciprocal\fR\|(3). -.PP -\&\fBBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the -result in \fIr\fR. -.PP -\&\fBBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR -(\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of -\&\fBBN_mul()\fR. -.PP -\&\fBBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % -m\*(C'\fR). This function uses less time and space than \fBBN_exp()\fR. Do not call this -function when \fBm\fR is even and any of the parameters have the -\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set. -.PP -\&\fBBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and -places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or -\&\fIb\fR. -.PP -For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for -temporary variables; see \fBBN_CTX_new\fR\|(3). -.PP -Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from -the arguments. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -For all functions, 1 is returned for success, 0 on error. The return -value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR). -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBBN_CTX_new\fR\|(3), -\&\fBBN_add_word\fR\|(3), \fBBN_set_bit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 deleted file mode 100644 index e55cafb88322..000000000000 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ /dev/null @@ -1,192 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_ADD_WORD 3" -.TH BN_ADD_WORD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic functions on BIGNUMs with integers -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BN_add_word(BIGNUM *a, BN_ULONG w); -\& -\& int BN_sub_word(BIGNUM *a, BN_ULONG w); -\& -\& int BN_mul_word(BIGNUM *a, BN_ULONG w); -\& -\& BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); -\& -\& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions perform arithmetic operations on BIGNUMs with unsigned -integers. They are much more efficient than the normal \s-1BIGNUM\s0 -arithmetic operations. -.PP -\&\fBBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). -.PP -\&\fBBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). -.PP -\&\fBBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR). -.PP -\&\fBBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. -.PP -\&\fBBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR). -.PP -For \fBBN_div_word()\fR and \fBBN_mod_word()\fR, \fBw\fR must not be 0. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_add_word()\fR, \fBBN_sub_word()\fR and \fBBN_mul_word()\fR return 1 for success, 0 -on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). -.PP -\&\fBBN_mod_word()\fR and \fBBN_div_word()\fR return \fBa\fR%\fBw\fR on success and -\&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 deleted file mode 100644 index d7d6f6b0502e..000000000000 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ /dev/null @@ -1,245 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_BN2BIN 3" -.TH BN_BN2BIN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_bn2binpad, BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BN_bn2bin(const BIGNUM *a, unsigned char *to); -\& int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); -\& BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); -\& -\& int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); -\& BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); -\& -\& char *BN_bn2hex(const BIGNUM *a); -\& char *BN_bn2dec(const BIGNUM *a); -\& int BN_hex2bn(BIGNUM **a, const char *str); -\& int BN_dec2bn(BIGNUM **a, const char *str); -\& -\& int BN_print(BIO *fp, const BIGNUM *a); -\& int BN_print_fp(FILE *fp, const BIGNUM *a); -\& -\& int BN_bn2mpi(const BIGNUM *a, unsigned char *to); -\& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form -and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of -memory. -.PP -\&\fBBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form -and stores it at \fBto\fR. \fBtolen\fR indicates the length of the output buffer -\&\fBto\fR. The result is padded with zeroes if necessary. If \fBtolen\fR is less than -BN_num_bytes(\fBa\fR) an error is returned. -.PP -\&\fBBN_bin2bn()\fR converts the positive integer in big-endian form of length -\&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is -\&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. -.PP -\&\fBBN_bn2lebinpad()\fR and \fBBN_lebin2bn()\fR are identical to \fBBN_bn2binpad()\fR and -\&\fBBN_bin2bn()\fR except the buffer is in little-endian format. -.PP -\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return printable strings containing the -hexadecimal and decimal encoding of \fBa\fR respectively. For negative -numbers, the string is prefaced with a leading '\-'. The string must be -freed later using \fBOPENSSL_free()\fR. -.PP -\&\fBBN_hex2bn()\fR takes as many characters as possible from the string \fBstr\fR, -including the leading character '\-' which means negative, to form a valid -hexadecimal number representation and converts them to a \fB\s-1BIGNUM\s0\fR and -stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. If -\&\fBa\fR is \s-1NULL,\s0 it only computes the length of valid representation. -A \*(L"negative zero\*(R" is converted to zero. -\&\fBBN_dec2bn()\fR is the same using the decimal system. -.PP -\&\fBBN_print()\fR and \fBBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, -with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR -\&\fBfp\fR. -.PP -\&\fBBN_bn2mpi()\fR and \fBBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format -that consists of the number's length in bytes represented as a 4\-byte -big-endian number, and the number itself in big-endian format, where -the most significant bit signals a negative number (the representation -of numbers with the \s-1MSB\s0 set is prefixed with null byte). -.PP -\&\fBBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR -must be large enough to hold the result. The size can be determined by -calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). -.PP -\&\fBBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to -a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR -if \fBret\fR is \s-1NULL.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. -\&\fBBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. -.PP -\&\fBBN_bn2binpad()\fR returns the number of bytes written or \-1 if the supplied -buffer is too small. -.PP -\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 -on error. \fBBN_hex2bn()\fR and \fBBN_dec2bn()\fR return the number of characters -used in parsing, or 0 on error, in which -case no new \fB\s-1BIGNUM\s0\fR will be created. -.PP -\&\fBBN_print_fp()\fR and \fBBN_print()\fR return 1 on success, 0 on write errors. -.PP -\&\fBBN_bn2mpi()\fR returns the length of the representation. \fBBN_mpi2bn()\fR -returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. -.PP -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBBN_zero\fR\|(3), -\&\fBASN1_INTEGER_to_BN\fR\|(3), -\&\fBBN_num_bytes\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 deleted file mode 100644 index ee74b8a15d7c..000000000000 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ /dev/null @@ -1,180 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_CMP 3" -.TH BN_CMP 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- BIGNUM comparison and test functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BN_cmp(BIGNUM *a, BIGNUM *b); -\& int BN_ucmp(BIGNUM *a, BIGNUM *b); -\& -\& int BN_is_zero(BIGNUM *a); -\& int BN_is_one(BIGNUM *a); -\& int BN_is_word(BIGNUM *a, BN_ULONG w); -\& int BN_is_odd(BIGNUM *a); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fBBN_ucmp()\fR compares their -absolute values. -.PP -\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR and \fBBN_is_word()\fR test if \fBa\fR equals 0, 1, -or \fBw\fR respectively. \fBBN_is_odd()\fR tests if a is odd. -.PP -\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR, \fBBN_is_word()\fR and \fBBN_is_odd()\fR are macros. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if -\&\fBa\fR > \fBb\fR. \fBBN_ucmp()\fR is the same using the absolute values -of \fBa\fR and \fBb\fR. -.PP -\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR \fBBN_is_word()\fR and \fBBN_is_odd()\fR return 1 if -the condition is true, 0 otherwise. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 deleted file mode 100644 index ec49b42ff771..000000000000 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_COPY 3" -.TH BN_COPY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_copy, BN_dup, BN_with_flags \- copy BIGNUMs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from); -\& -\& BIGNUM *BN_dup(const BIGNUM *from); -\& -\& void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fBBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR -containing the value \fBfrom\fR. -.PP -BN_with_flags creates a \fBtemporary\fR shallow copy of \fBb\fR in \fBdest\fR. It places -significant restrictions on the copied data. Applications that do no adhere to -these restrictions may encounter unexpected side effects or crashes. For that -reason use of this function is discouraged. Any flags provided in \fBflags\fR will -be set in \fBdest\fR in addition to any flags already set in \fBb\fR. For example this -might commonly be used to create a temporary copy of a \s-1BIGNUM\s0 with the -\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set for constant time operations. The temporary copy in -\&\fBdest\fR will share some internal state with \fBb\fR. For this reason the following -restrictions apply to the use of \fBdest\fR: -.IP "\(bu" 2 -\&\fBdest\fR should be a newly allocated \s-1BIGNUM\s0 obtained via a call to \fBBN_new()\fR. It -should not have been used for other purposes or initialised in any way. -.IP "\(bu" 2 -\&\fBdest\fR must only be used in \*(L"read-only\*(R" operations, i.e. typically those -functions where the relevant parameter is declared \*(L"const\*(R". -.IP "\(bu" 2 -\&\fBdest\fR must be used and freed before any further subsequent use of \fBb\fR -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fBBN_dup()\fR returns -the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained -by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 deleted file mode 100644 index 8ac4b3f5d0b3..000000000000 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ /dev/null @@ -1,337 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_GENERATE_PRIME 3" -.TH BN_GENERATE_PRIME 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, -\& const BIGNUM *rem, BN_GENCB *cb); -\& -\& int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); -\& -\& int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, -\& int do_trial_division, BN_GENCB *cb); -\& -\& int BN_GENCB_call(BN_GENCB *cb, int a, int b); -\& -\& BN_GENCB *BN_GENCB_new(void); -\& -\& void BN_GENCB_free(BN_GENCB *cb); -\& -\& void BN_GENCB_set_old(BN_GENCB *gencb, -\& void (*callback)(int, int, void *), void *cb_arg); -\& -\& void BN_GENCB_set(BN_GENCB *gencb, -\& int (*callback)(int, int, BN_GENCB *), void *cb_arg); -\& -\& void *BN_GENCB_get_arg(BN_GENCB *cb); -.Ve -.PP -Deprecated: -.PP -.Vb 4 -\& #if OPENSSL_API_COMPAT < 0x00908000L -\& BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, -\& BIGNUM *rem, void (*callback)(int, int, void *), -\& void *cb_arg); -\& -\& int BN_is_prime(const BIGNUM *a, int checks, -\& void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg); -\& -\& int BN_is_prime_fasttest(const BIGNUM *a, int checks, -\& void (*callback)(int, int, void *), BN_CTX *ctx, -\& void *cb_arg, int do_trial_division); -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_generate_prime_ex()\fR generates a pseudo-random prime number of -at least bit length \fBbits\fR. The returned number is probably prime -with a negligible error. -.PP -If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number. -.PP -If \fBcb\fR is not \fB\s-1NULL\s0\fR, it is used as follows: -.IP "\(bu" 2 -\&\fBBN_GENCB_call(cb, 0, i)\fR is called after generating the i\-th -potential prime number. -.IP "\(bu" 2 -While the number is being tested for primality, -\&\fBBN_GENCB_call(cb, 1, j)\fR is called as described below. -.IP "\(bu" 2 -When a prime has been found, \fBBN_GENCB_call(cb, 2, i)\fR is called. -.IP "\(bu" 2 -The callers of \fBBN_generate_prime_ex()\fR may call \fBBN_GENCB_call(cb, i, j)\fR with -other values as described in their respective man pages; see \*(L"\s-1SEE ALSO\*(R"\s0. -.PP -The prime may have to fulfill additional requirements for use in -Diffie-Hellman key exchange: -.PP -If \fBadd\fR is not \fB\s-1NULL\s0\fR, the prime will fulfill the condition p % \fBadd\fR -== \fBrem\fR (p % \fBadd\fR == 1 if \fBrem\fR == \fB\s-1NULL\s0\fR) in order to suit a given -generator. -.PP -If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so -that (p\-1)/2 is also prime). -.PP -The random generator must be seeded prior to calling \fBBN_generate_prime_ex()\fR. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -.PP -\&\fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is -prime. The following tests are performed until one of them shows that -\&\fBp\fR is composite; if \fBp\fR passes all these tests, it is considered -prime. -.PP -\&\fBBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR, -first attempts trial division by a number of small primes; -if no divisors are found by this test and \fBcb\fR is not \fB\s-1NULL\s0\fR, -\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. -If \fBdo_trial_division == 0\fR, this test is skipped. -.PP -Both \fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin -probabilistic primality test with \fBnchecks\fR iterations. If -\&\fBnchecks == BN_prime_checks\fR, a number of iterations is used that -yields a false positive rate of at most 2^\-64 for random input. -The error rate depends on the size of the prime and goes down for bigger primes. -The rate is 2^\-80 starting at 308 bits, 2^\-112 at 852 bits, 2^\-128 at 1080 bits, -2^\-192 at 3747 bits and 2^\-256 at 6394 bits. -.PP -When the source of the prime is not random or not trusted, the number -of checks needs to be much higher to reach the same level of assurance: -It should equal half of the targeted security level in bits (rounded up to the -next integer if necessary). -For instance, to reach the 128 bit security level, \fBnchecks\fR should be set to -64. -.PP -If \fBcb\fR is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called -after the j\-th iteration (j = 0, 1, ...). \fBctx\fR is a -pre-allocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and -freeing the structure in a loop), or \fB\s-1NULL\s0\fR. -.PP -\&\fBBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure -and passes the ints \fBa\fR and \fBb\fR as arguments. There are two types of -\&\fB\s-1BN_GENCB\s0\fR structure that are supported: \*(L"new\*(R" style and \*(L"old\*(R" style. New -programs should prefer the \*(L"new\*(R" style, whilst the \*(L"old\*(R" style is provided -for backwards compatibility purposes. -.PP -A \fB\s-1BN_GENCB\s0\fR structure should be created through a call to \fBBN_GENCB_new()\fR, -and freed through a call to \fBBN_GENCB_free()\fR. -.PP -For \*(L"new\*(R" style callbacks a \s-1BN_GENCB\s0 structure should be initialised with a -call to \fBBN_GENCB_set()\fR, where \fBgencb\fR is a \fB\s-1BN_GENCB\s0 *\fR, \fBcallback\fR is of -type \fBint (*callback)(int, int, \s-1BN_GENCB\s0 *)\fR and \fBcb_arg\fR is a \fBvoid *\fR. -\&\*(L"Old\*(R" style callbacks are the same except they are initialised with a call -to \fBBN_GENCB_set_old()\fR and \fBcallback\fR is of type -\&\fBvoid (*callback)(int, int, void *)\fR. -.PP -A callback is invoked through a call to \fBBN_GENCB_call\fR. This will check -the type of the callback and will invoke \fBcallback(a, b, gencb)\fR for new -style callbacks or \fBcallback(a, b, cb_arg)\fR for old style. -.PP -It is possible to obtain the argument associated with a \s-1BN_GENCB\s0 structure -(set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg. -.PP -\&\fBBN_generate_prime()\fR (deprecated) works in the same way as -\&\fBBN_generate_prime_ex()\fR but expects an old-style callback function -directly in the \fBcallback\fR parameter, and an argument to pass to it in -the \fBcb_arg\fR. \fBBN_is_prime()\fR and \fBBN_is_prime_fasttest()\fR -can similarly be compared to \fBBN_is_prime_ex()\fR and -\&\fBBN_is_prime_fasttest_ex()\fR, respectively. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_generate_prime_ex()\fR return 1 on success or 0 on error. -.PP -\&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR and -\&\fBBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is -prime with an error probability of less than 0.25^\fBnchecks\fR, and -\&\-1 on error. -.PP -\&\fBBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. -.PP -BN_GENCB_new returns a pointer to a \s-1BN_GENCB\s0 structure on success, or \fB\s-1NULL\s0\fR -otherwise. -.PP -BN_GENCB_get_arg returns the argument previously associated with a \s-1BN_GENCB\s0 -structure. -.PP -Callback functions should return 1 on success or 0 on error. -.PP -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "REMOVED FUNCTIONALITY" -.IX Header "REMOVED FUNCTIONALITY" -As of OpenSSL 1.1.0 it is no longer possible to create a \s-1BN_GENCB\s0 structure -directly, as in: -.PP -.Vb 1 -\& BN_GENCB callback; -.Ve -.PP -Instead applications should create a \s-1BN_GENCB\s0 structure using BN_GENCB_new: -.PP -.Vb 6 -\& BN_GENCB *callback; -\& callback = BN_GENCB_new(); -\& if (!callback) -\& /* error */ -\& ... -\& BN_GENCB_free(callback); -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDH_generate_parameters\fR\|(3), \fBDSA_generate_parameters\fR\|(3), -\&\fBRSA_generate_key\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBBN_GENCB_new()\fR, \fBBN_GENCB_free()\fR, -and \fBBN_GENCB_get_arg()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 deleted file mode 100644 index 13e5b9628ca4..000000000000 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ /dev/null @@ -1,173 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_MOD_INVERSE 3" -.TH BN_MOD_INVERSE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_mod_inverse \- compute inverse modulo n -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, -\& BN_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR -places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0 -a new \fB\s-1BIGNUM\s0\fR is created. -.PP -\&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary -variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and -\&\s-1NULL\s0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 deleted file mode 100644 index c6047fb4bb22..000000000000 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ /dev/null @@ -1,218 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_MOD_MUL_MONTGOMERY 3" -.TH BN_MOD_MUL_MONTGOMERY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BN_MONT_CTX *BN_MONT_CTX_new(void); -\& void BN_MONT_CTX_free(BN_MONT_CTX *mont); -\& -\& int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx); -\& BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); -\& -\& int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, -\& BN_MONT_CTX *mont, BN_CTX *ctx); -\& -\& int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, -\& BN_CTX *ctx); -\& -\& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, -\& BN_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions implement Montgomery multiplication. They are used -automatically when \fBBN_mod_exp\fR\|(3) is called with suitable input, -but they may be useful when several operations are to be performed -using the same modulus. -.PP -\&\fBBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. -.PP -\&\fBBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR -by precomputing its inverse and a value R. -.PP -\&\fBBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. -.PP -\&\fBBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if -it was created by \fBBN_MONT_CTX_new()\fR, also the structure itself. -If \fBmont\fR is \s-1NULL,\s0 nothing is done. -.PP -\&\fBBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places -the result in \fIr\fR. -.PP -\&\fBBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. -.PP -\&\fBBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. -Note that \fIa\fR must be non-negative and smaller than the modulus. -.PP -For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for -temporary variables. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 -on error. -.PP -\&\fBBN_MONT_CTX_free()\fR has no return value. -.PP -For the other functions, 1 is returned for success, 0 on error. -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "WARNINGS" -.IX Header "WARNINGS" -The inputs must be reduced modulo \fBm\fR, otherwise the result will be -outside the expected range. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), -\&\fBBN_CTX_new\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0 -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 deleted file mode 100644 index 5356ad44fb21..000000000000 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ /dev/null @@ -1,205 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_MOD_MUL_RECIPROCAL 3" -.TH BN_MOD_MUL_RECIPROCAL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using reciprocal -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BN_RECP_CTX *BN_RECP_CTX_new(void); -\& void BN_RECP_CTX_free(BN_RECP_CTX *recp); -\& -\& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); -\& -\& int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp, -\& BN_CTX *ctx); -\& -\& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, -\& BN_RECP_CTX *recp, BN_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_mod_mul_reciprocal()\fR can be used to perform an efficient -\&\fBBN_mod_mul\fR\|(3) operation when the operation will be performed -repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR -using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a -previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. -.PP -\&\fBBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. -.PP -\&\fBBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it -was created by \fBBN_RECP_CTX_new()\fR, also the structure itself. -If \fBrecp\fR is \s-1NULL,\s0 nothing is done. -.PP -\&\fBBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing -1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an -integer. The result and the number of bits it was shifted left will -later be stored in \fBrecp\fR. -.PP -\&\fBBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient -in \fBdv\fR and the remainder in \fBrem\fR. -.PP -The \fB\s-1BN_RECP_CTX\s0\fR structure cannot be shared between threads. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 -on error. -.PP -\&\fBBN_RECP_CTX_free()\fR has no return value. -.PP -For the other functions, 1 is returned for success, 0 on error. -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), -\&\fBBN_CTX_new\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0 -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 deleted file mode 100644 index 73f640116006..000000000000 --- a/secure/lib/libcrypto/man/BN_new.3 +++ /dev/null @@ -1,195 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_NEW 3" -.TH BN_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BIGNUM *BN_new(void); -\& -\& BIGNUM *BN_secure_new(void); -\& -\& void BN_clear(BIGNUM *a); -\& -\& void BN_free(BIGNUM *a); -\& -\& void BN_clear_free(BIGNUM *a); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. -\&\fBBN_secure_new()\fR does the same except that the secure heap -\&\fBOPENSSL_secure_malloc\fR\|(3) is used to store the value. -.PP -\&\fBBN_clear()\fR is used to destroy sensitive data such as keys when they -are no longer needed. It erases the memory used by \fBa\fR and sets it -to the value 0. -If \fBa\fR is \s-1NULL,\s0 nothing is done. -.PP -\&\fBBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created -by \fBBN_new()\fR, also the structure itself. \fBBN_clear_free()\fR additionally -overwrites the data before the memory is returned to the system. -If \fBa\fR is \s-1NULL,\s0 nothing is done. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_new()\fR and \fBBN_secure_new()\fR -return a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0. -If the allocation fails, -they return \fB\s-1NULL\s0\fR and set an error code that can be obtained -by \fBERR_get_error\fR\|(3). -.PP -\&\fBBN_clear()\fR, \fBBN_free()\fR and \fBBN_clear_free()\fR have no return values. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBOPENSSL_secure_malloc\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBBN_init()\fR was removed in OpenSSL 1.1.0; use \fBBN_new()\fR instead. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 deleted file mode 100644 index 9973d0e9d129..000000000000 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ /dev/null @@ -1,192 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_NUM_BYTES 3" -.TH BN_NUM_BYTES 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BN_num_bytes(const BIGNUM *a); -\& -\& int BN_num_bits(const BIGNUM *a); -\& -\& int BN_num_bits_word(BN_ULONG w); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. -.PP -\&\fBBN_num_bits_word()\fR returns the number of significant bits in a word. -If we take 0x00000432 as an example, it returns 11, not 16, not 32. -Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR. -.PP -\&\fBBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, -following the same principle as \fBBN_num_bits_word()\fR. -.PP -\&\fBBN_num_bytes()\fR is a macro. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The size. -.SH "NOTES" -.IX Header "NOTES" -Some have tried using \fBBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, -\&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with -the number of bits they expected (something like 512, 1024, 2048, -\&...). This is because generating a number with some specific number -of bits doesn't always set the highest bits, thereby making the number -of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key -size\*(R" of such a key, either use functions like \fBRSA_size()\fR, \fBDH_size()\fR -and \fBDSA_size()\fR, or use \fBBN_num_bytes()\fR and multiply with 8 (although -there's no real guarantee that will match the \*(L"key size\*(R", just a lot -more probability). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDH_size\fR\|(3), \fBDSA_size\fR\|(3), -\&\fBRSA_size\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 deleted file mode 100644 index 1574ada4fd00..000000000000 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ /dev/null @@ -1,220 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_RAND 3" -.TH BN_RAND 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_rand, BN_priv_rand, BN_pseudo_rand, BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range \&\- generate pseudo\-random number -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); -\& -\& int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); -\& -\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); -\& -\& int BN_rand_range(BIGNUM *rnd, BIGNUM *range); -\& -\& int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range); -\& -\& int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_rand()\fR generates a cryptographically strong pseudo-random number of -\&\fBbits\fR in length and stores it in \fBrnd\fR. -If \fBbits\fR is less than zero, or too small to -accommodate the requirements specified by the \fBtop\fR and \fBbottom\fR -parameters, an error is returned. -The \fBtop\fR parameters specifies -requirements on the most significant bit of the generated number. -If it is \fB\s-1BN_RAND_TOP_ANY\s0\fR, there is no constraint. -If it is \fB\s-1BN_RAND_TOP_ONE\s0\fR, the top bit must be one. -If it is \fB\s-1BN_RAND_TOP_TWO\s0\fR, the two most significant bits of -the number will be set to 1, so that the product of two such random -numbers will always have 2*\fBbits\fR length. -If \fBbottom\fR is \fB\s-1BN_RAND_BOTTOM_ODD\s0\fR, the number will be odd; if it -is \fB\s-1BN_RAND_BOTTOM_ANY\s0\fR it can be odd or even. -If \fBbits\fR is 1 then \fBtop\fR cannot also be \fB\s-1BN_RAND_FLG_TOPTWO\s0\fR. -.PP -\&\fBBN_rand_range()\fR generates a cryptographically strong pseudo-random -number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR. -.PP -\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR have the same semantics as -\&\fBBN_rand()\fR and \fBBN_rand_range()\fR respectively. They are intended to be -used for generating values that should remain private, and mirror the -same difference between \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3). -.SH "NOTES" -.IX Header "NOTES" -Always check the error return value of these functions and do not take -randomness for granted: an error occurs if the \s-1CSPRNG\s0 has not been -seeded with enough randomness to ensure an unpredictable byte sequence. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The functions return 1 on success, 0 on error. -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), -\&\fBRAND_add\fR\|(3), -\&\fBRAND_bytes\fR\|(3), -\&\fBRAND_priv_bytes\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -.IP "\(bu" 2 -Starting with OpenSSL release 1.1.0, \fBBN_pseudo_rand()\fR has been identical -to \fBBN_rand()\fR and \fBBN_pseudo_rand_range()\fR has been identical to -\&\fBBN_rand_range()\fR. -The \*(L"pseudo\*(R" functions should not be used and may be deprecated in -a future release. -.IP "\(bu" 2 -The -\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_security_bits.3 b/secure/lib/libcrypto/man/BN_security_bits.3 deleted file mode 100644 index dbf4672d92f3..000000000000 --- a/secure/lib/libcrypto/man/BN_security_bits.3 +++ /dev/null @@ -1,181 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_SECURITY_BITS 3" -.TH BN_SECURITY_BITS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_security_bits \- returns bits of security based on given numbers -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BN_security_bits(int L, int N); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_security_bits()\fR returns the number of bits of security provided by a -specific algorithm and a particular key size. The bits of security is -defined in \s-1NIST SP800\-57.\s0 Currently, \fBBN_security_bits()\fR support two types -of asymmetric algorithms: the \s-1FFC\s0 (Finite Field Cryptography) and \s-1IFC\s0 -(Integer Factorization Cryptography). For \s-1FFC,\s0 e.g., \s-1DSA\s0 and \s-1DH,\s0 both -parameters \fBL\fR and \fBN\fR are used to decide the bits of security, where -\&\fBL\fR is the size of the public key and \fBN\fR is the size of the private -key. For \s-1IFC,\s0 e.g., \s-1RSA,\s0 only \fBL\fR is used and it's commonly considered -to be the key size (modulus). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Number of security bits. -.SH "NOTES" -.IX Header "NOTES" -\&\s-1ECC\s0 (Elliptic Curve Cryptography) is not covered by the \fBBN_security_bits()\fR -function. The symmetric algorithms are not covered neither. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDH_security_bits\fR\|(3), \fBDSA_security_bits\fR\|(3), \fBRSA_security_bits\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBBN_security_bits()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 deleted file mode 100644 index af8baa21ad98..000000000000 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ /dev/null @@ -1,200 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_SET_BIT 3" -.TH BN_SET_BIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int BN_set_bit(BIGNUM *a, int n); -\& int BN_clear_bit(BIGNUM *a, int n); -\& -\& int BN_is_bit_set(const BIGNUM *a, int n); -\& -\& int BN_mask_bits(BIGNUM *a, int n); -\& -\& int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); -\& int BN_lshift1(BIGNUM *r, BIGNUM *a); -\& -\& int BN_rshift(BIGNUM *r, BIGNUM *a, int n); -\& int BN_rshift1(BIGNUM *r, BIGNUM *a); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<>n)\*(C'\fR). An error occurs if \fBa\fR already is -shorter than \fBn\fR bits. -.PP -\&\fBBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in -\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_lshift1()\fR shifts -\&\fBa\fR left by one and places the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR). -.PP -\&\fBBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in -\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_rshift1()\fR shifts -\&\fBa\fR right by one and places the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR). -.PP -For the shift functions, \fBr\fR and \fBa\fR may be the same variable. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise. -.PP -All other functions return 1 for success, 0 on error. The error codes -can be obtained by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBBN_num_bytes\fR\|(3), \fBBN_add\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3 deleted file mode 100644 index f3021437d408..000000000000 --- a/secure/lib/libcrypto/man/BN_swap.3 +++ /dev/null @@ -1,163 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_SWAP 3" -.TH BN_SWAP 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_swap \- exchange BIGNUMs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void BN_swap(BIGNUM *a, BIGNUM *b); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_swap()\fR does not return a value. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 deleted file mode 100644 index 12e39b7dae57..000000000000 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ /dev/null @@ -1,197 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BN_ZERO 3" -.TH BN_ZERO 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment operations -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void BN_zero(BIGNUM *a); -\& int BN_one(BIGNUM *a); -\& -\& const BIGNUM *BN_value_one(void); -\& -\& int BN_set_word(BIGNUM *a, BN_ULONG w); -\& unsigned BN_ULONG BN_get_word(BIGNUM *a); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimized -for the most efficient implementation on the local platform. -.PP -\&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR set \fBa\fR to the values 0, 1 and -\&\fBw\fR respectively. \fBBN_zero()\fR and \fBBN_one()\fR are macros. -.PP -\&\fBBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant -is useful for use in comparisons and assignment. -.PP -\&\fBBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot -be represented as a single integer. -.PP -\&\fBBN_one()\fR and \fBBN_set_word()\fR return 1 on success, 0 otherwise. -\&\fBBN_value_one()\fR returns the constant. -\&\fBBN_zero()\fR never fails and returns no value. -.SH "BUGS" -.IX Header "BUGS" -If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide -with the error condition returned by \fBBN_get_word()\fR which uses that -as an error value. -.PP -\&\fB\s-1BN_ULONG\s0\fR should probably be a typedef. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBBN_bn2bin\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -In OpenSSL 0.9.8, \fBBN_zero()\fR was changed to not return a value; previous -versions returned an int. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/BUF_MEM_new.3 b/secure/lib/libcrypto/man/BUF_MEM_new.3 deleted file mode 100644 index 0c28684ed933..000000000000 --- a/secure/lib/libcrypto/man/BUF_MEM_new.3 +++ /dev/null @@ -1,204 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "BUF_MEM_NEW 3" -.TH BUF_MEM_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF_reverse \&\- simple character array structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BUF_MEM *BUF_MEM_new(void); -\& -\& BUF_MEM *BUF_MEM_new_ex(unsigned long flags); -\& -\& void BUF_MEM_free(BUF_MEM *a); -\& -\& int BUF_MEM_grow(BUF_MEM *str, int len); -\& size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); -\& -\& void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The buffer library handles simple character arrays. Buffers are used for -various purposes in the library, most notably memory BIOs. -.PP -\&\fBBUF_MEM_new()\fR allocates a new buffer of zero size. -.PP -\&\fBBUF_MEM_new_ex()\fR allocates a buffer with the specified flags. -The flag \fB\s-1BUF_MEM_FLAG_SECURE\s0\fR specifies that the \fBdata\fR pointer -should be allocated on the secure heap; see \fBCRYPTO_secure_malloc\fR\|(3). -.PP -\&\fBBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed -before freeing up in case the buffer contains sensitive data. -.PP -\&\fBBUF_MEM_grow()\fR changes the size of an already existing buffer to -\&\fBlen\fR. Any data already in the buffer is preserved if it increases in -size. -.PP -\&\fBBUF_MEM_grow_clean()\fR is similar to \fBBUF_MEM_grow()\fR but it sets any free'd -or additionally-allocated memory to zero. -.PP -\&\fBBUF_reverse()\fR reverses \fBsize\fR bytes at \fBin\fR into \fBout\fR. If \fBin\fR -is \s-1NULL,\s0 the array is reversed in-place. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. -.PP -\&\fBBUF_MEM_free()\fR has no return value. -.PP -\&\fBBUF_MEM_grow()\fR and \fBBUF_MEM_grow_clean()\fR return -zero on error or the new size (i.e., \fBlen\fR). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBbio\fR\|(7), -\&\fBCRYPTO_secure_malloc\fR\|(3). -.SH "HISTORY" -.IX Header "HISTORY" -The \fBBUF_MEM_new_ex()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3 deleted file mode 100644 index 26194ada00bc..000000000000 --- a/secure/lib/libcrypto/man/CMS_add0_cert.3 +++ /dev/null @@ -1,200 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_ADD0_CERT 3" -.TH CMS_ADD0_CERT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls \&\- CMS certificate and CRL utility functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); -\& int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); -\& STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); -\& -\& int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); -\& int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); -\& STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR. -must be of type signed data or enveloped data. -.PP -\&\fBCMS_get1_certs()\fR returns all certificates in \fBcms\fR. -.PP -\&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fBCMS_get1_crls()\fR -returns any CRLs in \fBcms\fR. -.SH "NOTES" -.IX Header "NOTES" -The CMS_ContentInfo structure \fBcms\fR must be of type signed data or enveloped -data or an error will be returned. -.PP -For signed data certificates and CRLs are added to the \fBcertificates\fR and -\&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to -\&\fBOriginatorInfo\fR. -.PP -As the \fB0\fR implies \fBCMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it -must not be freed up after the call as opposed to \fBCMS_add1_cert()\fR where \fBcert\fR -must be freed up. -.PP -The same certificate or \s-1CRL\s0 must not be added to the same cms structure more -than once. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR and \fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR return -1 for success and 0 for failure. -.PP -\&\fBCMS_get1_certs()\fR and \fBCMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs -or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur -in practice is if the \fBcms\fR type is invalid. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), -\&\fBCMS_sign\fR\|(3), -\&\fBCMS_encrypt\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 deleted file mode 100644 index 6b75788e97c9..000000000000 --- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 +++ /dev/null @@ -1,203 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_ADD1_RECIPIENT_CERT 3" -.TH CMS_ADD1_RECIPIENT_CERT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS enveloped data structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, -\& X509 *recip, unsigned int flags); -\& -\& CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, -\& unsigned char *key, size_t keylen, -\& unsigned char *id, size_t idlen, -\& ASN1_GENERALIZEDTIME *date, -\& ASN1_OBJECT *otherTypeId, -\& ASN1_TYPE *otherType); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped -data structure \fBcms\fR as a KeyTransRecipientInfo structure. -.PP -\&\fBCMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using -wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional -values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped -data structure \fBcms\fR as a KEKRecipientInfo structure. -.PP -The CMS_ContentInfo structure should be obtained from an initial call to -\&\fBCMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. -.SH "NOTES" -.IX Header "NOTES" -The main purpose of this function is to provide finer control over a \s-1CMS\s0 -enveloped data structure where the simpler \fBCMS_encrypt()\fR function defaults are -not appropriate. For example if one or more KEKRecipientInfo structures -need to be added. New attributes can also be added using the returned -CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions. -.PP -OpenSSL will by default identify recipient certificates using issuer name -and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key -identifier value instead. An error occurs if all recipient certificates do not -have a subject key identifier extension. -.PP -Currently only \s-1AES\s0 based key wrapping algorithms are supported for \fBnid\fR, -specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. -If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be used -consistent with \fBkeylen\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_add1_recipient_cert()\fR and \fBCMS_add0_recipient_key()\fR return an internal -pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error -occurs. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3), -\&\fBCMS_final\fR\|(3), -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3 deleted file mode 100644 index 0d046f4b02f9..000000000000 --- a/secure/lib/libcrypto/man/CMS_add1_signer.3 +++ /dev/null @@ -1,238 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_ADD1_SIGNER 3" -.TH CMS_ADD1_SIGNER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, -\& EVP_PKEY *pkey, const EVP_MD *md, -\& unsigned int flags); -\& -\& int CMS_SignerInfo_sign(CMS_SignerInfo *si); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private -key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData -structure \fBcms\fR. -.PP -The CMS_ContentInfo structure should be obtained from an initial call to -\&\fBCMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a -valid CMS_ContentInfo SignedData structure. -.PP -If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public -key algorithm will be used. -.PP -Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo -structure is not complete and must be finalized either by streaming (if -applicable) or a call to \fBCMS_final()\fR. -.PP -The \fBCMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo -structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags -are both set. -.SH "NOTES" -.IX Header "NOTES" -The main purpose of \fBCMS_add1_signer()\fR is to provide finer control -over a \s-1CMS\s0 signed data structure where the simpler \fBCMS_sign()\fR function defaults -are not appropriate. For example if multiple signers or non default digest -algorithms are needed. New attributes can also be added using the returned -CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the -\&\s-1CMS\s0 signed receipt request functions. -.PP -Any of the following flags (ored together) can be passed in the \fBflags\fR -parameter. -.PP -If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content -digest value from the CMS_ContentInfo structure: to add a signer to an existing -structure. An error occurs if a matching digest value cannot be found to copy. -The returned CMS_ContentInfo structure will be valid and finalized when this -flag is set. -.PP -If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the -CMS_SignerInfo structure will not be finalized so additional attributes -can be added. In this case an explicit call to \fBCMS_SignerInfo_sign()\fR is -needed to finalize it. -.PP -If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the -CMS_ContentInfo structure, the signer's certificate must still be supplied in -the \fBsigncert\fR parameter though. This can reduce the size of the signature if -the signers certificate can be obtained by other means: for example a -previously signed message. -.PP -The SignedData structure includes several \s-1CMS\s0 signedAttributes including the -signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an -SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes -will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are -omitted. -.PP -OpenSSL will by default identify signing certificates using issuer name -and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key -identifier value instead. An error occurs if the signing certificate does not -have a subject key identifier extension. -.PP -If present the SMIMECapabilities attribute indicates support for the following -algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 -bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 -If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is -not loaded. -.PP -\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo -structure just added, this can be used to set additional attributes -before it is finalized. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo -structure just added or \s-1NULL\s0 if an error occurs. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), -\&\fBCMS_final\fR\|(3), -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2014\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3 deleted file mode 100644 index 916df4b6e643..000000000000 --- a/secure/lib/libcrypto/man/CMS_compress.3 +++ /dev/null @@ -1,210 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_COMPRESS 3" -.TH CMS_COMPRESS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_compress \- create a CMS CompressedData structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR -is the compression algorithm to use or \fBNID_undef\fR to use the default -algorithm (zlib compression). \fBin\fR is the content to be compressed. -\&\fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" -The only currently supported compression algorithm is zlib using the \s-1NID\s0 -NID_zlib_compression. -.PP -If zlib support is not compiled into OpenSSL then \fBCMS_compress()\fR will return -an error. -.PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are -prepended to the data. -.PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as -required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation -occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then -\&\fB\s-1CMS_TEXT\s0\fR is ignored. -.PP -If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is -returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. -.PP -The compressed data is included in the CMS_ContentInfo structure, unless -\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in -practice and is not supported by \fBSMIME_write_CMS()\fR. -.SH "NOTES" -.IX Header "NOTES" -If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is -\&\fBnot\fR complete and outputting its contents via a function that does not -properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable -results. -.PP -Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, -\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization -can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fBBIO_new_CMS()\fR. -.PP -Additional compression parameters such as the zlib compression level cannot -currently be set. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_uncompress\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fB\s-1CMS_STREAM\s0\fR flag was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3 deleted file mode 100644 index ee4d4cf4c646..000000000000 --- a/secure/lib/libcrypto/man/CMS_decrypt.3 +++ /dev/null @@ -1,212 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_DECRYPT 3" -.TH CMS_DECRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_decrypt \- decrypt content from a CMS envelopedData structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, -\& BIO *dcont, BIO *out, unsigned int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData -structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the -recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and -\&\fBflags\fR is an optional set of flags. -.PP -The \fBdcont\fR parameter is used in the rare case where the encrypted content -is detached. It will normally be set to \s-1NULL.\s0 -.SH "NOTES" -.IX Header "NOTES" -Although the recipients certificate is not needed to decrypt the data it is -needed to locate the appropriate (of possible several) recipients in the \s-1CMS\s0 -structure. -.PP -If \fBcert\fR is set to \s-1NULL\s0 all possible recipients are tried. This case however -is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on -\&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or -not. If no recipient succeeds then a random symmetric key is used to decrypt -the content: this will typically output garbage and may (but is not guaranteed -to) ultimately return a padding error only. If \fBCMS_decrypt()\fR just returned an -error when all recipient encrypted keys failed to decrypt an attacker could -use this in a timing attack. If the special flag \fB\s-1CMS_DEBUG_DECRYPT\s0\fR is set -then the above behaviour is modified and an error \fBis\fR returned if no -recipient encrypted key can be decrypted \fBwithout\fR generating a random -content encryption key. Applications should use this flag with -\&\fBextreme caution\fR especially in automated gateways as it can leave them -open to attack. -.PP -It is possible to determine the correct recipient key by other means (for -example looking them up in a database) and setting them in the \s-1CMS\s0 structure -in advance using the \s-1CMS\s0 utility functions such as \fBCMS_set1_pkey()\fR. In this -case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL.\s0 -.PP -To process KEKRecipientInfo types \fBCMS_set1_key()\fR or \fBCMS_RecipientInfo_set0_key()\fR -and \fBCMS_RecipientInfo_decrypt()\fR should be called before \fBCMS_decrypt()\fR and -\&\fBcert\fR and \fBpkey\fR set to \s-1NULL.\s0 -.PP -The following flags can be passed in the \fBflags\fR parameter. -.PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted -from the content. If the content is not of type \fBtext/plain\fR then an error is -returned. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_decrypt()\fR returns either 1 for success or 0 for failure. -The error can be obtained from \fBERR_get_error\fR\|(3) -.SH "BUGS" -.IX Header "BUGS" -The lack of single pass processing and the need to hold all data in memory as -mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decrypt()\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3 deleted file mode 100644 index cc5034b10dd3..000000000000 --- a/secure/lib/libcrypto/man/CMS_encrypt.3 +++ /dev/null @@ -1,233 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_ENCRYPT 3" -.TH CMS_ENCRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_encrypt \- create a CMS envelopedData structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, -\& const EVP_CIPHER *cipher, unsigned int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR -is a list of recipient certificates. \fBin\fR is the content to be encrypted. -\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" -Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this -function. -.PP -\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use -because most clients will support it. -.PP -The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of -its parameters. -.PP -Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME -envelopedData containing an S/MIME signed message. This can be readily produced -by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to -\&\fBCMS_encrypt()\fR. -.PP -The following flags can be passed in the \fBflags\fR parameter. -.PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are -prepended to the data. -.PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as -required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation -occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then -\&\fB\s-1CMS_TEXT\s0\fR is ignored. -.PP -OpenSSL will by default identify recipient certificates using issuer name -and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key -identifier value instead. An error occurs if all recipient certificates do not -have a subject key identifier extension. -.PP -If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is -returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. -.PP -If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is -returned to which additional recipients and attributes can be added before -finalization. -.PP -The data being encrypted is included in the CMS_ContentInfo structure, unless -\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in -practice and is not supported by \fBSMIME_write_CMS()\fR. -.SH "NOTES" -.IX Header "NOTES" -If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is -\&\fBnot\fR complete and outputting its contents via a function that does not -properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable -results. -.PP -Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, -\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization -can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fBBIO_new_CMS()\fR. -.PP -The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info -structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR -and \fBCMS_add0_recipient_key()\fR. -.PP -The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients -added later using \fBCMS_add1_recipient_cert()\fR or \fBCMS_add0_recipient_key()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3 deleted file mode 100644 index dd660c28d62a..000000000000 --- a/secure/lib/libcrypto/man/CMS_final.3 +++ /dev/null @@ -1,177 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_FINAL 3" -.TH CMS_FINAL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_final \- finalise a CMS_ContentInfo structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_final()\fR finalises the structure \fBcms\fR. Its purpose is to perform any -operations necessary on \fBcms\fR (digest computation for example) and set the -appropriate fields. The parameter \fBdata\fR contains the content to be -processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after -processing: this is only used with detached data and will usually be set to -\&\s-1NULL.\s0 -.SH "NOTES" -.IX Header "NOTES" -This function will normally be called when the \fB\s-1CMS_PARTIAL\s0\fR flag is used. It -should only be used when streaming is not performed because the streaming -I/O functions perform finalisation operations internally. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_final()\fR returns 1 for success or 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), -\&\fBCMS_encrypt\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 deleted file mode 100644 index dba1f218c199..000000000000 --- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 +++ /dev/null @@ -1,265 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_GET0_RECIPIENTINFOS 3" -.TH CMS_GET0_RECIPIENTINFOS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt \&\- CMS envelopedData RecipientInfo routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); -\& int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); -\& -\& int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, -\& ASN1_OCTET_STRING **keyid, -\& X509_NAME **issuer, -\& ASN1_INTEGER **sno); -\& int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); -\& int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); -\& -\& int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, -\& ASN1_OCTET_STRING **pid, -\& ASN1_GENERALIZEDTIME **pdate, -\& ASN1_OBJECT **potherid, -\& ASN1_TYPE **pothertype); -\& int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, -\& const unsigned char *id, size_t idlen); -\& int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, -\& unsigned char *key, size_t keylen); -\& -\& int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); -\& int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBCMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo -structures associated with a \s-1CMS\s0 EnvelopedData structure. -.PP -\&\fBCMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. -It will currently return \s-1CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, -CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS,\s0 or \s-1CMS_RECIPINFO_OTHER.\s0 -.PP -\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient -identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which -must be of type \s-1CMS_RECIPINFO_TRANS.\s0 Either the keyidentifier will be set in -\&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. -.PP -\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the -CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0 -It returns zero if the comparison is successful and non zero if not. -.PP -\&\fBCMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with -the CMS_RecipientInfo structure \fBri\fR, which must be of type -\&\s-1CMS_RECIPINFO_TRANS.\s0 -.PP -\&\fBCMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the -CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK.\s0 Any -of the remaining parameters can be \s-1NULL\s0 if the application is not interested in -the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written -to the corresponding parameter. The keyEncryptionAlgorithm field is written to -\&\fBpalg\fR, the \fBkeyIdentifier\fR field is written to \fBpid\fR, the \fBdate\fR field if -present is written to \fBpdate\fR, if the \fBother\fR field is present the components -\&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and -\&\fBpothertype\fR. -.PP -\&\fBCMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR -parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR, -which must be of type \s-1CMS_RECIPINFO_KEK.\s0 It returns zero if the comparison is -successful and non zero if not. -.PP -\&\fBCMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length -\&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type -\&\s-1CMS_RECIPINFO_KEK.\s0 -.PP -\&\fBCMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure -\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure -first. -.PP -\&\fBCMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure -\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure -first and the content encryption key must be available: for example by a -previous call to \fBCMS_RecipientInfo_decrypt()\fR. -.SH "NOTES" -.IX Header "NOTES" -The main purpose of these functions is to enable an application to lookup -recipient keys using any appropriate technique when the simpler method -of \fBCMS_decrypt()\fR is not appropriate. -.PP -In typical usage and application will retrieve all CMS_RecipientInfo structures -using \fBCMS_get0_RecipientInfos()\fR and check the type of each using -\&\fBCMS_RecipientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure -can be ignored or its key identifier data retrieved using an appropriate -function. Then if the corresponding secret or private key can be obtained by -any appropriate means it can then associated with the structure and -\&\fBCMS_RecipientInfo_decrypt()\fR called. If successful \fBCMS_decrypt()\fR can be called -with a \s-1NULL\s0 key to decrypt the enveloped content. -.PP -The \fBCMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an -existing enveloped data structure. Typically an application will first decrypt -an appropriate CMS_RecipientInfo structure to make the content encrypt key -available, it will then add a new recipient using a function such as -\&\fBCMS_add1_recipient_cert()\fR and finally encrypt the content encryption key -using \fBCMS_RecipientInfo_encrypt()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if -an error occurs. -.PP -\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR, \fBCMS_RecipientInfo_set0_pkey()\fR, -\&\fBCMS_RecipientInfo_kekri_get0_id()\fR, \fBCMS_RecipientInfo_set0_key()\fR and -\&\fBCMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs. -\&\fBCMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs. -.PP -\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR and \fBCMS_RecipientInfo_kekri_cmp()\fR return 0 -for a successful comparison and non zero otherwise. -.PP -Any error can be obtained from \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 deleted file mode 100644 index 22d4b12d0785..000000000000 --- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 +++ /dev/null @@ -1,218 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_GET0_SIGNERINFOS 3" -.TH CMS_GET0_SIGNERINFOS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_SignerInfo_set1_signer_cert, CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp \&\- CMS signedData signer functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); -\& -\& int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, -\& X509_NAME **issuer, ASN1_INTEGER **sno); -\& ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); -\& int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); -\& void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBCMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures -associated with a \s-1CMS\s0 signedData structure. -.PP -\&\fBCMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier -associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the -keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number -in \fBissuer\fR and \fBsno\fR. -.PP -\&\fBCMS_SignerInfo_get0_signature()\fR retrieves the signature associated with -\&\fBsi\fR in a pointer to an \s-1ASN1_OCTET_STRING\s0 structure. This pointer returned -corresponds to the internal signature value if \fBsi\fR so it may be read or -modified. -.PP -\&\fBCMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer -identifier \fBsi\fR. It returns zero if the comparison is successful and non zero -if not. -.PP -\&\fBCMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to -\&\fBsigner\fR. -.SH "NOTES" -.IX Header "NOTES" -The main purpose of these functions is to enable an application to lookup -signers certificates using any appropriate technique when the simpler method -of \fBCMS_verify()\fR is not appropriate. -.PP -In typical usage and application will retrieve all CMS_SignerInfo structures -using \fBCMS_get0_SignerInfo()\fR and retrieve the identifier information using -\&\s-1CMS.\s0 It will then obtain the signer certificate by some unspecified means -(or return and error if it cannot be found) and set it using -\&\fBCMS_SignerInfo_set1_signer_cert()\fR. -.PP -Once all signer certificates have been set \fBCMS_verify()\fR can be used. -.PP -Although \fBCMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if -there are no signers this is not a problem in practice because the only -error which can occur is if the \fBcms\fR structure is not of type signedData -due to application error. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there -are no signers or an error occurs. -.PP -\&\fBCMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. -.PP -\&\fBCMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non -zero otherwise. -.PP -\&\fBCMS_SignerInfo_set1_signer_cert()\fR does not return a value. -.PP -Any error can be obtained from \fBERR_get_error\fR\|(3) -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3 deleted file mode 100644 index 1d5a063bac5b..000000000000 --- a/secure/lib/libcrypto/man/CMS_get0_type.3 +++ /dev/null @@ -1,217 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_GET0_TYPE 3" -.TH CMS_GET0_TYPE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content \- get and set CMS content types and content -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); -\& int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); -\& const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); -\& ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as -an \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the -CMS_ContentInfo structure based on this value. -.PP -\&\fBCMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo -structure. It should be called with \s-1CMS\s0 functions (such as CMS_sign, CMS_encrypt) -with the \fB\s-1CMS_PARTIAL\s0\fR -flag and \fBbefore\fR the structure is finalised, otherwise the results are -undefined. -.PP -\&\s-1ASN1_OBJECT\s0 *\fBCMS_get0_eContentType()\fR returns a pointer to the embedded -content type. -.PP -\&\fBCMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer -containing the embedded content. -.SH "NOTES" -.IX Header "NOTES" -As the \fB0\fR implies \fBCMS_get0_type()\fR, \fBCMS_get0_eContentType()\fR and -\&\fBCMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up. -\&\fBCMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up -after use. -.PP -The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value -using \fBOBJ_obj2nid()\fR. For the currently supported content types the following -values are returned: -.PP -.Vb 6 -\& NID_pkcs7_data -\& NID_pkcs7_signed -\& NID_pkcs7_digest -\& NID_id_smime_ct_compressedData: -\& NID_pkcs7_encrypted -\& NID_pkcs7_enveloped -.Ve -.PP -The return value of \fBCMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR -content pointer. That means that for example: -.PP -.Vb 1 -\& ASN1_OCTET_STRING **pconf = CMS_get0_content(cms); -.Ve -.PP -\&\fB*pconf\fR could be \s-1NULL\s0 if there is no embedded content. Applications can -access, modify or create the embedded content in a \fBCMS_ContentInfo\fR structure -using this function. Applications usually will not need to modify the -embedded content as it is normally set by higher level functions. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_get0_type()\fR and \fBCMS_get0_eContentType()\fR return an \s-1ASN1_OBJECT\s0 structure. -.PP -\&\fBCMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The -error can be obtained from \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 deleted file mode 100644 index f28fb192ae87..000000000000 --- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 +++ /dev/null @@ -1,209 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_GET1_RECEIPTREQUEST 3" -.TH CMS_GET1_RECEIPTREQUEST 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values \- CMS signed receipt request functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, -\& int allorfirst, -\& STACK_OF(GENERAL_NAMES) *receiptList, -\& STACK_OF(GENERAL_NAMES) *receiptsTo); -\& int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); -\& int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); -\& void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, -\& int *pallorfirst, -\& STACK_OF(GENERAL_NAMES) **plist, -\& STACK_OF(GENERAL_NAMES) **prto); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The -\&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set -to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL.\s0 If \fBreceiptList\fR is \s-1NULL\s0 -the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of -the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBreceiptList\fR -option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the -\&\fBreceiptsTo\fR field value. -.PP -The \fBCMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR -to SignerInfo structure \fBsi\fR. -.PP -int \fBCMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if -any is found it is decoded and written to \fBprr\fR. -.PP -\&\fBCMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request. -The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR -option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR -otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR -parameter is copied to \fBprto\fR. -.SH "NOTES" -.IX Header "NOTES" -For more details of the meaning of the fields see \s-1RFC2634.\s0 -.PP -The contents of a signed receipt should only be considered meaningful if the -corresponding CMS_ContentInfo structure can be successfully verified using -\&\fBCMS_verify()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or -\&\s-1NULL\s0 if an error occurred. -.PP -\&\fBCMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. -.PP -\&\fBCMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and -decoded. It returns 0 if a signed receipt request is not present and \-1 if -it is present but malformed. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), -\&\fBCMS_sign_receipt\fR\|(3), \fBCMS_verify\fR\|(3) -\&\fBCMS_verify_receipt\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3 deleted file mode 100644 index b633d6b2e828..000000000000 --- a/secure/lib/libcrypto/man/CMS_sign.3 +++ /dev/null @@ -1,258 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_SIGN 3" -.TH CMS_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_sign \- create a CMS SignedData structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, -\& BIO *data, unsigned int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is -the certificate to sign with, \fBpkey\fR is the corresponding private key. -\&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0 -structure (for example any intermediate CAs in the chain). Any or all of -these parameters can be \fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below. -.PP -The data to be signed is read from \s-1BIO\s0 \fBdata\fR. -.PP -\&\fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" -Any of the following flags (ored together) can be passed in the \fBflags\fR -parameter. -.PP -Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If -the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended -to the data. -.PP -If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the -CMS_ContentInfo structure, the signer's certificate must still be supplied in -the \fBsigncert\fR parameter though. This can reduce the size of the signature if -the signers certificate can be obtained by other means: for example a -previously signed message. -.PP -The data being signed is included in the CMS_ContentInfo structure, unless -\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is used for -CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed -messages for example. -.PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as -required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation -occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. -.PP -The SignedData structure includes several \s-1CMS\s0 signedAttributes including the -signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an -SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes -will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are -omitted. -.PP -If present the SMIMECapabilities attribute indicates support for the following -algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 -bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 -If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is -not loaded. -.PP -OpenSSL will by default identify signing certificates using issuer name -and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key -identifier value instead. An error occurs if the signing certificate does not -have a subject key identifier extension. -.PP -If the flags \fB\s-1CMS_STREAM\s0\fR is set then the returned \fBCMS_ContentInfo\fR -structure is just initialized ready to perform the signing operation. The -signing is however \fBnot\fR performed and the data to be signed is not read from -the \fBdata\fR parameter. Signing is deferred until after the data has been -written. In this way data can be signed in a single pass. -.PP -If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is -output to which additional signers and capabilities can be added before -finalization. -.PP -If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is -\&\fBnot\fR complete and outputting its contents via a function that does not -properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable -results. -.PP -Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, -\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization -can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fBBIO_new_CMS()\fR. -.PP -If a signer is specified it will use the default digest for the signing -algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. -.PP -If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is -output. -.PP -The function \fBCMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be -suitable for many purposes. For finer control of the output format the -\&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the -\&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the -function \fBCMS_sign_add1_signer()\fR, non default digests can be used and custom -attributes added. \fBCMS_final()\fR must then be called to finalize the -structure if streaming is not enabled. -.SH "BUGS" -.IX Header "BUGS" -Some attributes such as counter signatures are not supported. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8, -it is supported for embedded data in OpenSSL 1.0.0 and later. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3 deleted file mode 100644 index 01ae08974664..000000000000 --- a/secure/lib/libcrypto/man/CMS_sign_receipt.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_SIGN_RECEIPT 3" -.TH CMS_SIGN_RECEIPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_sign_receipt \- create a CMS signed receipt -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, -\& EVP_PKEY *pkey, STACK_OF(X509) *certs, -\& unsigned int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is -the \fBCMS_SignerInfo\fR structure containing the signed receipt request. -\&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding -private key. \fBcerts\fR is an optional additional set of certificates to include -in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). -.PP -\&\fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" -This functions behaves in a similar way to \fBCMS_sign()\fR except the flag values -\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR -are not supported since they do not make sense in the context of signed -receipts. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if -an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), -\&\fBCMS_verify_receipt\fR\|(3), -\&\fBCMS_sign\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3 deleted file mode 100644 index eac1a921aee4..000000000000 --- a/secure/lib/libcrypto/man/CMS_uncompress.3 +++ /dev/null @@ -1,189 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_UNCOMPRESS 3" -.TH CMS_UNCOMPRESS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_uncompress \- uncompress a CMS CompressedData structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 -CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and -\&\fBflags\fR is an optional set of flags. -.PP -The \fBdcont\fR parameter is used in the rare case where the compressed content -is detached. It will normally be set to \s-1NULL.\s0 -.SH "NOTES" -.IX Header "NOTES" -The only currently supported compression algorithm is zlib: if the structure -indicates the use of any other algorithm an error is returned. -.PP -If zlib support is not compiled into OpenSSL then \fBCMS_uncompress()\fR will always -return an error. -.PP -The following flags can be passed in the \fBflags\fR parameter. -.PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted -from the content. If the content is not of type \fBtext/plain\fR then an error is -returned. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can -be obtained from \fBERR_get_error\fR\|(3) -.SH "BUGS" -.IX Header "BUGS" -The lack of single pass processing and the need to hold all data in memory as -mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decompress()\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_compress\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3 deleted file mode 100644 index 1031b46acf8a..000000000000 --- a/secure/lib/libcrypto/man/CMS_verify.3 +++ /dev/null @@ -1,261 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_VERIFY 3" -.TH CMS_VERIFY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, -\& BIO *indata, BIO *out, unsigned int flags); -\& -\& STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo -structure to verify. \fBcerts\fR is a set of certificates in which to search for -the signing certificate(s). \fBstore\fR is a trusted certificate store used for -chain verification. \fBindata\fR is the detached content if the content is not -present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL.\s0 -.PP -\&\fBflags\fR is an optional set of flags, which can be used to modify the verify -operation. -.PP -\&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must -be called after a successful \fBCMS_verify()\fR operation. -.SH "VERIFY PROCESS" -.IX Header "VERIFY PROCESS" -Normally the verify process proceeds as follows. -.PP -Initially some sanity checks are performed on \fBcms\fR. The type of \fBcms\fR must -be SignedData. There must be at least one signature on the data and if -the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. -.PP -An attempt is made to locate all the signing certificate(s), first looking in -the \fBcerts\fR parameter (if it is not \s-1NULL\s0) and then looking in any -certificates contained in the \fBcms\fR structure itself. If any signing -certificate cannot be located the operation fails. -.PP -Each signing certificate is chain verified using the \fBsmimesign\fR purpose and -the supplied trusted certificate store. Any internal certificates in the message -are used as untrusted CAs. If \s-1CRL\s0 checking is enabled in \fBstore\fR any internal -CRLs are used in addition to attempting to look them up in \fBstore\fR. If any -chain verify fails an error code is returned. -.PP -Finally the signed content is read (and written to \fBout\fR if it is not \s-1NULL\s0) -and the signature's checked. -.PP -If all signature's verify correctly then the function is successful. -.PP -Any of the following flags (ored together) can be passed in the \fBflags\fR -parameter to change the default verify behaviour. -.PP -If \fB\s-1CMS_NOINTERN\s0\fR is set the certificates in the message itself are not -searched when locating the signing certificate(s). This means that all the -signing certificates must be in the \fBcerts\fR parameter. -.PP -If \fB\s-1CMS_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fBstore\fR then any -CRLs in the message itself are ignored. -.PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted -from the content. If the content is not of type \fBtext/plain\fR then an error is -returned. -.PP -If \fB\s-1CMS_NO_SIGNER_CERT_VERIFY\s0\fR is set the signing certificates are not -verified. -.PP -If \fB\s-1CMS_NO_ATTR_VERIFY\s0\fR is set the signed attributes signature is not -verified. -.PP -If \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR is set then the content digest is not checked. -.SH "NOTES" -.IX Header "NOTES" -One application of \fB\s-1CMS_NOINTERN\s0\fR is to only accept messages signed by -a small number of certificates. The acceptable certificates would be passed -in the \fBcerts\fR parameter. In this case if the signer is not one of the -certificates supplied in \fBcerts\fR then the verify will fail because the -signer cannot be found. -.PP -In some cases the standard techniques for looking up and validating -certificates are not appropriate: for example an application may wish to -lookup certificates in a database or perform customised verification. This -can be achieved by setting and verifying the signers certificates manually -using the signed data utility functions. -.PP -Care should be taken when modifying the default verify behaviour, for example -setting \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR will totally disable all content verification -and any modified content will be considered valid. This combination is however -useful if one merely wishes to write the content to \fBout\fR and its validity -is not considered important. -.PP -Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the -signer it cannot be trusted without additional evidence (such as a trusted -timestamp). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_verify()\fR returns 1 for a successful verification and zero if an error -occurred. -.PP -\&\fBCMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. -.PP -The error can be obtained from \fBERR_get_error\fR\|(3) -.SH "BUGS" -.IX Header "BUGS" -The trusted certificate store is not searched for the signing certificate, -this is primarily due to the inadequacies of the current \fBX509_STORE\fR -functionality. -.PP -The lack of single pass processing means that the signed content must all -be held in memory if it is not detached. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3 deleted file mode 100644 index 0e90ff6de902..000000000000 --- a/secure/lib/libcrypto/man/CMS_verify_receipt.3 +++ /dev/null @@ -1,185 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_VERIFY_RECEIPT 3" -.TH CMS_VERIFY_RECEIPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CMS_verify_receipt \- verify a CMS signed receipt -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, -\& STACK_OF(X509) *certs, X509_STORE *store, -\& unsigned int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed -receipt to verify. \fBocms\fR is the original SignedData structure containing the -receipt request. \fBcerts\fR is a set of certificates in which to search for the -signing certificate. \fBstore\fR is a trusted certificate store (used for chain -verification). -.PP -\&\fBflags\fR is an optional set of flags, which can be used to modify the verify -operation. -.SH "NOTES" -.IX Header "NOTES" -This functions behaves in a similar way to \fBCMS_verify()\fR except the flag values -\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not -supported since they do not make sense in the context of signed receipts. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCMS_verify_receipt()\fR returns 1 for a successful verification and zero if an -error occurred. -.PP -The error can be obtained from \fBERR_get_error\fR\|(3) -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), -\&\fBCMS_sign_receipt\fR\|(3), -\&\fBCMS_verify\fR\|(3), -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3 deleted file mode 100644 index 96020613e9e6..000000000000 --- a/secure/lib/libcrypto/man/CONF_modules_free.3 +++ /dev/null @@ -1,190 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CONF_MODULES_FREE 3" -.TH CONF_MODULES_FREE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CONF_modules_free, CONF_modules_finish, CONF_modules_unload \- OpenSSL configuration cleanup functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void CONF_modules_finish(void); -\& void CONF_modules_unload(int all); -.Ve -.PP -Deprecated: -.PP -.Vb 3 -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void CONF_modules_free(void) -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCONF_modules_free()\fR closes down and frees up all memory allocated by all -configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, -applications called -\&\fBCONF_modules_free()\fR at exit to tidy up any configuration performed. -.PP -\&\fBCONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler -to free up any configuration that module may have performed. -.PP -\&\fBCONF_modules_unload()\fR finishes and unloads configuration modules. If -\&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If -\&\fBall\fR is \fB1\fR all modules, including builtin modules will be unloaded. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -None of the functions return a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3), -\&\fBCONF_modules_load_file\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBCONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it. -For more information see \fBOPENSSL_init_crypto\fR\|(3). -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3 deleted file mode 100644 index f5b5d22a7381..000000000000 --- a/secure/lib/libcrypto/man/CONF_modules_load_file.3 +++ /dev/null @@ -1,282 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CONF_MODULES_LOAD_FILE 3" -.TH CONF_MODULES_LOAD_FILE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CONF_modules_load_file, CONF_modules_load \- OpenSSL configuration functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int CONF_modules_load_file(const char *filename, const char *appname, -\& unsigned long flags); -\& int CONF_modules_load(const CONF *cnf, const char *appname, -\& unsigned long flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBCONF_modules_load_file()\fR configures OpenSSL using file -\&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0 -the standard OpenSSL configuration file is used. If \fBappname\fR is -\&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used. -The behaviour can be customized using \fBflags\fR. -.PP -\&\fBCONF_modules_load()\fR is identical to \fBCONF_modules_load_file()\fR except it -reads configuration information from \fBcnf\fR. -.SH "NOTES" -.IX Header "NOTES" -The following \fBflags\fR are currently recognized: -.PP -If \fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR is set errors returned by individual -configuration modules are ignored. If not set the first module error is -considered fatal and no further modules are loaded. -.PP -Normally any modules errors will add error information to the error queue. If -\&\fB\s-1CONF_MFLAGS_SILENT\s0\fR is set no error information is added. -.PP -If \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR is set the function unconditionally -returns success. -This is used by default in \fBOPENSSL_init_crypto\fR\|(3) to ignore any errors in -the default system-wide configuration file, as having all OpenSSL applications -fail to start when there are potentially minor issues in the file is too risky. -Applications calling \fBCONF_modules_load_file\fR explicitly should not generally -set this flag. -.PP -If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is -disabled. -.PP -\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fBCONF_load_modules_file()\fR -ignore missing configuration files. Normally a missing configuration file -return an error. -.PP -\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR if set and \fBappname\fR is not \s-1NULL\s0 will use the -default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist. -.PP -By using \fBCONF_modules_load_file()\fR with appropriate flags an application can -customise application configuration to best suit its needs. In some cases the -use of a configuration file is optional and its absence is not an error: in -this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set. -.PP -Errors during configuration may also be handled differently by different -applications. For example in some cases an error may simply print out a warning -message and the application continue. In other cases an application might -consider a configuration file error as fatal and exit immediately. -.PP -Applications can use the \fBCONF_modules_load()\fR function if they wish to load a -configuration file themselves and have finer control over how errors are -treated. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return 1 for success and a zero or negative value for -failure. If module errors are not ignored the return code will reflect the -return value of the failing module (this will always be zero or negative). -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Load a configuration file and print out any errors and exit (missing file -considered fatal): -.PP -.Vb 5 -\& if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { -\& fprintf(stderr, "FATAL: error loading configuration file\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -.Ve -.PP -Load default configuration file using the section indicated by \*(L"myapp\*(R", -tolerate missing files, but exit on other errors: -.PP -.Vb 6 -\& if (CONF_modules_load_file(NULL, "myapp", -\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { -\& fprintf(stderr, "FATAL: error loading configuration file\en"); -\& ERR_print_errors_fp(stderr); -\& exit(1); -\& } -.Ve -.PP -Load custom configuration file and section, only print warnings on error, -missing configuration file ignored: -.PP -.Vb 5 -\& if (CONF_modules_load_file("/something/app.cnf", "myapp", -\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { -\& fprintf(stderr, "WARNING: error loading configuration file\en"); -\& ERR_print_errors_fp(stderr); -\& } -.Ve -.PP -Load and parse configuration file manually, custom error handling: -.PP -.Vb 3 -\& FILE *fp; -\& CONF *cnf = NULL; -\& long eline; -\& -\& fp = fopen("/somepath/app.cnf", "r"); -\& if (fp == NULL) { -\& fprintf(stderr, "Error opening configuration file\en"); -\& /* Other missing configuration file behaviour */ -\& } else { -\& cnf = NCONF_new(NULL); -\& if (NCONF_load_fp(cnf, fp, &eline) == 0) { -\& fprintf(stderr, "Error on line %ld of configuration file\en", eline); -\& ERR_print_errors_fp(stderr); -\& /* Other malformed configuration file behaviour */ -\& } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { -\& fprintf(stderr, "Error configuring application\en"); -\& ERR_print_errors_fp(stderr); -\& /* Other configuration error behaviour */ -\& } -\& fclose(fp); -\& NCONF_free(cnf); -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 b/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 deleted file mode 100644 index 6e638d566043..000000000000 --- a/secure/lib/libcrypto/man/CRYPTO_THREAD_run_once.3 +++ /dev/null @@ -1,283 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CRYPTO_THREAD_RUN_ONCE 3" -.TH CRYPTO_THREAD_RUN_ONCE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CRYPTO_THREAD_run_once, CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add \- OpenSSL thread support -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT; -\& int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); -\& -\& CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); -\& int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); -\& int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); -\& int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); -\& void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); -\& -\& int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -OpenSSL can be safely used in multi-threaded applications provided that -support for the underlying \s-1OS\s0 threading \s-1API\s0 is built-in. Currently, OpenSSL -supports the pthread and Windows APIs. OpenSSL can also be built without -any multi-threading support, for example on platforms that don't provide -any threading support or that provide a threading \s-1API\s0 that is not yet -supported by OpenSSL. -.PP -The following multi-threading function are provided: -.IP "\(bu" 2 -\&\fBCRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization. -The \fBonce\fR argument must be a pointer to a static object of type -\&\fB\s-1CRYPTO_ONCE\s0\fR that was statically initialized to the value -\&\fB\s-1CRYPTO_ONCE_STATIC_INIT\s0\fR. -The \fBinit\fR argument is a pointer to a function that performs the desired -exactly once initialization. -In particular, this can be used to allocate locks in a thread-safe manner, -which can then be used with the locking functions below. -.IP "\(bu" 2 -\&\fBCRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write -lock. -.IP "\(bu" 2 -\&\fBCRYPTO_THREAD_read_lock()\fR locks the provided \fBlock\fR for reading. -.IP "\(bu" 2 -\&\fBCRYPTO_THREAD_write_lock()\fR locks the provided \fBlock\fR for writing. -.IP "\(bu" 2 -\&\fBCRYPTO_THREAD_unlock()\fR unlocks the previously locked \fBlock\fR. -.IP "\(bu" 2 -\&\fBCRYPTO_THREAD_lock_free()\fR frees the provided \fBlock\fR. -.IP "\(bu" 2 -\&\fBCRYPTO_atomic_add()\fR atomically adds \fBamount\fR to \fBval\fR and returns the -result of the operation in \fBret\fR. \fBlock\fR will be locked, unless atomic -operations are supported on the specific platform. Because of this, if a -variable is modified by \fBCRYPTO_atomic_add()\fR then \fBCRYPTO_atomic_add()\fR must -be the only way that the variable is modified. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error. -.PP -\&\fBCRYPTO_THREAD_lock_new()\fR returns the allocated lock, or \s-1NULL\s0 on error. -.PP -\&\fBCRYPTO_THREAD_lock_free()\fR returns no value. -.PP -The other functions return 1 on success, or 0 on error. -.SH "NOTES" -.IX Header "NOTES" -On Windows platforms the CRYPTO_THREAD_* types and functions in the -openssl/crypto.h header are dependent on some of the types customarily -made available by including windows.h. The application developer is -likely to require control over when the latter is included, commonly as -one of the first included headers. Therefore it is defined as an -application developer's responsibility to include windows.h prior to -crypto.h where use of CRYPTO_THREAD_* types and functions is required. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -This example safely initializes and uses a lock. -.PP -.Vb 4 -\& #ifdef _WIN32 -\& # include -\& #endif -\& #include -\& -\& static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT; -\& static CRYPTO_RWLOCK *lock; -\& -\& static void myinit(void) -\& { -\& lock = CRYPTO_THREAD_lock_new(); -\& } -\& -\& static int mylock(void) -\& { -\& if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL) -\& return 0; -\& return CRYPTO_THREAD_write_lock(lock); -\& } -\& -\& static int myunlock(void) -\& { -\& return CRYPTO_THREAD_unlock(lock); -\& } -\& -\& int serialized(void) -\& { -\& int ret = 0; -\& -\& if (mylock()) { -\& /* Your code here, do not return without releasing the lock! */ -\& ret = ... ; -\& } -\& myunlock(); -\& return ret; -\& } -.Ve -.PP -Finalization of locks is an advanced topic, not covered in this example. -This can only be done at process exit or when a dynamically loaded library is -no longer in use and is unloaded. -The simplest solution is to just \*(L"leak\*(R" the lock in applications and not -repeatedly load/unload shared libraries that allocate locks. -.SH "NOTES" -.IX Header "NOTES" -You can find out if OpenSSL was configured with thread support: -.PP -.Vb 6 -\& #include -\& #if defined(OPENSSL_THREADS) -\& /* thread support enabled */ -\& #else -\& /* no thread support */ -\& #endif -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 b/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 deleted file mode 100644 index 503fa928855f..000000000000 --- a/secure/lib/libcrypto/man/CRYPTO_get_ex_new_index.3 +++ /dev/null @@ -1,298 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CRYPTO_GET_EX_NEW_INDEX 3" -.TH CRYPTO_GET_EX_NEW_INDEX 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_set_ex_data, CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data \&\- functions supporting application\-specific data -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int CRYPTO_get_ex_new_index(int class_index, -\& long argl, void *argp, -\& CRYPTO_EX_new *new_func, -\& CRYPTO_EX_dup *dup_func, -\& CRYPTO_EX_free *free_func); -\& -\& typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -\& int idx, long argl, void *argp); -\& typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, -\& int idx, long argl, void *argp); -\& typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, -\& void *from_d, int idx, long argl, void *argp); -\& -\& int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -\& -\& int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); -\& -\& void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); -\& -\& void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r); -\& -\& int CRYPTO_free_ex_index(int class_index, int idx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Several OpenSSL structures can have application-specific data attached to them, -known as \*(L"exdata.\*(R" -The specific structures are: -.PP -.Vb 10 -\& APP -\& BIO -\& DH -\& DRBG -\& DSA -\& EC_KEY -\& ENGINE -\& RSA -\& SSL -\& SSL_CTX -\& SSL_SESSION -\& UI -\& UI_METHOD -\& X509 -\& X509_STORE -\& X509_STORE_CTX -.Ve -.PP -Each is identified by an \fBCRYPTO_EX_INDEX_xxx\fR define in the \fBcrypto.h\fR -header file. In addition, \fB\s-1CRYPTO_EX_INDEX_APP\s0\fR is reserved for -applications to use this facility for their own structures. -.PP -The \s-1API\s0 described here is used by OpenSSL to manipulate exdata for specific -structures. Since the application data can be anything at all it is passed -and retrieved as a \fBvoid *\fR type. -.PP -The \fB\s-1CRYPTO_EX_DATA\s0\fR type is opaque. To initialize the exdata part of -a structure, call \fBCRYPTO_new_ex_data()\fR. This is only necessary for -\&\fB\s-1CRYPTO_EX_INDEX_APP\s0\fR objects. -.PP -Exdata types are identified by an \fBindex\fR, an integer guaranteed to be -unique within structures for the lifetime of the program. Applications -using exdata typically call \fBCRYPTO_get_ex_new_index\fR at startup, and -store the result in a global variable, or write a wrapper function to -provide lazy evaluation. The \fBclass_index\fR should be one of the -\&\fBCRYPTO_EX_INDEX_xxx\fR values. The \fBargl\fR and \fBargp\fR parameters are saved -to be passed to the callbacks but are otherwise not used. In order to -transparently manipulate exdata, three callbacks must be provided. The -semantics of those callbacks are described below. -.PP -When copying or releasing objects with exdata, the callback functions -are called in increasing order of their \fBindex\fR value. -.PP -If a dynamic library can be unloaded, it should call \fBCRYPTO_free_ex_index()\fR -when this is done. -This will replace the callbacks with no-ops -so that applications don't crash. Any existing exdata will be leaked. -.PP -To set or get the exdata on an object, the appropriate type-specific -routine must be used. This is because the containing structure is opaque -and the \fB\s-1CRYPTO_EX_DATA\s0\fR field is not accessible. In both \s-1API\s0's, the -\&\fBidx\fR parameter should be an already-created index value. -.PP -When setting exdata, the pointer specified with a particular index is saved, -and returned on a subsequent \*(L"get\*(R" call. If the application is going to -release the data, it must make sure to set a \fB\s-1NULL\s0\fR value at the index, -to avoid likely double-free crashes. -.PP -The function \fBCRYPTO_free_ex_data\fR is used to free all exdata attached -to a structure. The appropriate type-specific routine must be used. -The \fBclass_index\fR identifies the structure type, the \fBobj\fR is -a pointer to the actual structure, and \fBr\fR is a pointer to the -structure's exdata field. -.SS "Callback Functions" -.IX Subsection "Callback Functions" -This section describes how the callback functions are used. Applications -that are defining their own exdata using \fB\s-1CYPRTO_EX_INDEX_APP\s0\fR must -call them as described here. -.PP -When a structure is initially allocated (such as \fBRSA_new()\fR) then the -\&\fBnew_func()\fR is called for every defined index. There is no requirement -that the entire parent, or containing, structure has been set up. -The \fBnew_func()\fR is typically used only to allocate memory to store the -exdata, and perhaps an \*(L"initialized\*(R" flag within that memory. -The exdata value should be set by calling \fBCRYPTO_set_ex_data()\fR. -.PP -When a structure is free'd (such as \fBSSL_CTX_free()\fR) then the -\&\fBfree_func()\fR is called for every defined index. Again, the state of the -parent structure is not guaranteed. The \fBfree_func()\fR may be called with a -\&\s-1NULL\s0 pointer. -.PP -Both \fBnew_func()\fR and \fBfree_func()\fR take the same parameters. -The \fBparent\fR is the pointer to the structure that contains the exdata. -The \fBptr\fR is the current exdata item; for \fBnew_func()\fR this will typically -be \s-1NULL.\s0 The \fBr\fR parameter is a pointer to the exdata field of the object. -The \fBidx\fR is the index and is the value returned when the callbacks were -initially registered via \fBCRYPTO_get_ex_new_index()\fR and can be used if -the same callback handles different types of exdata. -.PP -\&\fBdup_func()\fR is called when a structure is being copied. This is only done -for \fB\s-1SSL\s0\fR, \fB\s-1SSL_SESSION\s0\fR, \fB\s-1EC_KEY\s0\fR objects and \fB\s-1BIO\s0\fR chains via -\&\fBBIO_dup_chain()\fR. The \fBto\fR and \fBfrom\fR parameters -are pointers to the destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures, -respectively. The \fBfrom_d\fR parameter needs to be cast to a \fBvoid **pptr\fR -as the \s-1API\s0 has currently the wrong signature; that will be changed in a -future version. The \fB*pptr\fR is a pointer to the source exdata. -When the \fBdup_func()\fR returns, the value in \fB*pptr\fR is copied to the -destination ex_data. If the pointer contained in \fB*pptr\fR is not modified -by the \fBdup_func()\fR, then both \fBto\fR and \fBfrom\fR will point to the same data. -The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are as described for the other -two callbacks. If the \fBdup_func()\fR returns \fB0\fR the whole \fBCRYPTO_dup_ex_data()\fR -will fail. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCRYPTO_get_ex_new_index()\fR returns a new index or \-1 on failure. -.PP -\&\fBCRYPTO_free_ex_index()\fR and -\&\fBCRYPTO_set_ex_data()\fR return 1 on success or 0 on failure. -.PP -\&\fBCRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure; -note that \s-1NULL\s0 may be a valid value. -.PP -\&\fBdup_func()\fR should return 0 for failure and 1 for success. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CRYPTO_memcmp.3 b/secure/lib/libcrypto/man/CRYPTO_memcmp.3 deleted file mode 100644 index 2474f4b6ab57..000000000000 --- a/secure/lib/libcrypto/man/CRYPTO_memcmp.3 +++ /dev/null @@ -1,171 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CRYPTO_MEMCMP 3" -.TH CRYPTO_MEMCMP 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CRYPTO_memcmp \- Constant time memory comparison -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int CRYPTO_memcmp(const void *a, const void *b, size_t len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The CRYPTO_memcmp function compares the \fBlen\fR bytes pointed to by \fBa\fR and \fBb\fR -for equality. -It takes an amount of time dependent on \fBlen\fR, but independent of the -contents of the memory regions pointed to by \fBa\fR and \fBb\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCRYPTO_memcmp()\fR returns 0 if the memory regions are equal and non-zero -otherwise. -.SH "NOTES" -.IX Header "NOTES" -Unlike \fBmemcmp\fR\|(2), this function cannot be used to order the two memory regions -as the return value when they differ is undefined, other than being non-zero. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 b/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 deleted file mode 100644 index a1ffd4a69cb3..000000000000 --- a/secure/lib/libcrypto/man/CTLOG_STORE_get0_log_by_id.3 +++ /dev/null @@ -1,179 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3" -.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CTLOG_STORE_get0_log_by_id \- Get a Certificate Transparency log from a CTLOG_STORE -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, -\& const uint8_t *log_id, -\& size_t log_id_len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A Signed Certificate Timestamp (\s-1SCT\s0) identifies the Certificate Transparency -(\s-1CT\s0) log that issued it using the log's LogID (see \s-1RFC 6962,\s0 Section 3.2). -Therefore, it is useful to be able to look up more information about a log -(e.g. its public key) using this LogID. -.PP -\&\fBCTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a \s-1CTLOG\s0 -in a \s-1CTLOG_STORE\s0 that has a given LogID. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCTLOG_STORE_get0_log_by_id\fR returns a \s-1CTLOG\s0 with the given LogID, if it -exists in the given \s-1CTLOG_STORE,\s0 otherwise it returns \s-1NULL.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBct\fR\|(7), -\&\fBCTLOG_STORE_new\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBCTLOG_STORE_get0_log_by_id()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CTLOG_STORE_new.3 b/secure/lib/libcrypto/man/CTLOG_STORE_new.3 deleted file mode 100644 index 99743eb0c91c..000000000000 --- a/secure/lib/libcrypto/man/CTLOG_STORE_new.3 +++ /dev/null @@ -1,209 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CTLOG_STORE_NEW 3" -.TH CTLOG_STORE_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CTLOG_STORE_new, CTLOG_STORE_free, CTLOG_STORE_load_default_file, CTLOG_STORE_load_file \- Create and populate a Certificate Transparency log list -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CTLOG_STORE *CTLOG_STORE_new(void); -\& void CTLOG_STORE_free(CTLOG_STORE *store); -\& -\& int CTLOG_STORE_load_default_file(CTLOG_STORE *store); -\& int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A \s-1CTLOG_STORE\s0 is a container for a list of CTLOGs (Certificate Transparency -logs). The list can be loaded from one or more files and then searched by LogID -(see \s-1RFC 6962,\s0 Section 3.2, for the definition of a LogID). -.PP -\&\fBCTLOG_STORE_new()\fR creates an empty list of \s-1CT\s0 logs. This is then populated -by \fBCTLOG_STORE_load_default_file()\fR or \fBCTLOG_STORE_load_file()\fR. -\&\fBCTLOG_STORE_load_default_file()\fR loads from the default file, which is named -\&\*(L"ct_log_list.cnf\*(R" in \s-1OPENSSLDIR\s0 (see the output of version). This can be -overridden using an environment variable named \*(L"\s-1CTLOG_FILE\*(R".\s0 -\&\fBCTLOG_STORE_load_file()\fR loads from a caller-specified file path instead. -Both of these functions append any loaded \s-1CT\s0 logs to the \s-1CTLOG_STORE.\s0 -.PP -The expected format of the file is: -.PP -.Vb 1 -\& enabled_logs=foo,bar -\& -\& [foo] -\& description = Log 1 -\& key = -\& -\& [bar] -\& description = Log 2 -\& key = -.Ve -.PP -Once a \s-1CTLOG_STORE\s0 is no longer required, it should be passed to -\&\fBCTLOG_STORE_free()\fR. This will delete all of the CTLOGs stored within, along -with the \s-1CTLOG_STORE\s0 itself. -.SH "NOTES" -.IX Header "NOTES" -If there are any invalid \s-1CT\s0 logs in a file, they are skipped and the remaining -valid logs will still be added to the \s-1CTLOG_STORE. A CT\s0 log will be considered -invalid if it is missing a \*(L"key\*(R" or \*(L"description\*(R" field. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Both \fBCTLOG_STORE_load_default_file\fR and \fBCTLOG_STORE_load_file\fR return 1 if -all \s-1CT\s0 logs in the file are successfully parsed and loaded, 0 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBct\fR\|(7), -\&\fBCTLOG_STORE_get0_log_by_id\fR\|(3), -\&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CTLOG_new.3 b/secure/lib/libcrypto/man/CTLOG_new.3 deleted file mode 100644 index 4eb73ff5abcd..000000000000 --- a/secure/lib/libcrypto/man/CTLOG_new.3 +++ /dev/null @@ -1,201 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CTLOG_NEW 3" -.TH CTLOG_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CTLOG_new, CTLOG_new_from_base64, CTLOG_free, CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key \- encapsulates information about a Certificate Transparency log -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); -\& int CTLOG_new_from_base64(CTLOG ** ct_log, -\& const char *pkey_base64, const char *name); -\& void CTLOG_free(CTLOG *log); -\& const char *CTLOG_get0_name(const CTLOG *log); -\& void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, -\& size_t *log_id_len); -\& EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBCTLOG_new()\fR returns a new \s-1CTLOG\s0 that represents the Certificate Transparency -(\s-1CT\s0) log with the given public key. A name must also be provided that can be -used to help users identify this log. Ownership of the public key is -transferred. -.PP -\&\fBCTLOG_new_from_base64()\fR also creates a new \s-1CTLOG,\s0 but takes the public key in -base64\-encoded \s-1DER\s0 form and sets the ct_log pointer to point to the new \s-1CTLOG.\s0 -The base64 will be decoded and the public key parsed. -.PP -Regardless of whether \fBCTLOG_new()\fR or \fBCTLOG_new_from_base64()\fR is used, it is the -caller's responsibility to pass the \s-1CTLOG\s0 to \fBCTLOG_free()\fR once it is no longer -needed. This will delete it and, if created by \fBCTLOG_new()\fR, the \s-1EVP_PKEY\s0 that -was passed to it. -.PP -\&\fBCTLOG_get0_name()\fR returns the name of the log, as provided when the \s-1CTLOG\s0 was -created. Ownership of the string remains with the \s-1CTLOG.\s0 -.PP -\&\fBCTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log's -LogID (see \s-1RFC 6962\s0). It sets *log_id_len to the length of that LogID. For a -v1 \s-1CT\s0 log, the LogID will be a \s-1SHA\-256\s0 hash (i.e. 32 bytes long). Ownership of -the string remains with the \s-1CTLOG.\s0 -.PP -\&\fBCTLOG_get0_public_key()\fR returns the public key of the \s-1CT\s0 log. Ownership of the -\&\s-1EVP_PKEY\s0 remains with the \s-1CTLOG.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCTLOG_new()\fR will return \s-1NULL\s0 if an error occurs. -.PP -\&\fBCTLOG_new_from_base64()\fR will return 1 on success, 0 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBct\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 b/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 deleted file mode 100644 index 70e7d6fb4bf0..000000000000 --- a/secure/lib/libcrypto/man/CT_POLICY_EVAL_CTX_new.3 +++ /dev/null @@ -1,229 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CT_POLICY_EVAL_CTX_NEW 3" -.TH CT_POLICY_EVAL_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time \- Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); -\& void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); -\& X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); -\& int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); -\& X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); -\& int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); -\& const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); -\& void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, -\& CTLOG_STORE *log_store); -\& uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); -\& void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A \fB\s-1CT_POLICY_EVAL_CTX\s0\fR is used by functions that evaluate whether Signed -Certificate Timestamps (SCTs) fulfil a Certificate Transparency (\s-1CT\s0) policy. -This policy may be, for example, that at least one valid \s-1SCT\s0 is available. To -determine this, an \s-1SCT\s0's timestamp and signature must be verified. -This requires: -.IP "\(bu" 2 -the public key of the log that issued the \s-1SCT\s0 -.IP "\(bu" 2 -the certificate that the \s-1SCT\s0 was issued for -.IP "\(bu" 2 -the issuer certificate (if the \s-1SCT\s0 was issued for a pre-certificate) -.IP "\(bu" 2 -the current time -.PP -The above requirements are met using the setters described below. -.PP -\&\fBCT_POLICY_EVAL_CTX_new()\fR creates an empty policy evaluation context. This -should then be populated using: -.IP "\(bu" 2 -\&\fBCT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for -.Sp -Increments the reference count of the certificate. -.IP "\(bu" 2 -\&\fBCT_POLICY_EVAL_CTX_set1_issuer()\fR to provide the issuer certificate -.Sp -Increments the reference count of the certificate. -.IP "\(bu" 2 -\&\fBCT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE()\fR to provide a list of logs that are trusted as sources of SCTs -.Sp -Holds a pointer to the \s-1CTLOG_STORE,\s0 so the \s-1CTLOG_STORE\s0 must outlive the -\&\s-1CT_POLICY_EVAL_CTX.\s0 -.IP "\(bu" 2 -\&\fBCT_POLICY_EVAL_CTX_set_time()\fR to set the time SCTs should be compared with to determine if they are valid -.Sp -The \s-1SCT\s0 timestamp will be compared to this time to check whether the \s-1SCT\s0 was -issued in the future. \s-1RFC6962\s0 states that \*(L"\s-1TLS\s0 clients \s-1MUST\s0 reject SCTs whose -timestamp is in the future\*(R". By default, this will be set to 5 minutes in the -future (e.g. (\fBtime()\fR + 300) * 1000), to allow for clock drift. -.Sp -The time should be in milliseconds since the Unix epoch. -.PP -Each setter has a matching getter for accessing the current value. -.PP -When no longer required, the \fB\s-1CT_POLICY_EVAL_CTX\s0\fR should be passed to -\&\fBCT_POLICY_EVAL_CTX_free()\fR to delete it. -.SH "NOTES" -.IX Header "NOTES" -The issuer certificate only needs to be provided if at least one of the SCTs -was issued for a pre-certificate. This will be the case for SCTs embedded in a -certificate (i.e. those in an X.509 extension), but may not be the case for SCTs -found in the \s-1TLS SCT\s0 extension or \s-1OCSP\s0 response. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCT_POLICY_EVAL_CTX_new()\fR will return \s-1NULL\s0 if malloc fails. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBct\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 b/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 deleted file mode 100644 index b6675168dff7..000000000000 --- a/secure/lib/libcrypto/man/DEFINE_STACK_OF.3 +++ /dev/null @@ -1,404 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DEFINE_STACK_OF 3" -.TH DEFINE_STACK_OF 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, DEFINE_SPECIAL_STACK_OF_CONST, sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort, sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, sk_TYPE_new_reserve \&\- stack container -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& STACK_OF(TYPE) -\& DEFINE_STACK_OF(TYPE) -\& DEFINE_STACK_OF_CONST(TYPE) -\& DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE) -\& DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE) -\& -\& typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b); -\& typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a); -\& typedef void (*sk_TYPE_freefunc)(TYPE *a); -\& -\& int sk_TYPE_num(const STACK_OF(TYPE) *sk); -\& TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx); -\& STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare); -\& STACK_OF(TYPE) *sk_TYPE_new_null(void); -\& int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n); -\& void sk_TYPE_free(const STACK_OF(TYPE) *sk); -\& void sk_TYPE_zero(const STACK_OF(TYPE) *sk); -\& TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i); -\& TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr); -\& int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr); -\& int sk_TYPE_unshift(STACK_OF(TYPE) *sk, const TYPE *ptr); -\& TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk); -\& TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk); -\& void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc); -\& int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx); -\& TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr); -\& int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr); -\& int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr); -\& void sk_TYPE_sort(const STACK_OF(TYPE) *sk); -\& int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk); -\& STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk); -\& STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk, -\& sk_TYPE_copyfunc copyfunc, -\& sk_TYPE_freefunc freefunc); -\& sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk, -\& sk_TYPE_compfunc compare)); -\& STACK_OF(TYPE) *sk_TYPE_new_reserve(sk_TYPE_compfunc compare, int n); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Applications can create and use their own stacks by placing any of the macros -described below in a header file. These macros define typesafe inline -functions that wrap around the utility \fBOPENSSL_sk_\fR \s-1API.\s0 -In the description here, \fI\s-1TYPE\s0\fR is used -as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. -.PP -\&\s-1\fBSTACK_OF\s0()\fR returns the name for a stack of the specified \fB\s-1TYPE\s0\fR. -\&\s-1\fBDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\s-1TYPE\s0\fR. This -will mean that type \fB\s-1TYPE\s0\fR is stored in each stack, the type is referenced by -\&\s-1STACK_OF\s0(\s-1TYPE\s0) and each function name begins with \fIsk_TYPE_\fR. For example: -.PP -.Vb 1 -\& TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); -.Ve -.PP -\&\s-1\fBDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fBDEFINE_STACK_OF\s0()\fR except -each element is constant. For example: -.PP -.Vb 1 -\& const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); -.Ve -.PP -\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR defines a stack of \fB\s-1TYPE\s0\fR but -each function uses \fB\s-1FUNCNAME\s0\fR in the function name. For example: -.PP -.Vb 1 -\& TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); -.Ve -.PP -\&\s-1\fBDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR is similar except that each element is -constant: -.PP -.Vb 1 -\& const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); -.Ve -.PP -\&\fBsk_TYPE_num()\fR returns the number of elements in \fBsk\fR or \-1 if \fBsk\fR is -\&\fB\s-1NULL\s0\fR. -.PP -\&\fBsk_TYPE_value()\fR returns element \fBidx\fR in \fBsk\fR, where \fBidx\fR starts at -zero. If \fBidx\fR is out of range then \fB\s-1NULL\s0\fR is returned. -.PP -\&\fBsk_TYPE_new()\fR allocates a new empty stack using comparison function \fBcompare\fR. -If \fBcompare\fR is \fB\s-1NULL\s0\fR then no comparison function is used. This function is -equivalent to sk_TYPE_new_reserve(compare, 0). -.PP -\&\fBsk_TYPE_new_null()\fR allocates a new empty stack with no comparison function. This -function is equivalent to sk_TYPE_new_reserve(\s-1NULL, 0\s0). -.PP -\&\fBsk_TYPE_reserve()\fR allocates additional memory in the \fBsk\fR structure -such that the next \fBn\fR calls to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR -or \fBsk_TYPE_unshift()\fR will not fail or cause memory to be allocated -or reallocated. If \fBn\fR is zero, any excess space allocated in the -\&\fBsk\fR structure is freed. On error \fBsk\fR is unchanged. -.PP -\&\fBsk_TYPE_new_reserve()\fR allocates a new stack. The new stack will have additional -memory allocated to hold \fBn\fR elements if \fBn\fR is positive. The next \fBn\fR calls -to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR or \fBsk_TYPE_unshift()\fR will not fail or cause -memory to be allocated or reallocated. If \fBn\fR is zero or less than zero, no -memory is allocated. \fBsk_TYPE_new_reserve()\fR also sets the comparison function -\&\fBcompare\fR to the newly created stack. If \fBcompare\fR is \fB\s-1NULL\s0\fR then no -comparison function is used. -.PP -\&\fBsk_TYPE_set_cmp_func()\fR sets the comparison function of \fBsk\fR to \fBcompare\fR. -The previous comparison function is returned or \fB\s-1NULL\s0\fR if there was -no previous comparison function. -.PP -\&\fBsk_TYPE_free()\fR frees up the \fBsk\fR structure. It does \fBnot\fR free up any -elements of \fBsk\fR. After this call \fBsk\fR is no longer valid. -.PP -\&\fBsk_TYPE_zero()\fR sets the number of elements in \fBsk\fR to zero. It does not free -\&\fBsk\fR so after this call \fBsk\fR is still valid. -.PP -\&\fBsk_TYPE_pop_free()\fR frees up all elements of \fBsk\fR and \fBsk\fR itself. The -free function \fBfreefunc()\fR is called on each element to free it. -.PP -\&\fBsk_TYPE_delete()\fR deletes element \fBi\fR from \fBsk\fR. It returns the deleted -element or \fB\s-1NULL\s0\fR if \fBi\fR is out of range. -.PP -\&\fBsk_TYPE_delete_ptr()\fR deletes element matching \fBptr\fR from \fBsk\fR. It returns -the deleted element or \fB\s-1NULL\s0\fR if no element matching \fBptr\fR was found. -.PP -\&\fBsk_TYPE_insert()\fR inserts \fBptr\fR into \fBsk\fR at position \fBidx\fR. Any existing -elements at or after \fBidx\fR are moved downwards. If \fBidx\fR is out of range -the new element is appended to \fBsk\fR. \fBsk_TYPE_insert()\fR either returns the -number of elements in \fBsk\fR after the new element is inserted or zero if -an error (such as memory allocation failure) occurred. -.PP -\&\fBsk_TYPE_push()\fR appends \fBptr\fR to \fBsk\fR it is equivalent to: -.PP -.Vb 1 -\& sk_TYPE_insert(sk, ptr, \-1); -.Ve -.PP -\&\fBsk_TYPE_unshift()\fR inserts \fBptr\fR at the start of \fBsk\fR it is equivalent to: -.PP -.Vb 1 -\& sk_TYPE_insert(sk, ptr, 0); -.Ve -.PP -\&\fBsk_TYPE_pop()\fR returns and removes the last element from \fBsk\fR. -.PP -\&\fBsk_TYPE_shift()\fR returns and removes the first element from \fBsk\fR. -.PP -\&\fBsk_TYPE_set()\fR sets element \fBidx\fR of \fBsk\fR to \fBptr\fR replacing the current -element. The new element value is returned or \fB\s-1NULL\s0\fR if an error occurred: -this will only happen if \fBsk\fR is \fB\s-1NULL\s0\fR or \fBidx\fR is out of range. -.PP -\&\fBsk_TYPE_find()\fR searches \fBsk\fR for the element \fBptr\fR. In the case -where no comparison function has been specified, the function performs -a linear search for a pointer equal to \fBptr\fR. The index of the first -matching element is returned or \fB\-1\fR if there is no match. In the case -where a comparison function has been specified, \fBsk\fR is sorted then -\&\fBsk_TYPE_find()\fR returns the index of a matching element or \fB\-1\fR if there -is no match. Note that, in this case, the matching element returned is -not guaranteed to be the first; the comparison function will usually -compare the values pointed to rather than the pointers themselves and -the order of elements in \fBsk\fR could change. -.PP -\&\fBsk_TYPE_find_ex()\fR operates like \fBsk_TYPE_find()\fR except when a comparison -function has been specified and no matching element is found. Instead -of returning \fB\-1\fR, \fBsk_TYPE_find_ex()\fR returns the index of the element -either before or after the location where \fBptr\fR would be if it were -present in \fBsk\fR. -.PP -\&\fBsk_TYPE_sort()\fR sorts \fBsk\fR using the supplied comparison function. -.PP -\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if \fBsk\fR is sorted and \fB0\fR otherwise. -.PP -\&\fBsk_TYPE_dup()\fR returns a copy of \fBsk\fR. Note the pointers in the copy -are identical to the original. -.PP -\&\fBsk_TYPE_deep_copy()\fR returns a new stack where each element has been copied. -Copying is performed by the supplied \fBcopyfunc()\fR and freeing by \fBfreefunc()\fR. The -function \fBfreefunc()\fR is only called if an error occurs. -.SH "NOTES" -.IX Header "NOTES" -Care should be taken when accessing stacks in multi-threaded environments. -Any operation which increases the size of a stack such as \fBsk_TYPE_insert()\fR or -\&\fBsk_push()\fR can \*(L"grow\*(R" the size of an internal array and cause race conditions -if the same stack is accessed in a different thread. Operations such as -\&\fBsk_find()\fR and \fBsk_sort()\fR can also reorder the stack. -.PP -Any comparison function supplied should use a metric suitable -for use in a binary search operation. That is it should return zero, a -positive or negative value if \fBa\fR is equal to, greater than -or less than \fBb\fR respectively. -.PP -Care should be taken when checking the return values of the functions -\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR. They return an index to the -matching element. In particular \fB0\fR indicates a matching first element. -A failed search is indicated by a \fB\-1\fR return value. -.PP -\&\s-1\fBSTACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF_CONST\s0()\fR, and -\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros. -.PP -The underlying utility \fBOPENSSL_sk_\fR \s-1API\s0 should not be used directly. -It defines these functions: \fBOPENSSL_sk_deep_copy()\fR, -\&\fBOPENSSL_sk_delete()\fR, \fBOPENSSL_sk_delete_ptr()\fR, \fBOPENSSL_sk_dup()\fR, -\&\fBOPENSSL_sk_find()\fR, \fBOPENSSL_sk_find_ex()\fR, \fBOPENSSL_sk_free()\fR, -\&\fBOPENSSL_sk_insert()\fR, \fBOPENSSL_sk_is_sorted()\fR, \fBOPENSSL_sk_new()\fR, -\&\fBOPENSSL_sk_new_null()\fR, \fBOPENSSL_sk_num()\fR, \fBOPENSSL_sk_pop()\fR, -\&\fBOPENSSL_sk_pop_free()\fR, \fBOPENSSL_sk_push()\fR, \fBOPENSSL_sk_reserve()\fR, -\&\fBOPENSSL_sk_set()\fR, \fBOPENSSL_sk_set_cmp_func()\fR, \fBOPENSSL_sk_shift()\fR, -\&\fBOPENSSL_sk_sort()\fR, \fBOPENSSL_sk_unshift()\fR, \fBOPENSSL_sk_value()\fR, -\&\fBOPENSSL_sk_zero()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBsk_TYPE_num()\fR returns the number of elements in the stack or \fB\-1\fR if the -passed stack is \fB\s-1NULL\s0\fR. -.PP -\&\fBsk_TYPE_value()\fR returns a pointer to a stack element or \fB\s-1NULL\s0\fR if the -index is out of range. -.PP -\&\fBsk_TYPE_new()\fR, \fBsk_TYPE_new_null()\fR and \fBsk_TYPE_new_reserve()\fR return an empty -stack or \fB\s-1NULL\s0\fR if an error occurs. -.PP -\&\fBsk_TYPE_reserve()\fR returns \fB1\fR on successful allocation of the required memory -or \fB0\fR on error. -.PP -\&\fBsk_TYPE_set_cmp_func()\fR returns the old comparison function or \fB\s-1NULL\s0\fR if -there was no old comparison function. -.PP -\&\fBsk_TYPE_free()\fR, \fBsk_TYPE_zero()\fR, \fBsk_TYPE_pop_free()\fR and \fBsk_TYPE_sort()\fR do -not return values. -.PP -\&\fBsk_TYPE_pop()\fR, \fBsk_TYPE_shift()\fR, \fBsk_TYPE_delete()\fR and \fBsk_TYPE_delete_ptr()\fR -return a pointer to the deleted element or \fB\s-1NULL\s0\fR on error. -.PP -\&\fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR and \fBsk_TYPE_unshift()\fR return the total -number of elements in the stack and 0 if an error occurred. -.PP -\&\fBsk_TYPE_set()\fR returns a pointer to the replacement element or \fB\s-1NULL\s0\fR on -error. -.PP -\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR return an index to the found element -or \fB\-1\fR on error. -.PP -\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if the stack is sorted and \fB0\fR if it is -not. -.PP -\&\fBsk_TYPE_dup()\fR and \fBsk_TYPE_deep_copy()\fR return a pointer to the copy of the -stack. -.SH "HISTORY" -.IX Header "HISTORY" -Before OpenSSL 1.1.0, this was implemented via macros and not inline functions -and was not a public \s-1API.\s0 -.PP -\&\fBsk_TYPE_reserve()\fR and \fBsk_TYPE_new_reserve()\fR were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DES_random_key.3 b/secure/lib/libcrypto/man/DES_random_key.3 deleted file mode 100644 index 0dd0ece6dd4d..000000000000 --- a/secure/lib/libcrypto/man/DES_random_key.3 +++ /dev/null @@ -1,444 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DES_RANDOM_KEY 3" -.TH DES_RANDOM_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt, DES_crypt \- DES encryption -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void DES_random_key(DES_cblock *ret); -\& -\& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); -\& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); -\& int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); -\& void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); -\& -\& void DES_set_odd_parity(DES_cblock *key); -\& int DES_is_weak_key(const_DES_cblock *key); -\& -\& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, -\& DES_key_schedule *ks, int enc); -\& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, -\& DES_key_schedule *ks1, DES_key_schedule *ks2, int enc); -\& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, -\& DES_key_schedule *ks1, DES_key_schedule *ks2, -\& DES_key_schedule *ks3, int enc); -\& -\& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, DES_key_schedule *schedule, DES_cblock *ivec, -\& int enc); -\& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, -\& int numbits, long length, DES_key_schedule *schedule, -\& DES_cblock *ivec, int enc); -\& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, -\& int numbits, long length, DES_key_schedule *schedule, -\& DES_cblock *ivec); -\& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, DES_key_schedule *schedule, DES_cblock *ivec, -\& int enc); -\& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, DES_key_schedule *schedule, DES_cblock *ivec, -\& int *num, int enc); -\& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, DES_key_schedule *schedule, DES_cblock *ivec, -\& int *num); -\& -\& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, DES_key_schedule *schedule, DES_cblock *ivec, -\& const_DES_cblock *inw, const_DES_cblock *outw, int enc); -\& -\& void DES_ede2_cbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, DES_key_schedule *ks1, -\& DES_key_schedule *ks2, DES_cblock *ivec, int enc); -\& void DES_ede2_cfb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, DES_key_schedule *ks1, -\& DES_key_schedule *ks2, DES_cblock *ivec, -\& int *num, int enc); -\& void DES_ede2_ofb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, DES_key_schedule *ks1, -\& DES_key_schedule *ks2, DES_cblock *ivec, int *num); -\& -\& void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, DES_key_schedule *ks1, -\& DES_key_schedule *ks2, DES_key_schedule *ks3, -\& DES_cblock *ivec, int enc); -\& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, DES_key_schedule *ks1, -\& DES_key_schedule *ks2, DES_key_schedule *ks3, -\& DES_cblock *ivec, int *num, int enc); -\& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, DES_key_schedule *ks1, -\& DES_key_schedule *ks2, DES_key_schedule *ks3, -\& DES_cblock *ivec, int *num); -\& -\& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, -\& long length, DES_key_schedule *schedule, -\& const_DES_cblock *ivec); -\& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], -\& long length, int out_count, DES_cblock *seed); -\& void DES_string_to_key(const char *str, DES_cblock *key); -\& void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); -\& -\& char *DES_fcrypt(const char *buf, const char *salt, char *ret); -\& char *DES_crypt(const char *buf, const char *salt); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This library contains a fast implementation of the \s-1DES\s0 encryption -algorithm. -.PP -There are two phases to the use of \s-1DES\s0 encryption. The first is the -generation of a \fIDES_key_schedule\fR from a key, the second is the -actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type -consists of 8 bytes with odd parity. The least significant bit in -each byte is the parity bit. The key schedule is an expanded form of -the key; it is used to speed the encryption process. -.PP -\&\fBDES_random_key()\fR generates a random key. The random generator must be -seeded when calling this function. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -If the function fails, 0 is returned. -.PP -Before a \s-1DES\s0 key can be used, it must be converted into the -architecture dependent \fIDES_key_schedule\fR via the -\&\fBDES_set_key_checked()\fR or \fBDES_set_key_unchecked()\fR function. -.PP -\&\fBDES_set_key_checked()\fR will check that the key passed is of odd parity -and is not a weak or semi-weak key. If the parity is wrong, then \-1 -is returned. If the key is a weak key, then \-2 is returned. If an -error is returned, the key schedule is not generated. -.PP -\&\fBDES_set_key()\fR works like -\&\fBDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero, -otherwise like \fBDES_set_key_unchecked()\fR. These functions are available -for compatibility; it is recommended to use a function that does not -depend on a global variable. -.PP -\&\fBDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. -.PP -\&\fBDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it -is ok. -.PP -The following routines mostly operate on an input and output stream of -\&\fIDES_cblock\fRs. -.PP -\&\fBDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or -decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR -(\s-1ECB\s0) mode. It always transforms the input data, pointed to by -\&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. -If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR -(cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the -key_schedule specified by the \fIschedule\fR argument, previously set via -\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now -ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input -and output may overlap. \fBDES_ecb_encrypt()\fR does not return a value. -.PP -\&\fBDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using -three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting -the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and -then encrypting with \fIks3\fR. This routine greatly reduces the chances -of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, -\&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption -using \s-1ECB\s0 mode and \fIks1\fR as the key. -.PP -The macro \fBDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES -encryption by using \fIks1\fR for the final encryption. -.PP -\&\fBDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR -(\s-1CBC\s0) mode of \s-1DES.\s0 If the \fIencrypt\fR argument is non-zero, the -routine cipher-block-chain encrypts the cleartext data pointed to by -the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR -argument, using the key schedule provided by the \fIschedule\fR argument, -and initialization vector provided by the \fIivec\fR argument. If the -\&\fIlength\fR argument is not an integral multiple of eight bytes, the -last block is copied to a temporary area and zero filled. The output -is always an integral multiple of eight bytes. -.PP -\&\fBDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0 It uses \fIinw\fR and -\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret -(unlike the iv) and are as such, part of the key. So the key is sort -of 24 bytes. This is much better than \s-1CBC DES.\s0 -.PP -\&\fBDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with -three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is -\&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0 -.PP -The \fBDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by -reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. -This form of Triple-DES is used by the \s-1RSAREF\s0 library. -.PP -\&\fBDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block -chaining mode used by Kerberos v4. Its parameters are the same as -\&\fBDES_ncbc_encrypt()\fR. -.PP -\&\fBDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode. This -method takes an array of characters as input and outputs an array of -characters. It does not require any padding to 8 character groups. -Note: the \fIivec\fR variable is changed and the new changed value needs to -be passed to the next call to this function. Since this function runs -a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only -suggested for use when sending a small number of characters. -.PP -\&\fBDES_cfb64_encrypt()\fR -implements \s-1CFB\s0 mode of \s-1DES\s0 with 64\-bit feedback. Why is this -useful you ask? Because this routine will allow you to encrypt an -arbitrary number of bytes, without 8 byte padding. Each call to this -routine will encrypt the input bytes to output and then update ivec -and num. num contains 'how far' we are though ivec. If this does -not make much sense, read more about \s-1CFB\s0 mode of \s-1DES.\s0 -.PP -\&\fBDES_ede3_cfb64_encrypt()\fR and \fBDES_ede2_cfb64_encrypt()\fR is the same as -\&\fBDES_cfb64_encrypt()\fR except that Triple-DES is used. -.PP -\&\fBDES_ofb_encrypt()\fR encrypts using output feedback mode. This method -takes an array of characters as input and outputs an array of -characters. It does not require any padding to 8 character groups. -Note: the \fIivec\fR variable is changed and the new changed value needs to -be passed to the next call to this function. Since this function runs -a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only -suggested for use when sending a small number of characters. -.PP -\&\fBDES_ofb64_encrypt()\fR is the same as \fBDES_cfb64_encrypt()\fR using Output -Feed Back mode. -.PP -\&\fBDES_ede3_ofb64_encrypt()\fR and \fBDES_ede2_ofb64_encrypt()\fR is the same as -\&\fBDES_ofb64_encrypt()\fR, using Triple-DES. -.PP -The following functions are included in the \s-1DES\s0 library for -compatibility with the \s-1MIT\s0 Kerberos library. -.PP -\&\fBDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream -(via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned -and the complete 8 bytes are placed in \fIoutput\fR. This function is -used by Kerberos v4. Other applications should use -\&\fBEVP_DigestInit\fR\|(3) etc. instead. -.PP -\&\fBDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte -checksum from the input bytes. The algorithm can be iterated over the -input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is -non-NULL, the 8 bytes generated by each pass are written into -\&\fIoutput\fR. -.PP -The following are DES-based transformations: -.PP -\&\fBDES_fcrypt()\fR is a fast version of the Unix \fBcrypt\fR\|(3) function. This -version takes only a small amount of space relative to other fast -\&\fBcrypt()\fR implementations. This is different to the normal \fBcrypt()\fR in -that the third parameter is the buffer that the return value is -written into. It needs to be at least 14 bytes long. This function -is thread safe, unlike the normal \fBcrypt()\fR. -.PP -\&\fBDES_crypt()\fR is a faster replacement for the normal system \fBcrypt()\fR. -This function calls \fBDES_fcrypt()\fR with a static array passed as the -third parameter. This mostly emulates the normal non-thread-safe semantics -of \fBcrypt\fR\|(3). -The \fBsalt\fR must be two \s-1ASCII\s0 characters. -.PP -The values returned by \fBDES_fcrypt()\fR and \fBDES_crypt()\fR are terminated by \s-1NUL\s0 -character. -.PP -\&\fBDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from -buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) -using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual -data send down \fIfd\fR consists of 4 bytes (in network byte order) -containing the length of the following encrypted data. The encrypted -data then follows, padded with random data out to a multiple of 8 -bytes. -.SH "BUGS" -.IX Header "BUGS" -\&\fBDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fBDES_ncbc_encrypt()\fR -instead. -.PP -\&\fBDES_cfb_encrypt()\fR and \fBDES_ofb_encrypt()\fR operates on input of 8 bits. -What this means is that if you set numbits to 12, and length to 2, the -first 12 bits will come from the 1st input byte and the low half of -the second input byte. The second 12 bits will have the low 8 bits -taken from the 3rd input byte and the top 4 bits taken from the 4th -input byte. The same holds for output. This function has been -implemented this way because most people will be using a multiple of 8 -and because once you get into pulling bytes input bytes apart things -get ugly! -.PP -\&\fBDES_string_to_key()\fR is available for backward compatibility with the -\&\s-1MIT\s0 library. New applications should use a cryptographic hash function. -The same applies for \fBDES_string_to_2key()\fR. -.SH "NOTES" -.IX Header "NOTES" -The \fBdes\fR library was written to be source code compatible with -the \s-1MIT\s0 Kerberos library. -.PP -Applications should use the higher level functions -\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these -functions directly. -.PP -Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is -not suitable for most applications; see \fBdes_modes\fR\|(7). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDES_set_key()\fR, \fBDES_key_sched()\fR, \fBDES_set_key_checked()\fR and \fBDES_is_weak_key()\fR -return 0 on success or negative values on error. -.PP -\&\fBDES_cbc_cksum()\fR and \fBDES_quad_cksum()\fR return 4\-byte integer representing the -last 4 bytes of the checksum of the input. -.PP -\&\fBDES_fcrypt()\fR returns a pointer to the caller-provided buffer and \fBDES_crypt()\fR \- -to a static buffer on success; otherwise they return \s-1NULL.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBdes_modes\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The requirement that the \fBsalt\fR parameter to \fBDES_crypt()\fR and \fBDES_fcrypt()\fR -be two \s-1ASCII\s0 characters was first enforced in -OpenSSL 1.1.0. Previous versions tried to use the letter uppercase \fBA\fR -if both character were not present, and could crash when given non-ASCII -on some platforms. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 deleted file mode 100644 index 3cd7a90e4669..000000000000 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DH_GENERATE_KEY 3" -.TH DH_GENERATE_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int DH_generate_key(DH *dh); -\& -\& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDH_generate_key()\fR performs the first step of a Diffie-Hellman key -exchange by generating private and public \s-1DH\s0 values. By calling -\&\fBDH_compute_key()\fR, these are combined with the other party's public -value to compute the shared key. -.PP -\&\fBDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters -\&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value -unless \fBdh\->priv_key\fR is already set, and computes the -corresponding public value \fBdh\->pub_key\fR, which can then be -published. -.PP -\&\fBDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value -in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores -it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDH_generate_key()\fR returns 1 on success, 0 otherwise. -.PP -\&\fBDH_compute_key()\fR returns the size of the shared secret on success, \-1 -on error. -.PP -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBDH_size\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 deleted file mode 100644 index eb64edd6639f..000000000000 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ /dev/null @@ -1,263 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DH_GENERATE_PARAMETERS 3" -.TH DH_GENERATE_PARAMETERS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DH_generate_parameters_ex, DH_generate_parameters, DH_check, DH_check_params, DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex \&\- generate and check Diffie\-Hellman parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb); -\& -\& int DH_check(DH *dh, int *codes); -\& int DH_check_params(DH *dh, int *codes); -\& -\& int DH_check_ex(const DH *dh); -\& int DH_check_params_ex(const DH *dh); -\& int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); -.Ve -.PP -Deprecated: -.PP -.Vb 4 -\& #if OPENSSL_API_COMPAT < 0x00908000L -\& DH *DH_generate_parameters(int prime_len, int generator, -\& void (*callback)(int, int, void *), void *cb_arg); -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can -be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR -structure. The pseudo-random number generator must be -seeded before calling it. -The parameters generated by \fBDH_generate_parameters_ex()\fR should not be used in -signature schemes. -.PP -\&\fBprime_len\fR is the length in bits of the safe prime to be generated. -\&\fBgenerator\fR is a small number > 1, typically 2 or 5. -.PP -A callback function may be used to provide feedback about the progress -of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be -called as described in \fBBN_generate_prime\fR\|(3) while a random prime -number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR -is called. See \fBBN_generate_prime_ex\fR\|(3) for information on -the \fBBN_GENCB_call()\fR function. -.PP -\&\fBDH_generate_parameters()\fR is similar to \fBDH_generate_prime_ex()\fR but -expects an old-style callback function; see -\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. -.PP -\&\fBDH_check_params()\fR confirms that the \fBp\fR and \fBg\fR are likely enough to -be valid. -This is a lightweight check, if a more thorough check is needed, use -\&\fBDH_check()\fR. -The value of \fB*codes\fR is updated with any problems found. -If \fB*codes\fR is zero then no problems were found, otherwise the -following bits may be set: -.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 -.IX Item "DH_CHECK_P_NOT_PRIME" -The parameter \fBp\fR has been determined to not being an odd prime. -Note that the lack of this bit doesn't guarantee that \fBp\fR is a -prime. -.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 -.IX Item "DH_NOT_SUITABLE_GENERATOR" -The generator \fBg\fR is not suitable. -Note that the lack of this bit doesn't guarantee that \fBg\fR is -suitable, unless \fBp\fR is known to be a strong prime. -.PP -\&\fBDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The -value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then -no problems were found, otherwise the following bits may be set: -.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 -.IX Item "DH_CHECK_P_NOT_PRIME" -The parameter \fBp\fR is not prime. -.IP "\s-1DH_CHECK_P_NOT_SAFE_PRIME\s0" 4 -.IX Item "DH_CHECK_P_NOT_SAFE_PRIME" -The parameter \fBp\fR is not a safe prime and no \fBq\fR value is present. -.IP "\s-1DH_UNABLE_TO_CHECK_GENERATOR\s0" 4 -.IX Item "DH_UNABLE_TO_CHECK_GENERATOR" -The generator \fBg\fR cannot be checked for suitability. -.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 -.IX Item "DH_NOT_SUITABLE_GENERATOR" -The generator \fBg\fR is not suitable. -.IP "\s-1DH_CHECK_Q_NOT_PRIME\s0" 4 -.IX Item "DH_CHECK_Q_NOT_PRIME" -The parameter \fBq\fR is not prime. -.IP "\s-1DH_CHECK_INVALID_Q_VALUE\s0" 4 -.IX Item "DH_CHECK_INVALID_Q_VALUE" -The parameter \fBq\fR is invalid. -.IP "\s-1DH_CHECK_INVALID_J_VALUE\s0" 4 -.IX Item "DH_CHECK_INVALID_J_VALUE" -The parameter \fBj\fR is invalid. -.PP -\&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR are similar to -\&\fBDH_check()\fR and \fBDH_check_params()\fR respectively, but the error reasons are added -to the thread's error queue instead of provided as return values from the -function. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDH_generate_parameters_ex()\fR, \fBDH_check()\fR and \fBDH_check_params()\fR return 1 -if the check could be performed, 0 otherwise. -.PP -\&\fBDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure or \s-1NULL\s0 if -the parameter generation fails. -.PP -\&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR return 1 if the -check is successful, 0 for failed. -.PP -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), -\&\fBDH_free\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use -\&\fBDH_generate_parameters_ex()\fR instead. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DH_get0_pqg.3 b/secure/lib/libcrypto/man/DH_get0_pqg.3 deleted file mode 100644 index f16b880f6e6b..000000000000 --- a/secure/lib/libcrypto/man/DH_get0_pqg.3 +++ /dev/null @@ -1,254 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DH_GET0_PQG 3" -.TH DH_GET0_PQG 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_get0_p, DH_get0_q, DH_get0_g, DH_get0_priv_key, DH_get0_pub_key, DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, DH_get_length, DH_set_length \- Routines for getting and setting data in a DH object -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void DH_get0_pqg(const DH *dh, -\& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); -\& int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); -\& void DH_get0_key(const DH *dh, -\& const BIGNUM **pub_key, const BIGNUM **priv_key); -\& int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); -\& const BIGNUM *DH_get0_p(const DH *dh); -\& const BIGNUM *DH_get0_q(const DH *dh); -\& const BIGNUM *DH_get0_g(const DH *dh); -\& const BIGNUM *DH_get0_priv_key(const DH *dh); -\& const BIGNUM *DH_get0_pub_key(const DH *dh); -\& void DH_clear_flags(DH *dh, int flags); -\& int DH_test_flags(const DH *dh, int flags); -\& void DH_set_flags(DH *dh, int flags); -\& ENGINE *DH_get0_engine(DH *d); -\& long DH_get_length(const DH *dh); -\& int DH_set_length(DH *dh, long length); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A \s-1DH\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. Note that the \fBq\fR -parameter is optional. It also contains a public key (\fBpub_key\fR) and -(optionally) a private key (\fBpriv_key\fR). -.PP -The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDH_get0_pqg()\fR. -If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set -to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These -point directly to the internal representations of the values and therefore -should not be freed directly. -Any of the out parameters \fBp\fR, \fBq\fR, and \fBg\fR can be \s-1NULL,\s0 in which case no -value will be returned for that parameter. -.PP -The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDH_set0_pqg()\fR and passing -the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling -this function transfers the memory management of the values to the \s-1DH\s0 object, -and therefore the values that have been passed in should not be freed directly -after this function has been called. The \fBq\fR parameter may be \s-1NULL.\s0 -.PP -To get the public and private key values use the \fBDH_get0_key()\fR function. A -pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the -private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not -been set yet, although if the private key has been set then the public key must -be. The values point to the internal representation of the public key and -private key values. This memory should not be freed directly. -Any of the out parameters \fBpub_key\fR and \fBpriv_key\fR can be \s-1NULL,\s0 in which case -no value will be returned for that parameter. -.PP -The public and private key values can be set using \fBDH_set0_key()\fR. Either -parameter may be \s-1NULL,\s0 which means the corresponding \s-1DH\s0 field is left -untouched. As with \fBDH_set0_pqg()\fR this function transfers the memory management -of the key values to the \s-1DH\s0 object, and therefore they should not be freed -directly after this function has been called. -.PP -Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be -retrieved separately by the corresponding function \fBDH_get0_p()\fR, \fBDH_get0_q()\fR, -\&\fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR, respectively. -.PP -\&\fBDH_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DH\s0 object. -Multiple flags can be passed in one go (bitwise ORed together). Any flags that -are already set are left set. \fBDH_test_flags()\fR tests to see whether the flags -passed in the \fBflags\fR parameter are currently set in the \s-1DH\s0 object. Multiple -flags can be tested in one go. All flags that are currently set are returned, or -zero if none of the flags are set. \fBDH_clear_flags()\fR clears the specified flags -within the \s-1DH\s0 object. -.PP -\&\fBDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0 -object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. -.PP -The \fBDH_get_length()\fR and \fBDH_set_length()\fR functions get and set the optional -length parameter associated with this \s-1DH\s0 object. If the length is non-zero then -it is used, otherwise it is ignored. The \fBlength\fR parameter indicates the -length of the secret exponent (private key) in bits. -.SH "NOTES" -.IX Header "NOTES" -Values retrieved with \fBDH_get0_key()\fR are owned by the \s-1DH\s0 object used -in the call and may therefore \fInot\fR be passed to \fBDH_set0_key()\fR. If -needed, duplicate the received value using \fBBN_dup()\fR and pass the -duplicate. The same applies to \fBDH_get0_pqg()\fR and \fBDH_set0_pqg()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDH_set0_pqg()\fR and \fBDH_set0_key()\fR return 1 on success or 0 on failure. -.PP -\&\fBDH_get0_p()\fR, \fBDH_get0_q()\fR, \fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR -return the respective value, or \s-1NULL\s0 if it is unset. -.PP -\&\fBDH_test_flags()\fR returns the current state of the flags in the \s-1DH\s0 object. -.PP -\&\fBDH_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DH\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 -has been set. -.PP -\&\fBDH_get_length()\fR returns the length of the secret exponent (private key) in bits, -or zero if no such length has been explicitly set. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), -\&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_meth_new\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DH_get_1024_160.3 b/secure/lib/libcrypto/man/DH_get_1024_160.3 deleted file mode 100644 index f0a3f0b7718b..000000000000 --- a/secure/lib/libcrypto/man/DH_get_1024_160.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DH_GET_1024_160 3" -.TH DH_GET_1024_160 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, BN_get0_nist_prime_192, BN_get0_nist_prime_224, BN_get0_nist_prime_256, BN_get0_nist_prime_384, BN_get0_nist_prime_521, BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192 \&\- Create standardized public primes or DH pairs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 4 -\& #include -\& DH *DH_get_1024_160(void) -\& DH *DH_get_2048_224(void) -\& DH *DH_get_2048_256(void) -\& -\& const BIGNUM *BN_get0_nist_prime_192(void) -\& const BIGNUM *BN_get0_nist_prime_224(void) -\& const BIGNUM *BN_get0_nist_prime_256(void) -\& const BIGNUM *BN_get0_nist_prime_384(void) -\& const BIGNUM *BN_get0_nist_prime_521(void) -\& -\& BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) -\& BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) -\& BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) -\& BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) -\& BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) -\& BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) -\& BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) -\& BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDH_get_1024_160()\fR, \fBDH_get_2048_224()\fR, and \fBDH_get_2048_256()\fR each return -a \s-1DH\s0 object for the \s-1IETF RFC 5114\s0 value. -.PP -\&\fBBN_get0_nist_prime_192()\fR, \fBBN_get0_nist_prime_224()\fR, \fBBN_get0_nist_prime_256()\fR, -\&\fBBN_get0_nist_prime_384()\fR, and \fBBN_get0_nist_prime_521()\fR functions return -a \s-1BIGNUM\s0 for the specific \s-1NIST\s0 prime curve (e.g., P\-256). -.PP -\&\fBBN_get_rfc2409_prime_768()\fR, \fBBN_get_rfc2409_prime_1024()\fR, -\&\fBBN_get_rfc3526_prime_1536()\fR, \fBBN_get_rfc3526_prime_2048()\fR, -\&\fBBN_get_rfc3526_prime_3072()\fR, \fBBN_get_rfc3526_prime_4096()\fR, -\&\fBBN_get_rfc3526_prime_6144()\fR, and \fBBN_get_rfc3526_prime_8192()\fR functions -return a \s-1BIGNUM\s0 for the specified size from \s-1IETF RFC 2409.\s0 If \fBbn\fR -is not \s-1NULL,\s0 the \s-1BIGNUM\s0 will be set into that location as well. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Defined above. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DH_meth_new.3 b/secure/lib/libcrypto/man/DH_meth_new.3 deleted file mode 100644 index aed529ba21d7..000000000000 --- a/secure/lib/libcrypto/man/DH_meth_new.3 +++ /dev/null @@ -1,294 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DH_METH_NEW 3" -.TH DH_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params, DH_meth_set_generate_params \- Routines to build up DH methods -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& DH_METHOD *DH_meth_new(const char *name, int flags); -\& -\& void DH_meth_free(DH_METHOD *dhm); -\& -\& DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); -\& -\& const char *DH_meth_get0_name(const DH_METHOD *dhm); -\& int DH_meth_set1_name(DH_METHOD *dhm, const char *name); -\& -\& int DH_meth_get_flags(const DH_METHOD *dhm); -\& int DH_meth_set_flags(DH_METHOD *dhm, int flags); -\& -\& void *DH_meth_get0_app_data(const DH_METHOD *dhm); -\& int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); -\& -\& int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *); -\& int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *)); -\& -\& int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) -\& (unsigned char *key, const BIGNUM *pub_key, DH *dh); -\& int DH_meth_set_compute_key(DH_METHOD *dhm, -\& int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh)); -\& -\& int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) -\& (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, -\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -\& int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, -\& int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, -\& const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, -\& BN_MONT_CTX *m_ctx)); -\& -\& int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); -\& int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); -\& -\& int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *); -\& int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *)); -\& -\& int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) -\& (DH *, int, int, BN_GENCB *); -\& int DH_meth_set_generate_params(DH_METHOD *dhm, -\& int (*generate_params)(DH *, int, int, BN_GENCB *)); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1DH_METHOD\s0\fR type is a structure used for the provision of custom \s-1DH\s0 -implementations. It provides a set of functions used by OpenSSL for the -implementation of the various \s-1DH\s0 capabilities. -.PP -\&\fBDH_meth_new()\fR creates a new \fB\s-1DH_METHOD\s0\fR structure. It should be given a -unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated -string, which will be duplicated and stored in the \fB\s-1DH_METHOD\s0\fR object. It is -the callers responsibility to free the original string. The flags will be used -during the construction of a new \fB\s-1DH\s0\fR object based on this \fB\s-1DH_METHOD\s0\fR. Any -new \fB\s-1DH\s0\fR object will have those flags set by default. -.PP -\&\fBDH_meth_dup()\fR creates a duplicate copy of the \fB\s-1DH_METHOD\s0\fR object passed as a -parameter. This might be useful for creating a new \fB\s-1DH_METHOD\s0\fR based on an -existing one, but with some differences. -.PP -\&\fBDH_meth_free()\fR destroys a \fB\s-1DH_METHOD\s0\fR structure and frees up any memory -associated with it. -.PP -\&\fBDH_meth_get0_name()\fR will return a pointer to the name of this \s-1DH_METHOD.\s0 This -is a pointer to the internal name string and so should not be freed by the -caller. \fBDH_meth_set1_name()\fR sets the name of the \s-1DH_METHOD\s0 to \fBname\fR. The -string is duplicated and the copy is stored in the \s-1DH_METHOD\s0 structure, so the -caller remains responsible for freeing the memory associated with the name. -.PP -\&\fBDH_meth_get_flags()\fR returns the current value of the flags associated with this -\&\s-1DH_METHOD.\s0 \fBDH_meth_set_flags()\fR provides the ability to set these flags. -.PP -The functions \fBDH_meth_get0_app_data()\fR and \fBDH_meth_set0_app_data()\fR provide the -ability to associate implementation specific data with the \s-1DH_METHOD.\s0 It is -the application's responsibility to free this data before the \s-1DH_METHOD\s0 is -freed via a call to \fBDH_meth_free()\fR. -.PP -\&\fBDH_meth_get_generate_key()\fR and \fBDH_meth_set_generate_key()\fR get and set the -function used for generating a new \s-1DH\s0 key pair respectively. This function will -be called in response to the application calling \fBDH_generate_key()\fR. The -parameter for the function has the same meaning as for \fBDH_generate_key()\fR. -.PP -\&\fBDH_meth_get_compute_key()\fR and \fBDH_meth_set_compute_key()\fR get and set the -function used for computing a new \s-1DH\s0 shared secret respectively. This function -will be called in response to the application calling \fBDH_compute_key()\fR. The -parameters for the function have the same meaning as for \fBDH_compute_key()\fR. -.PP -\&\fBDH_meth_get_bn_mod_exp()\fR and \fBDH_meth_set_bn_mod_exp()\fR get and set the function -used for computing the following value: -.PP -.Vb 1 -\& r = a ^ p mod m -.Ve -.PP -This function will be called by the default OpenSSL function for -\&\fBDH_generate_key()\fR. The result is stored in the \fBr\fR parameter. This function -may be \s-1NULL\s0 unless using the default generate key function, in which case it -must be present. -.PP -\&\fBDH_meth_get_init()\fR and \fBDH_meth_set_init()\fR get and set the function used -for creating a new \s-1DH\s0 instance respectively. This function will be -called in response to the application calling \fBDH_new()\fR (if the current default -\&\s-1DH_METHOD\s0 is this one) or \fBDH_new_method()\fR. The \fBDH_new()\fR and \fBDH_new_method()\fR -functions will allocate the memory for the new \s-1DH\s0 object, and a pointer to this -newly allocated structure will be passed as a parameter to the function. This -function may be \s-1NULL.\s0 -.PP -\&\fBDH_meth_get_finish()\fR and \fBDH_meth_set_finish()\fR get and set the function used -for destroying an instance of a \s-1DH\s0 object respectively. This function will be -called in response to the application calling \fBDH_free()\fR. A pointer to the \s-1DH\s0 -to be destroyed is passed as a parameter. The destroy function should be used -for \s-1DH\s0 implementation specific clean up. The memory for the \s-1DH\s0 itself should -not be freed by this function. This function may be \s-1NULL.\s0 -.PP -\&\fBDH_meth_get_generate_params()\fR and \fBDH_meth_set_generate_params()\fR get and set the -function used for generating \s-1DH\s0 parameters respectively. This function will be -called in response to the application calling \fBDH_generate_parameters_ex()\fR (or -\&\fBDH_generate_parameters()\fR). The parameters for the function have the same -meaning as for \fBDH_generate_parameters_ex()\fR. This function may be \s-1NULL.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDH_meth_new()\fR and \fBDH_meth_dup()\fR return the newly allocated \s-1DH_METHOD\s0 object -or \s-1NULL\s0 on failure. -.PP -\&\fBDH_meth_get0_name()\fR and \fBDH_meth_get_flags()\fR return the name and flags -associated with the \s-1DH_METHOD\s0 respectively. -.PP -All other DH_meth_get_*() functions return the appropriate function pointer -that has been set in the \s-1DH_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been -set. -.PP -\&\fBDH_meth_set1_name()\fR and all DH_meth_set_*() functions return 1 on success or -0 on failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), -\&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_get0_pqg\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 deleted file mode 100644 index 2fd0721b86d0..000000000000 --- a/secure/lib/libcrypto/man/DH_new.3 +++ /dev/null @@ -1,178 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DH_NEW 3" -.TH DH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DH_new, DH_free \- allocate and free DH objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& DH* DH_new(void); -\& -\& void DH_free(DH *dh); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. -.PP -\&\fBDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are -erased before the memory is returned to the system. -If \fBdh\fR is \s-1NULL\s0 nothing is done. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -If the allocation fails, \fBDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns -a pointer to the newly allocated structure. -.PP -\&\fBDH_free()\fR returns no value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), -\&\fBDH_generate_parameters\fR\|(3), -\&\fBDH_generate_key\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DH_new_by_nid.3 b/secure/lib/libcrypto/man/DH_new_by_nid.3 deleted file mode 100644 index 4e85d2c0053c..000000000000 --- a/secure/lib/libcrypto/man/DH_new_by_nid.3 +++ /dev/null @@ -1,172 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DH_NEW_BY_NID 3" -.TH DH_NEW_BY_NID 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DH_new_by_nid, DH_get_nid \- get or find DH named parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 3 -\& #include -\& DH *DH_new_by_nid(int nid); -\& int *DH_get_nid(const DH *dh); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters -\&\fBnid\fR. Currently \fBnid\fR must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, -\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR or \fBNID_ffdhe8192\fR. -.PP -\&\fBDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match -any named set. It returns the \s-1NID\s0 corresponding to the matching parameters or -\&\fBNID_undef\fR if there is no match. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters or -\&\fBNID_undef\fR if there is no match. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 deleted file mode 100644 index 3702353f11e9..000000000000 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ /dev/null @@ -1,219 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DH_SET_METHOD 3" -.TH DH_SET_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSL \- select DH method -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void DH_set_default_method(const DH_METHOD *meth); -\& -\& const DH_METHOD *DH_get_default_method(void); -\& -\& int DH_set_method(DH *dh, const DH_METHOD *meth); -\& -\& DH *DH_new_method(ENGINE *engine); -\& -\& const DH_METHOD *DH_OpenSSL(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman -operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for -important information about how these \s-1DH API\s0 functions are affected by the use -of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. -.PP -Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as -returned by \fBDH_OpenSSL()\fR. -.PP -\&\fBDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 -structures created later. -\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set -as a default for \s-1DH,\s0 so this function is no longer recommended. -This function is not thread-safe and should not be called at the same time -as other OpenSSL functions. -.PP -\&\fBDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0 -However, the meaningfulness of this result is dependent on whether the \s-1ENGINE -API\s0 is being used, so this function is no longer recommended. -.PP -\&\fBDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. -This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method -was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the -change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 -implementations (eg. from an \s-1ENGINE\s0 module that supports embedded -hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 -for the key can have unexpected results. -.PP -\&\fBDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will -be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0 -operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by -\&\fBDH_set_default_method()\fR is used. -.PP -A new \s-1DH_METHOD\s0 object may be constructed using \fBDH_meth_new()\fR (see -\&\fBDH_meth_new\fR\|(3)). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDH_OpenSSL()\fR and \fBDH_get_default_method()\fR return pointers to the respective -\&\fB\s-1DH_METHOD\s0\fRs. -.PP -\&\fBDH_set_default_method()\fR returns no value. -.PP -\&\fBDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as -the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous -method was supplied by an \s-1ENGINE\s0). -.PP -\&\fBDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by -\&\fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it -returns a pointer to the newly allocated structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 deleted file mode 100644 index f47dbeb9e119..000000000000 --- a/secure/lib/libcrypto/man/DH_size.3 +++ /dev/null @@ -1,187 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DH_SIZE 3" -.TH DH_SIZE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DH_size, DH_bits, DH_security_bits \- get Diffie\-Hellman prime size and security bits -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int DH_size(const DH *dh); -\& -\& int DH_bits(const DH *dh); -\& -\& int DH_security_bits(const DH *dh); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used -to determine how much memory must be allocated for the shared secret -computed by \fBDH_compute_key\fR\|(3). -.PP -\&\fBDH_bits()\fR returns the number of significant bits. -.PP -\&\fBdh\fR and \fBdh\->p\fR must not be \fB\s-1NULL\s0\fR. -.PP -\&\fBDH_security_bits()\fR returns the number of security bits of the given \fBdh\fR -key. See \fBBN_security_bits\fR\|(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDH_size()\fR returns the prime size of Diffie-Hellman in bytes. -.PP -\&\fBDH_bits()\fR returns the number of bits in the key. -.PP -\&\fBDH_security_bits()\fR returns the number of security bits. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDH_new\fR\|(3), \fBDH_generate_key\fR\|(3), -\&\fBBN_num_bits\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBDH_bits()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 deleted file mode 100644 index 1c40267fd187..000000000000 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ /dev/null @@ -1,189 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DSA_SIG_NEW 3" -.TH DSA_SIG_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DSA_SIG_get0, DSA_SIG_set0, DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& DSA_SIG *DSA_SIG_new(void); -\& void DSA_SIG_free(DSA_SIG *a); -\& void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); -\& int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDSA_SIG_new()\fR allocates an empty \fB\s-1DSA_SIG\s0\fR structure. -.PP -\&\fBDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The -values are erased before the memory is returned to the system. -.PP -\&\fBDSA_SIG_get0()\fR returns internal pointers to the \fBr\fR and \fBs\fR values contained -in \fBsig\fR. -.PP -The \fBr\fR and \fBs\fR values can be set by calling \fBDSA_SIG_set0()\fR and passing the -new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this -function transfers the memory management of the values to the \s-1DSA_SIG\s0 object, -and therefore the values that have been passed in should not be freed directly -after this function has been called. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -If the allocation fails, \fBDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an -error code that can be obtained by -\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer -to the newly allocated structure. -.PP -\&\fBDSA_SIG_free()\fR returns no value. -.PP -\&\fBDSA_SIG_set0()\fR returns 1 on success or 0 on failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), -\&\fBDSA_do_sign\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 deleted file mode 100644 index c0221b8ea9be..000000000000 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ /dev/null @@ -1,184 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DSA_DO_SIGN 3" -.TH DSA_DO_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DSA_do_sign, DSA_do_verify \- raw DSA signature operations -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); -\& -\& int DSA_do_verify(const unsigned char *dgst, int dgst_len, -\& DSA_SIG *sig, DSA *dsa); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message -digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a -newly allocated \fB\s-1DSA_SIG\s0\fR structure. -.PP -\&\fBDSA_sign_setup\fR\|(3) may be used to precompute part -of the signing operation in case signature generation is -time-critical. -.PP -\&\fBDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given -message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public -key. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fBDSA_do_verify()\fR -returns 1 for a valid signature, 0 for an incorrect signature and \-1 -on error. The error codes can be obtained by -\&\fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), -\&\fBDSA_SIG_new\fR\|(3), -\&\fBDSA_sign\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 deleted file mode 100644 index 9b3852a3dc9e..000000000000 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ /dev/null @@ -1,172 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DSA_DUP_DH 3" -.TH DSA_DUP_DH 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DSA_dup_DH \- create a DH structure out of DSA structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& DH *DSA_dup_DH(const DSA *r); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q -is lost during that conversion, but the resulting \s-1DH\s0 parameters -contain its length. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The -error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "NOTE" -.IX Header "NOTE" -Be careful to avoid small subgroup attacks when using this. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDH_new\fR\|(3), \fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 deleted file mode 100644 index 10ed1b44efbd..000000000000 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ /dev/null @@ -1,173 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DSA_GENERATE_KEY 3" -.TH DSA_GENERATE_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DSA_generate_key \- generate DSA key pair -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int DSA_generate_key(DSA *a); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates -a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR. -.PP -The random generator must be seeded prior to calling \fBDSA_generate_key()\fR. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDSA_generate_key()\fR returns 1 on success, 0 otherwise. -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), -\&\fBDSA_generate_parameters_ex\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 deleted file mode 100644 index 15d56a2727a1..000000000000 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ /dev/null @@ -1,240 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DSA_GENERATE_PARAMETERS 3" -.TH DSA_GENERATE_PARAMETERS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DSA_generate_parameters_ex, DSA_generate_parameters \- generate DSA parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int DSA_generate_parameters_ex(DSA *dsa, int bits, -\& const unsigned char *seed, int seed_len, -\& int *counter_ret, unsigned long *h_ret, -\& BN_GENCB *cb); -.Ve -.PP -Deprecated: -.PP -.Vb 5 -\& #if OPENSSL_API_COMPAT < 0x00908000L -\& DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, -\& int *counter_ret, unsigned long *h_ret, -\& void (*callback)(int, int, void *), void *cb_arg); -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDSA_generate_parameters_ex()\fR generates primes p and q and a generator g -for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR. -.PP -\&\fBbits\fR is the length of the prime p to be generated. -For lengths under 2048 bits, the length of q is 160 bits; for lengths -greater than or equal to 2048 bits, the length of q is set to 256 bits. -.PP -If \fBseed\fR is \s-1NULL,\s0 the primes will be generated at random. -If \fBseed_len\fR is less than the length of q, an error is returned. -.PP -\&\fBDSA_generate_parameters_ex()\fR places the iteration count in -*\fBcounter_ret\fR and a counter used for finding a generator in -*\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR. -.PP -A callback function may be used to provide feedback about the progress -of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be -called as shown below. For information on the \s-1BN_GENCB\s0 structure and the -BN_GENCB_call function discussed below, refer to -\&\fBBN_generate_prime\fR\|(3). -.PP -\&\fBDSA_generate_prime()\fR is similar to \fBDSA_generate_prime_ex()\fR but -expects an old-style callback function; see -\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. -.IP "\(bu" 2 -When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called -(m is 0 for the first candidate). -.IP "\(bu" 2 -When a candidate for q has passed a test by trial division, -\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. -While a candidate for q is tested by Miller-Rabin primality tests, -\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop -(once for each witness that confirms that the candidate may be prime); -i is the loop counter (starting at 0). -.IP "\(bu" 2 -When a prime q has been found, \fBBN_GENCB_call(cb, 2, 0)\fR and -\&\fBBN_GENCB_call(cb, 3, 0)\fR are called. -.IP "\(bu" 2 -Before a candidate for p (other than the first) is generated and tested, -\&\fBBN_GENCB_call(cb, 0, counter)\fR is called. -.IP "\(bu" 2 -When a candidate for p has passed the test by trial division, -\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. -While it is tested by the Miller-Rabin primality test, -\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop -(once for each witness that confirms that the candidate may be prime). -i is the loop counter (starting at 0). -.IP "\(bu" 2 -When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called. -.IP "\(bu" 2 -When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise. -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.PP -\&\fBDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure or -\&\fB\s-1NULL\s0\fR if the parameter generation fails. -.SH "BUGS" -.IX Header "BUGS" -Seed lengths greater than 20 are not supported. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), -\&\fBDSA_free\fR\|(3), \fBBN_generate_prime\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use -\&\fBDSA_generate_parameters_ex()\fR instead. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DSA_get0_pqg.3 b/secure/lib/libcrypto/man/DSA_get0_pqg.3 deleted file mode 100644 index fed19b74d731..000000000000 --- a/secure/lib/libcrypto/man/DSA_get0_pqg.3 +++ /dev/null @@ -1,239 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DSA_GET0_PQG 3" -.TH DSA_GET0_PQG 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g, DSA_get0_pub_key, DSA_get0_priv_key, DSA_clear_flags, DSA_test_flags, DSA_set_flags, DSA_get0_engine \- Routines for getting and setting data in a DSA object -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void DSA_get0_pqg(const DSA *d, -\& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); -\& int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); -\& void DSA_get0_key(const DSA *d, -\& const BIGNUM **pub_key, const BIGNUM **priv_key); -\& int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); -\& const BIGNUM *DSA_get0_p(const DSA *d); -\& const BIGNUM *DSA_get0_q(const DSA *d); -\& const BIGNUM *DSA_get0_g(const DSA *d); -\& const BIGNUM *DSA_get0_pub_key(const DSA *d); -\& const BIGNUM *DSA_get0_priv_key(const DSA *d); -\& void DSA_clear_flags(DSA *d, int flags); -\& int DSA_test_flags(const DSA *d, int flags); -\& void DSA_set_flags(DSA *d, int flags); -\& ENGINE *DSA_get0_engine(DSA *d); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A \s-1DSA\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. It also contains a -public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR). -.PP -The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDSA_get0_pqg()\fR. -If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set -to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These -point directly to the internal representations of the values and therefore -should not be freed directly. -.PP -The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDSA_set0_pqg()\fR and passing -the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling -this function transfers the memory management of the values to the \s-1DSA\s0 object, -and therefore the values that have been passed in should not be freed directly -after this function has been called. -.PP -To get the public and private key values use the \fBDSA_get0_key()\fR function. A -pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the -private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not -been set yet, although if the private key has been set then the public key must -be. The values point to the internal representation of the public key and -private key values. This memory should not be freed directly. -.PP -The public and private key values can be set using \fBDSA_set0_key()\fR. The public -key must be non-NULL the first time this function is called on a given \s-1DSA\s0 -object. The private key may be \s-1NULL.\s0 On subsequent calls, either may be \s-1NULL,\s0 -which means the corresponding \s-1DSA\s0 field is left untouched. As for \fBDSA_set0_pqg()\fR -this function transfers the memory management of the key values to the \s-1DSA\s0 -object, and therefore they should not be freed directly after this function has -been called. -.PP -Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be -retrieved separately by the corresponding function \fBDSA_get0_p()\fR, \fBDSA_get0_q()\fR, -\&\fBDSA_get0_g()\fR, \fBDSA_get0_priv_key()\fR, and \fBDSA_get0_pub_key()\fR, respectively. -.PP -\&\fBDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DSA\s0 object. -Multiple flags can be passed in one go (bitwise ORed together). Any flags that -are already set are left set. \fBDSA_test_flags()\fR tests to see whether the flags -passed in the \fBflags\fR parameter are currently set in the \s-1DSA\s0 object. Multiple -flags can be tested in one go. All flags that are currently set are returned, or -zero if none of the flags are set. \fBDSA_clear_flags()\fR clears the specified flags -within the \s-1DSA\s0 object. -.PP -\&\fBDSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DSA\s0 -object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. -.SH "NOTES" -.IX Header "NOTES" -Values retrieved with \fBDSA_get0_key()\fR are owned by the \s-1DSA\s0 object used -in the call and may therefore \fInot\fR be passed to \fBDSA_set0_key()\fR. If -needed, duplicate the received value using \fBBN_dup()\fR and pass the -duplicate. The same applies to \fBDSA_get0_pqg()\fR and \fBDSA_set0_pqg()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDSA_set0_pqg()\fR and \fBDSA_set0_key()\fR return 1 on success or 0 on failure. -.PP -\&\fBDSA_test_flags()\fR returns the current state of the flags in the \s-1DSA\s0 object. -.PP -\&\fBDSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DSA\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 -has been set. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), -\&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), -\&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_meth_new\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DSA_meth_new.3 b/secure/lib/libcrypto/man/DSA_meth_new.3 deleted file mode 100644 index 0fb5e6c23422..000000000000 --- a/secure/lib/libcrypto/man/DSA_meth_new.3 +++ /dev/null @@ -1,342 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DSA_METH_NEW 3" -.TH DSA_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, DSA_meth_set_keygen \- Routines to build up DSA methods -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& DSA_METHOD *DSA_meth_new(const char *name, int flags); -\& -\& void DSA_meth_free(DSA_METHOD *dsam); -\& -\& DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); -\& -\& const char *DSA_meth_get0_name(const DSA_METHOD *dsam); -\& int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); -\& -\& int DSA_meth_get_flags(const DSA_METHOD *dsam); -\& int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); -\& -\& void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); -\& int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); -\& -\& DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *, -\& int, DSA *); -\& int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *, -\& int, DSA *)); -\& -\& int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$ -\& BIGNUM **, BIGNUM **); -\& int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *, -\& BIGNUM **, BIGNUM **)); -\& -\& int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *, -\& int, DSA_SIG *, DSA *); -\& int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *, -\& int, DSA_SIG *, DSA *)); -\& -\& int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1, -\& BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, -\& BIGNUM *m, BN_CTX *ctx, -\& BN_MONT_CTX *in_mont); -\& int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr, -\& BIGNUM *a1, BIGNUM *p1, -\& BIGNUM *a2, BIGNUM *p2, -\& BIGNUM *m, BN_CTX *ctx, -\& BN_MONT_CTX *mont)); -\& -\& int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a, -\& const BIGNUM *p, const BIGNUM *m, -\& BN_CTX *ctx, BN_MONT_CTX *mont); -\& int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa, -\& BIGNUM *r, -\& BIGNUM *a, -\& const BIGNUM *p, -\& const BIGNUM *m, -\& BN_CTX *ctx, -\& BN_MONT_CTX *mont)); -\& -\& int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); -\& int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); -\& -\& int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *); -\& int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *)); -\& -\& int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int, -\& const unsigned char *, -\& int, int *, unsigned long *, -\& BN_GENCB *); -\& int DSA_meth_set_paramgen(DSA_METHOD *dsam, -\& int (*paramgen)(DSA *, int, const unsigned char *, -\& int, int *, unsigned long *, BN_GENCB *)); -\& -\& int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *); -\& int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *)); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1DSA_METHOD\s0\fR type is a structure used for the provision of custom \s-1DSA\s0 -implementations. It provides a set of functions used by OpenSSL for the -implementation of the various \s-1DSA\s0 capabilities. See the dsa page for more -information. -.PP -\&\fBDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a -unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated -string, which will be duplicated and stored in the \fB\s-1DSA_METHOD\s0\fR object. It is -the callers responsibility to free the original string. The flags will be used -during the construction of a new \fB\s-1DSA\s0\fR object based on this \fB\s-1DSA_METHOD\s0\fR. Any -new \fB\s-1DSA\s0\fR object will have those flags set by default. -.PP -\&\fBDSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1DSA_METHOD\s0\fR object passed as a -parameter. This might be useful for creating a new \fB\s-1DSA_METHOD\s0\fR based on an -existing one, but with some differences. -.PP -\&\fBDSA_meth_free()\fR destroys a \fB\s-1DSA_METHOD\s0\fR structure and frees up any memory -associated with it. -.PP -\&\fBDSA_meth_get0_name()\fR will return a pointer to the name of this \s-1DSA_METHOD.\s0 This -is a pointer to the internal name string and so should not be freed by the -caller. \fBDSA_meth_set1_name()\fR sets the name of the \s-1DSA_METHOD\s0 to \fBname\fR. The -string is duplicated and the copy is stored in the \s-1DSA_METHOD\s0 structure, so the -caller remains responsible for freeing the memory associated with the name. -.PP -\&\fBDSA_meth_get_flags()\fR returns the current value of the flags associated with this -\&\s-1DSA_METHOD.\s0 \fBDSA_meth_set_flags()\fR provides the ability to set these flags. -.PP -The functions \fBDSA_meth_get0_app_data()\fR and \fBDSA_meth_set0_app_data()\fR provide the -ability to associate implementation specific data with the \s-1DSA_METHOD.\s0 It is -the application's responsibility to free this data before the \s-1DSA_METHOD\s0 is -freed via a call to \fBDSA_meth_free()\fR. -.PP -\&\fBDSA_meth_get_sign()\fR and \fBDSA_meth_set_sign()\fR get and set the function used for -creating a \s-1DSA\s0 signature respectively. This function will be -called in response to the application calling \fBDSA_do_sign()\fR (or \fBDSA_sign()\fR). The -parameters for the function have the same meaning as for \fBDSA_do_sign()\fR. -.PP -\&\fBDSA_meth_get_sign_setup()\fR and \fBDSA_meth_set_sign_setup()\fR get and set the function -used for precalculating the \s-1DSA\s0 signature values \fBk^\-1\fR and \fBr\fR. This function -will be called in response to the application calling \fBDSA_sign_setup()\fR. The -parameters for the function have the same meaning as for \fBDSA_sign_setup()\fR. -.PP -\&\fBDSA_meth_get_verify()\fR and \fBDSA_meth_set_verify()\fR get and set the function used -for verifying a \s-1DSA\s0 signature respectively. This function will be called in -response to the application calling \fBDSA_do_verify()\fR (or \fBDSA_verify()\fR). The -parameters for the function have the same meaning as for \fBDSA_do_verify()\fR. -.PP -\&\fBDSA_meth_get_mod_exp()\fR and \fBDSA_meth_set_mod_exp()\fR get and set the function used -for computing the following value: -.PP -.Vb 1 -\& rr = a1^p1 * a2^p2 mod m -.Ve -.PP -This function will be called by the default OpenSSL method during verification -of a \s-1DSA\s0 signature. The result is stored in the \fBrr\fR parameter. This function -may be \s-1NULL.\s0 -.PP -\&\fBDSA_meth_get_bn_mod_exp()\fR and \fBDSA_meth_set_bn_mod_exp()\fR get and set the function -used for computing the following value: -.PP -.Vb 1 -\& r = a ^ p mod m -.Ve -.PP -This function will be called by the default OpenSSL function for -\&\fBDSA_sign_setup()\fR. The result is stored in the \fBr\fR parameter. This function -may be \s-1NULL.\s0 -.PP -\&\fBDSA_meth_get_init()\fR and \fBDSA_meth_set_init()\fR get and set the function used -for creating a new \s-1DSA\s0 instance respectively. This function will be -called in response to the application calling \fBDSA_new()\fR (if the current default -\&\s-1DSA_METHOD\s0 is this one) or \fBDSA_new_method()\fR. The \fBDSA_new()\fR and \fBDSA_new_method()\fR -functions will allocate the memory for the new \s-1DSA\s0 object, and a pointer to this -newly allocated structure will be passed as a parameter to the function. This -function may be \s-1NULL.\s0 -.PP -\&\fBDSA_meth_get_finish()\fR and \fBDSA_meth_set_finish()\fR get and set the function used -for destroying an instance of a \s-1DSA\s0 object respectively. This function will be -called in response to the application calling \fBDSA_free()\fR. A pointer to the \s-1DSA\s0 -to be destroyed is passed as a parameter. The destroy function should be used -for \s-1DSA\s0 implementation specific clean up. The memory for the \s-1DSA\s0 itself should -not be freed by this function. This function may be \s-1NULL.\s0 -.PP -\&\fBDSA_meth_get_paramgen()\fR and \fBDSA_meth_set_paramgen()\fR get and set the function -used for generating \s-1DSA\s0 parameters respectively. This function will be called in -response to the application calling \fBDSA_generate_parameters_ex()\fR (or -\&\fBDSA_generate_parameters()\fR). The parameters for the function have the same -meaning as for \fBDSA_generate_parameters_ex()\fR. -.PP -\&\fBDSA_meth_get_keygen()\fR and \fBDSA_meth_set_keygen()\fR get and set the function -used for generating a new \s-1DSA\s0 key pair respectively. This function will be -called in response to the application calling \fBDSA_generate_key()\fR. The parameter -for the function has the same meaning as for \fBDSA_generate_key()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDSA_meth_new()\fR and \fBDSA_meth_dup()\fR return the newly allocated \s-1DSA_METHOD\s0 object -or \s-1NULL\s0 on failure. -.PP -\&\fBDSA_meth_get0_name()\fR and \fBDSA_meth_get_flags()\fR return the name and flags -associated with the \s-1DSA_METHOD\s0 respectively. -.PP -All other DSA_meth_get_*() functions return the appropriate function pointer -that has been set in the \s-1DSA_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been -set. -.PP -\&\fBDSA_meth_set1_name()\fR and all DSA_meth_set_*() functions return 1 on success or -0 on failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), -\&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), -\&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_get0_pqg\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 deleted file mode 100644 index 031b13f4bfb9..000000000000 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ /dev/null @@ -1,180 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DSA_NEW 3" -.TH DSA_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DSA_new, DSA_free \- allocate and free DSA objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& DSA* DSA_new(void); -\& -\& void DSA_free(DSA *dsa); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to -calling DSA_new_method(\s-1NULL\s0). -.PP -\&\fBDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are -erased before the memory is returned to the system. -If \fBdsa\fR is \s-1NULL\s0 nothing is done. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -If the allocation fails, \fBDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by -\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer -to the newly allocated structure. -.PP -\&\fBDSA_free()\fR returns no value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), -\&\fBDSA_generate_parameters\fR\|(3), -\&\fBDSA_generate_key\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 deleted file mode 100644 index df3e03928363..000000000000 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ /dev/null @@ -1,219 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DSA_SET_METHOD 3" -.TH DSA_SET_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DSA_set_default_method, DSA_get_default_method, DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void DSA_set_default_method(const DSA_METHOD *meth); -\& -\& const DSA_METHOD *DSA_get_default_method(void); -\& -\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); -\& -\& DSA *DSA_new_method(ENGINE *engine); -\& -\& DSA_METHOD *DSA_OpenSSL(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 -operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for -important information about how these \s-1DSA API\s0 functions are affected by the use -of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. -.PP -Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, -as returned by \fBDSA_OpenSSL()\fR. -.PP -\&\fBDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 -structures created later. -\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has -been set as a default for \s-1DSA,\s0 so this function is no longer recommended. -This function is not thread-safe and should not be called at the same time -as other OpenSSL functions. -.PP -\&\fBDSA_get_default_method()\fR returns a pointer to the current default -\&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on -whether the \s-1ENGINE API\s0 is being used, so this function is no longer -recommended. -.PP -\&\fBDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key -\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the -previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will -be released during the change. It is possible to have \s-1DSA\s0 keys that only -work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module -that supports embedded hardware-protected keys), and in such cases -attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected -results. See DSA_meth_new for information on constructing custom \s-1DSA_METHOD\s0 -objects; -.PP -\&\fBDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR -will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine -for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 -controlled by \fBDSA_set_default_method()\fR is used. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDSA_OpenSSL()\fR and \fBDSA_get_default_method()\fR return pointers to the respective -\&\fB\s-1DSA_METHOD\s0\fRs. -.PP -\&\fBDSA_set_default_method()\fR returns no value. -.PP -\&\fBDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as -the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous -method was supplied by an \s-1ENGINE\s0). -.PP -\&\fBDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be -obtained by \fBERR_get_error\fR\|(3) if the allocation -fails. Otherwise it returns a pointer to the newly allocated structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 deleted file mode 100644 index 573016019693..000000000000 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ /dev/null @@ -1,202 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DSA_SIGN 3" -.TH DSA_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int DSA_sign(int type, const unsigned char *dgst, int len, -\& unsigned char *sigret, unsigned int *siglen, DSA *dsa); -\& -\& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp); -\& -\& int DSA_verify(int type, const unsigned char *dgst, int len, -\& unsigned char *sigbuf, int siglen, DSA *dsa); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message -digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0 -encoding at \fBsigret\fR. The length of the signature is places in -*\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. -.PP -\&\fBDSA_sign_setup()\fR is defined only for backward binary compatibility and -should not be used. -Since OpenSSL 1.1.0 the \s-1DSA\s0 type is opaque and the output of -\&\fBDSA_sign_setup()\fR cannot be used anyway: calling this function will only -cause overhead, and does not affect the actual signature -(pre\-)computation. -.PP -\&\fBDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR -matches a given message digest \fBdgst\fR of size \fBlen\fR. -\&\fBdsa\fR is the signer's public key. -.PP -The \fBtype\fR parameter is ignored. -.PP -The random generator must be seeded when \fBDSA_sign()\fR (or \fBDSA_sign_setup()\fR) -is called. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDSA_sign()\fR and \fBDSA_sign_setup()\fR return 1 on success, 0 on error. -\&\fBDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect -signature and \-1 on error. The error codes can be obtained by -\&\fBERR_get_error\fR\|(3). -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186\s0 (Digital Signature -Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), -\&\fBDSA_do_sign\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 deleted file mode 100644 index 486383b20f50..000000000000 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ /dev/null @@ -1,180 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DSA_SIZE 3" -.TH DSA_SIZE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DSA_size, DSA_bits, DSA_security_bits \- get DSA signature size, key bits or security bits -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int DSA_size(const DSA *dsa); -\& int DSA_bits(const DSA *dsa); -\& int DSA_security_bits(const DSA *dsa); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBDSA_size()\fR returns the maximum size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature -for key \fBdsa\fR in bytes. It can be used to determine how much memory must -be allocated for a \s-1DSA\s0 signature. -.PP -\&\fBdsa\->q\fR must not be \fB\s-1NULL\s0\fR. -.PP -\&\fBDSA_bits()\fR returns the number of bits in key \fBdsa\fR: this is the number -of bits in the \fBp\fR parameter. -.PP -\&\fBDSA_security_bits()\fR returns the number of security bits of the given \fBdsa\fR -key. See \fBBN_security_bits\fR\|(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBDSA_size()\fR returns the signature size in bytes. -.PP -\&\fBDSA_bits()\fR returns the number of bits in the key. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBDSA_new\fR\|(3), \fBDSA_sign\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 b/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 deleted file mode 100644 index c66b8b2bc059..000000000000 --- a/secure/lib/libcrypto/man/DTLS_get_data_mtu.3 +++ /dev/null @@ -1,168 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DTLS_GET_DATA_MTU 3" -.TH DTLS_GET_DATA_MTU 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DTLS_get_data_mtu \- Get maximum data payload size -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& size_t DTLS_get_data_mtu(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This function obtains the maximum data payload size for the established -\&\s-1DTLS\s0 connection \fBssl\fR, based on the \s-1DTLS\s0 record \s-1MTU\s0 and the overhead -of the \s-1DTLS\s0 record header, encryption and authentication currently in use. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Returns the maximum data payload size on success, or 0 on failure. -.SH "HISTORY" -.IX Header "HISTORY" -The \fBDTLS_get_data_mtu()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 b/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 deleted file mode 100644 index 6fd51298d135..000000000000 --- a/secure/lib/libcrypto/man/DTLS_set_timer_cb.3 +++ /dev/null @@ -1,170 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DTLS_SET_TIMER_CB 3" -.TH DTLS_SET_TIMER_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DTLS_timer_cb, DTLS_set_timer_cb \&\- Set callback for controlling DTLS timer duration -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); -\& -\& void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This function sets an optional callback function for controlling the -timeout interval on the \s-1DTLS\s0 protocol. The callback function will be -called by \s-1DTLS\s0 for every new \s-1DTLS\s0 packet that is sent. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Returns void. -.SH "HISTORY" -.IX Header "HISTORY" -The \fBDTLS_set_timer_cb()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/DTLSv1_listen.3 b/secure/lib/libcrypto/man/DTLSv1_listen.3 deleted file mode 100644 index 44b330e3523f..000000000000 --- a/secure/lib/libcrypto/man/DTLSv1_listen.3 +++ /dev/null @@ -1,262 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "DTLSV1_LISTEN 3" -.TH DTLSV1_LISTEN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_stateless, DTLSv1_listen \&\- Statelessly listen for incoming connections -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_stateless(SSL *s); -\& int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_stateless()\fR statelessly listens for new incoming TLSv1.3 connections. -\&\fBDTLSv1_listen()\fR statelessly listens for new incoming \s-1DTLS\s0 connections. If a -ClientHello is received that does not contain a cookie, then they respond with a -request for a new ClientHello that does contain a cookie. If a ClientHello is -received with a cookie that is verified then the function returns in order to -enable the handshake to be completed (for example by using \fBSSL_accept()\fR). -.SH "NOTES" -.IX Header "NOTES" -Some transport protocols (such as \s-1UDP\s0) can be susceptible to amplification -attacks. Unlike \s-1TCP\s0 there is no initial connection setup in \s-1UDP\s0 that -validates that the client can actually receive messages on its advertised source -address. An attacker could forge its source \s-1IP\s0 address and then send handshake -initiation messages to the server. The server would then send its response to -the forged source \s-1IP.\s0 If the response messages are larger than the original -message then the amplification attack has succeeded. -.PP -If \s-1DTLS\s0 is used over \s-1UDP\s0 (or any datagram based protocol that does not validate -the source \s-1IP\s0) then it is susceptible to this type of attack. TLSv1.3 is -designed to operate over a stream-based transport protocol (such as \s-1TCP\s0). -If \s-1TCP\s0 is being used then there is no need to use \fBSSL_stateless()\fR. However some -stream-based transport protocols (e.g. \s-1QUIC\s0) may not validate the source -address. In this case a TLSv1.3 application would be susceptible to this attack. -.PP -As a countermeasure to this issue TLSv1.3 and \s-1DTLS\s0 include a stateless cookie -mechanism. The idea is that when a client attempts to connect to a server it -sends a ClientHello message. The server responds with a HelloRetryRequest (in -TLSv1.3) or a HelloVerifyRequest (in \s-1DTLS\s0) which contains a unique cookie. The -client then resends the ClientHello, but this time includes the cookie in the -message thus proving that the client is capable of receiving messages sent to -that address. All of this can be done by the server without allocating any -state, and thus without consuming expensive resources. -.PP -OpenSSL implements this capability via the \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR -functions. The \fBssl\fR parameter should be a newly allocated \s-1SSL\s0 object with its -read and write BIOs set, in the same way as might be done for a call to -\&\fBSSL_accept()\fR. Typically, for \s-1DTLS,\s0 the read \s-1BIO\s0 will be in an \*(L"unconnected\*(R" -state and thus capable of receiving messages from any peer. -.PP -When a ClientHello is received that contains a cookie that has been verified, -then these functions will return with the \fBssl\fR parameter updated into a state -where the handshake can be continued by a call to (for example) \fBSSL_accept()\fR. -Additionally, for \fBDTLSv1_listen()\fR, the \fB\s-1BIO_ADDR\s0\fR pointed to by \fBpeer\fR will be -filled in with details of the peer that sent the ClientHello. If the underlying -\&\s-1BIO\s0 is unable to obtain the \fB\s-1BIO_ADDR\s0\fR of the peer (for example because the \s-1BIO\s0 -does not support this), then \fB*peer\fR will be cleared and the family set to -\&\s-1AF_UNSPEC.\s0 Typically user code is expected to \*(L"connect\*(R" the underlying socket to -the peer and continue the handshake in a connected state. -.PP -Prior to calling \fBDTLSv1_listen()\fR user code must ensure that cookie generation -and verification callbacks have been set up using -\&\fBSSL_CTX_set_cookie_generate_cb()\fR and \fBSSL_CTX_set_cookie_verify_cb()\fR -respectively. For \fBSSL_stateless()\fR, \fBSSL_CTX_set_stateless_cookie_generate_cb()\fR -and \fBSSL_CTX_set_stateless_cookie_verify_cb()\fR must be used instead. -.PP -Since \fBDTLSv1_listen()\fR operates entirely statelessly whilst processing incoming -ClientHellos it is unable to process fragmented messages (since this would -require the allocation of state). An implication of this is that \fBDTLSv1_listen()\fR -\&\fBonly\fR supports ClientHellos that fit inside a single datagram. -.PP -For \fBSSL_stateless()\fR if an entire ClientHello message cannot be read without the -\&\*(L"read\*(R" \s-1BIO\s0 becoming empty then the \fBSSL_stateless()\fR call will fail. It is the -application's responsibility to ensure that data read from the \*(L"read\*(R" \s-1BIO\s0 during -a single \fBSSL_stateless()\fR call is all from the same peer. -.PP -\&\fBSSL_stateless()\fR will fail (with a 0 return value) if some \s-1TLS\s0 version less than -TLSv1.3 is used. -.PP -Both \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR will clear the error queue when they -start. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -For \fBSSL_stateless()\fR a return value of 1 indicates success and the \fBssl\fR object -will be set up ready to continue the handshake. A return value of 0 or \-1 -indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value -of \-1 indicates any other error. User code may retry the \fBSSL_stateless()\fR call. -.PP -For \fBDTLSv1_listen()\fR a return value of >= 1 indicates success. The \fBssl\fR object -will be set up ready to continue the handshake. the \fBpeer\fR value will also be -filled in. -.PP -A return value of 0 indicates a non-fatal error. This could (for -example) be because of non-blocking \s-1IO,\s0 or some invalid message having been -received from a peer. Errors may be placed on the OpenSSL error queue with -further information if appropriate. Typically user code is expected to retry the -call to \fBDTLSv1_listen()\fR in the event of a non-fatal error. -.PP -A return value of <0 indicates a fatal error. This could (for example) be -because of a failure to allocate sufficient memory for the operation. -.PP -For \fBDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non-fatal errors both -produce return codes <= 0 (in typical implementations user code treats all -errors as non-fatal), whilst return codes >0 indicate success. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_get_error\fR\|(3), \fBSSL_accept\fR\|(3), -\&\fBssl\fR\|(7), \fBbio\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_stateless()\fR function was added in OpenSSL 1.1.1. -.PP -The \fBDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. -The type of \*(L"peer\*(R" also changed in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ECDSA_SIG_new.3 b/secure/lib/libcrypto/man/ECDSA_SIG_new.3 deleted file mode 100644 index b8d56d38ca5a..000000000000 --- a/secure/lib/libcrypto/man/ECDSA_SIG_new.3 +++ /dev/null @@ -1,347 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ECDSA_SIG_NEW 3" -.TH ECDSA_SIG_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex \- low level elliptic curve digital signature algorithm (ECDSA) functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& ECDSA_SIG *ECDSA_SIG_new(void); -\& void ECDSA_SIG_free(ECDSA_SIG *sig); -\& void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); -\& const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); -\& const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); -\& int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); -\& int ECDSA_size(const EC_KEY *eckey); -\& -\& int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, -\& unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); -\& ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, -\& EC_KEY *eckey); -\& -\& int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, -\& const unsigned char *sig, int siglen, EC_KEY *eckey); -\& int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, -\& const ECDSA_SIG *sig, EC_KEY* eckey); -\& -\& ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, -\& const BIGNUM *kinv, const BIGNUM *rp, -\& EC_KEY *eckey); -\& int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); -\& int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, -\& unsigned char *sig, unsigned int *siglen, -\& const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Note: these functions provide a low level interface to \s-1ECDSA.\s0 Most -applications should use the higher level \fB\s-1EVP\s0\fR interface such as -\&\fBEVP_DigestSignInit\fR\|(3) or \fBEVP_DigestVerifyInit\fR\|(3) instead. -.PP -\&\fB\s-1ECDSA_SIG\s0\fR is an opaque structure consisting of two BIGNUMs for the -\&\fBr\fR and \fBs\fR value of an \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0). -.PP -\&\fBECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. Note: before -OpenSSL 1.1.0 the: the \fBr\fR and \fBs\fR components were initialised. -.PP -\&\fBECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. -.PP -\&\fBECDSA_SIG_get0()\fR returns internal pointers the \fBr\fR and \fBs\fR values contained -in \fBsig\fR and stores them in \fB*pr\fR and \fB*ps\fR, respectively. -The pointer \fBpr\fR or \fBps\fR can be \s-1NULL,\s0 in which case the corresponding value -is not returned. -.PP -The values \fBr\fR, \fBs\fR can also be retrieved separately by the corresponding -function \fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR, respectively. -.PP -The \fBr\fR and \fBs\fR values can be set by calling \fBECDSA_SIG_set0()\fR and passing the -new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this -function transfers the memory management of the values to the \s-1ECDSA_SIG\s0 object, -and therefore the values that have been passed in should not be freed directly -after this function has been called. -.PP -See \fBi2d_ECDSA_SIG\fR\|(3) and \fBd2i_ECDSA_SIG\fR\|(3) for information about encoding -and decoding \s-1ECDSA\s0 signatures to/from \s-1DER.\s0 -.PP -\&\fBECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature -created with the private \s-1EC\s0 key \fBeckey\fR. -.PP -\&\fBECDSA_sign()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value -\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR. The \s-1DER\s0 encoded signatures is -stored in \fBsig\fR and its length is returned in \fBsig_len\fR. Note: \fBsig\fR must -point to ECDSA_size(eckey) bytes of memory. The parameter \fBtype\fR is currently -ignored. \fBECDSA_sign()\fR is wrapper function for \fBECDSA_sign_ex()\fR with \fBkinv\fR -and \fBrp\fR set to \s-1NULL.\s0 -.PP -\&\fBECDSA_do_sign()\fR is similar to \fBECDSA_sign()\fR except the signature is returned -as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fBECDSA_do_sign()\fR -is a wrapper function for \fBECDSA_do_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to -\&\s-1NULL.\s0 -.PP -\&\fBECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \fBsiglen\fR is a -valid \s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgstlen\fR using the -public key \fBeckey\fR. The parameter \fBtype\fR is ignored. -.PP -\&\fBECDSA_do_verify()\fR is similar to \fBECDSA_verify()\fR except the signature is -presented in the form of a pointer to an \fB\s-1ECDSA_SIG\s0\fR structure. -.PP -The remaining functions utilise the internal \fBkinv\fR and \fBr\fR values used -during signature computation. Most applications will never need to call these -and some external \s-1ECDSA ENGINE\s0 implementations may not support them at all if -either \fBkinv\fR or \fBr\fR is not \fB\s-1NULL\s0\fR. -.PP -\&\fBECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. -\&\fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure -(or \s-1NULL\s0). The precomputed values or returned in \fBkinv\fR and \fBrp\fR and can be -used in a later call to \fBECDSA_sign_ex()\fR or \fBECDSA_do_sign_ex()\fR. -.PP -\&\fBECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value -\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional pre-computed values -\&\fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signature is stored in \fBsig\fR and its -length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to ECDSA_size(eckey) -bytes of memory. The parameter \fBtype\fR is ignored. -.PP -\&\fBECDSA_do_sign_ex()\fR is similar to \fBECDSA_sign_ex()\fR except the signature is -returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. -.PP -\&\fBECDSA_SIG_set0()\fR returns 1 on success or 0 on failure. -.PP -\&\fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR return the corresponding value, -or \s-1NULL\s0 if it is unset. -.PP -\&\fBECDSA_size()\fR returns the maximum length signature or 0 on error. -.PP -\&\fBECDSA_sign()\fR, \fBECDSA_sign_ex()\fR and \fBECDSA_sign_setup()\fR return 1 if successful -or 0 on error. -.PP -\&\fBECDSA_do_sign()\fR and \fBECDSA_do_sign_ex()\fR return a pointer to an allocated -\&\fB\s-1ECDSA_SIG\s0\fR structure or \s-1NULL\s0 on error. -.PP -\&\fBECDSA_verify()\fR and \fBECDSA_do_verify()\fR return 1 for a valid -signature, 0 for an invalid signature and \-1 on error. -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Creating an \s-1ECDSA\s0 signature of a given \s-1SHA\-256\s0 hash value using the -named curve prime256v1 (aka P\-256). -.PP -First step: create an \s-1EC_KEY\s0 object (note: this part is \fBnot\fR \s-1ECDSA\s0 -specific) -.PP -.Vb 3 -\& int ret; -\& ECDSA_SIG *sig; -\& EC_KEY *eckey; -\& -\& eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); -\& if (eckey == NULL) -\& /* error */ -\& if (EC_KEY_generate_key(eckey) == 0) -\& /* error */ -.Ve -.PP -Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-256\s0 hash value -using \fBECDSA_do_sign()\fR: -.PP -.Vb 3 -\& sig = ECDSA_do_sign(digest, 32, eckey); -\& if (sig == NULL) -\& /* error */ -.Ve -.PP -or using \fBECDSA_sign()\fR: -.PP -.Vb 2 -\& unsigned char *buffer, *pp; -\& int buf_len; -\& -\& buf_len = ECDSA_size(eckey); -\& buffer = OPENSSL_malloc(buf_len); -\& pp = buffer; -\& if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) -\& /* error */ -.Ve -.PP -Third step: verify the created \s-1ECDSA\s0 signature using \fBECDSA_do_verify()\fR: -.PP -.Vb 1 -\& ret = ECDSA_do_verify(digest, 32, sig, eckey); -.Ve -.PP -or using \fBECDSA_verify()\fR: -.PP -.Vb 1 -\& ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); -.Ve -.PP -and finally evaluate the return value: -.PP -.Vb 6 -\& if (ret == 1) -\& /* signature ok */ -\& else if (ret == 0) -\& /* incorrect signature */ -\& else -\& /* error */ -.Ve -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS 186\-2\s0 -(Digital Signature Standard, \s-1DSS\s0) -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEC_KEY_new\fR\|(3), -\&\fBEVP_DigestSignInit\fR\|(3), -\&\fBEVP_DigestVerifyInit\fR\|(3), -\&\fBi2d_ECDSA_SIG\fR\|(3), -\&\fBd2i_ECDSA_SIG\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ECPKParameters_print.3 b/secure/lib/libcrypto/man/ECPKParameters_print.3 deleted file mode 100644 index 6ad90ecb3c47..000000000000 --- a/secure/lib/libcrypto/man/ECPKParameters_print.3 +++ /dev/null @@ -1,175 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ECPKPARAMETERS_PRINT 3" -.TH ECPKPARAMETERS_PRINT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and encoding ASN1 representations of elliptic curve entities -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); -\& int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The ECPKParameters represent the public parameters for an -\&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve. -.PP -The \fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR functions print -a human-readable output of the public parameters of the \s-1EC_GROUP\s0 to \fBbp\fR -or \fBfp\fR. The output lines are indented by \fBoff\fR spaces. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR -return 1 for success and 0 if an error occurs. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), -\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), -\&\fBEC_GFp_simple_method\fR\|(3), -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 b/secure/lib/libcrypto/man/EC_GFp_simple_method.3 deleted file mode 100644 index be5f0668c35c..000000000000 --- a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 +++ /dev/null @@ -1,201 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EC_GFP_SIMPLE_METHOD 3" -.TH EC_GFP_SIMPLE_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type \- Functions for obtaining EC_METHOD objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EC_METHOD *EC_GFp_simple_method(void); -\& const EC_METHOD *EC_GFp_mont_method(void); -\& const EC_METHOD *EC_GFp_nist_method(void); -\& const EC_METHOD *EC_GFp_nistp224_method(void); -\& const EC_METHOD *EC_GFp_nistp256_method(void); -\& const EC_METHOD *EC_GFp_nistp521_method(void); -\& -\& const EC_METHOD *EC_GF2m_simple_method(void); -\& -\& int EC_METHOD_get_field_type(const EC_METHOD *meth); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The Elliptic Curve library provides a number of different implementations through a single common interface. -When constructing a curve using EC_GROUP_new (see \fBEC_GROUP_new\fR\|(3)) an -implementation method must be provided. The functions described here all return a const pointer to an -\&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW.\s0 It is important that the correct implementation -type for the form of curve selected is used. -.PP -For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method. -.PP -For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All -other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the -use of montgomery multiplication (see \fBBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method -offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through -EC_GROUP_new_by_curve_name as described in \fBEC_GROUP_new\fR\|(3)). -.PP -The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit -optimised implementations for the \s-1NIST P224, P256\s0 and P521 curves respectively. Note, however, that these -implementations are not available on all platforms. -.PP -EC_METHOD_get_field_type identifies what type of field the \s-1EC_METHOD\s0 structure supports, which will be either -F2^m or Fp. If the field type is Fp then the value \fBNID_X9_62_prime_field\fR is returned. If the field type is -F2^m then the value \fBNID_X9_62_characteristic_two_field\fR is returned. These values are defined in the -obj_mac.h header file. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an \s-1EC_METHOD\s0 structure. -.PP -EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), -\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), -\&\fBd2i_ECPKParameters\fR\|(3), -\&\fBBN_mod_mul_montgomery\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EC_GROUP_copy.3 b/secure/lib/libcrypto/man/EC_GROUP_copy.3 deleted file mode 100644 index cc369cbcdd2d..000000000000 --- a/secure/lib/libcrypto/man/EC_GROUP_copy.3 +++ /dev/null @@ -1,331 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EC_GROUP_COPY 3" -.TH EC_GROUP_COPY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis \&\- Functions for manipulating EC_GROUP objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); -\& EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); -\& -\& const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); -\& -\& int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, -\& const BIGNUM *order, const BIGNUM *cofactor); -\& const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); -\& -\& int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); -\& const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); -\& int EC_GROUP_order_bits(const EC_GROUP *group); -\& int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); -\& const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); -\& -\& void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); -\& int EC_GROUP_get_curve_name(const EC_GROUP *group); -\& -\& void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); -\& int EC_GROUP_get_asn1_flag(const EC_GROUP *group); -\& -\& void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); -\& point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); -\& -\& unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); -\& size_t EC_GROUP_get_seed_len(const EC_GROUP *); -\& size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); -\& -\& int EC_GROUP_get_degree(const EC_GROUP *group); -\& -\& int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); -\& -\& int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); -\& -\& int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); -\& -\& int EC_GROUP_get_basis_type(const EC_GROUP *); -\& int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); -\& int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, -\& unsigned int *k2, unsigned int *k3); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -EC_GROUP_copy copies the curve \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same \s-1EC_METHOD.\s0 -.PP -EC_GROUP_dup creates a new \s-1EC_GROUP\s0 object and copies the content from \fBsrc\fR to the newly created -\&\s-1EC_GROUP\s0 object. -.PP -EC_GROUP_method_of obtains the \s-1EC_METHOD\s0 of \fBgroup\fR. -.PP -EC_GROUP_set_generator sets curve parameters that must be agreed by all participants using the curve. These -parameters include the \fBgenerator\fR, the \fBorder\fR and the \fBcofactor\fR. The \fBgenerator\fR is a well defined point on the -curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and -n\-1 where n is the \fBorder\fR. The \fBorder\fR multiplied by the \fBcofactor\fR gives the number of points on the curve. -.PP -EC_GROUP_get0_generator returns the generator for the identified \fBgroup\fR. -.PP -The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided \fBorder\fR and \fBcofactor\fR parameters -with the respective order and cofactors for the \fBgroup\fR. -.PP -The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the \s-1NID\s0 for the curve respectively -(see \fBEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name -will return 0. -.PP -The asn1_flag value is used to determine whether the curve encoding uses -explicit parameters or a named curve using an \s-1ASN1 OID:\s0 many applications only -support the latter form. If asn1_flag is \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR then the -named curve form is used and the parameters must have a corresponding -named curve \s-1NID\s0 set. If asn1_flags is \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR the -parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and -EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. -Note: \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR was added in OpenSSL 1.1.0, for -previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL -1.1.0 the default form was to use explicit parameters (meaning that -applications would have to explicitly set the named curve form) in OpenSSL -1.1.0 and later the named curve form is the default. -.PP -The point_conversion_form for a curve controls how \s-1EC_POINT\s0 data is encoded as \s-1ASN1\s0 as defined in X9.62 (\s-1ECDSA\s0). -point_conversion_form_t is an enum defined as follows: -.PP -.Vb 10 -\& typedef enum { -\& /** the point is encoded as z||x, where the octet z specifies -\& * which solution of the quadratic equation y is */ -\& POINT_CONVERSION_COMPRESSED = 2, -\& /** the point is encoded as z||x||y, where z is the octet 0x04 */ -\& POINT_CONVERSION_UNCOMPRESSED = 4, -\& /** the point is encoded as z||x||y, where the octet z specifies -\& * which solution of the quadratic equation y is */ -\& POINT_CONVERSION_HYBRID = 6 -\& } point_conversion_form_t; -.Ve -.PP -For \s-1POINT_CONVERSION_UNCOMPRESSED\s0 the point is encoded as an octet signifying the \s-1UNCOMPRESSED\s0 form has been used followed by -the octets for x, followed by the octets for y. -.PP -For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For -\&\s-1POINT_CONVERSION_COMPRESSED\s0 the point is encoded as an octet signifying that the \s-1COMPRESSED\s0 form has been used \s-1AND\s0 which of -the two possible solutions for y has been used, followed by the octets for x. -.PP -For \s-1POINT_CONVERSION_HYBRID\s0 the point is encoded as an octet signifying the \s-1HYBRID\s0 form has been used \s-1AND\s0 which of the two -possible solutions for y has been used, followed by the octets for x, followed by the octets for y. -.PP -The functions EC_GROUP_set_point_conversion_form and EC_GROUP_get_point_conversion_form set and get the point_conversion_form -for the curve respectively. -.PP -\&\s-1ANSI X9.62\s0 (\s-1ECDSA\s0 standard) defines a method of generating the curve parameter b from a random number. This provides advantages -in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. -If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL \s-1EC\s0 library -does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed. This returns a pointer to a memory block -containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len. A number of the -builtin curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using -EC_GROUP_set_seed and passing a pointer to a memory block, along with the length of the seed. Again, the \s-1EC\s0 library will not use -this seed value, although it will be preserved in any \s-1ASN1\s0 based communications. -.PP -EC_GROUP_get_degree gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be -the value m. -.PP -The function EC_GROUP_check_discriminant calculates the discriminant for the curve and verifies that it is valid. -For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is -simply b. In either case for the curve to be valid the discriminant must be non zero. -.PP -The function EC_GROUP_check performs a number of checks on a curve to verify that it is valid. Checks performed include -verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has -the correct order. -.PP -EC_GROUP_cmp compares \fBa\fR and \fBb\fR to determine whether they represent the same curve or not. -.PP -The functions EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis should only be called for curves -defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial -function f(x). This function is either a trinomial of the form: -.PP -f(x) = x^m + x^k + 1 with m > k >= 1 -.PP -or a pentanomial of the form: -.PP -f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 -.PP -The function EC_GROUP_get_basis_type returns a \s-1NID\s0 identifying whether a trinomial or pentanomial is in use for the field. The -function EC_GROUP_get_trinomial_basis must only be called where f(x) is of the trinomial form, and returns the value of \fBk\fR. Similarly -the function EC_GROUP_get_pentanomial_basis must only be called where f(x) is of the pentanomial form, and returns the values of \fBk1\fR, -\&\fBk2\fR and \fBk3\fR respectively. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following functions return 1 on success or 0 on error: EC_GROUP_copy, EC_GROUP_set_generator, EC_GROUP_check, -EC_GROUP_check_discriminant, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis. -.PP -EC_GROUP_dup returns a pointer to the duplicated curve, or \s-1NULL\s0 on error. -.PP -EC_GROUP_method_of returns the \s-1EC_METHOD\s0 implementation in use for the given curve or \s-1NULL\s0 on error. -.PP -EC_GROUP_get0_generator returns the generator for the given curve or \s-1NULL\s0 on error. -.PP -EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_get_curve_name, EC_GROUP_get_asn1_flag, EC_GROUP_get_point_conversion_form -and EC_GROUP_get_degree return the order, cofactor, curve name (\s-1NID\s0), \s-1ASN1\s0 flag, point_conversion_form and degree for the -specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0. -.PP -\&\fBEC_GROUP_get0_order()\fR returns an internal pointer to the group order. -\&\fBEC_GROUP_order_bits()\fR returns the number of bits in the group order. -\&\fBEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor. -.PP -EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or \s-1NULL\s0 if the seed is not -specified. EC_GROUP_get_seed_len returns the length of the seed or 0 if the seed is not specified. -.PP -EC_GROUP_set_seed returns the length of the seed that has been set. If the supplied seed is \s-1NULL,\s0 or the supplied seed length is -0, the return value will be 1. On error 0 is returned. -.PP -EC_GROUP_cmp returns 0 if the curves are equal, 1 if they are not equal, or \-1 on error. -.PP -EC_GROUP_get_basis_type returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in ) for a -trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), -\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), -\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EC_GROUP_new.3 b/secure/lib/libcrypto/man/EC_GROUP_new.3 deleted file mode 100644 index 2fc979596884..000000000000 --- a/secure/lib/libcrypto/man/EC_GROUP_new.3 +++ /dev/null @@ -1,261 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EC_GROUP_NEW 3" -.TH EC_GROUP_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, EC_GROUP_new, EC_GROUP_new_from_ecparameters, EC_GROUP_new_from_ecpkparameters, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve, EC_GROUP_get_curve, EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, EC_get_builtin_curves \- Functions for creating and destroying EC_GROUP objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); -\& EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) -\& EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) -\& void EC_GROUP_free(EC_GROUP *group); -\& void EC_GROUP_clear_free(EC_GROUP *group); -\& -\& EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, -\& const BIGNUM *b, BN_CTX *ctx); -\& EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, -\& const BIGNUM *b, BN_CTX *ctx); -\& EC_GROUP *EC_GROUP_new_by_curve_name(int nid); -\& -\& int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, -\& const BIGNUM *b, BN_CTX *ctx); -\& int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, -\& BN_CTX *ctx); -\& int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, -\& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -\& int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, -\& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); -\& int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, -\& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -\& int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, -\& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); -\& -\& ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params) -\& ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) -\& -\& size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the -prime field Fp. The elements of Fp are the integers 0 to p\-1, where p is a prime number. This gives us a revised -elliptic curve equation as follows: -.PP -y^2 mod p = x^3 +ax + b mod p -.PP -The second form is those defined over a binary field F2^m where the elements of the field are integers of length at -most m bits. For this form the elliptic curve equation is modified to: -.PP -y^2 + xy = x^3 + ax^2 + b (where b != 0) -.PP -Operations in a binary field are performed relative to an \fBirreducible polynomial\fR. All such curves with OpenSSL -use a trinomial or a pentanomial for this parameter. -.PP -A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by \fBmeth\fR (see -\&\fBEC_GFp_simple_method\fR\|(3)). It is then necessary to call \fBEC_GROUP_set_curve()\fR to set the curve parameters. -\&\fBEC_GROUP_new_from_ecparameters()\fR will create a group from the -specified \fBparams\fR and -\&\fBEC_GROUP_new_from_ecpkparameters()\fR will create a group from the specific \s-1PK\s0 \fBparams\fR. -.PP -\&\fBEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve over Fp \fBb\fR -is the prime for the field. For a curve over F2^m \fBp\fR represents the irreducible polynomial \- each bit -represents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether -the polynomial is a trinomial or a pentanomial. -.PP -\&\fBEC_group_get_curve()\fR obtains the previously set curve parameters. -.PP -\&\fBEC_GROUP_set_curve_GFp()\fR and \fBEC_GROUP_set_curve_GF2m()\fR are synonyms for \fBEC_GROUP_set_curve()\fR. They are defined for -backwards compatibility only and should not be used. -.PP -\&\fBEC_GROUP_get_curve_GFp()\fR and \fBEC_GROUP_get_curve_GF2m()\fR are synonyms for \fBEC_GROUP_get_curve()\fR. They are defined for -backwards compatibility only and should not be used. -.PP -The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and then the -EC_GROUP_set_curve function. An appropriate default implementation method will be used. -.PP -Whilst the library can be used to create any curve using the functions described above, there are also a number of -predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function -EC_get_builtin_curves. The parameter \fBr\fR should be an array of EC_builtin_curve structures of size \fBnitems\fR. The function -will populate the \fBr\fR array with information about the builtin curves. If \fBnitems\fR is less than the total number of -curves available, then the first \fBnitems\fR curves will be returned. Otherwise the total number of curves will be -provided. The return value is the total number of curves available (whether that number has been populated in \fBr\fR or -not). Passing a \s-1NULL\s0 \fBr\fR, or setting \fBnitems\fR to 0 will do nothing other than return the total number of curves available. -The EC_builtin_curve structure is defined as follows: -.PP -.Vb 4 -\& typedef struct { -\& int nid; -\& const char *comment; -\& } EC_builtin_curve; -.Ve -.PP -Each EC_builtin_curve item has a unique integer id (\fBnid\fR), and a human readable comment string describing the curve. -.PP -In order to construct a builtin curve use the function EC_GROUP_new_by_curve_name and provide the \fBnid\fR of the curve to -be constructed. -.PP -EC_GROUP_free frees the memory associated with the \s-1EC_GROUP.\s0 -If \fBgroup\fR is \s-1NULL\s0 nothing is done. -.PP -EC_GROUP_clear_free destroys any sensitive data held within the \s-1EC_GROUP\s0 and then frees its memory. -If \fBgroup\fR is \s-1NULL\s0 nothing is done. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All EC_GROUP_new* functions return a pointer to the newly constructed group, or \s-1NULL\s0 on error. -.PP -EC_get_builtin_curves returns the number of builtin curves that are available. -.PP -EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), \fBEC_GROUP_copy\fR\|(3), -\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), -\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 b/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 deleted file mode 100644 index 7c23945de85f..000000000000 --- a/secure/lib/libcrypto/man/EC_KEY_get_enc_flags.3 +++ /dev/null @@ -1,190 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EC_KEY_GET_ENC_FLAGS 3" -.TH EC_KEY_GET_ENC_FLAGS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EC_KEY_get_enc_flags, EC_KEY_set_enc_flags \&\- Get and set flags for encoding EC_KEY structures -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); -\& void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The format of the external representation of the public key written by -\&\fBi2d_ECPrivateKey()\fR (such as whether it is stored in a compressed form or not) is -described by the point_conversion_form. See \fBEC_GROUP_copy\fR\|(3) -for a description of point_conversion_form. -.PP -When reading a private key encoded without an associated public key (e.g. if -\&\s-1EC_PKEY_NO_PUBKEY\s0 has been used \- see below), then \fBd2i_ECPrivateKey()\fR generates -the missing public key automatically. Private keys encoded without parameters -(e.g. if \s-1EC_PKEY_NO_PARAMETERS\s0 has been used \- see below) cannot be loaded using -\&\fBd2i_ECPrivateKey()\fR. -.PP -The functions \fBEC_KEY_get_enc_flags()\fR and \fBEC_KEY_set_enc_flags()\fR get and set the -value of the encoding flags for the \fBkey\fR. There are two encoding flags -currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY.\s0 These flags -define the behaviour of how the \fBkey\fR is converted into \s-1ASN1\s0 in a call to -\&\fBi2d_ECPrivateKey()\fR. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for -the curve are not encoded along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s0 is -set then the public key is not encoded along with the private key. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEC_KEY_get_enc_flags()\fR returns the value of the current encoding flags for the -\&\s-1EC_KEY.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), -\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), -\&\fBEC_POINT_add\fR\|(3), -\&\fBEC_GFp_simple_method\fR\|(3), -\&\fBd2i_ECPKParameters\fR\|(3), -\&\fBd2i_ECPrivateKey\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EC_KEY_new.3 b/secure/lib/libcrypto/man/EC_KEY_new.3 deleted file mode 100644 index fab02e549f2b..000000000000 --- a/secure/lib/libcrypto/man/EC_KEY_new.3 +++ /dev/null @@ -1,309 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EC_KEY_NEW 3" -.TH EC_KEY_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf \- Functions for creating, destroying and manipulating EC_KEY objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EC_KEY *EC_KEY_new(void); -\& int EC_KEY_get_flags(const EC_KEY *key); -\& void EC_KEY_set_flags(EC_KEY *key, int flags); -\& void EC_KEY_clear_flags(EC_KEY *key, int flags); -\& EC_KEY *EC_KEY_new_by_curve_name(int nid); -\& void EC_KEY_free(EC_KEY *key); -\& EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); -\& EC_KEY *EC_KEY_dup(const EC_KEY *src); -\& int EC_KEY_up_ref(EC_KEY *key); -\& ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); -\& const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); -\& int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); -\& const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); -\& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); -\& const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); -\& int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); -\& point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); -\& void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); -\& void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); -\& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); -\& int EC_KEY_generate_key(EC_KEY *key); -\& int EC_KEY_check_key(const EC_KEY *key); -\& int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); -\& const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); -\& int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); -\& -\& int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx); -\& size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form, -\& unsigned char **pbuf, BN_CTX *ctx); -\& -\& int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len); -\& size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len); -\& -\& size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -An \s-1EC_KEY\s0 represents a public key and, optionally, the associated private -key. A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling -\&\fBEC_KEY_new()\fR. The reference count for the newly created \s-1EC_KEY\s0 is initially -set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling -\&\fBEC_KEY_set_group()\fR. -.PP -Alternatively a new \s-1EC_KEY\s0 can be constructed by calling -\&\fBEC_KEY_new_by_curve_name()\fR and supplying the nid of the associated curve. See -\&\fBEC_GROUP_new\fR\|(3) for a description of curve names. This function simply -wraps calls to \fBEC_KEY_new()\fR and \fBEC_GROUP_new_by_curve_name()\fR. -.PP -Calling \fBEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object, -and if it has dropped to zero then frees the memory associated with it. If -\&\fBkey\fR is \s-1NULL\s0 nothing is done. -.PP -\&\fBEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR. -.PP -\&\fBEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it. -.PP -\&\fBEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0 -object. -.PP -\&\fBEC_KEY_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for -this \s-1EC_KEY\s0 object. -.PP -\&\fBEC_KEY_generate_key()\fR generates a new public and private key for the supplied -\&\fBeckey\fR object. \fBeckey\fR must have an \s-1EC_GROUP\s0 object associated with it -before calling this function. The private key is a random integer (0 < priv_key -< order, where \fIorder\fR is the order of the \s-1EC_GROUP\s0 object). The public key is -an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the -curve by the private key. -.PP -\&\fBEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to -confirm that it is valid. -.PP -\&\fBEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based -on its affine co-ordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on -the supplied \fBx\fR and \fBy\fR values and sets the public key to be this -\&\s-1EC_POINT.\s0 It also performs certain sanity checks on the key to confirm -that it is valid. -.PP -The functions \fBEC_KEY_get0_group()\fR, \fBEC_KEY_set_group()\fR, -\&\fBEC_KEY_get0_private_key()\fR, \fBEC_KEY_set_private_key()\fR, \fBEC_KEY_get0_public_key()\fR, -and \fBEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key, -and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. -.PP -The functions \fBEC_KEY_get_conv_form()\fR and \fBEC_KEY_set_conv_form()\fR get and set the -point_conversion_form for the \fBkey\fR. For a description of -point_conversion_forms please see \fBEC_POINT_new\fR\|(3). -.PP -\&\fBEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 -object. Any flags that are already set are left set. The flags currently -defined are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In -addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH.\s0 -\&\fBEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY.\s0 -\&\fBEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all -other flags are left in their existing state. -.PP -\&\fBEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object -(if set). Refer to \fBEC_GROUP_copy\fR\|(3) for further information on the -asn1_flag. -.PP -\&\fBEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator -for faster point multiplication. See also \fBEC_POINT_add\fR\|(3). -.PP -\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_key2buf()\fR are identical to the functions -\&\fBEC_POINT_oct2point()\fR and \fBEC_KEY_point2buf()\fR except they use the public key -\&\s-1EC_POINT\s0 in \fBeckey\fR. -.PP -\&\fBEC_KEY_oct2priv()\fR and \fBEC_KEY_priv2oct()\fR convert between the private key -component of \fBeckey\fR and octet form. The octet form consists of the content -octets of the \fBprivateKey\fR \s-1OCTET STRING\s0 in an \fBECPrivateKey\fR \s-1ASN.1\s0 structure. -.PP -The function \fBEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to -store the octet form. The return value provides the number of octets stored. -Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but -will just return the required buffer length. -.PP -The function \fBEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes -an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fB*pbuf\fR -and its length is returned. The caller must free up the allocated buffer with a -call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR -the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. -.PP -\&\fBEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name()\fR and \fBEC_KEY_dup()\fR return a pointer to -the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. -.PP -\&\fBEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an -integer. -.PP -\&\fBEC_KEY_copy()\fR returns a pointer to the destination key, or \s-1NULL\s0 on error. -.PP -\&\fBEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE,\s0 or \s-1NULL\s0 if it wasn't set. -.PP -\&\fBEC_KEY_up_ref()\fR, \fBEC_KEY_set_group()\fR, \fBEC_KEY_set_private_key()\fR, -\&\fBEC_KEY_set_public_key()\fR, \fBEC_KEY_precompute_mult()\fR, \fBEC_KEY_generate_key()\fR, -\&\fBEC_KEY_check_key()\fR, \fBEC_KEY_set_public_key_affine_coordinates()\fR, -\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_oct2priv()\fR return 1 on success or 0 on error. -.PP -\&\fBEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0 -.PP -\&\fBEC_KEY_get0_private_key()\fR returns the private key associated with the \s-1EC_KEY.\s0 -.PP -\&\fBEC_KEY_get_conv_form()\fR return the point_conversion_form for the \s-1EC_KEY.\s0 -.PP -\&\fBEC_KEY_key2buf()\fR, \fBEC_KEY_priv2oct()\fR and \fBEC_KEY_priv2buf()\fR return the length -of the buffer or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), -\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), -\&\fBEC_POINT_add\fR\|(3), -\&\fBEC_GFp_simple_method\fR\|(3), -\&\fBd2i_ECPKParameters\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EC_POINT_add.3 b/secure/lib/libcrypto/man/EC_POINT_add.3 deleted file mode 100644 index 7f215809be92..000000000000 --- a/secure/lib/libcrypto/man/EC_POINT_add.3 +++ /dev/null @@ -1,216 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EC_POINT_ADD 3" -.TH EC_POINT_ADD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult \- Functions for performing mathematical operations and tests on EC_POINT objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, -\& const EC_POINT *b, BN_CTX *ctx); -\& int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); -\& int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); -\& int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); -\& int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); -\& int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); -\& int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); -\& int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, -\& EC_POINT *points[], BN_CTX *ctx); -\& int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, -\& const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); -\& int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, -\& const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); -\& int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -\& int EC_GROUP_have_precompute_mult(const EC_GROUP *group); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -EC_POINT_add adds the two points \fBa\fR and \fBb\fR and places the result in \fBr\fR. Similarly EC_POINT_dbl doubles the point \fBa\fR and places the -result in \fBr\fR. In both cases it is valid for \fBr\fR to be one of \fBa\fR or \fBb\fR. -.PP -EC_POINT_invert calculates the inverse of the supplied point \fBa\fR. The result is placed back in \fBa\fR. -.PP -The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not. -.PP -EC_POINT_is_on_curve tests whether the supplied point is on the curve or not. -.PP -EC_POINT_cmp compares the two supplied points and tests whether or not they are equal. -.PP -The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the \s-1EC_POINT\s0(s) into the affine -co-ordinate system. In the case of EC_POINTs_make_affine the value \fBnum\fR provides the number of points in the array \fBpoints\fR to be -forced. -.PP -EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * \fBn\fR + \fBq\fR * \fBm\fR and stores the result in \fBr\fR. -The value \fBn\fR may be \s-1NULL\s0 in which case the result is just \fBq\fR * \fBm\fR (variable point multiplication). Alternatively, both \fBq\fR and \fBm\fR may be \s-1NULL,\s0 and \fBn\fR non-NULL, in which case the result is just generator * \fBn\fR (fixed point multiplication). -When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm\fR) is in the range [0, ec_group_order). -.PP -EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR + ... + \fBq[num\-1]\fR * \fBm[num\-1]\fR. As for EC_POINT_mul the value \fBn\fR may be \s-1NULL\s0 or \fBnum\fR may be zero. -When performing a fixed point multiplication (\fBn\fR is non-NULL and \fBnum\fR is 0) or a variable point multiplication (\fBn\fR is \s-1NULL\s0 and \fBnum\fR is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm[0]\fR) is in the range [0, ec_group_order). -.PP -The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst -EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fBEC_GROUP_copy\fR\|(3) for information -about the generator. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, -EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult. -.PP -EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise. -.PP -EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or \-1 on error. -.PP -EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or \-1 on error. -.PP -EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), -\&\fBEC_POINT_new\fR\|(3), \fBEC_KEY_new\fR\|(3), -\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EC_POINT_new.3 b/secure/lib/libcrypto/man/EC_POINT_new.3 deleted file mode 100644 index fd5139878a17..000000000000 --- a/secure/lib/libcrypto/man/EC_POINT_new.3 +++ /dev/null @@ -1,339 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EC_POINT_NEW 3" -.TH EC_POINT_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates, EC_POINT_get_affine_coordinates, EC_POINT_set_compressed_coordinates, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, EC_POINT_hex2point \&\- Functions for creating, destroying and manipulating EC_POINT objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EC_POINT *EC_POINT_new(const EC_GROUP *group); -\& void EC_POINT_free(EC_POINT *point); -\& void EC_POINT_clear_free(EC_POINT *point); -\& int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); -\& EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); -\& const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); -\& int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); -\& int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, -\& EC_POINT *p, -\& const BIGNUM *x, const BIGNUM *y, -\& const BIGNUM *z, BN_CTX *ctx); -\& int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, -\& const EC_POINT *p, -\& BIGNUM *x, BIGNUM *y, BIGNUM *z, -\& BN_CTX *ctx); -\& int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, -\& const BIGNUM *x, const BIGNUM *y, -\& BN_CTX *ctx); -\& int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, -\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); -\& int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, -\& const BIGNUM *x, int y_bit, -\& BN_CTX *ctx); -\& int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, -\& const BIGNUM *x, const BIGNUM *y, -\& BN_CTX *ctx); -\& int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, -\& const EC_POINT *p, -\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); -\& int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, -\& EC_POINT *p, -\& const BIGNUM *x, int y_bit, -\& BN_CTX *ctx); -\& int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, -\& const BIGNUM *x, const BIGNUM *y, -\& BN_CTX *ctx); -\& int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, -\& const EC_POINT *p, -\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); -\& int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, -\& EC_POINT *p, -\& const BIGNUM *x, int y_bit, -\& BN_CTX *ctx); -\& size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, -\& point_conversion_form_t form, -\& unsigned char *buf, size_t len, BN_CTX *ctx); -\& size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, -\& point_conversion_form_t form, -\& unsigned char **pbuf, BN_CTX *ctx); -\& int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, -\& const unsigned char *buf, size_t len, BN_CTX *ctx); -\& BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p, -\& point_conversion_form_t form, BIGNUM *bn, -\& BN_CTX *ctx); -\& EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn, -\& EC_POINT *p, BN_CTX *ctx); -\& char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p, -\& point_conversion_form_t form, BN_CTX *ctx); -\& EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex, -\& EC_POINT *p, BN_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -An \fB\s-1EC_POINT\s0\fR structure represents a point on a curve. A new point is -constructed by calling the function \fBEC_POINT_new()\fR and providing the -\&\fBgroup\fR object that the point relates to. -.PP -\&\fBEC_POINT_free()\fR frees the memory associated with the \fB\s-1EC_POINT\s0\fR. -if \fBpoint\fR is \s-1NULL\s0 nothing is done. -.PP -\&\fBEC_POINT_clear_free()\fR destroys any sensitive data held within the \s-1EC_POINT\s0 and -then frees its memory. If \fBpoint\fR is \s-1NULL\s0 nothing is done. -.PP -\&\fBEC_POINT_copy()\fR copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR -must use the same \fB\s-1EC_METHOD\s0\fR. -.PP -\&\fBEC_POINT_dup()\fR creates a new \fB\s-1EC_POINT\s0\fR object and copies the content from -\&\fBsrc\fR to the newly created \fB\s-1EC_POINT\s0\fR object. -.PP -\&\fBEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR. -.PP -A valid point on a curve is the special point at infinity. A point is set to -be at infinity by calling \fBEC_POINT_set_to_infinity()\fR. -.PP -The affine co-ordinates for a point describe a point in terms of its x and y -position. The function \fBEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR -co-ordinates for the point \fBp\fR defined over the curve given in \fBgroup\fR. The -function \fBEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which -may be \s-1NULL,\s0 to the corresponding coordinates of \fBp\fR. -.PP -The functions \fBEC_POINT_set_affine_coordinates_GFp()\fR and -\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR are synonyms for -\&\fBEC_POINT_set_affine_coordinates()\fR. They are defined for backwards compatibility -only and should not be used. -.PP -The functions \fBEC_POINT_get_affine_coordinates_GFp()\fR and -\&\fBEC_POINT_get_affine_coordinates_GF2m()\fR are synonyms for -\&\fBEC_POINT_get_affine_coordinates()\fR. They are defined for backwards compatibility -only and should not be used. -.PP -As well as the affine co-ordinates, a point can alternatively be described in -terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian -projective co-ordinates are expressed as three values x, y and z. Working in -this co-ordinate system provides more efficient point multiplication -operations. A mapping exists between Jacobian projective co-ordinates and -affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written -as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian -projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped -to (x, y, 1). To set or get the projective co-ordinates use -\&\fBEC_POINT_set_Jprojective_coordinates_GFp()\fR and -\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR respectively. -.PP -Points can also be described in terms of their compressed co-ordinates. For a -point (x, y), for any given value for x such that the point is on the curve -there will only ever be two possible values for y. Therefore a point can be set -using the \fBEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x -co-ordinate and \fBy_bit\fR is a value 0 or 1 to identify which of the two -possible values for y should be used. -.PP -The functions \fBEC_POINT_set_compressed_coordinates_GFp()\fR and -\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR are synonyms for -\&\fBEC_POINT_set_compressed_coordinates()\fR. They are defined for backwards -compatibility only and should not be used. -.PP -In addition \fB\s-1EC_POINT\s0\fR can be converted to and from various external -representations. The octet form is the binary encoding of the \fBECPoint\fR -structure (as defined in \s-1RFC5480\s0 and used in certificates and \s-1TLS\s0 records): -only the content octets are present, the \fB\s-1OCTET STRING\s0\fR tag and length are -not included. \fB\s-1BIGNUM\s0\fR form is the octet form interpreted as a big endian -integer converted to a \fB\s-1BIGNUM\s0\fR structure. Hexadecimal form is the octet -form converted to a \s-1NULL\s0 terminated character string where each character -is one of the printable values 0\-9 or A\-F (or a\-f). -.PP -The functions \fBEC_POINT_point2oct()\fR, \fBEC_POINT_oct2point()\fR, \fBEC_POINT_point2bn()\fR, -\&\fBEC_POINT_bn2point()\fR, \fBEC_POINT_point2hex()\fR and \fBEC_POINT_hex2point()\fR convert from -and to EC_POINTs for the formats: octet, \s-1BIGNUM\s0 and hexadecimal respectively. -.PP -The function \fBEC_POINT_point2oct()\fR must be supplied with a buffer long enough to -store the octet form. The return value provides the number of octets stored. -Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but -will still return the required buffer length. -.PP -The function \fBEC_POINT_point2buf()\fR allocates a buffer of suitable length and -writes an \s-1EC_POINT\s0 to it in octet format. The allocated buffer is written to -\&\fB*pbuf\fR and its length is returned. The caller must free up the allocated -buffer with a call to \fBOPENSSL_free()\fR. Since the allocated buffer value is -written to \fB*pbuf\fR the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. -.PP -The function \fBEC_POINT_point2hex()\fR will allocate sufficient memory to store the -hexadecimal string. It is the caller's responsibility to free this memory with -a subsequent call to \fBOPENSSL_free()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEC_POINT_new()\fR and \fBEC_POINT_dup()\fR return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 -on error. -.PP -The following functions return 1 on success or 0 on error: \fBEC_POINT_copy()\fR, -\&\fBEC_POINT_set_to_infinity()\fR, \fBEC_POINT_set_Jprojective_coordinates_GFp()\fR, -\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR, -\&\fBEC_POINT_set_affine_coordinates_GFp()\fR, \fBEC_POINT_get_affine_coordinates_GFp()\fR, -\&\fBEC_POINT_set_compressed_coordinates_GFp()\fR, -\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR, \fBEC_POINT_get_affine_coordinates_GF2m()\fR, -\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR and \fBEC_POINT_oct2point()\fR. -.PP -EC_POINT_method_of returns the \s-1EC_METHOD\s0 associated with the supplied \s-1EC_POINT.\s0 -.PP -\&\fBEC_POINT_point2oct()\fR and \fBEC_POINT_point2buf()\fR return the length of the required -buffer or 0 on error. -.PP -\&\fBEC_POINT_point2bn()\fR returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on -error. -.PP -\&\fBEC_POINT_bn2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on -error. -.PP -\&\fBEC_POINT_point2hex()\fR returns a pointer to the hex string, or \s-1NULL\s0 on error. -.PP -\&\fBEC_POINT_hex2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on -error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), -\&\fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), -\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ENGINE_add.3 b/secure/lib/libcrypto/man/ENGINE_add.3 deleted file mode 100644 index 197b02a51967..000000000000 --- a/secure/lib/libcrypto/man/ENGINE_add.3 +++ /dev/null @@ -1,767 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ENGINE_ADD 3" -.TH ENGINE_ADD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ENGINE_get_DH, ENGINE_get_DSA, ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, ENGINE_get_default_DSA, ENGINE_get_default_RAND, ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, ENGINE_get_destroy_function, ENGINE_get_finish_function, ENGINE_get_init_function, ENGINE_get_load_privkey_function, ENGINE_get_load_pubkey_function, ENGINE_load_private_key, ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, ENGINE_register_DH, ENGINE_register_DSA, ENGINE_register_RAND, ENGINE_register_RSA, ENGINE_register_all_complete, ENGINE_register_ciphers, ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, ENGINE_set_default_DH, ENGINE_set_default_DSA, ENGINE_set_default_RAND, ENGINE_set_default_RSA, ENGINE_set_default_ciphers, ENGINE_set_default_digests, ENGINE_set_default_string, ENGINE_set_destroy_function, ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, ENGINE_get_table_flags, ENGINE_cleanup, ENGINE_load_builtin_engines, ENGINE_register_all_DH, ENGINE_register_all_DSA, ENGINE_register_all_RAND, ENGINE_register_all_RSA, ENGINE_register_all_ciphers, ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, ENGINE_unregister_DSA, ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, ENGINE_unregister_digests \&\- ENGINE cryptographic module support -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& ENGINE *ENGINE_get_first(void); -\& ENGINE *ENGINE_get_last(void); -\& ENGINE *ENGINE_get_next(ENGINE *e); -\& ENGINE *ENGINE_get_prev(ENGINE *e); -\& -\& int ENGINE_add(ENGINE *e); -\& int ENGINE_remove(ENGINE *e); -\& -\& ENGINE *ENGINE_by_id(const char *id); -\& -\& int ENGINE_init(ENGINE *e); -\& int ENGINE_finish(ENGINE *e); -\& -\& void ENGINE_load_builtin_engines(void); -\& -\& ENGINE *ENGINE_get_default_RSA(void); -\& ENGINE *ENGINE_get_default_DSA(void); -\& ENGINE *ENGINE_get_default_DH(void); -\& ENGINE *ENGINE_get_default_RAND(void); -\& ENGINE *ENGINE_get_cipher_engine(int nid); -\& ENGINE *ENGINE_get_digest_engine(int nid); -\& -\& int ENGINE_set_default_RSA(ENGINE *e); -\& int ENGINE_set_default_DSA(ENGINE *e); -\& int ENGINE_set_default_DH(ENGINE *e); -\& int ENGINE_set_default_RAND(ENGINE *e); -\& int ENGINE_set_default_ciphers(ENGINE *e); -\& int ENGINE_set_default_digests(ENGINE *e); -\& int ENGINE_set_default_string(ENGINE *e, const char *list); -\& -\& int ENGINE_set_default(ENGINE *e, unsigned int flags); -\& -\& unsigned int ENGINE_get_table_flags(void); -\& void ENGINE_set_table_flags(unsigned int flags); -\& -\& int ENGINE_register_RSA(ENGINE *e); -\& void ENGINE_unregister_RSA(ENGINE *e); -\& void ENGINE_register_all_RSA(void); -\& int ENGINE_register_DSA(ENGINE *e); -\& void ENGINE_unregister_DSA(ENGINE *e); -\& void ENGINE_register_all_DSA(void); -\& int ENGINE_register_DH(ENGINE *e); -\& void ENGINE_unregister_DH(ENGINE *e); -\& void ENGINE_register_all_DH(void); -\& int ENGINE_register_RAND(ENGINE *e); -\& void ENGINE_unregister_RAND(ENGINE *e); -\& void ENGINE_register_all_RAND(void); -\& int ENGINE_register_ciphers(ENGINE *e); -\& void ENGINE_unregister_ciphers(ENGINE *e); -\& void ENGINE_register_all_ciphers(void); -\& int ENGINE_register_digests(ENGINE *e); -\& void ENGINE_unregister_digests(ENGINE *e); -\& void ENGINE_register_all_digests(void); -\& int ENGINE_register_complete(ENGINE *e); -\& int ENGINE_register_all_complete(void); -\& -\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); -\& int ENGINE_cmd_is_executable(ENGINE *e, int cmd); -\& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, -\& long i, void *p, void (*f)(void), int cmd_optional); -\& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, -\& int cmd_optional); -\& -\& ENGINE *ENGINE_new(void); -\& int ENGINE_free(ENGINE *e); -\& int ENGINE_up_ref(ENGINE *e); -\& -\& int ENGINE_set_id(ENGINE *e, const char *id); -\& int ENGINE_set_name(ENGINE *e, const char *name); -\& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); -\& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); -\& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); -\& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); -\& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); -\& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); -\& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); -\& int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); -\& int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); -\& int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); -\& int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); -\& int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); -\& int ENGINE_set_flags(ENGINE *e, int flags); -\& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); -\& -\& const char *ENGINE_get_id(const ENGINE *e); -\& const char *ENGINE_get_name(const ENGINE *e); -\& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); -\& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); -\& const DH_METHOD *ENGINE_get_DH(const ENGINE *e); -\& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); -\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); -\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); -\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); -\& ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); -\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); -\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); -\& ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); -\& ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); -\& const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); -\& const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); -\& int ENGINE_get_flags(const ENGINE *e); -\& const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); -\& -\& EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, -\& UI_METHOD *ui_method, void *callback_data); -\& EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, -\& UI_METHOD *ui_method, void *callback_data); -.Ve -.PP -Deprecated: -.PP -.Vb 3 -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void ENGINE_cleanup(void) -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions create, manipulate, and use cryptographic modules in the -form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for -implementations of cryptographic algorithms, and support a -reference-counted mechanism to allow them to be dynamically loaded in and -out of the running application. -.PP -The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR -implementation includes the following abstractions; -.PP -.Vb 6 -\& RSA_METHOD \- for providing alternative RSA implementations -\& DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD, -\& \- similarly for other OpenSSL APIs -\& EVP_CIPHER \- potentially multiple cipher algorithms (indexed by \*(Aqnid\*(Aq) -\& EVP_DIGEST \- potentially multiple hash algorithms (indexed by \*(Aqnid\*(Aq) -\& key\-loading \- loading public and/or private EVP_PKEY keys -.Ve -.SS "Reference counting and handles" -.IX Subsection "Reference counting and handles" -Due to the modular nature of the \s-1ENGINE API,\s0 pointers to ENGINEs need to be -treated as handles \- ie. not only as pointers, but also as references to -the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when -making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and -released) independently. -.PP -\&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in -which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is -inherently a \fBstructural\fR reference \- a structural reference is required -to use the pointer value at all, as this kind of reference is a guarantee -that the structure can not be deallocated until the reference is released. -.PP -However, a structural reference provides no guarantee that the \s-1ENGINE\s0 is -initialised and able to use any of its cryptographic -implementations. Indeed it's quite possible that most ENGINEs will not -initialise at all in typical environments, as ENGINEs are typically used to -support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a -\&\fBfunctional\fR reference. This kind of reference can be considered a -specialised form of structural reference, because each functional reference -implicitly contains a structural reference as well \- however to avoid -difficult-to-find programming bugs, it is recommended to treat the two -kinds of reference independently. If you have a functional reference to an -\&\s-1ENGINE,\s0 you have a guarantee that the \s-1ENGINE\s0 has been initialised and -is ready to perform cryptographic operations, and will remain initialised -until after you have released your reference. -.PP -\&\fIStructural references\fR -.PP -This basic type of reference is used for instantiating new ENGINEs, -iterating across OpenSSL's internal linked-list of loaded -ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structural -reference is sufficient if you only need to query or manipulate the data of -an \s-1ENGINE\s0 implementation rather than use its functionality. -.PP -The \fBENGINE_new()\fR function returns a structural reference to a new (empty) -\&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural -references such as; \fBENGINE_by_id()\fR, \fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, -\&\fBENGINE_get_next()\fR, \fBENGINE_get_prev()\fR. All structural references should be -released by a corresponding to call to the \fBENGINE_free()\fR function \- the -\&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when -the last structural reference is released. -.PP -It should also be noted that many \s-1ENGINE API\s0 function calls that accept a -structural reference will internally obtain another reference \- typically -this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after -the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to -OpenSSL's internal list is \fBENGINE_add()\fR \- if this function returns success, -then OpenSSL will have stored a new structural reference internally so the -caller is still responsible for freeing their own reference with -\&\fBENGINE_free()\fR when they are finished with it. In a similar way, some -functions will automatically release the structural reference passed to it -if part of the function's job is to do so. Eg. the \fBENGINE_get_next()\fR and -\&\fBENGINE_get_prev()\fR functions are used for iterating across the internal -\&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or -previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the -list, but in either case the structural reference passed to the function is -released on behalf of the caller. -.PP -To clarify a particular function's handling of references, one should -always consult that function's documentation \*(L"man\*(R" page, or failing that -the openssl/engine.h header file includes some hints. -.PP -\&\fIFunctional references\fR -.PP -As mentioned, functional references exist when the cryptographic -functionality of an \s-1ENGINE\s0 is required to be available. A functional -reference can be obtained in one of two ways; from an existing structural -reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default -operational \s-1ENGINE\s0 for a given cryptographic purpose. -.PP -To obtain a functional reference from an existing structural reference, -call the \fBENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not -already operational and couldn't be successfully initialised (eg. lack of -system drivers, no special hardware attached, etc), otherwise it will -return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will -have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional -references are released by calling \fBENGINE_finish()\fR (which removes the -implicit structural reference as well). -.PP -The second way to get a functional reference is by asking OpenSSL for a -default implementation for a given task, eg. by \fBENGINE_get_default_RSA()\fR, -\&\fBENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next -section, though they are not usually required by application programmers as -they are used automatically when creating and using the relevant -algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc. -.SS "Default implementations" -.IX Subsection "Default implementations" -For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table -of state to control which implementations are available for a given -abstraction and which should be used by default. These implementations are -registered in the tables and indexed by an 'nid' value, because -abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct -algorithms and modes, and ENGINEs can support arbitrarily many of them. -In the case of other abstractions like \s-1RSA, DSA,\s0 etc, there is only one -\&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid' -index. -.PP -When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (eg. -when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be made to the -\&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a -functional reference to an initialised \s-1ENGINE\s0 whose implementation should be -used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller -will operate with a \s-1NULL ENGINE\s0 handle \- this usually equates to using the -conventional software implementation. In the latter case, OpenSSL will from -then on behave the way it used to before the \s-1ENGINE API\s0 existed. -.PP -Each state table has a flag to note whether it has processed this -\&\*(L"get_default\*(R" query since the table was last modified, because to process -this question it must iterate across all the registered ENGINEs in the -table trying to initialise each of them in turn, in case one of them is -operational. If it returns a functional reference to an \s-1ENGINE,\s0 it will -also cache another reference to speed up processing future queries (without -needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 -response if no \s-1ENGINE\s0 was available so that future queries won't repeat the -same iteration unless the state table changes. This behaviour can also be -changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using -\&\fBENGINE_set_table_flags()\fR), no attempted initialisations will take place, -instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the -\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. -\&\fBENGINE_set_default_RSA()\fR does the same job as \fBENGINE_register_RSA()\fR except -that it also sets the state table's cached response for the \*(L"get_default\*(R" -query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are -indexed by 'nid', these flags and cached-responses are distinct for each 'nid' -value. -.SS "Application requirements" -.IX Subsection "Application requirements" -This section will explain the basic things an application programmer should -support to make the most useful elements of the \s-1ENGINE\s0 functionality -available to the user. The first thing to consider is whether the -programmer wishes to make alternative \s-1ENGINE\s0 modules available to the -application and user. OpenSSL maintains an internal linked list of -\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is -empty and in fact if an application does not call any \s-1ENGINE API\s0 calls and -it uses static linking against openssl, then the resulting application -binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first -consideration is whether any/all available \s-1ENGINE\s0 implementations should be -made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R" -functions. -.PP -The fact that ENGINEs are made visible to OpenSSL (and thus are linked into -the program and loaded into memory at run-time) does not mean they are -\&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour -is something for the application to control. Some applications -will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used -if any is to be used at all. Others may prefer to load all support and have -OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to -successfully initialise \- ie. to assume that this corresponds to -acceleration hardware attached to the machine or some such thing. There are -probably numerous other ways in which applications may prefer to handle -things, so we will simply illustrate the consequences as they apply to a -couple of simple cases and leave developers to consider these and the -source code to openssl's builtin utilities as guides. -.PP -If no \s-1ENGINE API\s0 functions are called within an application, then OpenSSL -will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, -if any ENGINEs are loaded, even if not registered or used, it was necessary to -call \fBENGINE_cleanup()\fR before the program exits. -.PP -\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR -.PP -Here we'll assume an application has been configured by its user or admin -to want to use the \*(L"\s-1ACME\*(R" ENGINE\s0 if it is available in the version of -OpenSSL the application was compiled with. If it is available, it should be -used by default for all \s-1RSA, DSA,\s0 and symmetric cipher operations, otherwise -OpenSSL should use its builtin software as per usual. The following code -illustrates how to approach this; -.PP -.Vb 10 -\& ENGINE *e; -\& const char *engine_id = "ACME"; -\& ENGINE_load_builtin_engines(); -\& e = ENGINE_by_id(engine_id); -\& if (!e) -\& /* the engine isn\*(Aqt available */ -\& return; -\& if (!ENGINE_init(e)) { -\& /* the engine couldn\*(Aqt initialise, release \*(Aqe\*(Aq */ -\& ENGINE_free(e); -\& return; -\& } -\& if (!ENGINE_set_default_RSA(e)) -\& /* -\& * This should only happen when \*(Aqe\*(Aq can\*(Aqt initialise, but the previous -\& * statement suggests it did. -\& */ -\& abort(); -\& ENGINE_set_default_DSA(e); -\& ENGINE_set_default_ciphers(e); -\& /* Release the functional reference from ENGINE_init() */ -\& ENGINE_finish(e); -\& /* Release the structural reference from ENGINE_by_id() */ -\& ENGINE_free(e); -.Ve -.PP -\&\fIAutomatically using builtin \s-1ENGINE\s0 implementations\fR -.PP -Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations -bundled with OpenSSL, such that for any cryptographic algorithm required by -OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialised, -it should be used. The following code illustrates how this can work; -.PP -.Vb 4 -\& /* Load all bundled ENGINEs into memory and make them visible */ -\& ENGINE_load_builtin_engines(); -\& /* Register all of them for every algorithm they collectively implement */ -\& ENGINE_register_all_complete(); -.Ve -.PP -That's all that's required. Eg. the next time OpenSSL tries to set up an -\&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to -\&\fBENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the -default for \s-1RSA\s0 use from then on. -.SS "Advanced configuration support" -.IX Subsection "Advanced configuration support" -There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each -\&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration -\&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on -OpenSSL. This mechanism is entirely based on the use of name-value pairs -and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if -applications want to provide a transparent way for users to provide -arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also -possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0 -implementations for the names, descriptions, and input flags of their -available \*(L"control commands\*(R", providing a more flexible configuration -scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she -is using (in the case of specialised hardware, this goes without saying) -then applications may not need to concern themselves with discovering the -supported control commands and simply prefer to pass settings into ENGINEs -exactly as they are provided by the user. -.PP -Before illustrating how control commands work, it is worth mentioning what -they are typically used for. Broadly speaking there are two uses for -control commands; the first is to provide the necessary details to the -implementation (which may know nothing at all specific to the host system) -so that it can be initialised for use. This could include the path to any -driver or config files it needs to load, required network addresses, -smart-card identifiers, passwords to initialise protected devices, -logging information, etc etc. This class of commands typically needs to be -passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before -calling \fBENGINE_init()\fR. The other class of commands consist of settings or -operations that tweak certain behaviour or cause certain operations to take -place, and these commands may work either before or after \fBENGINE_init()\fR, or -in some cases both. \s-1ENGINE\s0 implementations should provide indications of -this in the descriptions attached to builtin control commands and/or in -external product documentation. -.PP -\&\fIIssuing control commands to an \s-1ENGINE\s0\fR -.PP -Let's illustrate by example; a function for which the caller supplies the -name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before -initialisation, and another table for use after initialisation. Note that -the string-pairs used for control commands consist of a command \*(L"name\*(R" -followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some -cases but the name can not. This function should initialise the \s-1ENGINE\s0 -(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) -and set it as the default for everything except \s-1RAND\s0 and then return a -boolean success or failure. -.PP -.Vb 10 -\& int generic_load_engine_fn(const char *engine_id, -\& const char **pre_cmds, int pre_num, -\& const char **post_cmds, int post_num) -\& { -\& ENGINE *e = ENGINE_by_id(engine_id); -\& if (!e) return 0; -\& while (pre_num\-\-) { -\& if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { -\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, -\& pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); -\& ENGINE_free(e); -\& return 0; -\& } -\& pre_cmds += 2; -\& } -\& if (!ENGINE_init(e)) { -\& fprintf(stderr, "Failed initialisation\en"); -\& ENGINE_free(e); -\& return 0; -\& } -\& /* -\& * ENGINE_init() returned a functional reference, so free the structural -\& * reference from ENGINE_by_id(). -\& */ -\& ENGINE_free(e); -\& while (post_num\-\-) { -\& if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { -\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, -\& post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); -\& ENGINE_finish(e); -\& return 0; -\& } -\& post_cmds += 2; -\& } -\& ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND); -\& /* Success */ -\& return 1; -\& } -.Ve -.PP -Note that \fBENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can -relax the semantics of the function \- if set non-zero it will only return -failure if the \s-1ENGINE\s0 supported the given command name but failed while -executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply -return success without doing anything. In this case we assume the user is -only supplying commands specific to the given \s-1ENGINE\s0 so we set this to -\&\s-1FALSE.\s0 -.PP -\&\fIDiscovering supported control commands\fR -.PP -It is possible to discover at run-time the names, numerical-ids, descriptions -and input parameters of the control commands supported by an \s-1ENGINE\s0 using a -structural reference. Note that some control commands are defined by OpenSSL -itself and it will intercept and handle these control commands on behalf of the -\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fBctrl()\fR handler is not used for the control command. -openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands -implemented by ENGINEs should be numbered from. Any command value lower than -this symbol is considered a \*(L"generic\*(R" command is handled directly by the -OpenSSL core routines. -.PP -It is using these \*(L"core\*(R" control commands that one can discover the control -commands implemented by a given \s-1ENGINE,\s0 specifically the commands: -.PP -.Vb 9 -\& ENGINE_HAS_CTRL_FUNCTION -\& ENGINE_CTRL_GET_FIRST_CMD_TYPE -\& ENGINE_CTRL_GET_NEXT_CMD_TYPE -\& ENGINE_CTRL_GET_CMD_FROM_NAME -\& ENGINE_CTRL_GET_NAME_LEN_FROM_CMD -\& ENGINE_CTRL_GET_NAME_FROM_CMD -\& ENGINE_CTRL_GET_DESC_LEN_FROM_CMD -\& ENGINE_CTRL_GET_DESC_FROM_CMD -\& ENGINE_CTRL_GET_CMD_FLAGS -.Ve -.PP -Whilst these commands are automatically processed by the OpenSSL framework code, -they use various properties exposed by each \s-1ENGINE\s0 to process these -queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves; -it can supply a \fBctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in -the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. -If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will -simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fBctrl()\fR -handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to -reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the -OpenSSL framework code will work with the following rules: -.PP -.Vb 9 -\& if no ctrl() handler supplied; -\& ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero), -\& all other commands fail. -\& if a ctrl() handler was supplied but no array of control commands; -\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, -\& all other commands fail. -\& if a ctrl() handler and array of control commands was supplied; -\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, -\& all other commands proceed processing ... -.Ve -.PP -If the \s-1ENGINE\s0's array of control commands is empty then all other commands will -fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of -the first command supported by the \s-1ENGINE, ENGINE_GET_NEXT_CMD_TYPE\s0 takes the -identifier of a command supported by the \s-1ENGINE\s0 and returns the next command -identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string -name for a command and returns the corresponding identifier or fails if no such -command name exists, and the remaining commands take a command identifier and -return properties of the corresponding commands. All except -\&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description, -or populate a supplied character buffer with a copy of the command name or -description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following -possible values: -.PP -.Vb 4 -\& ENGINE_CMD_FLAG_NUMERIC -\& ENGINE_CMD_FLAG_STRING -\& ENGINE_CMD_FLAG_NO_INPUT -\& ENGINE_CMD_FLAG_INTERNAL -.Ve -.PP -If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely -informational to the caller \- this flag will prevent the command being usable -for any higher-level \s-1ENGINE\s0 functions such as \fBENGINE_ctrl_cmd_string()\fR. -\&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration -by applications, administrations, users, etc. These can support arbitrary -operations via \fBENGINE_ctrl()\fR, including passing to and/or from the control -commands data of any arbitrary type. These commands are supported in the -discovery mechanisms simply to allow applications to determine if an \s-1ENGINE\s0 -supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" -might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R"\s0 \- -and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific -extension). -.SH "ENVIRONMENT" -.IX Header "ENVIRONMENT" -.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 -.IX Item "OPENSSL_ENGINES" -The path to the engines directory. -Ignored in set-user-ID and set-group-ID programs. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, \fBENGINE_get_next()\fR and \fBENGINE_get_prev()\fR -return a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. -.PP -\&\fBENGINE_add()\fR and \fBENGINE_remove()\fR return 1 on success or 0 on error. -.PP -\&\fBENGINE_by_id()\fR returns a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. -.PP -\&\fBENGINE_init()\fR and \fBENGINE_finish()\fR return 1 on success or 0 on error. -.PP -All \fBENGINE_get_default_TYPE()\fR functions, \fBENGINE_get_cipher_engine()\fR and -\&\fBENGINE_get_digest_engine()\fR return a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 -if an error occurred. -.PP -All \fBENGINE_set_default_TYPE()\fR functions return 1 on success or 0 on error. -.PP -\&\fBENGINE_set_default()\fR returns 1 on success or 0 on error. -.PP -\&\fBENGINE_get_table_flags()\fR returns an unsigned integer value representing the -global table flags which are used to control the registration behaviour of -\&\fB\s-1ENGINE\s0\fR implementations. -.PP -All \fBENGINE_register_TYPE()\fR functions return 1 on success or 0 on error. -.PP -\&\fBENGINE_register_complete()\fR and \fBENGINE_register_all_complete()\fR return 1 on success -or 0 on error. -.PP -\&\fBENGINE_ctrl()\fR returns a positive value on success or others on error. -.PP -\&\fBENGINE_cmd_is_executable()\fR returns 1 if \fBcmd\fR is executable or 0 otherwise. -.PP -\&\fBENGINE_ctrl_cmd()\fR and \fBENGINE_ctrl_cmd_string()\fR return 1 on success or 0 on error. -.PP -\&\fBENGINE_new()\fR returns a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error -occurred. -.PP -\&\fBENGINE_free()\fR returns 1 on success or 0 on error. -.PP -\&\fBENGINE_up_ref()\fR returns 1 on success or 0 on error. -.PP -\&\fBENGINE_set_id()\fR and \fBENGINE_set_name()\fR return 1 on success or 0 on error. -.PP -All other \fBENGINE_set_*\fR functions return 1 on success or 0 on error. -.PP -\&\fBENGINE_get_id()\fR and \fBENGINE_get_name()\fR return a string representing the identifier -and the name of the \s-1ENGINE\s0 \fBe\fR respectively. -.PP -\&\fBENGINE_get_RSA()\fR, \fBENGINE_get_DSA()\fR, \fBENGINE_get_DH()\fR and \fBENGINE_get_RAND()\fR -return corresponding method structures for each algorithms. -.PP -\&\fBENGINE_get_destroy_function()\fR, \fBENGINE_get_init_function()\fR, -\&\fBENGINE_get_finish_function()\fR, \fBENGINE_get_ctrl_function()\fR, -\&\fBENGINE_get_load_privkey_function()\fR, \fBENGINE_get_load_pubkey_function()\fR, -\&\fBENGINE_get_ciphers()\fR and \fBENGINE_get_digests()\fR return corresponding function -pointers of the callbacks. -.PP -\&\fBENGINE_get_cipher()\fR returns a valid \fB\s-1EVP_CIPHER\s0\fR structure on success or \s-1NULL\s0 -if an error occurred. -.PP -\&\fBENGINE_get_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure on success or \s-1NULL\s0 if an -error occurred. -.PP -\&\fBENGINE_get_flags()\fR returns an integer representing the \s-1ENGINE\s0 flags which are -used to control various behaviours of an \s-1ENGINE.\s0 -.PP -\&\fBENGINE_get_cmd_defns()\fR returns an \fB\s-1ENGINE_CMD_DEFN\s0\fR structure or \s-1NULL\s0 if it's -not set. -.PP -\&\fBENGINE_load_private_key()\fR and \fBENGINE_load_public_key()\fR return a valid \fB\s-1EVP_PKEY\s0\fR -structure on success or \s-1NULL\s0 if an error occurred. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBOPENSSL_init_crypto\fR\|(3), \fBRSA_new_method\fR\|(3), \fBDSA_new\fR\|(3), \fBDH_new\fR\|(3), -\&\fBRAND_bytes\fR\|(3), \fBconfig\fR\|(5) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup -done by \fBOPENSSL_cleanup()\fR -and should not be used. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 deleted file mode 100644 index fc5445cc8a35..000000000000 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ /dev/null @@ -1,196 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR \&\- get information from error codes -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int ERR_GET_LIB(unsigned long e); -\& -\& int ERR_GET_FUNC(unsigned long e); -\& -\& int ERR_GET_REASON(unsigned long e); -\& -\& int ERR_FATAL_ERROR(unsigned long e); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The error code returned by \fBERR_get_error()\fR consists of a library -number, function code and reason code. \s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR -and \s-1\fBERR_GET_REASON\s0()\fR can be used to extract these. -.PP -\&\s-1\fBERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error. -.PP -The library number and function code describe where the error -occurred, the reason code is the information about what went wrong. -.PP -Each sub-library of OpenSSL has a unique library number; function and -reason codes are unique within each sub-library. Note that different -libraries may use the same value to signal different functions and -reasons. -.PP -\&\fB\s-1ERR_R_...\s0\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally -unique. However, when checking for sub-library specific reason codes, -be sure to also compare the library number. -.PP -\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR, \s-1\fBERR_GET_REASON\s0()\fR, and \s-1\fBERR_FATAL_ERROR\s0()\fR - are macros. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The library number, function code, reason code, and whether the error -is fatal, respectively. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are available in -all versions of OpenSSL. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 deleted file mode 100644 index 0e99443deae4..000000000000 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ /dev/null @@ -1,166 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ERR_CLEAR_ERROR 3" -.TH ERR_CLEAR_ERROR 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ERR_clear_error \- clear the error queue -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void ERR_clear_error(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBERR_clear_error()\fR empties the current thread's error queue. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBERR_clear_error()\fR has no return value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 deleted file mode 100644 index 728539c2b58d..000000000000 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ /dev/null @@ -1,206 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ERR_ERROR_STRING 3" -.TH ERR_ERROR_STRING 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable error message -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& char *ERR_error_string(unsigned long e, char *buf); -\& void ERR_error_string_n(unsigned long e, char *buf, size_t len); -\& -\& const char *ERR_lib_error_string(unsigned long e); -\& const char *ERR_func_error_string(unsigned long e); -\& const char *ERR_reason_error_string(unsigned long e); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBERR_error_string()\fR generates a human-readable string representing the -error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 256 -bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a -static buffer. -Note that this function is not thread-safe and does no checks on the size -of the buffer; use \fBERR_error_string_n()\fR instead. -.PP -\&\fBERR_error_string_n()\fR is a variant of \fBERR_error_string()\fR that writes -at most \fIlen\fR characters (including the terminating 0) -and truncates the string if necessary. -For \fBERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. -.PP -The string will have the following format: -.PP -.Vb 1 -\& error:[error code]:[library name]:[function name]:[reason string] -.Ve -.PP -\&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR, -\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text. -.PP -\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and -\&\fBERR_reason_error_string()\fR return the library name, function -name and reason string respectively. -.PP -If there is no text string registered for the given error code, -the error string will contain the numeric code. -.PP -\&\fBERR_print_errors\fR\|(3) can be used to print -all error codes currently in the queue. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBERR_error_string()\fR returns a pointer to a static buffer containing the -string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise. -.PP -\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and -\&\fBERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if -none is registered for the error code. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), -\&\fBERR_print_errors\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 deleted file mode 100644 index d55b4e471859..000000000000 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ /dev/null @@ -1,208 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ERR_GET_ERROR 3" -.TH ERR_GET_ERROR 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data \- obtain error code and data -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& unsigned long ERR_get_error(void); -\& unsigned long ERR_peek_error(void); -\& unsigned long ERR_peek_last_error(void); -\& -\& unsigned long ERR_get_error_line(const char **file, int *line); -\& unsigned long ERR_peek_error_line(const char **file, int *line); -\& unsigned long ERR_peek_last_error_line(const char **file, int *line); -\& -\& unsigned long ERR_get_error_line_data(const char **file, int *line, -\& const char **data, int *flags); -\& unsigned long ERR_peek_error_line_data(const char **file, int *line, -\& const char **data, int *flags); -\& unsigned long ERR_peek_last_error_line_data(const char **file, int *line, -\& const char **data, int *flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBERR_get_error()\fR returns the earliest error code from the thread's error -queue and removes the entry. This function can be called repeatedly -until there are no more error codes to return. -.PP -\&\fBERR_peek_error()\fR returns the earliest error code from the thread's -error queue without modifying it. -.PP -\&\fBERR_peek_last_error()\fR returns the latest error code from the thread's -error queue without modifying it. -.PP -See \s-1\fBERR_GET_LIB\s0\fR\|(3) for obtaining information about -location and reason of the error, and -\&\fBERR_error_string\fR\|(3) for human-readable error -messages. -.PP -\&\fBERR_get_error_line()\fR, \fBERR_peek_error_line()\fR and -\&\fBERR_peek_last_error_line()\fR are the same as the above, but they -additionally store the file name and line number where -the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. -.PP -\&\fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR and -\&\fBERR_peek_last_error_line_data()\fR store additional data and flags -associated with the error code in *\fBdata\fR -and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string -if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. -.PP -An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers -returned by these functions) with \fBOPENSSL_free()\fR as freeing is handled -automatically by the error library. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The error code, or 0 if there is no error in the queue. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_error_string\fR\|(3), -\&\s-1\fBERR_GET_LIB\s0\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 deleted file mode 100644 index 8936aa76f2b9..000000000000 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ERR_LOAD_CRYPTO_STRINGS 3" -.TH ERR_LOAD_CRYPTO_STRINGS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- load and free error strings -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -Deprecated: -.PP -.Vb 1 -\& #include -\& -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void ERR_load_crypto_strings(void); -\& void ERR_free_strings(void); -\& #endif -\& -\& #include -\& -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void SSL_load_error_strings(void); -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBERR_load_crypto_strings()\fR registers the error strings for all -\&\fBlibcrypto\fR functions. \fBSSL_load_error_strings()\fR does the same, -but also registers the \fBlibssl\fR error strings. -.PP -In versions prior to OpenSSL 1.1.0, -\&\fBERR_free_strings()\fR releases any resources created by the above functions. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR and -\&\fBERR_free_strings()\fR return no values. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_error_string\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR, and -\&\fBERR_free_strings()\fR functions were deprecated in OpenSSL 1.1.0 by -\&\fBOPENSSL_init_crypto()\fR and \fBOPENSSL_init_ssl()\fR and should not be used. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 deleted file mode 100644 index a0980ad5c12b..000000000000 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ERR_LOAD_STRINGS 3" -.TH ERR_LOAD_STRINGS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load arbitrary error strings -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void ERR_load_strings(int lib, ERR_STRING_DATA str[]); -\& -\& int ERR_get_next_error_library(void); -\& -\& unsigned long ERR_PACK(int lib, int func, int reason); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBERR_load_strings()\fR registers error strings for library number \fBlib\fR. -.PP -\&\fBstr\fR is an array of error string data: -.PP -.Vb 5 -\& typedef struct ERR_string_data_st -\& { -\& unsigned long error; -\& char *string; -\& } ERR_STRING_DATA; -.Ve -.PP -The error code is generated from the library number and a function and -reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR). -\&\s-1\fBERR_PACK\s0()\fR is a macro. -.PP -The last entry in the array is {0,0}. -.PP -\&\fBERR_get_next_error_library()\fR can be used to assign library numbers -to user libraries at runtime. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBERR_load_strings()\fR returns no value. \s-1\fBERR_PACK\s0()\fR return the error code. -\&\fBERR_get_next_error_library()\fR returns zero on failure, otherwise a new -library number. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_load_strings\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 deleted file mode 100644 index 6edc96eb6a4c..000000000000 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ERR_PRINT_ERRORS 3" -.TH ERR_PRINT_ERRORS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb \&\- print error messages -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void ERR_print_errors(BIO *bp); -\& void ERR_print_errors_fp(FILE *fp); -\& void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBERR_print_errors()\fR is a convenience function that prints the error -strings for all errors that OpenSSL has recorded to \fBbp\fR, thus -emptying the error queue. -.PP -\&\fBERR_print_errors_fp()\fR is the same, except that the output goes to a -\&\fB\s-1FILE\s0\fR. -.PP -\&\fBERR_print_errors_cb()\fR is the same, except that the callback function, -\&\fBcb\fR, is called for each error line with the string, length, and userdata -\&\fBu\fR as the callback parameters. -.PP -The error strings will have the following format: -.PP -.Vb 1 -\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] -.Ve -.PP -\&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR, -\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional -text message\fR if one was set for the respective error code. -.PP -If there is no text string registered for the given error code, -the error string will contain the numeric code. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBERR_print_errors()\fR and \fBERR_print_errors_fp()\fR return no values. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_error_string\fR\|(3), -\&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 deleted file mode 100644 index e0e26bbd7cbe..000000000000 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ /dev/null @@ -1,207 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ERR_PUT_ERROR 3" -.TH ERR_PUT_ERROR 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ERR_put_error, ERR_add_error_data, ERR_add_error_vdata \- record an error -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void ERR_put_error(int lib, int func, int reason, const char *file, int line); -\& -\& void ERR_add_error_data(int num, ...); -\& void ERR_add_error_vdata(int num, va_list arg); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBERR_put_error()\fR adds an error code to the thread's error queue. It -signals that the error of reason code \fBreason\fR occurred in function -\&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR. -This function is usually called by a macro. -.PP -\&\fBERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string -arguments with the error code added last. -\&\fBERR_add_error_vdata()\fR is similar except the argument is a \fBva_list\fR. -.PP -\&\fBERR_load_strings\fR\|(3) can be used to register -error strings so that the application can a generate human-readable -error messages for the error code. -.SS "Reporting errors" -.IX Subsection "Reporting errors" -Each sub-library has a specific macro \fBXXXerr()\fR that is used to report -errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second -argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived -from the function names; reason codes consist of textual error -descriptions. For example, the function \fBssl3_read_bytes()\fR reports a -\&\*(L"handshake failure\*(R" as follows: -.PP -.Vb 1 -\& SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); -.Ve -.PP -Function and reason codes should consist of upper case characters, -numbers and underscores only. The error file generation script translates -function codes into function names by looking in the header files -for an appropriate function name, if none is found it just uses -the capitalized form such as \*(L"\s-1SSL3_READ_BYTES\*(R"\s0 in the above example. -.PP -The trailing section of a reason code (after the \*(L"_R_\*(R") is translated -into lower case and underscores changed to spaces. -.PP -Although a library will normally report errors using its own specific -XXXerr macro, another library's macro can be used. This is normally -only done when a library wants to include \s-1ASN1\s0 code which must use -the \fBASN1err()\fR macro. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBERR_put_error()\fR and \fBERR_add_error_data()\fR return -no values. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_load_strings\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 deleted file mode 100644 index b70c5d5652f7..000000000000 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ /dev/null @@ -1,180 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ERR_REMOVE_STATE 3" -.TH ERR_REMOVE_STATE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ERR_remove_thread_state, ERR_remove_state \- DEPRECATED -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -Deprecated: -.PP -.Vb 3 -\& #if OPENSSL_API_COMPAT < 0x10000000L -\& void ERR_remove_state(unsigned long tid); -\& #endif -\& -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void ERR_remove_thread_state(void *tid); -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBERR_remove_state()\fR frees the error queue associated with the specified -thread, identified by \fBtid\fR. -\&\fBERR_remove_thread_state()\fR does the same thing, except the identifier is -an opaque pointer. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBERR_remove_state()\fR and \fBERR_remove_thread_state()\fR return no value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -L\fBOPENSSL_init_crypto\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBERR_remove_state()\fR was deprecated in OpenSSL 1.0.0 and -\&\fBERR_remove_thread_state()\fR was deprecated in OpenSSL 1.1.0; these functions -and should not be used. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3 deleted file mode 100644 index 8edb3254f881..000000000000 --- a/secure/lib/libcrypto/man/ERR_set_mark.3 +++ /dev/null @@ -1,172 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "ERR_SET_MARK 3" -.TH ERR_SET_MARK 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int ERR_set_mark(void); -\& -\& int ERR_pop_to_mark(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBERR_set_mark()\fR sets a mark on the current topmost error record if there -is one. -.PP -\&\fBERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. -The mark is then removed. If there is no mark, the whole stack is removed. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. -.PP -\&\fBERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which -implies that the stack became empty, otherwise 1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 deleted file mode 100644 index 1b5a33460acb..000000000000 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ /dev/null @@ -1,210 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_BYTESTOKEY 3" -.TH EVP_BYTESTOKEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_BytesToKey \- password based encryption routine -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, -\& const unsigned char *salt, -\& const unsigned char *data, int datal, int count, -\& unsigned char *key, unsigned char *iv); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is -the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. -The \fBsalt\fR parameter is used as a salt in the derivation: it should point to -an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing -\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the -iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR -and \fBiv\fR respectively. -.SH "NOTES" -.IX Header "NOTES" -A typical application of this function is to derive keying material for an -encryption algorithm from a password in the \fBdata\fR parameter. -.PP -Increasing the \fBcount\fR parameter slows down the algorithm which makes it -harder for an attacker to perform a brute force attack using a large number -of candidate passwords. -.PP -If the total key and \s-1IV\s0 length is less than the digest length and -\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 -otherwise a non standard extension is used to derive the extra data. -.PP -Newer applications should use a more modern algorithm such as \s-1PBKDF2\s0 as -defined in PKCS#5v2.1 and provided by \s-1PKCS5_PBKDF2_HMAC.\s0 -.SH "KEY DERIVATION ALGORITHM" -.IX Header "KEY DERIVATION ALGORITHM" -The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until -enough data is available for the key and \s-1IV.\s0 D_i is defined as: -.PP -.Vb 1 -\& D_i = HASH^count(D_(i\-1) || data || salt) -.Ve -.PP -where || denotes concatenation, D_0 is empty, \s-1HASH\s0 is the digest -algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data) -is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. -.PP -The initial bytes are used for the key and the subsequent bytes for -the \s-1IV.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -If \fBdata\fR is \s-1NULL,\s0 then \fBEVP_BytesToKey()\fR returns the number of bytes -needed to store the derived key. -Otherwise, \fBEVP_BytesToKey()\fR returns the size of the derived key in bytes, -or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), -\&\s-1\fBPKCS5_PBKDF2_HMAC\s0\fR\|(3), -\&\fBEVP_EncryptInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 b/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 deleted file mode 100644 index 4941cc7e80c0..000000000000 --- a/secure/lib/libcrypto/man/EVP_CIPHER_CTX_get_cipher_data.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3" -.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data \- Routines to inspect and modify EVP_CIPHER_CTX objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); -\& void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the cipher -data relevant to \s-1EVP_CIPHER_CTX.\s0 The contents of this data is specific to the -particular implementation of the cipher. For example this data can be used by -engines to store engine specific information. The data is automatically -allocated and freed by OpenSSL, so applications and engines should not normally -free this directly (but see below). -.PP -The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function allows an application or engine to -replace the cipher data with new data. A pointer to any existing cipher data is -returned from this function. If the old data is no longer required then it -should be freed through a call to \fBOPENSSL_free()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the current -cipher data for the \s-1EVP_CIPHER_CTX.\s0 -.PP -The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function returns a pointer to the old -cipher data for the \s-1EVP_CIPHER_CTX.\s0 -.SH "HISTORY" -.IX Header "HISTORY" -The \fBEVP_CIPHER_CTX_get_cipher_data()\fR and \fBEVP_CIPHER_CTX_set_cipher_data()\fR -functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 b/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 deleted file mode 100644 index 4da560cc7a79..000000000000 --- a/secure/lib/libcrypto/man/EVP_CIPHER_meth_new.3 +++ /dev/null @@ -1,343 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_CIPHER_METH_NEW 3" -.TH EVP_CIPHER_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, EVP_CIPHER_meth_get_ctrl \- Routines to build up EVP_CIPHER methods -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); -\& EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); -\& void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); -\& -\& int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); -\& int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); -\& int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); -\& int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, -\& int (*init)(EVP_CIPHER_CTX *ctx, -\& const unsigned char *key, -\& const unsigned char *iv, -\& int enc)); -\& int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, -\& int (*do_cipher)(EVP_CIPHER_CTX *ctx, -\& unsigned char *out, -\& const unsigned char *in, -\& size_t inl)); -\& int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, -\& int (*cleanup)(EVP_CIPHER_CTX *)); -\& int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, -\& int (*set_asn1_parameters)(EVP_CIPHER_CTX *, -\& ASN1_TYPE *)); -\& int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, -\& int (*get_asn1_parameters)(EVP_CIPHER_CTX *, -\& ASN1_TYPE *)); -\& int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, -\& int (*ctrl)(EVP_CIPHER_CTX *, int type, -\& int arg, void *ptr)); -\& -\& int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, -\& const unsigned char *key, -\& const unsigned char *iv, -\& int enc); -\& int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, -\& unsigned char *out, -\& const unsigned char *in, -\& size_t inl); -\& int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); -\& int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, -\& ASN1_TYPE *); -\& int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, -\& ASN1_TYPE *); -\& int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, -\& int type, int arg, -\& void *ptr); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1EVP_CIPHER\s0\fR type is a structure for symmetric cipher method -implementation. -.PP -\&\fBEVP_CIPHER_meth_new()\fR creates a new \fB\s-1EVP_CIPHER\s0\fR structure. -.PP -\&\fBEVP_CIPHER_meth_dup()\fR creates a copy of \fBcipher\fR. -.PP -\&\fBEVP_CIPHER_meth_free()\fR destroys a \fB\s-1EVP_CIPHER\s0\fR structure. -.PP -\&\fBEVP_CIPHER_meth_set_iv_length()\fR sets the length of the \s-1IV.\s0 -This is only needed when the implemented cipher mode requires it. -.PP -\&\fBEVP_CIPHER_meth_set_flags()\fR sets the flags to describe optional -behaviours in the particular \fBcipher\fR. -With the exception of cipher modes, of which only one may be present, -several flags can be or'd together. -The available flags are: -.IP "\s-1EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE\s0" 4 -.IX Item "EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE" -The cipher mode. -.IP "\s-1EVP_CIPH_VARIABLE_LENGTH\s0" 4 -.IX Item "EVP_CIPH_VARIABLE_LENGTH" -This cipher is of variable length. -.IP "\s-1EVP_CIPH_CUSTOM_IV\s0" 4 -.IX Item "EVP_CIPH_CUSTOM_IV" -Storing and initialising the \s-1IV\s0 is left entirely to the -implementation. -.IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4 -.IX Item "EVP_CIPH_ALWAYS_CALL_INIT" -Set this if the implementation's \fBinit()\fR function should be called even -if \fBkey\fR is \fB\s-1NULL\s0\fR. -.IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4 -.IX Item "EVP_CIPH_CTRL_INIT" -Set this to have the implementation's \fBctrl()\fR function called with -command code \fB\s-1EVP_CTRL_INIT\s0\fR early in its setup. -.IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4 -.IX Item "EVP_CIPH_CUSTOM_KEY_LENGTH" -Checking and setting the key length after creating the \fB\s-1EVP_CIPHER\s0\fR -is left to the implementation. -Whenever someone uses \fBEVP_CIPHER_CTX_set_key_length()\fR on a -\&\fB\s-1EVP_CIPHER\s0\fR with this flag set, the implementation's \fBctrl()\fR function -will be called with the control code \fB\s-1EVP_CTRL_SET_KEY_LENGTH\s0\fR and -the key length in \fBarg\fR. -.IP "\s-1EVP_CIPH_NO_PADDING\s0" 4 -.IX Item "EVP_CIPH_NO_PADDING" -Don't use standard block padding. -.IP "\s-1EVP_CIPH_RAND_KEY\s0" 4 -.IX Item "EVP_CIPH_RAND_KEY" -Making a key with random content is left to the implementation. -This is done by calling the implementation's \fBctrl()\fR function with the -control code \fB\s-1EVP_CTRL_RAND_KEY\s0\fR and the pointer to the key memory -storage in \fBptr\fR. -.IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4 -.IX Item "EVP_CIPH_CUSTOM_COPY" -Set this to have the implementation's \fBctrl()\fR function called with -command code \fB\s-1EVP_CTRL_COPY\s0\fR at the end of \fBEVP_CIPHER_CTX_copy()\fR. -The intended use is for further things to deal with after the -implementation specific data block has been copied. -The destination \fB\s-1EVP_CIPHER_CTX\s0\fR is passed to the control with the -\&\fBptr\fR parameter. -The implementation specific data block is reached with -\&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. -.IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4 -.IX Item "EVP_CIPH_FLAG_DEFAULT_ASN1" -Use the default \s-1EVP\s0 routines to pass \s-1IV\s0 to and from \s-1ASN.1.\s0 -.IP "\s-1EVP_CIPH_FLAG_LENGTH_BITS\s0" 4 -.IX Item "EVP_CIPH_FLAG_LENGTH_BITS" -Signals that the length of the input buffer for encryption / -decryption is to be understood as the number of bits instead of -bytes for this implementation. -This is only useful for \s-1CFB1\s0 ciphers. -.IP "\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0" 4 -.IX Item "EVP_CIPH_FLAG_CUSTOM_CIPHER" -This indicates that the implementation takes care of everything, -including padding, buffering and finalization. -The \s-1EVP\s0 routines will simply give them control and do nothing more. -.IP "\s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0" 4 -.IX Item "EVP_CIPH_FLAG_AEAD_CIPHER" -This indicates that this is an \s-1AEAD\s0 cipher implementation. -.IP "\s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0" 4 -.IX Item "EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK" -Allow interleaving of crypto blocks, a particular optimization only applicable -to certain \s-1TLS\s0 ciphers. -.PP -\&\fBEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the \s-1EVP_CIPHER\s0's -implementation context so that it can be automatically allocated. -.PP -\&\fBEVP_CIPHER_meth_set_init()\fR sets the cipher init function for -\&\fBcipher\fR. -The cipher init function is called by \fBEVP_CipherInit()\fR, -\&\fBEVP_CipherInit_ex()\fR, \fBEVP_EncryptInit()\fR, \fBEVP_EncryptInit_ex()\fR, -\&\fBEVP_DecryptInit()\fR, \fBEVP_DecryptInit_ex()\fR. -.PP -\&\fBEVP_CIPHER_meth_set_do_cipher()\fR sets the cipher function for -\&\fBcipher\fR. -The cipher function is called by \fBEVP_CipherUpdate()\fR, -\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR, \fBEVP_CipherFinal()\fR, -\&\fBEVP_EncryptFinal()\fR, \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal()\fR and -\&\fBEVP_DecryptFinal_ex()\fR. -.PP -\&\fBEVP_CIPHER_meth_set_cleanup()\fR sets the function for \fBcipher\fR to do -extra cleanup before the method's private data structure is cleaned -out and freed. -Note that the cleanup function is passed a \fB\s-1EVP_CIPHER_CTX\s0 *\fR, the -private data structure is then available with -\&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. -This cleanup function is called by \fBEVP_CIPHER_CTX_reset()\fR and -\&\fBEVP_CIPHER_CTX_free()\fR. -.PP -\&\fBEVP_CIPHER_meth_set_set_asn1_params()\fR sets the function for \fBcipher\fR -to set the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. -This function is called by \fBEVP_CIPHER_param_to_asn1()\fR. -\&\fBEVP_CIPHER_meth_set_get_asn1_params()\fR sets the function for \fBcipher\fR -that sets the cipher parameters based on an \s-1ASN.1\s0 AlgorithmIdentifier -\&\*(L"parameter\*(R". -Both these functions are needed when there is a need for custom data -(more or other than the cipher \s-1IV\s0). -They are called by \fBEVP_CIPHER_param_to_asn1()\fR and -\&\fBEVP_CIPHER_asn1_to_param()\fR respectively if defined. -.PP -\&\fBEVP_CIPHER_meth_set_ctrl()\fR sets the control function for \fBcipher\fR. -.PP -\&\fBEVP_CIPHER_meth_get_init()\fR, \fBEVP_CIPHER_meth_get_do_cipher()\fR, -\&\fBEVP_CIPHER_meth_get_cleanup()\fR, \fBEVP_CIPHER_meth_get_set_asn1_params()\fR, -\&\fBEVP_CIPHER_meth_get_get_asn1_params()\fR and \fBEVP_CIPHER_meth_get_ctrl()\fR -are all used to retrieve the method data given with the -EVP_CIPHER_meth_set_*() functions above. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_CIPHER_meth_new()\fR and \fBEVP_CIPHER_meth_dup()\fR return a pointer to a -newly created \fB\s-1EVP_CIPHER\s0\fR, or \s-1NULL\s0 on failure. -All EVP_CIPHER_meth_set_*() functions return 1. -All EVP_CIPHER_meth_get_*() functions return pointers to their -respective \fBcipher\fR function. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -EVP_EncryptInit -.SH "HISTORY" -.IX Header "HISTORY" -The functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 deleted file mode 100644 index 4b9e41e3d316..000000000000 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ /dev/null @@ -1,446 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_DIGESTINIT 3" -.TH EVP_DIGESTINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_MD_CTX_md_data, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, EVP_MD_CTX_set_pkey_ctx \- EVP digest routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EVP_MD_CTX *EVP_MD_CTX_new(void); -\& int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); -\& void EVP_MD_CTX_free(EVP_MD_CTX *ctx); -\& void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); -\& void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); -\& void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); -\& int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); -\& -\& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); -\& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); -\& int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); -\& -\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); -\& -\& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -\& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); -\& -\& int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); -\& -\& int EVP_MD_type(const EVP_MD *md); -\& int EVP_MD_pkey_type(const EVP_MD *md); -\& int EVP_MD_size(const EVP_MD *md); -\& int EVP_MD_block_size(const EVP_MD *md); -\& -\& const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); -\& int EVP_MD_CTX_size(const EVP_MD *ctx); -\& int EVP_MD_CTX_block_size(const EVP_MD *ctx); -\& int EVP_MD_CTX_type(const EVP_MD *ctx); -\& void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); -\& -\& const EVP_MD *EVP_md_null(void); -\& -\& const EVP_MD *EVP_get_digestbyname(const char *name); -\& const EVP_MD *EVP_get_digestbynid(int type); -\& const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); -\& -\& void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1EVP\s0 digest routines are a high level interface to message digests, -and should be used instead of the cipher-specific functions. -.IP "\fBEVP_MD_CTX_new()\fR" 4 -.IX Item "EVP_MD_CTX_new()" -Allocates and returns a digest context. -.IP "\fBEVP_MD_CTX_reset()\fR" 4 -.IX Item "EVP_MD_CTX_reset()" -Resets the digest context \fBctx\fR. This can be used to reuse an already -existing context. -.IP "\fBEVP_MD_CTX_free()\fR" 4 -.IX Item "EVP_MD_CTX_free()" -Cleans up digest context \fBctx\fR and frees up the space allocated to it. -.IP "\fBEVP_MD_CTX_ctrl()\fR" 4 -.IX Item "EVP_MD_CTX_ctrl()" -Performs digest-specific control actions on context \fBctx\fR. -.IP "\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR, \fBEVP_MD_CTX_test_flags()\fR" 4 -.IX Item "EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()" -Sets, clears and tests \fBctx\fR flags. See \*(L"\s-1FLAGS\*(R"\s0 below for more information. -.IP "\fBEVP_DigestInit_ex()\fR" 4 -.IX Item "EVP_DigestInit_ex()" -Sets up digest context \fBctx\fR to use a digest \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. -\&\fBtype\fR will typically be supplied by a function such as \fBEVP_sha1()\fR. If -\&\fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. -.IP "\fBEVP_DigestUpdate()\fR" 4 -.IX Item "EVP_DigestUpdate()" -Hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This -function can be called several times on the same \fBctx\fR to hash additional -data. -.IP "\fBEVP_DigestFinal_ex()\fR" 4 -.IX Item "EVP_DigestFinal_ex()" -Retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR -parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the -length of the digest) will be written to the integer at \fBs\fR, at most -\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. After calling \fBEVP_DigestFinal_ex()\fR -no additional calls to \fBEVP_DigestUpdate()\fR can be made, but -\&\fBEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. -.IP "\fBEVP_DigestFinalXOF()\fR" 4 -.IX Item "EVP_DigestFinalXOF()" -Interfaces to extendable-output functions, XOFs, such as \s-1SHAKE128\s0 and \s-1SHAKE256.\s0 -It retrieves the digest value from \fBctx\fR and places it in \fBlen\fR\-sized md. -After calling this function no additional calls to \fBEVP_DigestUpdate()\fR can be -made, but \fBEVP_DigestInit_ex()\fR can be called to initialize a new operation. -.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 -.IX Item "EVP_MD_CTX_copy_ex()" -Can be used to copy the message digest state from \fBin\fR to \fBout\fR. This is -useful if large amounts of data are to be hashed which only differ in the last -few bytes. -.IP "\fBEVP_DigestInit()\fR" 4 -.IX Item "EVP_DigestInit()" -Behaves in the same way as \fBEVP_DigestInit_ex()\fR except it always uses the -default digest implementation. -.IP "\fBEVP_DigestFinal()\fR" 4 -.IX Item "EVP_DigestFinal()" -Similar to \fBEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is -automatically cleaned up. -.IP "\fBEVP_MD_CTX_copy()\fR" 4 -.IX Item "EVP_MD_CTX_copy()" -Similar to \fBEVP_MD_CTX_copy_ex()\fR except the destination \fBout\fR does not have to -be initialized. -.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_CTX_size()\fR" 4 -.IX Item "EVP_MD_size(), EVP_MD_CTX_size()" -Return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an -\&\fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the hash. -.IP "\fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 -.IX Item "EVP_MD_block_size(), EVP_MD_CTX_block_size()" -Return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an -\&\fB\s-1EVP_MD_CTX\s0\fR structure. -.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_CTX_type()\fR" 4 -.IX Item "EVP_MD_type(), EVP_MD_CTX_type()" -Return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 representing the given message digest -when passed an \fB\s-1EVP_MD\s0\fR structure. For example, \f(CW\*(C`EVP_MD_type(EVP_sha1())\*(C'\fR -returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs. -.IP "\fBEVP_MD_CTX_md_data()\fR" 4 -.IX Item "EVP_MD_CTX_md_data()" -Return the digest method private data for the passed \fB\s-1EVP_MD_CTX\s0\fR. -The space is allocated by OpenSSL and has the size originally set with -\&\fBEVP_MD_meth_set_app_datasize()\fR. -.IP "\fBEVP_MD_CTX_md()\fR" 4 -.IX Item "EVP_MD_CTX_md()" -Returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \fB\s-1EVP_MD_CTX\s0\fR. -.IP "\fBEVP_MD_pkey_type()\fR" 4 -.IX Item "EVP_MD_pkey_type()" -Returns the \s-1NID\s0 of the public key signing algorithm associated with this -digest. For example \fBEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return -\&\fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms are no -longer linked this function is only retained for compatibility reasons. -.IP "\fBEVP_md_null()\fR" 4 -.IX Item "EVP_md_null()" -A \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero -length. -.IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 -.IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" -Returns an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \fB\s-1NID\s0\fR or an -\&\fB\s-1ASN1_OBJECT\s0\fR structure respectively. -.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 -.IX Item "EVP_MD_CTX_set_pkey_ctx()" -Assigns an \fB\s-1EVP_PKEY_CTX\s0\fR to \fB\s-1EVP_MD_CTX\s0\fR. This is usually used to provide -a customzied \fB\s-1EVP_PKEY_CTX\s0\fR to \fBEVP_DigestSignInit\fR\|(3) or -\&\fBEVP_DigestVerifyInit\fR\|(3). The \fBpctx\fR passed to this function should be freed -by the caller. A \s-1NULL\s0 \fBpctx\fR pointer is also allowed to clear the \fB\s-1EVP_PKEY_CTX\s0\fR -assigned to \fBctx\fR. In such case, freeing the cleared \fB\s-1EVP_PKEY_CTX\s0\fR or not -depends on how the \fB\s-1EVP_PKEY_CTX\s0\fR is created. -.SH "FLAGS" -.IX Header "FLAGS" -\&\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR and \fBEVP_MD_CTX_test_flags()\fR -can be used the manipulate and test these \fB\s-1EVP_MD_CTX\s0\fR flags: -.IP "\s-1EVP_MD_CTX_FLAG_ONESHOT\s0" 4 -.IX Item "EVP_MD_CTX_FLAG_ONESHOT" -This flag instructs the digest to optimize for one update only, if possible. -.IP "\s-1EVP_MD_CTX_FLAG_NO_INIT\s0" 4 -.IX Item "EVP_MD_CTX_FLAG_NO_INIT" -This flag instructs \fBEVP_DigestInit()\fR and similar not to initialise the -implementation specific data. -.IP "\s-1EVP_MD_CTX_FLAG_FINALISE\s0" 4 -.IX Item "EVP_MD_CTX_FLAG_FINALISE" -Some functions such as EVP_DigestSign only finalise copies of internal -contexts so additional data can be included after the finalisation call. -This is inefficient if this functionality is not required, and can be -disabled with this flag. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -.IP "\fBEVP_DigestInit_ex()\fR, \fBEVP_DigestUpdate()\fR, \fBEVP_DigestFinal_ex()\fR" 4 -.IX Item "EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()" -Returns 1 for -success and 0 for failure. -.IP "\fBEVP_MD_CTX_ctrl()\fR" 4 -.IX Item "EVP_MD_CTX_ctrl()" -Returns 1 if successful or 0 for failure. -.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 -.IX Item "EVP_MD_CTX_copy_ex()" -Returns 1 if successful or 0 for failure. -.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_pkey_type()\fR, \fBEVP_MD_type()\fR" 4 -.IX Item "EVP_MD_type(), EVP_MD_pkey_type(), EVP_MD_type()" -Returns the \s-1NID\s0 of the corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none -exists. -.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 -.IX Item "EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size()" -Returns the digest or block size in bytes. -.IP "\fBEVP_md_null()\fR" 4 -.IX Item "EVP_md_null()" -Returns a pointer to the \fB\s-1EVP_MD\s0\fR structure of the \*(L"null\*(R" message digest. -.IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 -.IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" -Returns either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs. -.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 -.IX Item "EVP_MD_CTX_set_pkey_ctx()" -This function has no return value. -.SH "NOTES" -.IX Header "NOTES" -The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the digest used and much more flexible. -.PP -New applications should use the \s-1SHA\-2\s0 (such as \fBEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0 -digest algorithms (such as \fBEVP_sha3_512\fR\|(3)). The other digest algorithms -are still in common use. -.PP -For most applications the \fBimpl\fR parameter to \fBEVP_DigestInit_ex()\fR will be -set to \s-1NULL\s0 to use the default digest implementation. -.PP -The functions \fBEVP_DigestInit()\fR, \fBEVP_DigestFinal()\fR and \fBEVP_MD_CTX_copy()\fR are -obsolete but are retained to maintain compatibility with existing code. New -applications should use \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestFinal_ex()\fR and -\&\fBEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context -instead of initializing and cleaning it up on each call and allow non default -implementations of digests to be specified. -.PP -If digest contexts are not cleaned up after use, -memory leaks will occur. -.PP -\&\fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR, \fBEVP_MD_CTX_type()\fR, -\&\fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR are defined as -macros. -.PP -\&\fBEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration -or control. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the -digest name passed on the command line. -.PP -.Vb 3 -\& #include -\& #include -\& #include -\& -\& int main(int argc, char *argv[]) -\& { -\& EVP_MD_CTX *mdctx; -\& const EVP_MD *md; -\& char mess1[] = "Test Message\en"; -\& char mess2[] = "Hello World\en"; -\& unsigned char md_value[EVP_MAX_MD_SIZE]; -\& unsigned int md_len, i; -\& -\& if (argv[1] == NULL) { -\& printf("Usage: mdtest digestname\en"); -\& exit(1); -\& } -\& -\& md = EVP_get_digestbyname(argv[1]); -\& if (md == NULL) { -\& printf("Unknown message digest %s\en", argv[1]); -\& exit(1); -\& } -\& -\& mdctx = EVP_MD_CTX_new(); -\& EVP_DigestInit_ex(mdctx, md, NULL); -\& EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); -\& EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); -\& EVP_DigestFinal_ex(mdctx, md_value, &md_len); -\& EVP_MD_CTX_free(mdctx); -\& -\& printf("Digest is: "); -\& for (i = 0; i < md_len; i++) -\& printf("%02x", md_value[i]); -\& printf("\en"); -\& -\& exit(0); -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBdgst\fR\|(1), -\&\fBevp\fR\|(7) -.PP -The full list of digest algorithms are provided below. -.PP -\&\fBEVP_blake2b512\fR\|(3), -\&\fBEVP_md2\fR\|(3), -\&\fBEVP_md4\fR\|(3), -\&\fBEVP_md5\fR\|(3), -\&\fBEVP_mdc2\fR\|(3), -\&\fBEVP_ripemd160\fR\|(3), -\&\fBEVP_sha1\fR\|(3), -\&\fBEVP_sha224\fR\|(3), -\&\fBEVP_sha3_224\fR\|(3), -\&\fBEVP_sm3\fR\|(3), -\&\fBEVP_whirlpool\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBEVP_MD_CTX_create()\fR and \fBEVP_MD_CTX_destroy()\fR functions were renamed to -\&\fBEVP_MD_CTX_new()\fR and \fBEVP_MD_CTX_free()\fR in OpenSSL 1.1.0, respectively. -.PP -The link between digests and signing algorithms was fixed in OpenSSL 1.0 and -later, so now \fBEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA.\s0 -.PP -The \fBEVP_dss1()\fR function was removed in OpenSSL 1.1.0. -.PP -The \fBEVP_MD_CTX_set_pkey_ctx()\fR function was added in 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 deleted file mode 100644 index 0524fd067ddd..000000000000 --- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 +++ /dev/null @@ -1,285 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_DIGESTSIGNINIT 3" -.TH EVP_DIGESTSIGNINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign \- EVP signing functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, -\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -\& int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); -\& int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); -\& -\& int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, -\& size_t *siglen, const unsigned char *tbs, -\& size_t tbslen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1EVP\s0 signature routines are a high level interface to digital signatures. -.PP -\&\fBEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from -\&\s-1ENGINE\s0 \fBe\fR and private key \fBpkey\fR. \fBctx\fR must be created with -\&\fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the -\&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can -be used to set alternative signing options. Note that any existing value in -\&\fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed -directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before -being passed to \fBEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created -inside \fBEVP_DigestSignInit()\fR and it will be freed automatically when the -\&\s-1EVP_MD_CTX\s0 is freed). -.PP -The digest \fBtype\fR may be \s-1NULL\s0 if the signing algorithm supports it. -.PP -No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit()\fR if the passed \fBctx\fR -has already been assigned one via \fBEVP_MD_CTX_set_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). -.PP -Only \s-1EVP_PKEY\s0 types that support signing can be used with these functions. This -includes \s-1MAC\s0 algorithms where the \s-1MAC\s0 generation is considered as a form of -\&\*(L"signing\*(R". Built-in \s-1EVP_PKEY\s0 types supported by these functions are \s-1CMAC,\s0 -Poly1305, \s-1DSA, ECDSA, HMAC, RSA,\s0 SipHash, Ed25519 and Ed448. -.PP -Not all digests can be used for all key types. The following combinations apply. -.IP "\s-1DSA\s0" 4 -.IX Item "DSA" -Supports \s-1SHA1, SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 -.IP "\s-1ECDSA\s0" 4 -.IX Item "ECDSA" -Supports \s-1SHA1, SHA224, SHA256, SHA384, SHA512\s0 and \s-1SM3\s0 -.IP "\s-1RSA\s0 with no padding" 4 -.IX Item "RSA with no padding" -Supports no digests (the digest \fBtype\fR must be \s-1NULL\s0) -.IP "\s-1RSA\s0 with X931 padding" 4 -.IX Item "RSA with X931 padding" -Supports \s-1SHA1, SHA256, SHA384\s0 and \s-1SHA512\s0 -.IP "All other \s-1RSA\s0 padding types" 4 -.IX Item "All other RSA padding types" -Support \s-1SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, -SHA3\-224, SHA3\-256, SHA3\-384, SHA3\-512\s0 -.IP "Ed25519 and Ed448" 4 -.IX Item "Ed25519 and Ed448" -Support no digests (the digest \fBtype\fR must be \s-1NULL\s0) -.IP "\s-1HMAC\s0" 4 -.IX Item "HMAC" -Supports any digest -.IP "\s-1CMAC,\s0 Poly1305 and SipHash" 4 -.IX Item "CMAC, Poly1305 and SipHash" -Will ignore any digest provided. -.PP -If RSA-PSS is used and restrictions apply then the digest must match. -.PP -\&\fBEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the -signature context \fBctx\fR. This function can be called several times on the -same \fBctx\fR to include additional data. This function is currently implemented -using a macro. -.PP -\&\fBEVP_DigestSignFinal()\fR signs the data in \fBctx\fR and places the signature in \fBsig\fR. -If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to -the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the -\&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer. If the -call is successful the signature is written to \fBsig\fR and the amount of data -written to \fBsiglen\fR. -.PP -\&\fBEVP_DigestSign()\fR signs \fBtbslen\fR bytes of data at \fBtbs\fR and places the -signature in \fBsig\fR and its length in \fBsiglen\fR in a similar way to -\&\fBEVP_DigestSignFinal()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR, \fBEVP_DigestSignaFinal()\fR and -\&\fBEVP_DigestSign()\fR return 1 for success and 0 or a negative value for failure. In -particular, a return value of \-2 indicates the operation is not supported by the -public key algorithm. -.PP -The error codes can be obtained from \fBERR_get_error\fR\|(3). -.SH "NOTES" -.IX Header "NOTES" -The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the algorithm used and much more flexible. -.PP -\&\fBEVP_DigestSign()\fR is a one shot operation which signs a single block of data -in one function. For algorithms that support streaming it is equivalent to -calling \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR. For algorithms which -do not support streaming (e.g. PureEdDSA) it is the only way to sign data. -.PP -In previous versions of OpenSSL there was a link between message digest types -and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR -needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and -the use of clone digest is now discouraged. -.PP -For some key types and parameters the random number generator must be seeded. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -.PP -The call to \fBEVP_DigestSignFinal()\fR internally finalizes a copy of the digest -context. This means that calls to \fBEVP_DigestSignUpdate()\fR and -\&\fBEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. -.PP -Since only a copy of the digest context is ever finalized, the context must -be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak -will occur. -.PP -The use of \fBEVP_PKEY_size()\fR with these functions is discouraged because some -signature operations may have a signature length which depends on the -parameters set. As a result \fBEVP_PKEY_size()\fR would have to return a value -which indicates the maximum possible signature for any set of parameters. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_DigestVerifyInit\fR\|(3), -\&\fBEVP_DigestInit\fR\|(3), -\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), -\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), -\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR -were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 deleted file mode 100644 index c303fd85df81..000000000000 --- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 +++ /dev/null @@ -1,243 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_DIGESTVERIFYINIT 3" -.TH EVP_DIGESTVERIFYINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestVerify \- EVP signature verification functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, -\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); -\& int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); -\& int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, -\& size_t siglen); -\& int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, -\& size_t siglen, const unsigned char *tbs, size_t tbslen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1EVP\s0 signature routines are a high level interface to digital signatures. -.PP -\&\fBEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest -\&\fBtype\fR from \s-1ENGINE\s0 \fBe\fR and public key \fBpkey\fR. \fBctx\fR must be created -with \fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the -\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this -can be used to set alternative verification options. Note that any existing -value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed -directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before -being passed to \fBEVP_DigestVerifyInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created -inside \fBEVP_DigestVerifyInit()\fR and it will be freed automatically when the -\&\s-1EVP_MD_CTX\s0 is freed). -.PP -No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit()\fR if the passed \fBctx\fR -has already been assigned one via \fBEVP_MD_CTX_set_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). -.PP -\&\fBEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the -verification context \fBctx\fR. This function can be called several times on the -same \fBctx\fR to include additional data. This function is currently implemented -using a macro. -.PP -\&\fBEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in -\&\fBsig\fR of length \fBsiglen\fR. -.PP -\&\fBEVP_DigestVerify()\fR verifies \fBtbslen\fR bytes at \fBtbs\fR against the signature -in \fBsig\fR of length \fBsiglen\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyUpdate()\fR return 1 for success and 0 -for failure. -.PP -\&\fBEVP_DigestVerifyFinal()\fR and \fBEVP_DigestVerify()\fR return 1 for success; any other -value indicates failure. A return value of zero indicates that the signature -did not verify successfully (that is, \fBtbs\fR did not match the original data or -the signature had an invalid form), while other values indicate a more serious -error (and sometimes also indicate an invalid signature form). -.PP -The error codes can be obtained from \fBERR_get_error\fR\|(3). -.SH "NOTES" -.IX Header "NOTES" -The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the algorithm used and much more flexible. -.PP -\&\fBEVP_DigestVerify()\fR is a one shot operation which verifies a single block of -data in one function. For algorithms that support streaming it is equivalent -to calling \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR. For -algorithms which do not support streaming (e.g. PureEdDSA) it is the only way -to verify data. -.PP -In previous versions of OpenSSL there was a link between message digest types -and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR -needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and -the use of clone digest is now discouraged. -.PP -For some key types and parameters the random number generator must be seeded. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -.PP -The call to \fBEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest -context. This means that \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can -be called later to digest and verify additional data. -.PP -Since only a copy of the digest context is ever finalized, the context must -be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak -will occur. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_DigestSignInit\fR\|(3), -\&\fBEVP_DigestInit\fR\|(3), -\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), -\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), -\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBEVP_DigestVerifyInit()\fR, \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR -were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_EncodeInit.3 b/secure/lib/libcrypto/man/EVP_EncodeInit.3 deleted file mode 100644 index f23ef7efaf0c..000000000000 --- a/secure/lib/libcrypto/man/EVP_EncodeInit.3 +++ /dev/null @@ -1,290 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_ENCODEINIT 3" -.TH EVP_ENCODEINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock \- EVP base 64 encode/decode routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); -\& void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); -\& int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); -\& int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); -\& void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); -\& int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, -\& const unsigned char *in, int inl); -\& void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); -\& int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); -\& -\& void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); -\& int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, -\& const unsigned char *in, int inl); -\& int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); -\& int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1EVP\s0 encode routines provide a high level interface to base 64 encoding and -decoding. Base 64 encoding converts binary data into a printable form that uses -the characters A\-Z, a\-z, 0\-9, \*(L"+\*(R" and \*(L"/\*(R" to represent the data. For every 3 -bytes of binary data provided 4 bytes of base 64 encoded data will be produced -plus some occasional newlines (see below). If the input data length is not a -multiple of 3 then the output data will be padded at the end using the \*(L"=\*(R" -character. -.PP -\&\fBEVP_ENCODE_CTX_new()\fR allocates, initializes and returns a context to be used for -the encode/decode functions. -.PP -\&\fBEVP_ENCODE_CTX_free()\fR cleans up an encode/decode context \fBctx\fR and frees up the -space allocated to it. -.PP -Encoding of binary data is performed in blocks of 48 input bytes (or less for -the final block). For each 48 byte input block encoded 64 bytes of base 64 data -is output plus an additional newline character (i.e. 65 bytes in total). The -final block (which may be less than 48 bytes) will output 4 bytes for every 3 -bytes of input. If the data length is not divisible by 3 then a full 4 bytes is -still output for the final 1 or 2 bytes of input. Similarly a newline character -will also be output. -.PP -\&\fBEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation. -.PP -\&\fBEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by -\&\fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output -is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the -buffer at \fBout\fR is sufficiently large to accommodate the output data. Only full -blocks of data (48 bytes) will be immediately processed and output by this -function. Any remainder is held in the \fBctx\fR object and will be processed by a -subsequent call to \fBEVP_EncodeUpdate()\fR or \fBEVP_EncodeFinal()\fR. To calculate the -required size of the output buffer add together the value of \fBinl\fR with the -amount of unprocessed data held in \fBctx\fR and divide the result by 48 (ignore -any remainder). This gives the number of blocks of data that will be processed. -Ensure the output buffer contains 65 bytes of storage for each block, plus an -additional byte for a \s-1NUL\s0 terminator. \fBEVP_EncodeUpdate()\fR may be called -repeatedly to process large amounts of input data. In the event of an error -\&\fBEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0 and return 0. On success 1 will be -returned. -.PP -\&\fBEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will -process any partial block of data remaining in the \fBctx\fR object. The output -data will be stored in \fBout\fR and the length of the data written will be stored -in \fB*outl\fR. It is the caller's responsibility to ensure that \fBout\fR is -sufficiently large to accommodate the output data which will never be more than -65 bytes plus an additional \s-1NUL\s0 terminator (i.e. 66 bytes in total). -.PP -\&\fBEVP_ENCODE_CTX_copy()\fR can be used to copy a context \fBsctx\fR to a context -\&\fBdctx\fR. \fBdctx\fR must be initialized before calling this function. -.PP -\&\fBEVP_ENCODE_CTX_num()\fR will return the number of as yet unprocessed bytes still to -be encoded or decoded that are pending in the \fBctx\fR object. -.PP -\&\fBEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length -\&\fBdlen\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of -output data will be produced. If \fBdlen\fR is not divisible by 3 then the block is -encoded as a final block of data and the output is padded such that it is always -divisible by 4. Additionally a \s-1NUL\s0 terminator character will be added. For -example if 16 bytes of input data is provided then 24 bytes of encoded data is -created plus 1 byte for a \s-1NUL\s0 terminator (i.e. 25 bytes in total). The length of -the data generated \fIwithout\fR the \s-1NUL\s0 terminator is returned from the function. -.PP -\&\fBEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation. -.PP -\&\fBEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed -to by \fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes -output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that -the buffer at \fBout\fR is sufficiently large to accommodate the output data. This -function will attempt to decode as much data as possible in 4 byte chunks. Any -whitespace, newline or carriage return characters are ignored. Any partial chunk -of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in -the \fBctx\fR object and processed by a subsequent call to \fBEVP_DecodeUpdate()\fR. If -any illegal base 64 characters are encountered or if the base 64 padding -character \*(L"=\*(R" is encountered in the middle of the data then the function returns -\&\-1 to indicate an error. A return value of 0 or 1 indicates successful -processing of the data. A return value of 0 additionally indicates that the last -input data characters processed included the base 64 padding character \*(L"=\*(R" and -therefore no more non-padding character data is expected to be processed. For -every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and -line feeds), 3 bytes of binary output data will be produced (or less at the end -of the data where the padding character \*(L"=\*(R" has been used). -.PP -\&\fBEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there -is any unprocessed data still in \fBctx\fR then the input data must not have been -a multiple of 4 and therefore an error has occurred. The function will return \-1 -in this case. Otherwise the function returns 1 on success. -.PP -\&\fBEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data -contained in \fBf\fR and store the result in \fBt\fR. Any leading whitespace will be -trimmed as will any trailing whitespace, newlines, carriage returns or \s-1EOF\s0 -characters. After such trimming the length of the data in \fBf\fR must be divisible -by 4. For every 4 input bytes exactly 3 output bytes will be produced. The -output will be padded with 0 bits if necessary to ensure that the output is -always 3 bytes for every 4 input bytes. This function will return the length of -the data decoded or \-1 on error. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated \s-1EVP_ENCODE_CTX\s0 -object or \s-1NULL\s0 on error. -.PP -\&\fBEVP_ENCODE_CTX_num()\fR returns the number of bytes pending encoding or decoding in -\&\fBctx\fR. -.PP -\&\fBEVP_EncodeUpdate()\fR returns 0 on error or 1 on success. -.PP -\&\fBEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0 -terminator. -.PP -\&\fBEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned -then no more non-padding base 64 characters are expected. -.PP -\&\fBEVP_DecodeFinal()\fR returns \-1 on error or 1 on success. -.PP -\&\fBEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 deleted file mode 100644 index f803c2de7549..000000000000 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ /dev/null @@ -1,711 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_ENCRYPTINIT 3" -.TH EVP_ENCRYPTINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, EVP_EncryptInit, EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding, EVP_enc_null \&\- EVP cipher routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); -\& int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); -\& void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); -\& -\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& ENGINE *impl, const unsigned char *key, const unsigned char *iv); -\& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, -\& int *outl, const unsigned char *in, int inl); -\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -\& -\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& ENGINE *impl, const unsigned char *key, const unsigned char *iv); -\& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, -\& int *outl, const unsigned char *in, int inl); -\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -\& -\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); -\& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, -\& int *outl, const unsigned char *in, int inl); -\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -\& -\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& const unsigned char *key, const unsigned char *iv); -\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -\& -\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& const unsigned char *key, const unsigned char *iv); -\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -\& -\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& const unsigned char *key, const unsigned char *iv, int enc); -\& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -\& -\& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); -\& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); -\& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); -\& int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); -\& -\& const EVP_CIPHER *EVP_get_cipherbyname(const char *name); -\& const EVP_CIPHER *EVP_get_cipherbynid(int nid); -\& const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); -\& -\& int EVP_CIPHER_nid(const EVP_CIPHER *e); -\& int EVP_CIPHER_block_size(const EVP_CIPHER *e); -\& int EVP_CIPHER_key_length(const EVP_CIPHER *e); -\& int EVP_CIPHER_iv_length(const EVP_CIPHER *e); -\& unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e); -\& unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e); -\& int EVP_CIPHER_type(const EVP_CIPHER *ctx); -\& -\& const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); -\& int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); -\& int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); -\& int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); -\& int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); -\& void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); -\& void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); -\& int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx); -\& int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx); -\& -\& int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -\& int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1EVP\s0 cipher routines are a high level interface to certain -symmetric ciphers. -.PP -\&\fBEVP_CIPHER_CTX_new()\fR creates a cipher context. -.PP -\&\fBEVP_CIPHER_CTX_free()\fR clears all information from a cipher context -and free up any allocated memory associate with it, including \fBctx\fR -itself. This function should be called after all operations using a -cipher are complete so sensitive information does not remain in -memory. -.PP -\&\fBEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption -with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created -before calling this function. \fBtype\fR is normally supplied -by a function such as \fBEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the -default implementation is used. \fBkey\fR is the symmetric key to use -and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes -used for the key and \s-1IV\s0 depends on the cipher. It is possible to set -all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply -the remaining parameters in subsequent calls, all of which have \fBtype\fR -set to \s-1NULL.\s0 This is done when the default cipher parameters are not -appropriate. -.PP -\&\fBEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and -writes the encrypted version to \fBout\fR. This function can be called -multiple times to encrypt successive blocks of data. The amount -of data written depends on the block alignment of the encrypted data: -as a result the amount of data written may be anything from zero bytes -to (inl + cipher_block_size \- 1) so \fBout\fR should contain sufficient -room. The actual number of bytes written is placed in \fBoutl\fR. It also -checks if \fBin\fR and \fBout\fR are partially overlapping, and if they are -0 is returned to indicate failure. -.PP -If padding is enabled (the default) then \fBEVP_EncryptFinal_ex()\fR encrypts -the \*(L"final\*(R" data, that is any data that remains in a partial block. -It uses standard block padding (aka \s-1PKCS\s0 padding) as described in -the \s-1NOTES\s0 section, below. The encrypted -final data is written to \fBout\fR which should have sufficient space for -one cipher block. The number of bytes written is placed in \fBoutl\fR. After -this function is called the encryption operation is finished and no further -calls to \fBEVP_EncryptUpdate()\fR should be made. -.PP -If padding is disabled then \fBEVP_EncryptFinal_ex()\fR will not encrypt any more -data and it will return an error if any data remains in a partial block: -that is if the total data length is not a multiple of the block size. -.PP -\&\fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal_ex()\fR are the -corresponding decryption operations. \fBEVP_DecryptFinal()\fR will return an -error code if padding is enabled and the final block is not correctly -formatted. The parameters and restrictions are identical to the encryption -operations except that if padding is enabled the decrypted data buffer \fBout\fR -passed to \fBEVP_DecryptUpdate()\fR should have sufficient room for -(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in -which case \fBinl\fR bytes is sufficient. -.PP -\&\fBEVP_CipherInit_ex()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal_ex()\fR are -functions that can be used for decryption or encryption. The operation -performed depends on the value of the \fBenc\fR parameter. It should be set -to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged -(the actual value of 'enc' being supplied in a previous call). -.PP -\&\fBEVP_CIPHER_CTX_reset()\fR clears all information from a cipher context -and free up any allocated memory associate with it, except the \fBctx\fR -itself. This function should be called anytime \fBctx\fR is to be reused -for another \fBEVP_CipherInit()\fR / \fBEVP_CipherUpdate()\fR / \fBEVP_CipherFinal()\fR -series of calls. -.PP -\&\fBEVP_EncryptInit()\fR, \fBEVP_DecryptInit()\fR and \fBEVP_CipherInit()\fR behave in a -similar way to \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR and -\&\fBEVP_CipherInit_ex()\fR except they always use the default cipher implementation. -.PP -\&\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptFinal()\fR and \fBEVP_CipherFinal()\fR are -identical to \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal_ex()\fR and -\&\fBEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up -the \fBctx\fR, but this is no longer done and \fBEVP_CIPHER_CTX_clean()\fR -must be called to free any context resources. -.PP -\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR -return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an -\&\s-1ASN1_OBJECT\s0 structure. -.PP -\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when -passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 -value is an internal value which may not have a corresponding \s-1OBJECT -IDENTIFIER.\s0 -.PP -\&\fBEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. This -function should be called after the context is set up for encryption -or decryption with \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR or -\&\fBEVP_CipherInit_ex()\fR. By default encryption operations are padded using -standard block padding and the padding is checked and removed when -decrypting. If the \fBpad\fR parameter is zero then no padding is -performed, the total amount of data encrypted or decrypted must then -be a multiple of the block size or an error will occur. -.PP -\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key -length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR -structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length -for all ciphers. Note: although \fBEVP_CIPHER_key_length()\fR is fixed for a -given cipher, the value of \fBEVP_CIPHER_CTX_key_length()\fR may be different -for variable key length ciphers. -.PP -\&\fBEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. -If the cipher is a fixed length cipher then attempting to set the key -length to any value other than the fixed value is an error. -.PP -\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 -length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. -It will return zero if the cipher does not use an \s-1IV.\s0 The constant -\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. -.PP -\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block -size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR -structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the maximum block -length for all ciphers. -.PP -\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the type of the passed -cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT -IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and -128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object -identifier or does not have \s-1ASN1\s0 support this function will return -\&\fBNID_undef\fR. -.PP -\&\fBEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed -an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. -.PP -\&\fBEVP_CIPHER_mode()\fR and \fBEVP_CIPHER_CTX_mode()\fR return the block cipher mode: -\&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, -EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, -EVP_CIPH_WRAP_MODE\s0 or \s-1EVP_CIPH_OCB_MODE.\s0 If the cipher is a stream cipher then -\&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. -.PP -\&\fBEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based -on the passed cipher. This will typically include any parameters and an -\&\s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set when this call is made. This call -should be made before the cipher is actually \*(L"used\*(R" (before any -\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). This function -may fail if the cipher does not have any \s-1ASN1\s0 support. -.PP -\&\fBEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 -AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher -In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length. -This function should be called after the base cipher type is set but before -the key is set. For example \fBEVP_CipherInit()\fR will be called with the \s-1IV\s0 and -key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally -\&\fBEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is -possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support -or the parameters cannot be set (for example the \s-1RC2\s0 effective key length -is not supported. -.PP -\&\fBEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined -and set. -.PP -\&\fBEVP_CIPHER_CTX_rand_key()\fR generates a random key of the appropriate length -based on the cipher context. The \s-1EVP_CIPHER\s0 can provide its own random key -generation routine to support keys of a specific form. \fBKey\fR must point to a -buffer at least as big as the value returned by \fBEVP_CIPHER_CTX_key_length()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created -\&\fB\s-1EVP_CIPHER_CTX\s0\fR for success and \fB\s-1NULL\s0\fR for failure. -.PP -\&\fBEVP_EncryptInit_ex()\fR, \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal_ex()\fR -return 1 for success and 0 for failure. -.PP -\&\fBEVP_DecryptInit_ex()\fR and \fBEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. -\&\fBEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. -.PP -\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherUpdate()\fR return 1 for success and 0 for failure. -\&\fBEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. -.PP -\&\fBEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure. -.PP -\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR -return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. -.PP -\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0 -.PP -\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block -size. -.PP -\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key -length. -.PP -\&\fBEVP_CIPHER_CTX_set_padding()\fR always returns 1. -.PP -\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 -length or zero if the cipher does not use an \s-1IV.\s0 -.PP -\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's -\&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0 -.PP -\&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. -.PP -\&\fBEVP_CIPHER_param_to_asn1()\fR and \fBEVP_CIPHER_asn1_to_param()\fR return greater -than zero for success and zero or a negative number on failure. -.PP -\&\fBEVP_CIPHER_CTX_rand_key()\fR returns 1 for success. -.SH "CIPHER LISTING" -.IX Header "CIPHER LISTING" -All algorithms have a fixed key length unless otherwise stated. -.PP -Refer to \*(L"\s-1SEE ALSO\*(R"\s0 for the full list of ciphers available through the \s-1EVP\s0 -interface. -.IP "\fBEVP_enc_null()\fR" 4 -.IX Item "EVP_enc_null()" -Null cipher: does nothing. -.SH "AEAD Interface" -.IX Header "AEAD Interface" -The \s-1EVP\s0 interface for Authenticated Encryption with Associated Data (\s-1AEAD\s0) -modes are subtly altered and several additional \fIctrl\fR operations are supported -depending on the mode specified. -.PP -To specify additional authenticated data (\s-1AAD\s0), a call to \fBEVP_CipherUpdate()\fR, -\&\fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made with the output -parameter \fBout\fR set to \fB\s-1NULL\s0\fR. -.PP -When decrypting, the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR -indicates whether the operation was successful. If it does not indicate success, -the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR be used -as it is corrupted. -.SS "\s-1GCM\s0 and \s-1OCB\s0 Modes" -.IX Subsection "GCM and OCB Modes" -The following \fIctrl\fRs are supported in \s-1GCM\s0 and \s-1OCB\s0 modes. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 -.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" -Sets the \s-1IV\s0 length. This call can only be made before specifying an \s-1IV.\s0 If -not called a default \s-1IV\s0 length is used. -.Sp -For \s-1GCM AES\s0 and \s-1OCB AES\s0 the default is 12 (i.e. 96 bits). For \s-1OCB\s0 mode the -maximum is 15. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 -.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" -Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. -This call can only be made when encrypting data and \fBafter\fR all data has been -processed (e.g. after an \fBEVP_EncryptFinal()\fR call). -.Sp -For \s-1OCB,\s0 \f(CW\*(C`taglen\*(C'\fR must either be 16 or the value previously set via -\&\fB\s-1EVP_CTRL_AEAD_SET_TAG\s0\fR. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 -.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" -Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. -The tag length can only be set before specifying an \s-1IV.\s0 -\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 inclusive. -.Sp -For \s-1GCM,\s0 this call is only valid when decrypting data. -.Sp -For \s-1OCB,\s0 this call is valid when decrypting data to set the expected tag, -and before encryption to set the desired tag length. -.Sp -In \s-1OCB\s0 mode, calling this before encryption with \f(CW\*(C`tag\*(C'\fR set to \f(CW\*(C`NULL\*(C'\fR sets the -tag length. If this is not called prior to encryption, a default tag length is -used. -.Sp -For \s-1OCB AES,\s0 the default tag length is 16 (i.e. 128 bits). It is also the -maximum tag length for \s-1OCB.\s0 -.SS "\s-1CCM\s0 Mode" -.IX Subsection "CCM Mode" -The \s-1EVP\s0 interface for \s-1CCM\s0 mode is similar to that of the \s-1GCM\s0 mode but with a -few additional requirements and different \fIctrl\fR values. -.PP -For \s-1CCM\s0 mode, the total plaintext or ciphertext length \fB\s-1MUST\s0\fR be passed to -\&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR with the output -and input parameters (\fBin\fR and \fBout\fR) set to \fB\s-1NULL\s0\fR and the length passed in -the \fBinl\fR parameter. -.PP -The following \fIctrl\fRs are supported in \s-1CCM\s0 mode. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 -.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" -This call is made to set the expected \fB\s-1CCM\s0\fR tag value when decrypting or -the length of the tag (with the \f(CW\*(C`tag\*(C'\fR parameter set to \s-1NULL\s0) when encrypting. -The tag length is often referred to as \fBM\fR. If not set a default value is -used (12 for \s-1AES\s0). When decrypting, the tag needs to be set before passing -in data to be decrypted, but as in \s-1GCM\s0 and \s-1OCB\s0 mode, it can be set after -passing additional authenticated data (see \*(L"\s-1AEAD\s0 Interface\*(R"). -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_CCM_SET_L,\s0 ivlen, \s-1NULL\s0)" 4 -.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)" -Sets the \s-1CCM\s0 \fBL\fR value. If not set a default is used (8 for \s-1AES\s0). -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 -.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" -Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying an -nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for -\&\s-1AES.\s0 -.SS "ChaCha20\-Poly1305" -.IX Subsection "ChaCha20-Poly1305" -The following \fIctrl\fRs are supported for the ChaCha20\-Poly1305 \s-1AEAD\s0 algorithm. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 -.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" -Sets the nonce length. This call can only be made before specifying the nonce. -If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum -nonce length is 12 bytes (i.e. 96\-bits). If a nonce of less than 12 bytes is set -then the nonce is automatically padded with leading 0 bytes to make it 12 bytes -in length. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 -.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" -Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. -This call can only be made when encrypting data and \fBafter\fR all data has been -processed (e.g. after an \fBEVP_EncryptFinal()\fR call). -.Sp -\&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR, i.e. 128\-bits) or -less. -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 -.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" -Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. -The tag length can only be set before specifying an \s-1IV.\s0 -\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR) inclusive. -This call is only valid when decrypting data. -.SH "NOTES" -.IX Header "NOTES" -Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the cipher used and much more flexible. Additionally, the -\&\fB\s-1EVP\s0\fR interface will ensure the use of platform specific cryptographic -acceleration such as AES-NI (the low level interfaces do not provide the -guarantee). -.PP -\&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total -length of the encrypted data a multiple of the block size. Padding is always -added so if the data is already a multiple of the block size \fBn\fR will equal -the block size. For example if the block size is 8 and 11 bytes are to be -encrypted then 5 padding bytes of value 5 will be added. -.PP -When decrypting the final block is checked to see if it has the correct form. -.PP -Although the decryption operation can produce an error if padding is enabled, -it is not a strong test that the input data or key is correct. A random block -has better than 1 in 256 chance of being of the correct format and problems with -the input data earlier on will not produce a final decrypt error. -.PP -If padding is disabled then the decryption operation will always succeed if -the total amount of data decrypted is a multiple of the block size. -.PP -The functions \fBEVP_EncryptInit()\fR, \fBEVP_EncryptFinal()\fR, \fBEVP_DecryptInit()\fR, -\&\fBEVP_CipherInit()\fR and \fBEVP_CipherFinal()\fR are obsolete but are retained for -compatibility with existing code. New code should use \fBEVP_EncryptInit_ex()\fR, -\&\fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptFinal_ex()\fR, -\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherFinal_ex()\fR because they can reuse an -existing context without allocating and freeing it up on each call. -.PP -\&\fBEVP_get_cipherbynid()\fR, and \fBEVP_get_cipherbyobj()\fR are implemented as macros. -.SH "BUGS" -.IX Header "BUGS" -\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR and \fB\s-1EVP_MAX_IV_LENGTH\s0\fR only refer to the internal -ciphers with default key lengths. If custom ciphers exceed these values the -results are unpredictable. This is because it has become standard practice to -define a generic key as a fixed unsigned char array containing -\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR bytes. -.PP -The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested -for certain common S/MIME ciphers (\s-1RC2, DES,\s0 triple \s-1DES\s0) in \s-1CBC\s0 mode. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Encrypt a string using \s-1IDEA:\s0 -.PP -.Vb 10 -\& int do_crypt(char *outfile) -\& { -\& unsigned char outbuf[1024]; -\& int outlen, tmplen; -\& /* -\& * Bogus key and IV: we\*(Aqd normally set these from -\& * another source. -\& */ -\& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; -\& unsigned char iv[] = {1,2,3,4,5,6,7,8}; -\& char intext[] = "Some Crypto Text"; -\& EVP_CIPHER_CTX *ctx; -\& FILE *out; -\& -\& ctx = EVP_CIPHER_CTX_new(); -\& EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv); -\& -\& if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { -\& /* Error */ -\& EVP_CIPHER_CTX_free(ctx); -\& return 0; -\& } -\& /* -\& * Buffer passed to EVP_EncryptFinal() must be after data just -\& * encrypted to avoid overwriting it. -\& */ -\& if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { -\& /* Error */ -\& EVP_CIPHER_CTX_free(ctx); -\& return 0; -\& } -\& outlen += tmplen; -\& EVP_CIPHER_CTX_free(ctx); -\& /* -\& * Need binary mode for fopen because encrypted data is -\& * binary data. Also cannot use strlen() on it because -\& * it won\*(Aqt be NUL terminated and may contain embedded -\& * NULs. -\& */ -\& out = fopen(outfile, "wb"); -\& if (out == NULL) { -\& /* Error */ -\& return 0; -\& } -\& fwrite(outbuf, 1, outlen, out); -\& fclose(out); -\& return 1; -\& } -.Ve -.PP -The ciphertext from the above example can be decrypted using the \fBopenssl\fR -utility with the command line (shown on two lines for clarity): -.PP -.Vb 2 -\& openssl idea \-d \e -\& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 . diff --git a/secure/lib/libcrypto/man/EVP_MD_meth_new.3 b/secure/lib/libcrypto/man/EVP_MD_meth_new.3 deleted file mode 100644 index f47280629192..000000000000 --- a/secure/lib/libcrypto/man/EVP_MD_meth_new.3 +++ /dev/null @@ -1,292 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_MD_METH_NEW 3" -.TH EVP_MD_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_MD_meth_dup, EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize, EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, EVP_MD_meth_get_ctrl \&\- Routines to build up EVP_MD methods -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); -\& void EVP_MD_meth_free(EVP_MD *md); -\& EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); -\& -\& int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); -\& int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); -\& int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); -\& int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); -\& int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); -\& int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, -\& const void *data, -\& size_t count)); -\& int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, -\& unsigned char *md)); -\& int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, -\& const EVP_MD_CTX *from)); -\& int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); -\& int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, -\& int p1, void *p2)); -\& -\& int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); -\& int EVP_MD_meth_get_result_size(const EVP_MD *md); -\& int EVP_MD_meth_get_app_datasize(const EVP_MD *md); -\& unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); -\& int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); -\& int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, -\& const void *data, -\& size_t count); -\& int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, -\& unsigned char *md); -\& int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, -\& const EVP_MD_CTX *from); -\& int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); -\& int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, -\& int p1, void *p2); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. -It can also have associated public/private key signing and verifying -routines. -.PP -\&\fBEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure. -.PP -\&\fBEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR. -.PP -\&\fBEVP_MD_meth_free()\fR destroys a \fB\s-1EVP_MD\s0\fR structure. -.PP -\&\fBEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size -for the method \fBmd\fR to \fBblocksize\fR bytes. -.PP -\&\fBEVP_MD_meth_set_result_size()\fR sets the size of the result that the -digest method in \fBmd\fR is expected to produce to \fBresultsize\fR bytes. -.PP -The digest method may have its own private data, which OpenSSL will -allocate for it. \fBEVP_MD_meth_set_app_datasize()\fR should be used to -set the size for it to \fBdatasize\fR. -.PP -\&\fBEVP_MD_meth_set_flags()\fR sets the flags to describe optional -behaviours in the particular \fBmd\fR. Several flags can be or'd -together. The available flags are: -.IP "\s-1EVP_MD_FLAG_ONESHOT\s0" 4 -.IX Item "EVP_MD_FLAG_ONESHOT" -This digest method can only handles one block of input. -.IP "\s-1EVP_MD_FLAG_DIGALGID_NULL\s0" 4 -.IX Item "EVP_MD_FLAG_DIGALGID_NULL" -When setting up a DigestAlgorithmIdentifier, this flag will have the -parameter set to \s-1NULL\s0 by default. Use this for PKCS#1. \fINote: if -combined with \s-1EVP_MD_FLAG_DIGALGID_ABSENT,\s0 the latter will override.\fR -.IP "\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0" 4 -.IX Item "EVP_MD_FLAG_DIGALGID_ABSENT" -When setting up a DigestAlgorithmIdentifier, this flag will have the -parameter be left absent by default. \fINote: if combined with -\&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR -.IP "\s-1EVP_MD_FLAG_DIGALGID_CUSTOM\s0" 4 -.IX Item "EVP_MD_FLAG_DIGALGID_CUSTOM" -Custom DigestAlgorithmIdentifier handling via ctrl, with -\&\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR as default. \fINote: if combined with -\&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR -Currently unused. -.PP -\&\fBEVP_MD_meth_set_init()\fR sets the digest init function for \fBmd\fR. -The digest init function is called by \fBEVP_DigestInit()\fR, -\&\fBEVP_DigestInit_ex()\fR, EVP_SignInit, \fBEVP_SignInit_ex()\fR, \fBEVP_VerifyInit()\fR -and \fBEVP_VerifyInit_ex()\fR. -.PP -\&\fBEVP_MD_meth_set_update()\fR sets the digest update function for \fBmd\fR. -The digest update function is called by \fBEVP_DigestUpdate()\fR, -\&\fBEVP_SignUpdate()\fR. -.PP -\&\fBEVP_MD_meth_set_final()\fR sets the digest final function for \fBmd\fR. -The digest final function is called by \fBEVP_DigestFinal()\fR, -\&\fBEVP_DigestFinal_ex()\fR, \fBEVP_SignFinal()\fR and \fBEVP_VerifyFinal()\fR. -.PP -\&\fBEVP_MD_meth_set_copy()\fR sets the function for \fBmd\fR to do extra -computations after the method's private data structure has been copied -from one \fB\s-1EVP_MD_CTX\s0\fR to another. If all that's needed is to copy -the data, there is no need for this copy function. -Note that the copy function is passed two \fB\s-1EVP_MD_CTX\s0 *\fR, the private -data structure is then available with \fBEVP_MD_CTX_md_data()\fR. -This copy function is called by \fBEVP_MD_CTX_copy()\fR and -\&\fBEVP_MD_CTX_copy_ex()\fR. -.PP -\&\fBEVP_MD_meth_set_cleanup()\fR sets the function for \fBmd\fR to do extra -cleanup before the method's private data structure is cleaned out and -freed. -Note that the cleanup function is passed a \fB\s-1EVP_MD_CTX\s0 *\fR, the -private data structure is then available with \fBEVP_MD_CTX_md_data()\fR. -This cleanup function is called by \fBEVP_MD_CTX_reset()\fR and -\&\fBEVP_MD_CTX_free()\fR. -.PP -\&\fBEVP_MD_meth_set_ctrl()\fR sets the control function for \fBmd\fR. -.PP -\&\fBEVP_MD_meth_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, -\&\fBEVP_MD_meth_get_app_datasize()\fR, \fBEVP_MD_meth_get_flags()\fR, -\&\fBEVP_MD_meth_get_init()\fR, \fBEVP_MD_meth_get_update()\fR, -\&\fBEVP_MD_meth_get_final()\fR, \fBEVP_MD_meth_get_copy()\fR, -\&\fBEVP_MD_meth_get_cleanup()\fR and \fBEVP_MD_meth_get_ctrl()\fR are all used -to retrieve the method data given with the EVP_MD_meth_set_*() -functions above. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_MD_meth_new()\fR and \fBEVP_MD_meth_dup()\fR return a pointer to a newly -created \fB\s-1EVP_MD\s0\fR, or \s-1NULL\s0 on failure. -All EVP_MD_meth_set_*() functions return 1. -\&\fBEVP_MD_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, -\&\fBEVP_MD_meth_get_app_datasize()\fR and \fBEVP_MD_meth_get_flags()\fR return the -indicated sizes or flags. -All other EVP_CIPHER_meth_get_*() functions return pointers to their -respective \fBmd\fR function. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_DigestInit\fR\|(3), \fBEVP_SignInit\fR\|(3), \fBEVP_VerifyInit\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fB\s-1EVP_MD\s0\fR structure was openly available in OpenSSL before version -1.1. The functions described here were added in OpenSSL 1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 deleted file mode 100644 index e67fe0dc5fe4..000000000000 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ /dev/null @@ -1,200 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_OPENINIT 3" -.TH EVP_OPENINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek, -\& int ekl, unsigned char *iv, EVP_PKEY *priv); -\& int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, -\& int *outl, unsigned char *in, int inl); -\& int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1EVP\s0 envelope routines are a high level interface to envelope -decryption. They decrypt a public key encrypted symmetric key and -then decrypt data using it. -.PP -\&\fBEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption -with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length -\&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR. -The \s-1IV\s0 is supplied in the \fBiv\fR parameter. -.PP -\&\fBEVP_OpenUpdate()\fR and \fBEVP_OpenFinal()\fR have exactly the same properties -as the \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal()\fR routines, as -documented on the \fBEVP_EncryptInit\fR\|(3) manual -page. -.SH "NOTES" -.IX Header "NOTES" -It is possible to call \fBEVP_OpenInit()\fR twice in the same way as -\&\fBEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 -and (after setting any cipher parameters) it should be called again -with \fBtype\fR set to \s-1NULL.\s0 -.PP -If the cipher passed in the \fBtype\fR parameter is a variable length -cipher then the key length will be set to the value of the recovered -key length. If the cipher is a fixed length cipher then the recovered -key length must match the fixed cipher length. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the -recovered secret key size) if successful. -.PP -\&\fBEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. -.PP -\&\fBEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_SealInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 b/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 deleted file mode 100644 index 5eb33834e091..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_ASN1_METHOD.3 +++ /dev/null @@ -1,553 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_ASN1_METHOD 3" -.TH EVP_PKEY_ASN1_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_ASN1_METHOD, EVP_PKEY_asn1_new, EVP_PKEY_asn1_copy, EVP_PKEY_asn1_free, EVP_PKEY_asn1_add0, EVP_PKEY_asn1_add_alias, EVP_PKEY_asn1_set_public, EVP_PKEY_asn1_set_private, EVP_PKEY_asn1_set_param, EVP_PKEY_asn1_set_free, EVP_PKEY_asn1_set_ctrl, EVP_PKEY_asn1_set_item, EVP_PKEY_asn1_set_siginf, EVP_PKEY_asn1_set_check, EVP_PKEY_asn1_set_public_check, EVP_PKEY_asn1_set_param_check, EVP_PKEY_asn1_set_security_bits, EVP_PKEY_asn1_set_set_priv_key, EVP_PKEY_asn1_set_set_pub_key, EVP_PKEY_asn1_set_get_priv_key, EVP_PKEY_asn1_set_get_pub_key, EVP_PKEY_get0_asn1 \&\- manipulating and registering EVP_PKEY_ASN1_METHOD structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; -\& -\& EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, -\& const char *pem_str, -\& const char *info); -\& void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, -\& const EVP_PKEY_ASN1_METHOD *src); -\& void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); -\& int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); -\& int EVP_PKEY_asn1_add_alias(int to, int from); -\& -\& void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*pub_decode) (EVP_PKEY *pk, -\& X509_PUBKEY *pub), -\& int (*pub_encode) (X509_PUBKEY *pub, -\& const EVP_PKEY *pk), -\& int (*pub_cmp) (const EVP_PKEY *a, -\& const EVP_PKEY *b), -\& int (*pub_print) (BIO *out, -\& const EVP_PKEY *pkey, -\& int indent, ASN1_PCTX *pctx), -\& int (*pkey_size) (const EVP_PKEY *pk), -\& int (*pkey_bits) (const EVP_PKEY *pk)); -\& void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*priv_decode) (EVP_PKEY *pk, -\& const PKCS8_PRIV_KEY_INFO -\& *p8inf), -\& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, -\& const EVP_PKEY *pk), -\& int (*priv_print) (BIO *out, -\& const EVP_PKEY *pkey, -\& int indent, -\& ASN1_PCTX *pctx)); -\& void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*param_decode) (EVP_PKEY *pkey, -\& const unsigned char **pder, -\& int derlen), -\& int (*param_encode) (const EVP_PKEY *pkey, -\& unsigned char **pder), -\& int (*param_missing) (const EVP_PKEY *pk), -\& int (*param_copy) (EVP_PKEY *to, -\& const EVP_PKEY *from), -\& int (*param_cmp) (const EVP_PKEY *a, -\& const EVP_PKEY *b), -\& int (*param_print) (BIO *out, -\& const EVP_PKEY *pkey, -\& int indent, -\& ASN1_PCTX *pctx)); -\& -\& void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, -\& void (*pkey_free) (EVP_PKEY *pkey)); -\& void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, -\& long arg1, void *arg2)); -\& void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*item_verify) (EVP_MD_CTX *ctx, -\& const ASN1_ITEM *it, -\& void *asn, -\& X509_ALGOR *a, -\& ASN1_BIT_STRING *sig, -\& EVP_PKEY *pkey), -\& int (*item_sign) (EVP_MD_CTX *ctx, -\& const ASN1_ITEM *it, -\& void *asn, -\& X509_ALGOR *alg1, -\& X509_ALGOR *alg2, -\& ASN1_BIT_STRING *sig)); -\& -\& void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*siginf_set) (X509_SIG_INFO *siginf, -\& const X509_ALGOR *alg, -\& const ASN1_STRING *sig)); -\& -\& void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*pkey_check) (const EVP_PKEY *pk)); -\& -\& void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*pkey_pub_check) (const EVP_PKEY *pk)); -\& -\& void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*pkey_param_check) (const EVP_PKEY *pk)); -\& -\& void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*pkey_security_bits) (const EVP_PKEY -\& *pk)); -\& -\& void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*set_priv_key) (EVP_PKEY *pk, -\& const unsigned char -\& *priv, -\& size_t len)); -\& -\& void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*set_pub_key) (EVP_PKEY *pk, -\& const unsigned char *pub, -\& size_t len)); -\& -\& void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*get_priv_key) (const EVP_PKEY *pk, -\& unsigned char *priv, -\& size_t *len)); -\& -\& void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, -\& int (*get_pub_key) (const EVP_PKEY *pk, -\& unsigned char *pub, -\& size_t *len)); -\& -\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR is a structure which holds a set of \s-1ASN.1\s0 -conversion, printing and information methods for a specific public key -algorithm. -.PP -There are two places where the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are -stored: one is a built-in array representing the standard methods for -different algorithms, and the other one is a stack of user-defined -application-specific methods, which can be manipulated by using -\&\fBEVP_PKEY_asn1_add0\fR\|(3). -.SS "Methods" -.IX Subsection "Methods" -The methods are the underlying implementations of a particular public -key algorithm present by the \fB\s-1EVP_PKEY\s0\fR object. -.PP -.Vb 5 -\& int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); -\& int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); -\& int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); -\& int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, -\& ASN1_PCTX *pctx); -.Ve -.PP -The \fBpub_decode()\fR and \fBpub_encode()\fR methods are called to decode / -encode \fBX509_PUBKEY\fR \s-1ASN.1\s0 parameters to / from \fBpk\fR. -They \s-1MUST\s0 return 0 on error, 1 on success. -They're called by \fBX509_PUBKEY_get0\fR\|(3) and \fBX509_PUBKEY_set\fR\|(3). -.PP -The \fBpub_cmp()\fR method is called when two public keys are to be -compared. -It \s-1MUST\s0 return 1 when the keys are equal, 0 otherwise. -It's called by \fBEVP_PKEY_cmp\fR\|(3). -.PP -The \fBpub_print()\fR method is called to print a public key in humanly -readable text to \fBout\fR, indented \fBindent\fR spaces. -It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fBEVP_PKEY_print_public\fR\|(3). -.PP -.Vb 4 -\& int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); -\& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); -\& int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, -\& ASN1_PCTX *pctx); -.Ve -.PP -The \fBpriv_decode()\fR and \fBpriv_encode()\fR methods are called to decode / -encode \fB\s-1PKCS8_PRIV_KEY_INFO\s0\fR form private key to / from \fBpk\fR. -They \s-1MUST\s0 return 0 on error, 1 on success. -They're called by \s-1\fBEVP_PKCS82PKEY\s0\fR\|(3) and \s-1\fBEVP_PKEY2PKCS8\s0\fR\|(3). -.PP -The \fBpriv_print()\fR method is called to print a private key in humanly -readable text to \fBout\fR, indented \fBindent\fR spaces. -It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fBEVP_PKEY_print_private\fR\|(3). -.PP -.Vb 3 -\& int (*pkey_size) (const EVP_PKEY *pk); -\& int (*pkey_bits) (const EVP_PKEY *pk); -\& int (*pkey_security_bits) (const EVP_PKEY *pk); -.Ve -.PP -The \fBpkey_size()\fR method returns the key size in bytes. -It's called by \fBEVP_PKEY_size\fR\|(3). -.PP -The \fBpkey_bits()\fR method returns the key size in bits. -It's called by \fBEVP_PKEY_bits\fR\|(3). -.PP -.Vb 8 -\& int (*param_decode) (EVP_PKEY *pkey, -\& const unsigned char **pder, int derlen); -\& int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); -\& int (*param_missing) (const EVP_PKEY *pk); -\& int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); -\& int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); -\& int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, -\& ASN1_PCTX *pctx); -.Ve -.PP -The \fBparam_decode()\fR and \fBparam_encode()\fR methods are called to decode / -encode \s-1DER\s0 formatted parameters to / from \fBpk\fR. -They \s-1MUST\s0 return 0 on error, 1 on success. -They're called by \fBPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR -\&\s-1\fBOSSL_STORE_LOADER\s0\fR\|(3). -.PP -The \fBparam_missing()\fR method returns 0 if a key parameter is missing, -otherwise 1. -It's called by \fBEVP_PKEY_missing_parameters\fR\|(3). -.PP -The \fBparam_copy()\fR method copies key parameters from \fBfrom\fR to \fBto\fR. -It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fBEVP_PKEY_copy_parameters\fR\|(3). -.PP -The \fBparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR. -It \s-1MUST\s0 return 1 when the keys are equal, 0 when not equal, or a -negative number on error. -It's called by \fBEVP_PKEY_cmp_parameters\fR\|(3). -.PP -The \fBparam_print()\fR method prints the private key parameters in humanly -readable text to \fBout\fR, indented \fBindent\fR spaces. -It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fBEVP_PKEY_print_params\fR\|(3). -.PP -.Vb 3 -\& int (*sig_print) (BIO *out, -\& const X509_ALGOR *sigalg, const ASN1_STRING *sig, -\& int indent, ASN1_PCTX *pctx); -.Ve -.PP -The \fBsig_print()\fR method prints a signature in humanly readable text to -\&\fBout\fR, indented \fBindent\fR spaces. -\&\fBsigalg\fR contains the exact signature algorithm. -If the signature in \fBsig\fR doesn't correspond to what this method -expects, \fBX509_signature_dump()\fR must be used as a last resort. -It \s-1MUST\s0 return 0 on error, 1 on success. -It's called by \fBX509_signature_print\fR\|(3). -.PP -.Vb 1 -\& void (*pkey_free) (EVP_PKEY *pkey); -.Ve -.PP -The \fBpkey_free()\fR method helps freeing the internals of \fBpkey\fR. -It's called by \fBEVP_PKEY_free\fR\|(3), \fBEVP_PKEY_set_type\fR\|(3), -\&\fBEVP_PKEY_set_type_str\fR\|(3), and \fBEVP_PKEY_assign\fR\|(3). -.PP -.Vb 1 -\& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); -.Ve -.PP -The \fBpkey_ctrl()\fR method adds extra algorithm specific control. -It's called by \fBEVP_PKEY_get_default_digest_nid\fR\|(3), -\&\fBEVP_PKEY_set1_tls_encodedpoint\fR\|(3), -\&\fBEVP_PKEY_get1_tls_encodedpoint\fR\|(3), \fBPKCS7_SIGNER_INFO_set\fR\|(3), -\&\fBPKCS7_RECIP_INFO_set\fR\|(3), ... -.PP -.Vb 3 -\& int (*old_priv_decode) (EVP_PKEY *pkey, -\& const unsigned char **pder, int derlen); -\& int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); -.Ve -.PP -The \fBold_priv_decode()\fR and \fBold_priv_encode()\fR methods decode / encode -they private key \fBpkey\fR from / to a \s-1DER\s0 formatted array. -These are exclusively used to help decoding / encoding older (pre -PKCS#8) \s-1PEM\s0 formatted encrypted private keys. -\&\fBold_priv_decode()\fR \s-1MUST\s0 return 0 on error, 1 on success. -\&\fBold_priv_encode()\fR \s-1MUST\s0 the return same kind of values as -\&\fBi2d_PrivateKey()\fR. -They're called by \fBd2i_PrivateKey\fR\|(3) and \fBi2d_PrivateKey\fR\|(3). -.PP -.Vb 5 -\& int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, -\& X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); -\& int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, -\& X509_ALGOR *alg1, X509_ALGOR *alg2, -\& ASN1_BIT_STRING *sig); -.Ve -.PP -The \fBitem_sign()\fR and \fBitem_verify()\fR methods make it possible to have -algorithm specific signatures and verification of them. -.PP -\&\fBitem_sign()\fR \s-1MUST\s0 return one of: -.IP "<=0" 4 -.IX Item "<=0" -error -.IP "1" 4 -.IX Item "1" -\&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the -signature length back. -.IP "2" 4 -.IX Item "2" -\&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are -expected to continue with the default signature production. -.IP "3" 4 -.IX Item "3" -\&\fBitem_sign()\fR set the algorithm identifier \fBalgor1\fR and \fBalgor2\fR, -OpenSSL internals should just sign using those algorithms. -.PP -\&\fBitem_verify()\fR \s-1MUST\s0 return one of: -.IP "<=0" 4 -.IX Item "<=0" -error -.IP "1" 4 -.IX Item "1" -\&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the -signature length back. -.IP "2" 4 -.IX Item "2" -\&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are -expected to continue with the default signature production. -.PP -\&\fBitem_verify()\fR and \fBitem_sign()\fR are called by \fBASN1_item_verify\fR\|(3) and -\&\fBASN1_item_sign\fR\|(3), and by extension, \fBX509_verify\fR\|(3), -\&\fBX509_REQ_verify\fR\|(3), \fBX509_sign\fR\|(3), \fBX509_REQ_sign\fR\|(3), ... -.PP -.Vb 2 -\& int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, -\& const ASN1_STRING *sig); -.Ve -.PP -The \fBsiginf_set()\fR method is used to set custom \fBX509_SIG_INFO\fR -parameters. -It \s-1MUST\s0 return 0 on error, or 1 on success. -It's called as part of \fBX509_check_purpose\fR\|(3), \fBX509_check_ca\fR\|(3) -and \fBX509_check_issued\fR\|(3). -.PP -.Vb 3 -\& int (*pkey_check) (const EVP_PKEY *pk); -\& int (*pkey_public_check) (const EVP_PKEY *pk); -\& int (*pkey_param_check) (const EVP_PKEY *pk); -.Ve -.PP -The \fBpkey_check()\fR, \fBpkey_public_check()\fR and \fBpkey_param_check()\fR methods are used -to check the validity of \fBpk\fR for key-pair, public component and parameters, -respectively. -They \s-1MUST\s0 return 0 for an invalid key, or 1 for a valid key. -They are called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and -\&\fBEVP_PKEY_param_check\fR\|(3) respectively. -.PP -.Vb 2 -\& int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); -\& int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); -.Ve -.PP -The \fBset_priv_key()\fR and \fBset_pub_key()\fR methods are used to set the raw private and -public key data for an \s-1EVP_PKEY.\s0 They \s-1MUST\s0 return 0 on error, or 1 on success. -They are called by \fBEVP_PKEY_new_raw_private_key\fR\|(3), and -\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) respectively. -.SS "Functions" -.IX Subsection "Functions" -\&\fBEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR -object, and associates the given \fBid\fR, \fBflags\fR, \fBpem_str\fR and -\&\fBinfo\fR. -\&\fBid\fR is a \s-1NID,\s0 \fBpem_str\fR is the \s-1PEM\s0 type string, \fBinfo\fR is a -descriptive string. -The following \fBflags\fR are supported: -.PP -.Vb 1 -\& ASN1_PKEY_SIGPARAM_NULL -.Ve -.PP -If \fB\s-1ASN1_PKEY_SIGPARAM_NULL\s0\fR is set, then the signature algorithm -parameters are given the type \fBV_ASN1_NULL\fR by default, otherwise -they will be given the type \fBV_ASN1_UNDEF\fR (i.e. the parameter is -omitted). -See \fBX509_ALGOR_set0\fR\|(3) for more information. -.PP -\&\fBEVP_PKEY_asn1_copy()\fR copies an \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object from -\&\fBsrc\fR to \fBdst\fR. -This function is not thread safe, it's recommended to only use this -when initializing the application. -.PP -\&\fBEVP_PKEY_asn1_free()\fR frees an existing \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR pointed -by \fBameth\fR. -.PP -\&\fBEVP_PKEY_asn1_add0()\fR adds \fBameth\fR to the user defined stack of -methods unless another \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is -already there. -This function is not thread safe, it's recommended to only use this -when initializing the application. -.PP -\&\fBEVP_PKEY_asn1_add_alias()\fR creates an alias with the \s-1NID\s0 \fBto\fR for the -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 \fBfrom\fR unless another -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is already added. -This function is not thread safe, it's recommended to only use this -when initializing the application. -.PP -\&\fBEVP_PKEY_asn1_set_public()\fR, \fBEVP_PKEY_asn1_set_private()\fR, -\&\fBEVP_PKEY_asn1_set_param()\fR, \fBEVP_PKEY_asn1_set_free()\fR, -\&\fBEVP_PKEY_asn1_set_ctrl()\fR, \fBEVP_PKEY_asn1_set_item()\fR, -\&\fBEVP_PKEY_asn1_set_siginf()\fR, \fBEVP_PKEY_asn1_set_check()\fR, -\&\fBEVP_PKEY_asn1_set_public_check()\fR, \fBEVP_PKEY_asn1_set_param_check()\fR, -\&\fBEVP_PKEY_asn1_set_security_bits()\fR, \fBEVP_PKEY_asn1_set_set_priv_key()\fR, -\&\fBEVP_PKEY_asn1_set_set_pub_key()\fR, \fBEVP_PKEY_asn1_set_get_priv_key()\fR and -\&\fBEVP_PKEY_asn1_set_get_pub_key()\fR set the diverse methods of the given -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object. -.PP -\&\fBEVP_PKEY_get0_asn1()\fR finds the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR associated -with the key \fBpkey\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_asn1_new()\fR returns \s-1NULL\s0 on error, or a pointer to an -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. -.PP -\&\fBEVP_PKEY_asn1_add0()\fR and \fBEVP_PKEY_asn1_add_alias()\fR return 0 on error, -or 1 on success. -.PP -\&\fBEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 deleted file mode 100644 index c580f29e51cc..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ /dev/null @@ -1,526 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_CTX_CTRL 3" -.TH EVP_PKEY_CTX_CTRL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX_md, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_get_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_get_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_rsa_keygen_primes, EVP_PKEY_CTX_set_rsa_mgf1_md, EVP_PKEY_CTX_get_rsa_mgf1_md, EVP_PKEY_CTX_set_rsa_oaep_md, EVP_PKEY_CTX_get_rsa_oaep_md, EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_get0_rsa_oaep_label, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_subprime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, EVP_PKEY_CTX_set_dh_paramgen_type, EVP_PKEY_CTX_set_dh_rfc5114, EVP_PKEY_CTX_set_dhx_rfc5114, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_dh_kdf_type, EVP_PKEY_CTX_get_dh_kdf_type, EVP_PKEY_CTX_set0_dh_kdf_oid, EVP_PKEY_CTX_get0_dh_kdf_oid, EVP_PKEY_CTX_set_dh_kdf_md, EVP_PKEY_CTX_get_dh_kdf_md, EVP_PKEY_CTX_set_dh_kdf_outlen, EVP_PKEY_CTX_get_dh_kdf_outlen, EVP_PKEY_CTX_set0_dh_kdf_ukm, EVP_PKEY_CTX_get0_dh_kdf_ukm, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set_ecdh_cofactor_mode, EVP_PKEY_CTX_get_ecdh_cofactor_mode, EVP_PKEY_CTX_set_ecdh_kdf_type, EVP_PKEY_CTX_get_ecdh_kdf_type, EVP_PKEY_CTX_set_ecdh_kdf_md, EVP_PKEY_CTX_get_ecdh_kdf_md, EVP_PKEY_CTX_set_ecdh_kdf_outlen, EVP_PKEY_CTX_get_ecdh_kdf_outlen, EVP_PKEY_CTX_set0_ecdh_kdf_ukm, EVP_PKEY_CTX_get0_ecdh_kdf_ukm, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len \&\- algorithm specific control operations -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, -\& int cmd, int p1, void *p2); -\& int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, -\& int cmd, uint64_t value); -\& int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, -\& const char *value); -\& -\& int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); -\& -\& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); -\& int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd); -\& -\& int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, unsigned char *key, int len); -\& -\& #include -\& -\& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); -\& int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad); -\& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); -\& int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len); -\& int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); -\& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); -\& int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); -\& int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); -\& int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); -\& int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); -\& int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); -\& int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len); -\& int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); -\& -\& #include -\& -\& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); -\& -\& #include -\& -\& int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); -\& int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len); -\& int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); -\& int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type); -\& int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); -\& int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); -\& int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); -\& int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); -\& int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); -\& int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid); -\& int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid); -\& int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); -\& int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); -\& int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); -\& int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); -\& int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); -\& int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); -\& -\& #include -\& -\& int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); -\& int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); -\& int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); -\& int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); -\& int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); -\& int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); -\& int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); -\& int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); -\& int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); -\& int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); -\& -\& int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len); -\& int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); -\& int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context -\&\fBctx\fR. The key type used must match \fBkeytype\fR if it is not \-1. The parameter -\&\fBoptype\fR is a mask indicating which operations the control can be applied to. -The control command is indicated in \fBcmd\fR and any additional arguments in -\&\fBp1\fR and \fBp2\fR. -.PP -For \fBcmd\fR = \fB\s-1EVP_PKEY_CTRL_SET_MAC_KEY\s0\fR, \fBp1\fR is the length of the \s-1MAC\s0 key, -and \fBp2\fR is \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 and \s-1CMAC.\s0 -.PP -Applications will not normally call \fBEVP_PKEY_CTX_ctrl()\fR directly but will -instead call one of the algorithm specific macros below. -.PP -The function \fBEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a -uint64 value as \fBp2\fR to \fBEVP_PKEY_CTX_ctrl()\fR. -.PP -The function \fBEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm -specific control operation to a context \fBctx\fR in string form. This is -intended to be used for options specified on the command line or in text -files. The commands supported are documented in the openssl utility -command line pages for the option \fB\-pkeyopt\fR which is supported by the -\&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands. -.PP -The function \fBEVP_PKEY_CTX_md()\fR sends a message digest control operation -to the context \fBctx\fR. The message digest is specified by its name \fBmd\fR. -.PP -All the remaining \*(L"functions\*(R" are implemented as macros. -.PP -The \fBEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used -in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. -.PP -The \fBEVP_PKEY_CTX_get_signature_md()\fR macro gets the message digest type used in a -signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. -.PP -Key generation typically involves setting up parameters to be used and -generating the private and public key data. Some algorithm implementations -allow private key data to be set explicitly using the \fBEVP_PKEY_CTX_set_mac_key()\fR -macro. In this case key generation is simply the process of setting up the -parameters for the key and then setting the raw key data to the value explicitly -provided by that macro. Normally applications would call -\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or similar functions instead of this macro. -.PP -The \fBEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms -supported by the \fBEVP_PKEY_new_raw_private_key\fR\|(3) function. -.SS "\s-1RSA\s0 parameters" -.IX Subsection "RSA parameters" -The \fBEVP_PKEY_CTX_set_rsa_padding()\fR macro sets the \s-1RSA\s0 padding mode for \fBctx\fR. -The \fBpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1 -padding, \fB\s-1RSA_SSLV23_PADDING\s0\fR for SSLv23 padding, \fB\s-1RSA_NO_PADDING\s0\fR for -no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and -decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations -only) and \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only). -.PP -Two \s-1RSA\s0 padding modes behave differently if \fBEVP_PKEY_CTX_set_signature_md()\fR -is used. If this macro is called for PKCS#1 padding the plaintext buffer is -an actual digest value and is encapsulated in a DigestInfo structure according -to PKCS#1 when signing and this structure is expected (and stripped off) when -verifying. If this control is not used with \s-1RSA\s0 and PKCS#1 padding then the -supplied data is used directly and not encapsulated. In the case of X9.31 -padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed -if this control is called. If it is not called then the first byte of the plaintext -buffer is expected to be the algorithm identifier byte. -.PP -The \fBEVP_PKEY_CTX_get_rsa_padding()\fR macro gets the \s-1RSA\s0 padding mode for \fBctx\fR. -.PP -The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to -\&\fBlen\fR. As its name implies it is only supported for \s-1PSS\s0 padding. Three special -values are supported: \fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR sets the salt length to the -digest length, \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR sets the salt length to the maximum -permissible value. When verifying \fB\s-1RSA_PSS_SALTLEN_AUTO\s0\fR causes the salt length -to be automatically determined based on the \fB\s-1PSS\s0\fR block structure. If this -macro is not called maximum salt length is used when signing and auto detection -when verifying is used by default. -.PP -The \fBEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR macro gets the \s-1RSA PSS\s0 salt length -for \fBctx\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. -.PP -The \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for -\&\s-1RSA\s0 key generation to \fBbits\fR. If not specified 1024 bits is used. -.PP -The \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value -for \s-1RSA\s0 key generation to \fBpubexp\fR. Currently it should be an odd integer. The -\&\fBpubexp\fR pointer is used internally by this function so it should not be -modified or freed after the call. If not specified 65537 is used. -.PP -The \fBEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for -\&\s-1RSA\s0 key generation to \fBprimes\fR. If not specified 2 is used. -.PP -The \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macro sets the \s-1MGF1\s0 digest for \s-1RSA\s0 padding -schemes to \fBmd\fR. If not explicitly set the signing digest is used. The -padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR -or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. -.PP -The \fBEVP_PKEY_CTX_get_rsa_mgf1_md()\fR macro gets the \s-1MGF1\s0 digest for \fBctx\fR. -If not explicitly set the signing digest is used. The padding mode must have -been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. -.PP -The \fBEVP_PKEY_CTX_set_rsa_oaep_md()\fR macro sets the message digest type used -in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to -\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. -.PP -The \fBEVP_PKEY_CTX_get_rsa_oaep_md()\fR macro gets the message digest type used -in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to -\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. -.PP -The \fBEVP_PKEY_CTX_set0_rsa_oaep_label()\fR macro sets the \s-1RSA OAEP\s0 label to -\&\fBlabel\fR and its length to \fBlen\fR. If \fBlabel\fR is \s-1NULL\s0 or \fBlen\fR is 0, -the label is cleared. The library takes ownership of the label so the -caller should not free the original memory pointed to by \fBlabel\fR. -The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. -.PP -The \fBEVP_PKEY_CTX_get0_rsa_oaep_label()\fR macro gets the \s-1RSA OAEP\s0 label to -\&\fBlabel\fR. The return value is the label length. The padding mode -must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned -by the library and should not be freed by the caller. -.SS "\s-1DSA\s0 parameters" -.IX Subsection "DSA parameters" -The \fBEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used -for \s-1DSA\s0 parameter generation to \fBbits\fR. If not specified 1024 is used. -.SS "\s-1DH\s0 parameters" -.IX Subsection "DH parameters" -The \fBEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0 -prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called -then 1024 is used. Only accepts lengths greater than or equal to 256. -.PP -The \fBEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0 -optional subprime parameter \fBq\fR for \s-1DH\s0 parameter generation. The default is -256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0 -paramgen type must have been set to x9.42. -.PP -The \fBEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR -for \s-1DH\s0 parameter generation. If not specified 2 is used. -.PP -The \fBEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0 -parameter generation. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0 -The default is 0. -.PP -The \fBEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is -1 the shared secret is padded with zeroes up to the size of the \s-1DH\s0 prime \fBp\fR. -If \fBpad\fR is zero (the default) then no padding is performed. -.PP -\&\fBEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to -\&\fBnid\fR as defined in \s-1RFC7919.\s0 The \fBnid\fR parameter must be \fBNID_ffdhe2048\fR, -\&\fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR -or \fBNID_undef\fR to clear the stored value. This macro can be called during -parameter or key generation. -The nid parameter and the rfc5114 parameter are mutually exclusive. -.PP -The \fBEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fBEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are -synonymous. They set the \s-1DH\s0 parameters to the values defined in \s-1RFC5114.\s0 The -\&\fBrfc5114\fR parameter must be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections -2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called -during parameter generation. The \fBctx\fR must have a key type of -\&\fB\s-1EVP_PKEY_DHX\s0\fR. -The rfc5114 parameter and the nid parameter are mutually exclusive. -.SS "\s-1DH\s0 key derivation function parameters" -.IX Subsection "DH key derivation function parameters" -Note that all of the following functions require that the \fBctx\fR parameter has -a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of -\&\fBEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret. -The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn -encrypts a Content Encryption Key (\s-1CEK\s0). -.PP -The \fBEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type -to \fBkdf\fR for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR -and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0 -(based on the keying algorithm described in X9.42). When using key derivation, -the \fBkdf_oid\fR, \fBkdf_md\fR and \fBkdf_outlen\fR parameters must also be specified. -.PP -The \fBEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type -for \fBctx\fR used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR -and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR. -.PP -The \fBEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function -object identifier to \fBoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify -the algorithm to be used with the Content Encryption Key. -The library takes ownership of the object identifier so the caller should not -free the original memory pointed to by \fBoid\fR. -.PP -The \fBEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid -for \fBctx\fR used for \s-1DH\s0 key derivation. The resulting pointer is owned by the -library and should not be freed by the caller. -.PP -The \fBEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function -message digest to \fBmd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies -that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. -.PP -The \fBEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function -message digest for \fBctx\fR used for \s-1DH\s0 key derivation. -.PP -The \fBEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function -output length to \fBlen\fR for \s-1DH\s0 key derivation. -.PP -The \fBEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function -output length for \fBctx\fR used for \s-1DH\s0 key derivation. -.PP -The \fBEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to -\&\fBukm\fR and its length to \fBlen\fR for \s-1DH\s0 key derivation. This parameter is optional -and corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification -requires that it is 512 bits long but this is not enforced by OpenSSL. -The library takes ownership of the user key material so the caller should not -free the original memory pointed to by \fBukm\fR. -.PP -The \fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. -The return value is the user key material length. The resulting pointer is owned -by the library and should not be freed by the caller. -.SS "\s-1EC\s0 parameters" -.IX Subsection "EC parameters" -The \fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter -generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called -or an error occurs because there is no default curve. -This function can also be called to set the curve explicitly when -generating an \s-1EC\s0 key. -.PP -The \fBEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to -\&\fBparam_enc\fR when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be -\&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions -of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form. -For maximum compatibility the named curve form should be used. Note: the -\&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was added in OpenSSL 1.1.0; previous -versions should use 0 instead. -.SS "\s-1ECDH\s0 parameters" -.IX Subsection "ECDH parameters" -The \fBEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to -\&\fBcofactor_mode\fR for \s-1ECDH\s0 key derivation. Possible values are 1 to enable -cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor -mode and fallback to the private key cofactor mode. -.PP -The \fBEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for -\&\fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key -derivation is enabled and 0 otherwise. -.SS "\s-1ECDH\s0 key derivation function parameters" -.IX Subsection "ECDH key derivation function parameters" -The \fBEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type -to \fBkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR -and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63. -When using key derivation, the \fBkdf_md\fR and \fBkdf_outlen\fR parameters must -also be specified. -.PP -The \fBEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function -type for \fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are -\&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR. -.PP -The \fBEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function -message digest to \fBmd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies -that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. -.PP -The \fBEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function -message digest for \fBctx\fR used for \s-1ECDH\s0 key derivation. -.PP -The \fBEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function -output length to \fBlen\fR for \s-1ECDH\s0 key derivation. -.PP -The \fBEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function -output length for \fBctx\fR used for \s-1ECDH\s0 key derivation. -.PP -The \fBEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fBukm\fR -for \s-1ECDH\s0 key derivation. This parameter is optional and corresponds to the -shared info in X9.63 terms. The library takes ownership of the user key material -so the caller should not free the original memory pointed to by \fBukm\fR. -.PP -The \fBEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. -The return value is the user key material length. The resulting pointer is owned -by the library and should not be freed by the caller. -.SS "Other parameters" -.IX Subsection "Other parameters" -The \fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR -macros are used to manipulate the special identifier field for specific signature -algorithms such as \s-1SM2.\s0 The \fBEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fBid\fR with -the length \fBid_len\fR to the library. The library takes a copy of the id so that -the caller can safely free the original memory pointed to by \fBid\fR. The -\&\fBEVP_PKEY_CTX_get1_id_len()\fR macro returns the length of the \s-1ID\s0 set via a previous -call to \fBEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate -memory for further calls to \fBEVP_PKEY_CTX_get1_id()\fR. The \fBEVP_PKEY_CTX_get1_id()\fR -macro returns the previously set \s-1ID\s0 value to caller in \fBid\fR. The caller should -allocate adequate memory space for the \fBid\fR before calling \fBEVP_PKEY_CTX_get1_id()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0 -or a negative value for failure. In particular a return value of \-2 -indicates the operation is not supported by the public key algorithm. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_encrypt\fR\|(3), -\&\fBEVP_PKEY_decrypt\fR\|(3), -\&\fBEVP_PKEY_sign\fR\|(3), -\&\fBEVP_PKEY_verify\fR\|(3), -\&\fBEVP_PKEY_verify_recover\fR\|(3), -\&\fBEVP_PKEY_derive\fR\|(3), -\&\fBEVP_PKEY_keygen\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The -\&\fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR -macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 deleted file mode 100644 index cd32f4574c5b..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 +++ /dev/null @@ -1,192 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_CTX_NEW 3" -.TH EVP_PKEY_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- public key algorithm context functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); -\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); -\& EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); -\& void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using -the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR. -.PP -The \fBEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context -using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used -when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example -during parameter generation of key generation for some algorithms. -.PP -\&\fBEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR. -.PP -\&\fBEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR. -If \fBctx\fR is \s-1NULL,\s0 nothing is done. -.SH "NOTES" -.IX Header "NOTES" -The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used -by the OpenSSL high level public key \s-1API.\s0 Contexts \fB\s-1MUST NOT\s0\fR be shared between -threads: that is it is not permissible to use the same context simultaneously -in two threads. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR, \fBEVP_PKEY_CTX_dup()\fR returns either -the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBEVP_PKEY_CTX_free()\fR does not return a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_new\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 deleted file mode 100644 index 77577bc356ff..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set1_pbe_pass.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3" -.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_CTX_set1_pbe_pass \&\- generic KDF support functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass, -\& int passlen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions are generic support functions for all \s-1KDF\s0 algorithms. -.PP -\&\fBEVP_PKEY_CTX_set1_pbe_pass()\fR sets the password to the \fBpasslen\fR first -bytes from \fBpass\fR. -.SH "STRING CTRLS" -.IX Header "STRING CTRLS" -There is also support for string based control operations via -\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). -The \fBpassword\fR can be directly specified using the \fBtype\fR parameter -\&\*(L"pass\*(R" or given in hex encoding using the \*(L"hexpass\*(R" parameter. -.SH "NOTES" -.IX Header "NOTES" -All these functions are implemented as macros. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All these functions return 1 for success and 0 or a negative value for failure. -In particular a return value of \-2 indicates the operation is not supported by -the public key algorithm. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), -\&\fBEVP_PKEY_derive\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 deleted file mode 100644 index 15795d6ff545..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3 +++ /dev/null @@ -1,288 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3" -.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, EVP_PKEY_CTX_hkdf_mode \- HMAC\-based Extract\-and\-Expand key derivation algorithm -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); -\& -\& int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); -\& -\& int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, -\& int saltlen); -\& -\& int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key, -\& int keylen); -\& -\& int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info, -\& int infolen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1EVP_PKEY_HKDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function. -\&\s-1HKDF\s0 follows the \*(L"extract-then-expand\*(R" paradigm, where the \s-1KDF\s0 logically -consists of two modules. The first stage takes the input keying material -and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second stage -\&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output -of the \s-1KDF\s0). -.PP -\&\fBEVP_PKEY_CTX_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There are three -modes that are currently defined: -.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND\s0" 4 -.IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND" -This is the default mode. Calling \fBEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set -up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go. -The derived key returned will be the result after the expand operation. The -intermediate fixed-length pseudorandom key K is not returned. -.Sp -In this mode the digest, key, salt and info values must be set before a key is -derived or an error occurs. -.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\s0" 4 -.IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY" -In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the extract -operation. The value returned will be the intermediate fixed-length pseudorandom -key K. -.Sp -The digest, key and salt values must be set before a key is derived or an -error occurs. -.IP "\s-1EVP_PKEY_HKDEF_MODE_EXPAND_ONLY\s0" 4 -.IX Item "EVP_PKEY_HKDEF_MODE_EXPAND_ONLY" -In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the expand -operation. The input key should be set to the intermediate fixed-length -pseudorandom key K returned from a previous extract operation. -.Sp -The digest, key and info values must be set before a key is derived or an -error occurs. -.PP -\&\fBEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0 -.PP -\&\fBEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the -buffer \fBsalt\fR. Any existing value is replaced. -.PP -\&\fBEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer -\&\fBkey\fR. Any existing value is replaced. -.PP -\&\fBEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the -buffer \fBinfo\fR. If a value is already set, it is appended to the existing -value. -.SH "STRING CTRLS" -.IX Header "STRING CTRLS" -\&\s-1HKDF\s0 also supports string based control operations via -\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). -The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest -algorithm to use. -The \fBtype\fR parameter \*(L"mode\*(R" uses the values \*(L"\s-1EXTRACT_AND_EXPAND\*(R", -\&\*(L"EXTRACT_ONLY\*(R"\s0 and \*(L"\s-1EXPAND_ONLY\*(R"\s0 to determine the mode to use. -The \fBtype\fR parameters \*(L"salt\*(R", \*(L"key\*(R" and \*(L"info\*(R" use the supplied \fBvalue\fR -parameter as a \fBseed\fR, \fBkey\fR or \fBinfo\fR value. -The names \*(L"hexsalt\*(R", \*(L"hexkey\*(R" and \*(L"hexinfo\*(R" are similar except they take a hex -string which is converted to binary. -.SH "NOTES" -.IX Header "NOTES" -All these functions are implemented as macros. -.PP -A context for \s-1HKDF\s0 can be obtained by calling: -.PP -.Vb 1 -\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); -.Ve -.PP -The total length of the info buffer cannot exceed 1024 bytes in length: this -should be more than enough for any normal use of \s-1HKDF.\s0 -.PP -The output length of an \s-1HKDF\s0 expand operation is specified via the length -parameter to the \fBEVP_PKEY_derive\fR\|(3) function. -Since the \s-1HKDF\s0 output length is variable, passing a \fB\s-1NULL\s0\fR buffer as a means -to obtain the requisite length is not meaningful with \s-1HKDF\s0 in any mode that -performs an expand operation. Instead, the caller must allocate a buffer of the -desired length, and pass that buffer to \fBEVP_PKEY_derive\fR\|(3) along with (a -pointer initialized to) the desired length. Passing a \fB\s-1NULL\s0\fR buffer to obtain -the length is allowed when using \s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY.\s0 -.PP -Optimised versions of \s-1HKDF\s0 can be implemented in an \s-1ENGINE.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All these functions return 1 for success and 0 or a negative value for failure. -In particular a return value of \-2 indicates the operation is not supported by -the public key algorithm. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R", -salt value \*(L"salt\*(R" and info value \*(L"label\*(R": -.PP -.Vb 4 -\& EVP_PKEY_CTX *pctx; -\& unsigned char out[10]; -\& size_t outlen = sizeof(out); -\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); -\& -\& if (EVP_PKEY_derive_init(pctx) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) -\& /* Error */ -\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) -\& /* Error */ -.Ve -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1RFC 5869\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), -\&\fBEVP_PKEY_derive\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 deleted file mode 100644 index 939d29cac16b..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 +++ /dev/null @@ -1,222 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3" -.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen \&\- EVP_PKEY RSA\-PSS algorithm support functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx, -\& const EVP_MD *md); -\& int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx, -\& const EVP_MD *md); -\& int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, -\& int saltlen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These are the functions that implement \s-1\fBRSA\-PSS\s0\fR\|(7). -.SS "Signing and Verification" -.IX Subsection "Signing and Verification" -The macro \fBEVP_PKEY_CTX_set_rsa_padding()\fR is supported but an error is -returned if an attempt is made to set the padding mode to anything other -than \fB\s-1PSS\s0\fR. It is otherwise similar to the \fB\s-1RSA\s0\fR version. -.PP -The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt length. -If the key has usage restrictions then an error is returned if an attempt is -made to set the salt length below the minimum value. It is otherwise similar -to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using -\&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has -usage restrictions. -.PP -The \fBEVP_PKEY_CTX_set_signature_md()\fR and \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macros -are used to set the digest and \s-1MGF1\s0 algorithms respectively. If the key has -usage restrictions then an error is returned if an attempt is made to set the -digest to anything other than the restricted value. Otherwise these are -similar to the \fB\s-1RSA\s0\fR versions. -.SS "Key Generation" -.IX Subsection "Key Generation" -As with \s-1RSA\s0 key generation the \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR -and \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS: -they have exactly the same meaning as for the \s-1RSA\s0 algorithm. -.PP -Optional parameter restrictions can be specified when generating a \s-1PSS\s0 key. -If any restrictions are set (using the macros described below) then \fBall\fR -parameters are restricted. For example, setting a minimum salt length also -restricts the digest and \s-1MGF1\s0 algorithms. If any restrictions are in place -then they are reflected in the corresponding parameters of the public key -when (for example) a certificate request is signed. -.PP -\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the -generated key can use to \fBmd\fR. -.PP -\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the -generated key can use to \fBmd\fR. -.PP -\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length -to \fBsaltlen\fR. -.SH "NOTES" -.IX Header "NOTES" -A context for the \fBRSA-PSS\fR algorithm can be obtained by calling: -.PP -.Vb 1 -\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL); -.Ve -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All these functions return 1 for success and 0 or a negative value for failure. -In particular a return value of \-2 indicates the operation is not supported by -the public key algorithm. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\s-1\fBRSA\-PSS\s0\fR\|(7), -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), -\&\fBEVP_PKEY_derive\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 deleted file mode 100644 index 0794685ff34e..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_scrypt_N.3 +++ /dev/null @@ -1,211 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3" -.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_CTX_set1_scrypt_salt, EVP_PKEY_CTX_set_scrypt_N, EVP_PKEY_CTX_set_scrypt_r, EVP_PKEY_CTX_set_scrypt_p, EVP_PKEY_CTX_set_scrypt_maxmem_bytes \&\- EVP_PKEY scrypt KDF support functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, -\& int saltlen); -\& -\& int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N); -\& -\& int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r); -\& -\& int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p); -\& -\& int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx, -\& uint64_t maxmem); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions are used to set up the necessary data to use the -scrypt \s-1KDF.\s0 -For more information on scrypt, see \fBscrypt\fR\|(7). -.PP -\&\fBEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt -value. -.PP -\&\fBEVP_PKEY_CTX_set_scrypt_N()\fR, \fBEVP_PKEY_CTX_set_scrypt_r()\fR and -\&\fBEVP_PKEY_CTX_set_scrypt_p()\fR configure the work factors N, r and p. -.PP -\&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much \s-1RAM\s0 key -derivation may maximally use, given in bytes. -If \s-1RAM\s0 is exceeded because the load factors are chosen too high, the -key derivation will fail. -.SH "STRING CTRLS" -.IX Header "STRING CTRLS" -scrypt also supports string based control operations via -\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). -Similarly, the \fBsalt\fR can either be specified using the \fBtype\fR -parameter \*(L"salt\*(R" or in hex encoding by using the \*(L"hexsalt\*(R" parameter. -The work factors \fBN\fR, \fBr\fR and \fBp\fR as well as \fBmaxmem_bytes\fR can be -set by using the parameters \*(L"N\*(R", \*(L"r\*(R", \*(L"p\*(R" and \*(L"maxmem_bytes\*(R", -respectively. -.SH "NOTES" -.IX Header "NOTES" -The scrypt \s-1KDF\s0 also uses \fBEVP_PKEY_CTX_set1_pbe_pass()\fR as well as -the value from the string controls \*(L"pass\*(R" and \*(L"hexpass\*(R". -See \fBEVP_PKEY_CTX_set1_pbe_pass\fR\|(3). -.PP -All the functions described here are implemented as macros. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All these functions return 1 for success and 0 or a negative value for -failure. -In particular a return value of \-2 indicates the operation is not -supported by the public key algorithm. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBscrypt\fR\|(7), -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), -\&\fBEVP_PKEY_derive\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 deleted file mode 100644 index 7d09f0d1ab80..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 +++ /dev/null @@ -1,240 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3" -.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_CTX_set_tls1_prf_md, EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed \- TLS PRF key derivation algorithm -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); -\& int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx, -\& unsigned char *sec, int seclen); -\& int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, -\& unsigned char *seed, int seedlen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1EVP_PKEY_TLS1_PRF\s0\fR algorithm implements the \s-1PRF\s0 key derivation function for -\&\s-1TLS.\s0 It has no associated private key and only implements key derivation -using \fBEVP_PKEY_derive\fR\|(3). -.PP -\&\fBEVP_PKEY_set_tls1_prf_md()\fR sets the message digest associated with the -\&\s-1TLS PRF.\s0 \fBEVP_md5_sha1()\fR is treated as a special case which uses the \s-1PRF\s0 -algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS 1.0\s0 and 1.1. -.PP -\&\fBEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the \s-1TLS PRF\s0 -to \fBseclen\fR bytes of the buffer \fBsec\fR. Any existing secret value is replaced -and any seed is reset. -.PP -\&\fBEVP_PKEY_CTX_add1_tls1_prf_seed()\fR sets the seed to \fBseedlen\fR bytes of \fBseed\fR. -If a seed is already set it is appended to the existing value. -.SH "STRING CTRLS" -.IX Header "STRING CTRLS" -The \s-1TLS PRF\s0 also supports string based control operations using -\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). -The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest -algorithm to use. -The \fBtype\fR parameters \*(L"secret\*(R" and \*(L"seed\*(R" use the supplied \fBvalue\fR parameter -as a secret or seed value. -The names \*(L"hexsecret\*(R" and \*(L"hexseed\*(R" are similar except they take a hex string -which is converted to binary. -.SH "NOTES" -.IX Header "NOTES" -All these functions are implemented as macros. -.PP -A context for the \s-1TLS PRF\s0 can be obtained by calling: -.PP -.Vb 1 -\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); -.Ve -.PP -The digest, secret value and seed must be set before a key is derived or an -error occurs. -.PP -The total length of all seeds cannot exceed 1024 bytes in length: this should -be more than enough for any normal use of the \s-1TLS PRF.\s0 -.PP -The output length of the \s-1PRF\s0 is specified by the length parameter in the -\&\fBEVP_PKEY_derive()\fR function. Since the output length is variable, setting -the buffer to \fB\s-1NULL\s0\fR is not meaningful for the \s-1TLS PRF.\s0 -.PP -Optimised versions of the \s-1TLS PRF\s0 can be implemented in an \s-1ENGINE.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All these functions return 1 for success and 0 or a negative value for failure. -In particular a return value of \-2 indicates the operation is not supported by -the public key algorithm. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R" -and seed value \*(L"seed\*(R": -.PP -.Vb 3 -\& EVP_PKEY_CTX *pctx; -\& unsigned char out[10]; -\& size_t outlen = sizeof(out); -\& -\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); -\& if (EVP_PKEY_derive_init(pctx) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) -\& /* Error */ -\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) -\& /* Error */ -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), -\&\fBEVP_PKEY_derive\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 b/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 deleted file mode 100644 index 9dbb17aa8dae..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 +++ /dev/null @@ -1,207 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_ASN1_GET_COUNT 3" -.TH EVP_PKEY_ASN1_GET_COUNT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_asn1_find, EVP_PKEY_asn1_find_str, EVP_PKEY_asn1_get_count, EVP_PKEY_asn1_get0, EVP_PKEY_asn1_get0_info \&\- enumerate public key ASN.1 methods -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_asn1_get_count(void); -\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); -\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); -\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, -\& const char *str, int len); -\& int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, -\& int *ppkey_flags, const char **pinfo, -\& const char **ppem_str, -\& const EVP_PKEY_ASN1_METHOD *ameth); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBEVP_PKEY_asn1_count()\fR returns a count of the number of public key -\&\s-1ASN.1\s0 methods available: it includes standard methods and any methods -added by the application. -.PP -\&\fBEVP_PKEY_asn1_get0()\fR returns the public key \s-1ASN.1\s0 method \fBidx\fR. -The value of \fBidx\fR must be between zero and \fBEVP_PKEY_asn1_get_count()\fR -\&\- 1. -.PP -\&\fBEVP_PKEY_asn1_find()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 -\&\fBtype\fR. -If \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will look up an engine implementing a -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 \fBtype\fR and return that instead, -and also set \fB*pe\fR to point at the engine that implements it. -.PP -\&\fBEVP_PKEY_asn1_find_str()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1PEM\s0 -type string \fBstr\fR. -Just like \fBEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will -look up an engine implementing a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 -\&\fBtype\fR and return that instead, and also set \fB*pe\fR to point at the -engine that implements it. -.PP -\&\fBEVP_PKEY_asn1_get0_info()\fR returns the public key \s-1ID,\s0 base public key -\&\s-1ID\s0 (both NIDs), any flags, the method description and \s-1PEM\s0 type string -associated with the public key \s-1ASN.1\s0 method \fB*ameth\fR. -.PP -\&\fBEVP_PKEY_asn1_count()\fR, \fBEVP_PKEY_asn1_get0()\fR, \fBEVP_PKEY_asn1_find()\fR and -\&\fBEVP_PKEY_asn1_find_str()\fR are not thread safe, but as long as all -\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are added before the application gets -threaded, using them is safe. See \fBEVP_PKEY_asn1_add0\fR\|(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_asn1_count()\fR returns the number of available public key methods. -.PP -\&\fBEVP_PKEY_asn1_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is -out of range. -.PP -\&\fBEVP_PKEY_asn1_get0_info()\fR returns 0 on failure, 1 on success. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_asn1_new\fR\|(3), \fBEVP_PKEY_asn1_add0\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 deleted file mode 100644 index 6af3afbcc5ab..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 +++ /dev/null @@ -1,203 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_CMP 3" -.TH EVP_PKEY_CMP 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp \- public key parameter and comparison functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); -\& int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); -\& -\& int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); -\& int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key -parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm -doesn't use parameters. -.PP -The function \fBEVP_PKEY_copy_parameters()\fR copies the parameters from key -\&\fBfrom\fR to key \fBto\fR. An error is returned if the parameters are missing in -\&\fBfrom\fR or present in both \fBfrom\fR and \fBto\fR and mismatch. If the parameters -in \fBfrom\fR and \fBto\fR are both present and match this function has no effect. -.PP -The function \fBEVP_PKEY_cmp_parameters()\fR compares the parameters of keys -\&\fBa\fR and \fBb\fR. -.PP -The function \fBEVP_PKEY_cmp()\fR compares the public key components and parameters -(if present) of keys \fBa\fR and \fBb\fR. -.SH "NOTES" -.IX Header "NOTES" -The main purpose of the functions \fBEVP_PKEY_missing_parameters()\fR and -\&\fBEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the -parameters are sometimes omitted from a public key if they are inherited from -the \s-1CA\s0 that signed it. -.PP -Since OpenSSL private keys contain public key components too the function -\&\fBEVP_PKEY_cmp()\fR can also be used to determine if a private key matches -a public key. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key -parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm -doesn't use parameters. -.PP -These functions \fBEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for -failure. -.PP -The function \fBEVP_PKEY_cmp_parameters()\fR and \fBEVP_PKEY_cmp()\fR return 1 if the -keys match, 0 if they don't match, \-1 if the key types are different and -\&\-2 if the operation is not supported. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_keygen\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 deleted file mode 100644 index faa00d9d6774..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 +++ /dev/null @@ -1,236 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_DECRYPT 3" -.TH EVP_PKEY_DECRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, -\& unsigned char *out, size_t *outlen, -\& const unsigned char *in, size_t inlen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for a decryption operation. -.PP -The \fBEVP_PKEY_decrypt()\fR function performs a public key decryption operation -using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and -\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output -buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then -before the call the \fBoutlen\fR parameter should contain the length of the -\&\fBout\fR buffer, if the call is successful the decrypted data is written to -\&\fBout\fR and the amount of data written to \fBoutlen\fR. -.SH "NOTES" -.IX Header "NOTES" -After the call to \fBEVP_PKEY_decrypt_init()\fR algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. -.PP -The function \fBEVP_PKEY_decrypt()\fR can be called more than once on the same -context if several operations are performed using the same parameters. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_decrypt_init()\fR and \fBEVP_PKEY_decrypt()\fR return 1 for success and 0 -or a negative value for failure. In particular a return value of \-2 -indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): -.PP -.Vb 2 -\& #include -\& #include -\& -\& EVP_PKEY_CTX *ctx; -\& ENGINE *eng; -\& unsigned char *out, *in; -\& size_t outlen, inlen; -\& EVP_PKEY *key; -\& -\& /* -\& * NB: assumes key, eng, in, inlen are already set up -\& * and that key is an RSA private key -\& */ -\& ctx = EVP_PKEY_CTX_new(key, eng); -\& if (!ctx) -\& /* Error occurred */ -\& if (EVP_PKEY_decrypt_init(ctx) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) -\& /* Error */ -\& -\& /* Determine buffer length */ -\& if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) -\& /* Error */ -\& -\& out = OPENSSL_malloc(outlen); -\& -\& if (!out) -\& /* malloc failure */ -\& -\& if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) -\& /* Error */ -\& -\& /* Decrypted data is outlen bytes written to buffer out */ -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_encrypt\fR\|(3), -\&\fBEVP_PKEY_sign\fR\|(3), -\&\fBEVP_PKEY_verify\fR\|(3), -\&\fBEVP_PKEY_verify_recover\fR\|(3), -\&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 deleted file mode 100644 index 2aa43c002a60..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 +++ /dev/null @@ -1,234 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_DERIVE 3" -.TH EVP_PKEY_DERIVE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \- derive public key algorithm shared secret -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); -\& int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBEVP_PKEY_derive_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for shared secret derivation. -.PP -The \fBEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally -be a public key. -.PP -The \fBEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR. -If \fBkey\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to -the \fBkeylen\fR parameter. If \fBkey\fR is not \fB\s-1NULL\s0\fR then before the call the -\&\fBkeylen\fR parameter should contain the length of the \fBkey\fR buffer, if the call -is successful the shared secret is written to \fBkey\fR and the amount of data -written to \fBkeylen\fR. -.SH "NOTES" -.IX Header "NOTES" -After the call to \fBEVP_PKEY_derive_init()\fR algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. -.PP -The function \fBEVP_PKEY_derive()\fR can be called more than once on the same -context if several operations are performed using the same parameters. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_derive_init()\fR and \fBEVP_PKEY_derive()\fR return 1 for success and 0 -or a negative value for failure. In particular a return value of \-2 -indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): -.PP -.Vb 2 -\& #include -\& #include -\& -\& EVP_PKEY_CTX *ctx; -\& ENGINE *eng; -\& unsigned char *skey; -\& size_t skeylen; -\& EVP_PKEY *pkey, *peerkey; -\& /* NB: assumes pkey, eng, peerkey have been already set up */ -\& -\& ctx = EVP_PKEY_CTX_new(pkey, eng); -\& if (!ctx) -\& /* Error occurred */ -\& if (EVP_PKEY_derive_init(ctx) <= 0) -\& /* Error */ -\& if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) -\& /* Error */ -\& -\& /* Determine buffer length */ -\& if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) -\& /* Error */ -\& -\& skey = OPENSSL_malloc(skeylen); -\& -\& if (!skey) -\& /* malloc failure */ -\& -\& if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) -\& /* Error */ -\& -\& /* Shared secret is skey bytes written to buffer skey */ -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_encrypt\fR\|(3), -\&\fBEVP_PKEY_decrypt\fR\|(3), -\&\fBEVP_PKEY_sign\fR\|(3), -\&\fBEVP_PKEY_verify\fR\|(3), -\&\fBEVP_PKEY_verify_recover\fR\|(3), -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 deleted file mode 100644 index bdf8d35b7e0b..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 +++ /dev/null @@ -1,241 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_ENCRYPT 3" -.TH EVP_PKEY_ENCRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, -\& unsigned char *out, size_t *outlen, -\& const unsigned char *in, size_t inlen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for an encryption operation. -.PP -The \fBEVP_PKEY_encrypt()\fR function performs a public key encryption operation -using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and -\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output -buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then -before the call the \fBoutlen\fR parameter should contain the length of the -\&\fBout\fR buffer, if the call is successful the encrypted data is written to -\&\fBout\fR and the amount of data written to \fBoutlen\fR. -.SH "NOTES" -.IX Header "NOTES" -After the call to \fBEVP_PKEY_encrypt_init()\fR algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. -.PP -The function \fBEVP_PKEY_encrypt()\fR can be called more than once on the same -context if several operations are performed using the same parameters. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_encrypt_init()\fR and \fBEVP_PKEY_encrypt()\fR return 1 for success and 0 -or a negative value for failure. In particular a return value of \-2 -indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fBPEM_read_PUBKEY\fR\|(3) or -\&\fBd2i_X509\fR\|(3) for means to load a public key. You may also simply -set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation: -.PP -.Vb 3 -\& #include -\& #include -\& #include -\& -\& EVP_PKEY_CTX *ctx; -\& ENGINE *eng; -\& unsigned char *out, *in; -\& size_t outlen, inlen; -\& EVP_PKEY *key; -\& -\& /* -\& * NB: assumes eng, key, in, inlen are already set up, -\& * and that key is an RSA public key -\& */ -\& ctx = EVP_PKEY_CTX_new(key, eng); -\& if (!ctx) -\& /* Error occurred */ -\& if (EVP_PKEY_encrypt_init(ctx) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) -\& /* Error */ -\& -\& /* Determine buffer length */ -\& if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) -\& /* Error */ -\& -\& out = OPENSSL_malloc(outlen); -\& -\& if (!out) -\& /* malloc failure */ -\& -\& if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) -\& /* Error */ -\& -\& /* Encrypted data is outlen bytes written to buffer out */ -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBENGINE_by_id\fR\|(3), -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_decrypt\fR\|(3), -\&\fBEVP_PKEY_sign\fR\|(3), -\&\fBEVP_PKEY_verify\fR\|(3), -\&\fBEVP_PKEY_verify_recover\fR\|(3), -\&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 deleted file mode 100644 index 777d60243707..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 +++ /dev/null @@ -1,181 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3" -.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_get_default_digest_nid \- get default signature digest -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 2 -\& #include -\& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default -message digest \s-1NID\s0 for the public key signature operations associated with key -\&\fBpkey\fR. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use -a digest during signing. In this case \fBpnid\fR will be set to NID_undef. -.SH "NOTES" -.IX Header "NOTES" -For all current standard OpenSSL public key algorithms \s-1SHA1\s0 is returned. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The \fBEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest -is advisory (that is other digests can be used) and 2 if it is mandatory (other -digests can not be used). It returns 0 or a negative value for failure. In -particular a return value of \-2 indicates the operation is not supported by the -public key algorithm. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_sign\fR\|(3), -\&\fBEVP_PKEY_verify\fR\|(3), -\&\fBEVP_PKEY_verify_recover\fR\|(3), -.SH "HISTORY" -.IX Header "HISTORY" -This function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 deleted file mode 100644 index d323f2a038f0..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 +++ /dev/null @@ -1,335 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_KEYGEN 3" -.TH EVP_PKEY_KEYGEN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data, EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check, EVP_PKEY_param_check \&\- key and parameter generation and check functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); -\& int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); -\& -\& typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); -\& -\& void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); -\& EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); -\& -\& int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); -\& -\& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); -\& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); -\& -\& int EVP_PKEY_check(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBEVP_PKEY_keygen_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for a key generation operation. -.PP -The \fBEVP_PKEY_keygen()\fR function performs a key generation operation, the -generated key is written to \fBppkey\fR. -.PP -The functions \fBEVP_PKEY_paramgen_init()\fR and \fBEVP_PKEY_paramgen()\fR are similar -except parameters are generated. -.PP -The function \fBEVP_PKEY_set_cb()\fR sets the key or parameter generation callback -to \fBcb\fR. The function \fBEVP_PKEY_CTX_get_cb()\fR returns the key or parameter -generation callback. -.PP -The function \fBEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated -with the generation operation. If \fBidx\fR is \-1 the total number of -parameters available is returned. Any non negative value returns the value of -that parameter. \fBEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for -\&\fBidx\fR should only be called within the generation callback. -.PP -If the callback returns 0 then the key generation operation is aborted and an -error occurs. This might occur during a time consuming operation where -a user clicks on a \*(L"cancel\*(R" button. -.PP -The functions \fBEVP_PKEY_CTX_set_app_data()\fR and \fBEVP_PKEY_CTX_get_app_data()\fR set -and retrieve an opaque pointer. This can be used to set some application -defined value which can be retrieved in the callback: for example a handle -which is used to update a \*(L"progress dialog\*(R". -.PP -\&\fBEVP_PKEY_check()\fR validates the key-pair given by \fBctx\fR. This function first tries -to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise -it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. -.PP -\&\fBEVP_PKEY_public_check()\fR validates the public component of the key-pair given by \fBctx\fR. -This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR -if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. -.PP -\&\fBEVP_PKEY_param_check()\fR validates the algorithm parameters of the key-pair given by \fBctx\fR. -This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR -if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. -.SH "NOTES" -.IX Header "NOTES" -After the call to \fBEVP_PKEY_keygen_init()\fR or \fBEVP_PKEY_paramgen_init()\fR algorithm -specific control operations can be performed to set any appropriate parameters -for the operation. -.PP -The functions \fBEVP_PKEY_keygen()\fR and \fBEVP_PKEY_paramgen()\fR can be called more than -once on the same context if several operations are performed using the same -parameters. -.PP -The meaning of the parameters passed to the callback will depend on the -algorithm and the specific implementation of the algorithm. Some might not -give any useful information at all during key or parameter generation. Others -might not even call the callback. -.PP -The operation performed by key or parameter generation depends on the algorithm -used. In some cases (e.g. \s-1EC\s0 with a supplied named curve) the \*(L"generation\*(R" -option merely sets the appropriate fields in an \s-1EVP_PKEY\s0 structure. -.PP -In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the -public key components and parameters (if any). An OpenSSL private key is -equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used -in functions which require the use of a public key or parameters. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_keygen_init()\fR, \fBEVP_PKEY_paramgen_init()\fR, \fBEVP_PKEY_keygen()\fR and -\&\fBEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. -In particular a return value of \-2 indicates the operation is not supported by -the public key algorithm. -.PP -\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR return 1 -for success or others for failure. They return \-2 if the operation is not supported -for the specific algorithm. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Generate a 2048 bit \s-1RSA\s0 key: -.PP -.Vb 2 -\& #include -\& #include -\& -\& EVP_PKEY_CTX *ctx; -\& EVP_PKEY *pkey = NULL; -\& -\& ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); -\& if (!ctx) -\& /* Error occurred */ -\& if (EVP_PKEY_keygen_init(ctx) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) -\& /* Error */ -\& -\& /* Generate key */ -\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) -\& /* Error */ -.Ve -.PP -Generate a key from a set of parameters: -.PP -.Vb 2 -\& #include -\& #include -\& -\& EVP_PKEY_CTX *ctx; -\& ENGINE *eng; -\& EVP_PKEY *pkey = NULL, *param; -\& -\& /* Assumed param, eng are set up already */ -\& ctx = EVP_PKEY_CTX_new(param, eng); -\& if (!ctx) -\& /* Error occurred */ -\& if (EVP_PKEY_keygen_init(ctx) <= 0) -\& /* Error */ -\& -\& /* Generate key */ -\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) -\& /* Error */ -.Ve -.PP -Example of generation callback for OpenSSL public key implementations: -.PP -.Vb 1 -\& /* Application data is a BIO to output status to */ -\& -\& EVP_PKEY_CTX_set_app_data(ctx, status_bio); -\& -\& static int genpkey_cb(EVP_PKEY_CTX *ctx) -\& { -\& char c = \*(Aq*\*(Aq; -\& BIO *b = EVP_PKEY_CTX_get_app_data(ctx); -\& int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); -\& -\& if (p == 0) -\& c = \*(Aq.\*(Aq; -\& if (p == 1) -\& c = \*(Aq+\*(Aq; -\& if (p == 2) -\& c = \*(Aq*\*(Aq; -\& if (p == 3) -\& c = \*(Aq\en\*(Aq; -\& BIO_write(b, &c, 1); -\& (void)BIO_flush(b); -\& return 1; -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_encrypt\fR\|(3), -\&\fBEVP_PKEY_decrypt\fR\|(3), -\&\fBEVP_PKEY_sign\fR\|(3), -\&\fBEVP_PKEY_verify\fR\|(3), -\&\fBEVP_PKEY_verify_recover\fR\|(3), -\&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. -.PP -\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR were added -in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 deleted file mode 100644 index 0b9e750b16ba..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_meth_get_count.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_METH_GET_COUNT 3" -.TH EVP_PKEY_METH_GET_COUNT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info \- enumerate public key methods -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& size_t EVP_PKEY_meth_get_count(void); -\& const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); -\& void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, -\& const EVP_PKEY_METHOD *meth); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBEVP_PKEY_meth_count()\fR returns a count of the number of public key methods -available: it includes standard methods and any methods added by the -application. -.PP -\&\fBEVP_PKEY_meth_get0()\fR returns the public key method \fBidx\fR. The value of \fBidx\fR -must be between zero and \fBEVP_PKEY_meth_get_count()\fR \- 1. -.PP -\&\fBEVP_PKEY_meth_get0_info()\fR returns the public key \s-1ID\s0 (a \s-1NID\s0) and any flags -associated with the public key method \fB*meth\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_meth_count()\fR returns the number of available public key methods. -.PP -\&\fBEVP_PKEY_meth_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is -out of range. -.PP -\&\fBEVP_PKEY_meth_get0_info()\fR does not return a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 deleted file mode 100644 index 465a3499ed7a..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 +++ /dev/null @@ -1,570 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_METH_NEW 3" -.TH EVP_PKEY_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, EVP_PKEY_meth_add0, EVP_PKEY_METHOD, EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_check, EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, EVP_PKEY_meth_set_digest_custom, EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_check, EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, EVP_PKEY_meth_get_digest_custom, EVP_PKEY_meth_remove \&\- manipulating EVP_PKEY_METHOD structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef struct evp_pkey_method_st EVP_PKEY_METHOD; -\& -\& EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); -\& void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); -\& void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); -\& const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); -\& int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); -\& int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); -\& -\& void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, -\& int (*init) (EVP_PKEY_CTX *ctx)); -\& void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, -\& int (*copy) (EVP_PKEY_CTX *dst, -\& EVP_PKEY_CTX *src)); -\& void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, -\& void (*cleanup) (EVP_PKEY_CTX *ctx)); -\& void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, -\& int (*paramgen_init) (EVP_PKEY_CTX *ctx), -\& int (*paramgen) (EVP_PKEY_CTX *ctx, -\& EVP_PKEY *pkey)); -\& void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, -\& int (*keygen_init) (EVP_PKEY_CTX *ctx), -\& int (*keygen) (EVP_PKEY_CTX *ctx, -\& EVP_PKEY *pkey)); -\& void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, -\& int (*sign_init) (EVP_PKEY_CTX *ctx), -\& int (*sign) (EVP_PKEY_CTX *ctx, -\& unsigned char *sig, size_t *siglen, -\& const unsigned char *tbs, -\& size_t tbslen)); -\& void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, -\& int (*verify_init) (EVP_PKEY_CTX *ctx), -\& int (*verify) (EVP_PKEY_CTX *ctx, -\& const unsigned char *sig, -\& size_t siglen, -\& const unsigned char *tbs, -\& size_t tbslen)); -\& void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, -\& int (*verify_recover_init) (EVP_PKEY_CTX -\& *ctx), -\& int (*verify_recover) (EVP_PKEY_CTX -\& *ctx, -\& unsigned char -\& *sig, -\& size_t *siglen, -\& const unsigned -\& char *tbs, -\& size_t tbslen)); -\& void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, -\& int (*signctx_init) (EVP_PKEY_CTX *ctx, -\& EVP_MD_CTX *mctx), -\& int (*signctx) (EVP_PKEY_CTX *ctx, -\& unsigned char *sig, -\& size_t *siglen, -\& EVP_MD_CTX *mctx)); -\& void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, -\& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, -\& EVP_MD_CTX *mctx), -\& int (*verifyctx) (EVP_PKEY_CTX *ctx, -\& const unsigned char *sig, -\& int siglen, -\& EVP_MD_CTX *mctx)); -\& void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, -\& int (*encrypt_init) (EVP_PKEY_CTX *ctx), -\& int (*encryptfn) (EVP_PKEY_CTX *ctx, -\& unsigned char *out, -\& size_t *outlen, -\& const unsigned char *in, -\& size_t inlen)); -\& void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, -\& int (*decrypt_init) (EVP_PKEY_CTX *ctx), -\& int (*decrypt) (EVP_PKEY_CTX *ctx, -\& unsigned char *out, -\& size_t *outlen, -\& const unsigned char *in, -\& size_t inlen)); -\& void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, -\& int (*derive_init) (EVP_PKEY_CTX *ctx), -\& int (*derive) (EVP_PKEY_CTX *ctx, -\& unsigned char *key, -\& size_t *keylen)); -\& void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, -\& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, -\& void *p2), -\& int (*ctrl_str) (EVP_PKEY_CTX *ctx, -\& const char *type, -\& const char *value)); -\& void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, -\& int (*check) (EVP_PKEY *pkey)); -\& void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, -\& int (*check) (EVP_PKEY *pkey)); -\& void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, -\& int (*check) (EVP_PKEY *pkey)); -\& void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, -\& int (*digest_custom) (EVP_PKEY_CTX *ctx, -\& EVP_MD_CTX *mctx)); -\& -\& void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, -\& int (**pinit) (EVP_PKEY_CTX *ctx)); -\& void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, -\& int (**pcopy) (EVP_PKEY_CTX *dst, -\& EVP_PKEY_CTX *src)); -\& void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, -\& void (**pcleanup) (EVP_PKEY_CTX *ctx)); -\& void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, -\& int (**pparamgen_init) (EVP_PKEY_CTX *ctx), -\& int (**pparamgen) (EVP_PKEY_CTX *ctx, -\& EVP_PKEY *pkey)); -\& void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, -\& int (**pkeygen_init) (EVP_PKEY_CTX *ctx), -\& int (**pkeygen) (EVP_PKEY_CTX *ctx, -\& EVP_PKEY *pkey)); -\& void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, -\& int (**psign_init) (EVP_PKEY_CTX *ctx), -\& int (**psign) (EVP_PKEY_CTX *ctx, -\& unsigned char *sig, size_t *siglen, -\& const unsigned char *tbs, -\& size_t tbslen)); -\& void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, -\& int (**pverify_init) (EVP_PKEY_CTX *ctx), -\& int (**pverify) (EVP_PKEY_CTX *ctx, -\& const unsigned char *sig, -\& size_t siglen, -\& const unsigned char *tbs, -\& size_t tbslen)); -\& void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, -\& int (**pverify_recover_init) (EVP_PKEY_CTX -\& *ctx), -\& int (**pverify_recover) (EVP_PKEY_CTX -\& *ctx, -\& unsigned char -\& *sig, -\& size_t *siglen, -\& const unsigned -\& char *tbs, -\& size_t tbslen)); -\& void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, -\& int (**psignctx_init) (EVP_PKEY_CTX *ctx, -\& EVP_MD_CTX *mctx), -\& int (**psignctx) (EVP_PKEY_CTX *ctx, -\& unsigned char *sig, -\& size_t *siglen, -\& EVP_MD_CTX *mctx)); -\& void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, -\& int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, -\& EVP_MD_CTX *mctx), -\& int (**pverifyctx) (EVP_PKEY_CTX *ctx, -\& const unsigned char *sig, -\& int siglen, -\& EVP_MD_CTX *mctx)); -\& void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, -\& int (**pencrypt_init) (EVP_PKEY_CTX *ctx), -\& int (**pencryptfn) (EVP_PKEY_CTX *ctx, -\& unsigned char *out, -\& size_t *outlen, -\& const unsigned char *in, -\& size_t inlen)); -\& void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, -\& int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), -\& int (**pdecrypt) (EVP_PKEY_CTX *ctx, -\& unsigned char *out, -\& size_t *outlen, -\& const unsigned char *in, -\& size_t inlen)); -\& void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, -\& int (**pderive_init) (EVP_PKEY_CTX *ctx), -\& int (**pderive) (EVP_PKEY_CTX *ctx, -\& unsigned char *key, -\& size_t *keylen)); -\& void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, -\& int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, -\& void *p2), -\& int (**pctrl_str) (EVP_PKEY_CTX *ctx, -\& const char *type, -\& const char *value)); -\& void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, -\& int (**pcheck) (EVP_PKEY *pkey)); -\& void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, -\& int (**pcheck) (EVP_PKEY *pkey)); -\& void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, -\& int (**pcheck) (EVP_PKEY *pkey)); -\& void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, -\& int (**pdigest_custom) (EVP_PKEY_CTX *ctx, -\& EVP_MD_CTX *mctx)); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fB\s-1EVP_PKEY_METHOD\s0\fR is a structure which holds a set of methods for a -specific public key cryptographic algorithm. Those methods are usually -used to perform different jobs, such as generating a key, signing or -verifying, encrypting or decrypting, etc. -.PP -There are two places where the \fB\s-1EVP_PKEY_METHOD\s0\fR objects are stored: one -is a built-in static array representing the standard methods for different -algorithms, and the other one is a stack of user-defined application-specific -methods, which can be manipulated by using \fBEVP_PKEY_meth_add0\fR\|(3). -.PP -The \fB\s-1EVP_PKEY_METHOD\s0\fR objects are usually referenced by \fB\s-1EVP_PKEY_CTX\s0\fR -objects. -.SS "Methods" -.IX Subsection "Methods" -The methods are the underlying implementations of a particular public key -algorithm present by the \fB\s-1EVP_PKEY_CTX\s0\fR object. -.PP -.Vb 3 -\& int (*init) (EVP_PKEY_CTX *ctx); -\& int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); -\& void (*cleanup) (EVP_PKEY_CTX *ctx); -.Ve -.PP -The \fBinit()\fR method is called to initialize algorithm-specific data when a new -\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fBinit()\fR, the \fBcleanup()\fR method is called -when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fBcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR -is being duplicated. Refer to \fBEVP_PKEY_CTX_new\fR\|(3), \fBEVP_PKEY_CTX_new_id\fR\|(3), -\&\fBEVP_PKEY_CTX_free\fR\|(3) and \fBEVP_PKEY_CTX_dup\fR\|(3). -.PP -.Vb 2 -\& int (*paramgen_init) (EVP_PKEY_CTX *ctx); -\& int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); -.Ve -.PP -The \fBparamgen_init()\fR and \fBparamgen()\fR methods deal with key parameter generation. -They are called by \fBEVP_PKEY_paramgen_init\fR\|(3) and \fBEVP_PKEY_paramgen\fR\|(3) to -handle the parameter generation process. -.PP -.Vb 2 -\& int (*keygen_init) (EVP_PKEY_CTX *ctx); -\& int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); -.Ve -.PP -The \fBkeygen_init()\fR and \fBkeygen()\fR methods are used to generate the actual key for -the specified algorithm. They are called by \fBEVP_PKEY_keygen_init\fR\|(3) and -\&\fBEVP_PKEY_keygen\fR\|(3). -.PP -.Vb 3 -\& int (*sign_init) (EVP_PKEY_CTX *ctx); -\& int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, -\& const unsigned char *tbs, size_t tbslen); -.Ve -.PP -The \fBsign_init()\fR and \fBsign()\fR methods are used to generate the signature of a -piece of data using a private key. They are called by \fBEVP_PKEY_sign_init\fR\|(3) -and \fBEVP_PKEY_sign\fR\|(3). -.PP -.Vb 4 -\& int (*verify_init) (EVP_PKEY_CTX *ctx); -\& int (*verify) (EVP_PKEY_CTX *ctx, -\& const unsigned char *sig, size_t siglen, -\& const unsigned char *tbs, size_t tbslen); -.Ve -.PP -The \fBverify_init()\fR and \fBverify()\fR methods are used to verify whether a signature is -valid. They are called by \fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3). -.PP -.Vb 4 -\& int (*verify_recover_init) (EVP_PKEY_CTX *ctx); -\& int (*verify_recover) (EVP_PKEY_CTX *ctx, -\& unsigned char *rout, size_t *routlen, -\& const unsigned char *sig, size_t siglen); -.Ve -.PP -The \fBverify_recover_init()\fR and \fBverify_recover()\fR methods are used to verify a -signature and then recover the digest from the signature (for instance, a -signature that was generated by \s-1RSA\s0 signing algorithm). They are called by -\&\fBEVP_PKEY_verify_recover_init\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). -.PP -.Vb 3 -\& int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); -\& int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, -\& EVP_MD_CTX *mctx); -.Ve -.PP -The \fBsignctx_init()\fR and \fBsignctx()\fR methods are used to sign a digest present by -a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign functions. See -\&\fBEVP_DigestSignInit\fR\|(3) for details. -.PP -.Vb 3 -\& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); -\& int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, -\& EVP_MD_CTX *mctx); -.Ve -.PP -The \fBverifyctx_init()\fR and \fBverifyctx()\fR methods are used to verify a signature -against the data in a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the various -EVP_DigestVerify functions. See \fBEVP_DigestVerifyInit\fR\|(3) for details. -.PP -.Vb 3 -\& int (*encrypt_init) (EVP_PKEY_CTX *ctx); -\& int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, -\& const unsigned char *in, size_t inlen); -.Ve -.PP -The \fBencrypt_init()\fR and \fBencrypt()\fR methods are used to encrypt a piece of data. -They are called by \fBEVP_PKEY_encrypt_init\fR\|(3) and \fBEVP_PKEY_encrypt\fR\|(3). -.PP -.Vb 3 -\& int (*decrypt_init) (EVP_PKEY_CTX *ctx); -\& int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, -\& const unsigned char *in, size_t inlen); -.Ve -.PP -The \fBdecrypt_init()\fR and \fBdecrypt()\fR methods are used to decrypt a piece of data. -They are called by \fBEVP_PKEY_decrypt_init\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3). -.PP -.Vb 2 -\& int (*derive_init) (EVP_PKEY_CTX *ctx); -\& int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); -.Ve -.PP -The \fBderive_init()\fR and \fBderive()\fR methods are used to derive the shared secret -from a public key algorithm (for instance, the \s-1DH\s0 algorithm). They are called by -\&\fBEVP_PKEY_derive_init\fR\|(3) and \fBEVP_PKEY_derive\fR\|(3). -.PP -.Vb 2 -\& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); -\& int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); -.Ve -.PP -The \fBctrl()\fR and \fBctrl_str()\fR methods are used to adjust algorithm-specific -settings. See \fBEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for details. -.PP -.Vb 5 -\& int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, -\& const unsigned char *tbs, size_t tbslen); -\& int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, -\& size_t siglen, const unsigned char *tbs, -\& size_t tbslen); -.Ve -.PP -The \fBdigestsign()\fR and \fBdigestverify()\fR methods are used to generate or verify -a signature in a one-shot mode. They could be called by \fBEVP_DigestSign\fR\|(3) -and \fBEVP_DigestVerify\fR\|(3). -.PP -.Vb 3 -\& int (*check) (EVP_PKEY *pkey); -\& int (*public_check) (EVP_PKEY *pkey); -\& int (*param_check) (EVP_PKEY *pkey); -.Ve -.PP -The \fBcheck()\fR, \fBpublic_check()\fR and \fBparam_check()\fR methods are used to validate a -key-pair, the public component and parameters respectively for a given \fBpkey\fR. -They could be called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and -\&\fBEVP_PKEY_param_check\fR\|(3) respectively. -.PP -.Vb 1 -\& int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); -.Ve -.PP -The \fBdigest_custom()\fR method is used to generate customized digest content before -the real message is passed to functions like \fBEVP_DigestSignUpdate\fR\|(3) or -\&\fBEVP_DigestVerifyInit\fR\|(3). This is usually required by some public key -signature algorithms like \s-1SM2\s0 which requires a hashed prefix to the message to -be signed. The \fBdigest_custom()\fR function will be called by \fBEVP_DigestSignInit\fR\|(3) -and \fBEVP_DigestVerifyInit\fR\|(3). -.SS "Functions" -.IX Subsection "Functions" -\&\fBEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object, -and associates the given \fBid\fR and \fBflags\fR. The following flags are -supported: -.PP -.Vb 2 -\& EVP_PKEY_FLAG_AUTOARGLEN -\& EVP_PKEY_FLAG_SIGCTX_CUSTOM -.Ve -.PP -If an \fB\s-1EVP_PKEY_METHOD\s0\fR is set with the \fB\s-1EVP_PKEY_FLAG_AUTOARGLEN\s0\fR flag, the -maximum size of the output buffer will be automatically calculated or checked -in corresponding \s-1EVP\s0 methods by the \s-1EVP\s0 framework. Thus the implementations of -these methods don't need to care about handling the case of returning output -buffer size by themselves. For details on the output buffer size, refer to -\&\fBEVP_PKEY_sign\fR\|(3). -.PP -The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fBsignctx()\fR method -of an \fB\s-1EVP_PKEY_METHOD\s0\fR is always called by the \s-1EVP\s0 framework while doing a -digest signing operation by calling \fBEVP_DigestSignFinal\fR\|(3). -.PP -\&\fBEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by -\&\fBpmeth\fR. -.PP -\&\fBEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR -to \fBdst\fR. -.PP -\&\fBEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR. -This function first searches through the user-defined method objects and -then the built-in objects. -.PP -\&\fBEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods. -.PP -\&\fBEVP_PKEY_meth_remove()\fR removes an \fB\s-1EVP_PKEY_METHOD\s0\fR object added by -\&\fBEVP_PKEY_meth_add0()\fR. -.PP -The EVP_PKEY_meth_set functions set the corresponding fields of -\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure with the arguments passed. -.PP -The EVP_PKEY_meth_get functions get the corresponding fields of -\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure to the arguments provided. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR -object or returns \s-1NULL\s0 on error. -.PP -\&\fBEVP_PKEY_meth_free()\fR and \fBEVP_PKEY_meth_copy()\fR do not return values. -.PP -\&\fBEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR -object or returns \s-1NULL\s0 if not found. -.PP -\&\fBEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0 -if an error occurred. -.PP -\&\fBEVP_PKEY_meth_remove()\fR returns 1 if method is removed successfully or -0 if an error occurred. -.PP -All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return -values. For the 'get' functions, function pointers are returned by -arguments. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 deleted file mode 100644 index 708dac7c7a2f..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ /dev/null @@ -1,257 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_NEW 3" -.TH EVP_PKEY_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_PKEY_new_CMAC_key, EVP_PKEY_new_mac_key, EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key \&\- public/private key allocation and raw key handling functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EVP_PKEY *EVP_PKEY_new(void); -\& int EVP_PKEY_up_ref(EVP_PKEY *key); -\& void EVP_PKEY_free(EVP_PKEY *key); -\& -\& EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, -\& const unsigned char *key, size_t keylen); -\& EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, -\& const unsigned char *key, size_t keylen); -\& EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, -\& size_t len, const EVP_CIPHER *cipher); -\& EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, -\& int keylen); -\& -\& int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, -\& size_t *len); -\& int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, -\& size_t *len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is -used by OpenSSL to store public and private keys. The reference count is set to -\&\fB1\fR. -.PP -\&\fBEVP_PKEY_up_ref()\fR increments the reference count of \fBkey\fR. -.PP -\&\fBEVP_PKEY_free()\fR decrements the reference count of \fBkey\fR and, if the reference -count is zero, frees it up. If \fBkey\fR is \s-1NULL,\s0 nothing is done. -.PP -\&\fBEVP_PKEY_new_raw_private_key()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. If \fBe\fR is non-NULL -then the new \fB\s-1EVP_PKEY\s0\fR structure is associated with the engine \fBe\fR. The -\&\fBtype\fR argument indicates what kind of key this is. The value should be a \s-1NID\s0 -for a public key algorithm that supports raw private keys, i.e. one of -\&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, -\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. \fBkey\fR points to the -raw private key data for this \fB\s-1EVP_PKEY\s0\fR which should be of length \fBkeylen\fR. -The length should be appropriate for the type of the key. The public key data -will be automatically derived from the given private key data (if appropriate -for the algorithm type). -.PP -\&\fBEVP_PKEY_new_raw_public_key()\fR works in the same way as -\&\fBEVP_PKEY_new_raw_private_key()\fR except that \fBkey\fR points to the raw public key -data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any private key -information. Algorithm types that support raw public keys are -\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. -.PP -\&\fBEVP_PKEY_new_CMAC_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR -except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the -raw private key data, it also takes a cipher algorithm to be used during -creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. -.PP -\&\fBEVP_PKEY_new_mac_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR. -New applications should use \fBEVP_PKEY_new_raw_private_key()\fR instead. -.PP -\&\fBEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fBpriv\fR with raw -private key data. The number of bytes written is populated in \fB*len\fR. If the -buffer \fBpriv\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes -required to hold the key. The calling application is responsible for ensuring -that the buffer is large enough to receive the private key data. This function -only works for algorithms that support raw private keys. Currently this is: -\&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, -\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. -.PP -\&\fBEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fBpub\fR with raw -public key data. The number of bytes written is populated in \fB*len\fR. If the -buffer \fBpub\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes -required to hold the key. The calling application is responsible for ensuring -that the buffer is large enough to receive the public key data. This function -only works for algorithms that support raw public keys. Currently this is: -\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. -.SH "NOTES" -.IX Header "NOTES" -The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions which require a -general private key without reference to any particular algorithm. -.PP -The structure returned by \fBEVP_PKEY_new()\fR is empty. To add a private or public -key to this empty structure use the appropriate functions described in -\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or -EVP_PKEY_set1_EC_KEY. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_new()\fR, \fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, -\&\fBEVP_PKEY_new_CMAC_key()\fR and \fBEVP_PKEY_new_mac_key()\fR return either the newly -allocated \fB\s-1EVP_PKEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBEVP_PKEY_up_ref()\fR, \fBEVP_PKEY_get_raw_private_key()\fR and -\&\fBEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or -EVP_PKEY_set1_EC_KEY -.SH "HISTORY" -.IX Header "HISTORY" -The -\&\fBEVP_PKEY_new()\fR and \fBEVP_PKEY_free()\fR functions exist in all versions of OpenSSL. -.PP -The \fBEVP_PKEY_up_ref()\fR function was added in OpenSSL 1.1.0. -.PP -The -\&\fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, -\&\fBEVP_PKEY_new_CMAC_key()\fR, \fBEVP_PKEY_new_raw_private_key()\fR and -\&\fBEVP_PKEY_get_raw_public_key()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 deleted file mode 100644 index b8d33cc73892..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_PRINT_PRIVATE 3" -.TH EVP_PKEY_PRINT_PRIVATE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public key algorithm printing routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, -\& int indent, ASN1_PCTX *pctx); -\& int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, -\& int indent, ASN1_PCTX *pctx); -\& int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, -\& int indent, ASN1_PCTX *pctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The functions \fBEVP_PKEY_print_public()\fR, \fBEVP_PKEY_print_private()\fR and -\&\fBEVP_PKEY_print_params()\fR print out the public, private or parameter components -of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable -form. The parameter \fBindent\fR indicated how far the printout should be indented. -.PP -The \fBpctx\fR parameter allows the print output to be finely tuned by using -\&\s-1ASN1\s0 printing options. If \fBpctx\fR is set to \s-1NULL\s0 then default values will -be used. -.SH "NOTES" -.IX Header "NOTES" -Currently no public key algorithms include any options in the \fBpctx\fR parameter. -.PP -If the key does not include all the components indicated by the function then -only those contained in the key will be printed. For example passing a public -key to \fBEVP_PKEY_print_private()\fR will only print the public components. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions all return 1 for success and 0 or a negative value for failure. -In particular a return value of \-2 indicates the operation is not supported by -the public key algorithm. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_keygen\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 deleted file mode 100644 index 9d4c4670e4e8..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 +++ /dev/null @@ -1,282 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_SET1_RSA 3" -.TH EVP_PKEY_SET1_RSA 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine \- EVP_PKEY assignment functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); -\& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); -\& int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key); -\& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); -\& -\& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); -\& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); -\& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); -\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); -\& -\& const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); -\& const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); -\& const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); -\& RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); -\& DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); -\& DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); -\& EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); -\& -\& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); -\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); -\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key); -\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); -\& int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); -\& int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); -\& -\& int EVP_PKEY_id(const EVP_PKEY *pkey); -\& int EVP_PKEY_base_id(const EVP_PKEY *pkey); -\& int EVP_PKEY_type(int type); -\& int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); -\& -\& ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); -\& int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and -\&\fBEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. -.PP -\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and -\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or -\&\fB\s-1NULL\s0\fR if the key is not of the correct type. -.PP -\&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR, -\&\fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_DH()\fR -and \fBEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR -if the key is not of the correct type but the reference count of the -returned key is \fBnot\fR incremented and so must not be freed up after use. -.PP -\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, -\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR and -\&\fBEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR -however these use the supplied \fBkey\fR internally and so \fBkey\fR -will be freed when the parent \fBpkey\fR is freed. -.PP -\&\fBEVP_PKEY_base_id()\fR returns the type of \fBpkey\fR. For example -an \s-1RSA\s0 key will return \fB\s-1EVP_PKEY_RSA\s0\fR. -.PP -\&\fBEVP_PKEY_id()\fR returns the actual \s-1OID\s0 associated with \fBpkey\fR. Historically keys -using the same algorithm could use different OIDs. For example an \s-1RSA\s0 key could -use the OIDs corresponding to the NIDs \fBNID_rsaEncryption\fR (equivalent to -\&\fB\s-1EVP_PKEY_RSA\s0\fR) or \fBNID_rsa\fR (equivalent to \fB\s-1EVP_PKEY_RSA2\s0\fR). The use of -alternative non-standard OIDs is now rare so \fB\s-1EVP_PKEY_RSA2\s0\fR et al are not -often seen in practice. -.PP -\&\fBEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fBtype\fR. For example -EVP_PKEY_type(\s-1EVP_PKEY_RSA2\s0) will return \fB\s-1EVP_PKEY_RSA\s0\fR. -.PP -\&\fBEVP_PKEY_get0_engine()\fR returns a reference to the \s-1ENGINE\s0 handling \fBpkey\fR. -.PP -\&\fBEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fBpkey\fR to \fBengine\fR. It -must be called after the key algorithm and components are set up. -If \fBengine\fR does not include an \fB\s-1EVP_PKEY_METHOD\s0\fR for \fBpkey\fR an -error occurs. -.PP -\&\fBEVP_PKEY_set_alias_type()\fR allows modifying a \s-1EVP_PKEY\s0 to use a -different set of algorithms than the default. This is currently used -to support \s-1SM2\s0 keys, which use an identical encoding to \s-1ECDSA.\s0 -.SH "NOTES" -.IX Header "NOTES" -In accordance with the OpenSSL naming convention the key obtained -from or assigned to the \fBpkey\fR using the \fB1\fR functions must be -freed as well as \fBpkey\fR. -.PP -\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, -\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR -and \fBEVP_PKEY_assign_SIPHASH()\fR are implemented as macros. -.PP -Most applications wishing to know a key type will simply call -\&\fBEVP_PKEY_base_id()\fR and will not care about the actual type: -which will be identical in almost all cases. -.PP -Previous versions of this document suggested using EVP_PKEY_type(pkey\->type) -to determine the type of a key. Since \fB\s-1EVP_PKEY\s0\fR is now opaque this -is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). -.PP -\&\fBEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0 -key as part of its routine to load a private key. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and -\&\fBEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. -.PP -\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and -\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if -an error occurred. -.PP -\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, -\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR -and \fBEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure. -.PP -\&\fBEVP_PKEY_base_id()\fR, \fBEVP_PKEY_id()\fR and \fBEVP_PKEY_type()\fR return a key -type or \fBNID_undef\fR (equivalently \fB\s-1EVP_PKEY_NONE\s0\fR) on error. -.PP -\&\fBEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure. -.PP -\&\fBEVP_PKEY_set_alias_type()\fR returns 1 for success and 0 for error. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -After loading an \s-1ECC\s0 key, it is possible to convert it to using \s-1SM2\s0 -algorithms with EVP_PKEY_set_alias_type: -.PP -.Vb 1 -\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 deleted file mode 100644 index 8887fb79080e..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 +++ /dev/null @@ -1,245 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_SIGN 3" -.TH EVP_PKEY_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_sign_init, EVP_PKEY_sign \- sign using a public key algorithm -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, -\& unsigned char *sig, size_t *siglen, -\& const unsigned char *tbs, size_t tbslen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBEVP_PKEY_sign_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for a signing operation. -.PP -The \fBEVP_PKEY_sign()\fR function performs a public key signing operation -using \fBctx\fR. The data to be signed is specified using the \fBtbs\fR and -\&\fBtbslen\fR parameters. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output -buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then -before the call the \fBsiglen\fR parameter should contain the length of the -\&\fBsig\fR buffer, if the call is successful the signature is written to -\&\fBsig\fR and the amount of data written to \fBsiglen\fR. -.SH "NOTES" -.IX Header "NOTES" -\&\fBEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is -normally used to sign digests. For signing arbitrary messages, see the -\&\fBEVP_DigestSignInit\fR\|(3) and -\&\fBEVP_SignInit\fR\|(3) signing interfaces instead. -.PP -After the call to \fBEVP_PKEY_sign_init()\fR algorithm specific control -operations can be performed to set any appropriate parameters for the -operation (see \fBEVP_PKEY_CTX_ctrl\fR\|(3)). -.PP -The function \fBEVP_PKEY_sign()\fR can be called more than once on the same -context if several operations are performed using the same parameters. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_sign_init()\fR and \fBEVP_PKEY_sign()\fR return 1 for success and 0 -or a negative value for failure. In particular a return value of \-2 -indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: -.PP -.Vb 2 -\& #include -\& #include -\& -\& EVP_PKEY_CTX *ctx; -\& /* md is a SHA\-256 digest in this example. */ -\& unsigned char *md, *sig; -\& size_t mdlen = 32, siglen; -\& EVP_PKEY *signing_key; -\& -\& /* -\& * NB: assumes signing_key and md are set up before the next -\& * step. signing_key must be an RSA private key and md must -\& * point to the SHA\-256 digest to be signed. -\& */ -\& ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); -\& if (!ctx) -\& /* Error occurred */ -\& if (EVP_PKEY_sign_init(ctx) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) -\& /* Error */ -\& -\& /* Determine buffer length */ -\& if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) -\& /* Error */ -\& -\& sig = OPENSSL_malloc(siglen); -\& -\& if (!sig) -\& /* malloc failure */ -\& -\& if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) -\& /* Error */ -\& -\& /* Signature is siglen bytes written to buffer sig */ -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_CTX_ctrl\fR\|(3), -\&\fBEVP_PKEY_encrypt\fR\|(3), -\&\fBEVP_PKEY_decrypt\fR\|(3), -\&\fBEVP_PKEY_verify\fR\|(3), -\&\fBEVP_PKEY_verify_recover\fR\|(3), -\&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 deleted file mode 100644 index c7f15a36b161..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 +++ /dev/null @@ -1,234 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_VERIFY 3" -.TH EVP_PKEY_VERIFY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_verify_init, EVP_PKEY_verify \- signature verification using a public key algorithm -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, -\& const unsigned char *sig, size_t siglen, -\& const unsigned char *tbs, size_t tbslen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBEVP_PKEY_verify_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for a signature verification operation. -.PP -The \fBEVP_PKEY_verify()\fR function performs a public key verification operation -using \fBctx\fR. The signature is specified using the \fBsig\fR and -\&\fBsiglen\fR parameters. The verified data (i.e. the data believed originally -signed) is specified using the \fBtbs\fR and \fBtbslen\fR parameters. -.SH "NOTES" -.IX Header "NOTES" -After the call to \fBEVP_PKEY_verify_init()\fR algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. -.PP -The function \fBEVP_PKEY_verify()\fR can be called more than once on the same -context if several operations are performed using the same parameters. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_verify_init()\fR and \fBEVP_PKEY_verify()\fR return 1 if the verification was -successful and 0 if it failed. Unlike other functions the return value 0 from -\&\fBEVP_PKEY_verify()\fR only indicates that the signature did not verify -successfully (that is tbs did not match the original data or the signature was -of invalid form) it is not an indication of a more serious error. -.PP -A negative value indicates an error other that signature verification failure. -In particular a return value of \-2 indicates the operation is not supported by -the public key algorithm. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Verify signature using PKCS#1 and \s-1SHA256\s0 digest: -.PP -.Vb 2 -\& #include -\& #include -\& -\& EVP_PKEY_CTX *ctx; -\& unsigned char *md, *sig; -\& size_t mdlen, siglen; -\& EVP_PKEY *verify_key; -\& -\& /* -\& * NB: assumes verify_key, sig, siglen md and mdlen are already set up -\& * and that verify_key is an RSA public key -\& */ -\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); -\& if (!ctx) -\& /* Error occurred */ -\& if (EVP_PKEY_verify_init(ctx) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) -\& /* Error */ -\& -\& /* Perform operation */ -\& ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); -\& -\& /* -\& * ret == 1 indicates success, 0 verify failure and < 0 for some -\& * other error. -\& */ -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_encrypt\fR\|(3), -\&\fBEVP_PKEY_decrypt\fR\|(3), -\&\fBEVP_PKEY_sign\fR\|(3), -\&\fBEVP_PKEY_verify_recover\fR\|(3), -\&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 deleted file mode 100644 index d75534aa73f5..000000000000 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 +++ /dev/null @@ -1,245 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_PKEY_VERIFY_RECOVER 3" -.TH EVP_PKEY_VERIFY_RECOVER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover \- recover signature using a public key algorithm -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); -\& int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, -\& unsigned char *rout, size_t *routlen, -\& const unsigned char *sig, size_t siglen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm -context using key \fBpkey\fR for a verify recover operation. -.PP -The \fBEVP_PKEY_verify_recover()\fR function recovers signed data -using \fBctx\fR. The signature is specified using the \fBsig\fR and -\&\fBsiglen\fR parameters. If \fBrout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output -buffer is written to the \fBroutlen\fR parameter. If \fBrout\fR is not \fB\s-1NULL\s0\fR then -before the call the \fBroutlen\fR parameter should contain the length of the -\&\fBrout\fR buffer, if the call is successful recovered data is written to -\&\fBrout\fR and the amount of data written to \fBroutlen\fR. -.SH "NOTES" -.IX Header "NOTES" -Normally an application is only interested in whether a signature verification -operation is successful in those cases the \fBEVP_verify()\fR function should be -used. -.PP -Sometimes however it is useful to obtain the data originally signed using a -signing operation. Only certain public key algorithms can recover a signature -in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode). -.PP -After the call to \fBEVP_PKEY_verify_recover_init()\fR algorithm specific control -operations can be performed to set any appropriate parameters for the -operation. -.PP -The function \fBEVP_PKEY_verify_recover()\fR can be called more than once on the same -context if several operations are performed using the same parameters. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR return 1 for success -and 0 or a negative value for failure. In particular a return value of \-2 -indicates the operation is not supported by the public key algorithm. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest: -.PP -.Vb 2 -\& #include -\& #include -\& -\& EVP_PKEY_CTX *ctx; -\& unsigned char *rout, *sig; -\& size_t routlen, siglen; -\& EVP_PKEY *verify_key; -\& -\& /* -\& * NB: assumes verify_key, sig and siglen are already set up -\& * and that verify_key is an RSA public key -\& */ -\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); -\& if (!ctx) -\& /* Error occurred */ -\& if (EVP_PKEY_verify_recover_init(ctx) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) -\& /* Error */ -\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) -\& /* Error */ -\& -\& /* Determine buffer length */ -\& if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) -\& /* Error */ -\& -\& rout = OPENSSL_malloc(routlen); -\& -\& if (!rout) -\& /* malloc failure */ -\& -\& if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) -\& /* Error */ -\& -\& /* Recovered data is routlen bytes written to buffer rout */ -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_PKEY_CTX_new\fR\|(3), -\&\fBEVP_PKEY_encrypt\fR\|(3), -\&\fBEVP_PKEY_decrypt\fR\|(3), -\&\fBEVP_PKEY_sign\fR\|(3), -\&\fBEVP_PKEY_verify\fR\|(3), -\&\fBEVP_PKEY_derive\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2013\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 deleted file mode 100644 index 32c26df471a9..000000000000 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ /dev/null @@ -1,223 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_SEALINIT 3" -.TH EVP_SEALINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& unsigned char **ek, int *ekl, unsigned char *iv, -\& EVP_PKEY **pubk, int npubk); -\& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, -\& int *outl, unsigned char *in, int inl); -\& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1EVP\s0 envelope routines are a high level interface to envelope -encryption. They generate a random key and \s-1IV\s0 (if required) then -\&\*(L"envelope\*(R" it by using public key encryption. Data can then be -encrypted using this key. -.PP -\&\fBEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption -with cipher \fBtype\fR using a random secret key and \s-1IV.\s0 \fBtype\fR is normally -supplied by a function such as \fBEVP_aes_256_cbc()\fR. The secret key is encrypted -using one or more public keys, this allows the same encrypted data to be -decrypted using any of the corresponding private keys. \fBek\fR is an array of -buffers where the public key encrypted secret key will be written, each buffer -must contain enough room for the corresponding encrypted key: that is -\&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual -size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is -an array of \fBnpubk\fR public keys. -.PP -The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must -contain enough room for the corresponding cipher's \s-1IV,\s0 as determined by (for -example) EVP_CIPHER_iv_length(type). -.PP -If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored -and can be \fB\s-1NULL\s0\fR. -.PP -\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR have exactly the same properties -as the \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal()\fR routines, as -documented on the \fBEVP_EncryptInit\fR\|(3) manual -page. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful. -.PP -\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR return 1 for success and 0 for -failure. -.SH "NOTES" -.IX Header "NOTES" -Because a random secret key is generated the random number generator -must be seeded when \fBEVP_SealInit()\fR is called. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -.PP -The public key must be \s-1RSA\s0 because it is the only OpenSSL public key -algorithm that supports key transport. -.PP -Envelope encryption is the usual method of using public key encryption -on large amounts of data, this is because public key encryption is slow -but symmetric encryption is fast. So symmetric encryption is used for -bulk encryption and the small random symmetric key used is transferred -using public key encryption. -.PP -It is possible to call \fBEVP_SealInit()\fR twice in the same way as -\&\fBEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 -and (after setting any cipher parameters) it should be called again -with \fBtype\fR set to \s-1NULL.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_OpenInit\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 deleted file mode 100644 index cf7eb2b1a672..000000000000 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ /dev/null @@ -1,240 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_SIGNINIT 3" -.TH EVP_SIGNINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_PKEY_size, EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal, EVP_PKEY_security_bits \- EVP signing functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); -\& int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey); -\& -\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); -\& -\& int EVP_PKEY_size(const EVP_PKEY *pkey); -\& int EVP_PKEY_security_bits(const EVP_PKEY *pkey); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1EVP\s0 signature routines are a high level interface to digital -signatures. -.PP -\&\fBEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest -\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created with -\&\fBEVP_MD_CTX_new()\fR before calling this function. -.PP -\&\fBEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the -signature context \fBctx\fR. This function can be called several times on the -same \fBctx\fR to include additional data. -.PP -\&\fBEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and -places the signature in \fBsig\fR. \fBsig\fR must be at least EVP_PKEY_size(pkey) -bytes in size. \fBs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter. -The number of bytes of data written (i.e. the length of the signature) -will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes -will be written. -.PP -\&\fBEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default -implementation of digest \fBtype\fR. -.PP -\&\fBEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual -signature returned by \fBEVP_SignFinal()\fR may be smaller. -.PP -\&\fBEVP_PKEY_security_bits()\fR returns the number of security bits of the given \fBpkey\fR, -bits of security is defined in \s-1NIST SP800\-57.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_SignInit_ex()\fR, \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR return 1 -for success and 0 for failure. -.PP -\&\fBEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. -.PP -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.PP -\&\fBEVP_PKEY_security_bits()\fR returns the number of security bits. -.SH "NOTES" -.IX Header "NOTES" -The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the algorithm used and much more flexible. -.PP -When signing with \s-1DSA\s0 private keys the random number generator must be seeded. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -This requirement does not hold for \s-1RSA\s0 signatures. -.PP -The call to \fBEVP_SignFinal()\fR internally finalizes a copy of the digest context. -This means that calls to \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR can be called -later to digest and sign additional data. -.PP -Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak -will occur. -.SH "BUGS" -.IX Header "BUGS" -Older versions of this documentation wrongly stated that calls to -\&\fBEVP_SignUpdate()\fR could not be made after calling \fBEVP_SignFinal()\fR. -.PP -Since the private key is passed in the call to \fBEVP_SignFinal()\fR any error -relating to the private key (for example an unsuitable key and digest -combination) will not be indicated until after potentially large amounts of -data have been passed through \fBEVP_SignUpdate()\fR. -.PP -It is not possible to change the signing parameters using these function. -.PP -The previous two bugs are fixed in the newer EVP_SignDigest*() function. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_VerifyInit\fR\|(3), -\&\fBEVP_DigestInit\fR\|(3), -\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), -\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), -\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 deleted file mode 100644 index 6ce5eafb4085..000000000000 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ /dev/null @@ -1,223 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_VERIFYINIT 3" -.TH EVP_VERIFYINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \&\- EVP signature verification functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); -\& int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, -\& EVP_PKEY *pkey); -\& -\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1EVP\s0 signature verification routines are a high level interface to digital -signatures. -.PP -\&\fBEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest -\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created by calling -\&\fBEVP_MD_CTX_new()\fR before calling this function. -.PP -\&\fBEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the -verification context \fBctx\fR. This function can be called several times on the -same \fBctx\fR to include additional data. -.PP -\&\fBEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR -and against the \fBsiglen\fR bytes at \fBsigbuf\fR. -.PP -\&\fBEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default -implementation of digest \fBtype\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBEVP_VerifyInit_ex()\fR and \fBEVP_VerifyUpdate()\fR return 1 for success and 0 for -failure. -.PP -\&\fBEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some -other error occurred. -.PP -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "NOTES" -.IX Header "NOTES" -The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the algorithm used and much more flexible. -.PP -The call to \fBEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. -This means that calls to \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can be called -later to digest and verify additional data. -.PP -Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak -will occur. -.SH "BUGS" -.IX Header "BUGS" -Older versions of this documentation wrongly stated that calls to -\&\fBEVP_VerifyUpdate()\fR could not be made after calling \fBEVP_VerifyFinal()\fR. -.PP -Since the public key is passed in the call to \fBEVP_SignFinal()\fR any error -relating to the private key (for example an unsuitable key and digest -combination) will not be indicated until after potentially large amounts of -data have been passed through \fBEVP_SignUpdate()\fR. -.PP -It is not possible to change the signing parameters using these function. -.PP -The previous two bugs are fixed in the newer EVP_DigestVerify*() function. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_SignInit\fR\|(3), -\&\fBEVP_DigestInit\fR\|(3), -\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), -\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), -\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_aes.3 b/secure/lib/libcrypto/man/EVP_aes.3 deleted file mode 100644 index c79fbc05d30a..000000000000 --- a/secure/lib/libcrypto/man/EVP_aes.3 +++ /dev/null @@ -1,216 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_AES 3" -.TH EVP_AES 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_aes_128_cbc, EVP_aes_192_cbc, EVP_aes_256_cbc, EVP_aes_128_cfb, EVP_aes_192_cfb, EVP_aes_256_cfb, EVP_aes_128_cfb1, EVP_aes_192_cfb1, EVP_aes_256_cfb1, EVP_aes_128_cfb8, EVP_aes_192_cfb8, EVP_aes_256_cfb8, EVP_aes_128_cfb128, EVP_aes_192_cfb128, EVP_aes_256_cfb128, EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr, EVP_aes_128_ecb, EVP_aes_192_ecb, EVP_aes_256_ecb, EVP_aes_128_ofb, EVP_aes_192_ofb, EVP_aes_256_ofb, EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256, EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ocb, EVP_aes_192_ocb, EVP_aes_256_ocb, EVP_aes_128_wrap, EVP_aes_192_wrap, EVP_aes_256_wrap, EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, EVP_aes_256_wrap_pad, EVP_aes_128_xts, EVP_aes_256_xts \&\- EVP AES cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_ciphername(void) -.Ve -.PP -\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher -functions, such as \fIEVP_aes_128_cbc\fR. -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1AES\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fBEVP_aes_128_cbc()\fR, \fBEVP_aes_192_cbc()\fR, \fBEVP_aes_256_cbc()\fR, \fBEVP_aes_128_cfb()\fR, \fBEVP_aes_192_cfb()\fR, \fBEVP_aes_256_cfb()\fR, \fBEVP_aes_128_cfb1()\fR, \fBEVP_aes_192_cfb1()\fR, \fBEVP_aes_256_cfb1()\fR, \fBEVP_aes_128_cfb8()\fR, \fBEVP_aes_192_cfb8()\fR, \fBEVP_aes_256_cfb8()\fR, \fBEVP_aes_128_cfb128()\fR, \fBEVP_aes_192_cfb128()\fR, \fBEVP_aes_256_cfb128()\fR, \fBEVP_aes_128_ctr()\fR, \fBEVP_aes_192_ctr()\fR, \fBEVP_aes_256_ctr()\fR, \fBEVP_aes_128_ecb()\fR, \fBEVP_aes_192_ecb()\fR, \fBEVP_aes_256_ecb()\fR, \fBEVP_aes_128_ofb()\fR, \fBEVP_aes_192_ofb()\fR, \fBEVP_aes_256_ofb()\fR" 4 -.IX Item "EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()" -\&\s-1AES\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit -shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB,\s0 and \s-1OFB.\s0 -.IP "\fBEVP_aes_128_cbc_hmac_sha1()\fR, \fBEVP_aes_256_cbc_hmac_sha1()\fR" 4 -.IX Item "EVP_aes_128_cbc_hmac_sha1(), EVP_aes_256_cbc_hmac_sha1()" -Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA\-1\s0 as \s-1HMAC,\s0 with keys of -128 and 256 bits length respectively. The authentication tag is 160 bits long. -.Sp -\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of -some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 -interface. -.IP "\fBEVP_aes_128_cbc_hmac_sha256()\fR, \fBEVP_aes_256_cbc_hmac_sha256()\fR" 4 -.IX Item "EVP_aes_128_cbc_hmac_sha256(), EVP_aes_256_cbc_hmac_sha256()" -Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA256\s0 (\s-1SHA\-2,\s0 256\-bits) as -\&\s-1HMAC,\s0 with keys of 128 and 256 bits length respectively. The authentication tag -is 256 bits long. -.Sp -\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of -some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 -interface. -.IP "\fBEVP_aes_128_ccm()\fR, \fBEVP_aes_192_ccm()\fR, \fBEVP_aes_256_ccm()\fR, \fBEVP_aes_128_gcm()\fR, \fBEVP_aes_192_gcm()\fR, \fBEVP_aes_256_gcm()\fR, \fBEVP_aes_128_ocb()\fR, \fBEVP_aes_192_ocb()\fR, \fBEVP_aes_256_ocb()\fR" 4 -.IX Item "EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm(), EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm(), EVP_aes_128_ocb(), EVP_aes_192_ocb(), EVP_aes_256_ocb()" -\&\s-1AES\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0), Galois Counter Mode -(\s-1GCM\s0) and \s-1OCB\s0 Mode respectively. These ciphers require additional control -operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) -section for details. -.IP "\fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_128_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_192_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_256_wrap_pad()\fR" 4 -.IX Item "EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_256_wrap_pad()" -\&\s-1AES\s0 key wrap with 128, 192 and 256 bit keys, as according to \s-1RFC 3394\s0 section -2.2.1 (\*(L"wrap\*(R") and \s-1RFC 5649\s0 section 4.1 (\*(L"wrap with padding\*(R") respectively. -.IP "\fBEVP_aes_128_xts()\fR, \fBEVP_aes_256_xts()\fR" 4 -.IX Item "EVP_aes_128_xts(), EVP_aes_256_xts()" -\&\s-1AES XTS\s0 mode (XTS-AES) is standardized in \s-1IEEE\s0 Std. 1619\-2007 and described in \s-1NIST -SP 800\-38E.\s0 The \s-1XTS\s0 (XEX-based tweaked-codebook mode with ciphertext stealing) -mode was designed by Prof. Phillip Rogaway of University of California, Davis, -intended for encrypting data on a storage device. -.Sp -XTS-AES provides confidentiality but not authentication of data. It also -requires a key of double-length for protection of a certain key size. -In particular, \s-1XTS\-AES\-128\s0 (\fBEVP_aes_128_xts\fR) takes input of a 256\-bit key to -achieve \s-1AES\s0 128\-bit security, and \s-1XTS\-AES\-256\s0 (\fBEVP_aes_256_xts\fR) takes input -of a 512\-bit key to achieve \s-1AES\s0 256\-bit security. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_aria.3 b/secure/lib/libcrypto/man/EVP_aria.3 deleted file mode 100644 index 65fd2843fc27..000000000000 --- a/secure/lib/libcrypto/man/EVP_aria.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_ARIA 3" -.TH EVP_ARIA 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_aria_128_cbc, EVP_aria_192_cbc, EVP_aria_256_cbc, EVP_aria_128_cfb, EVP_aria_192_cfb, EVP_aria_256_cfb, EVP_aria_128_cfb1, EVP_aria_192_cfb1, EVP_aria_256_cfb1, EVP_aria_128_cfb8, EVP_aria_192_cfb8, EVP_aria_256_cfb8, EVP_aria_128_cfb128, EVP_aria_192_cfb128, EVP_aria_256_cfb128, EVP_aria_128_ctr, EVP_aria_192_ctr, EVP_aria_256_ctr, EVP_aria_128_ecb, EVP_aria_192_ecb, EVP_aria_256_ecb, EVP_aria_128_ofb, EVP_aria_192_ofb, EVP_aria_256_ofb, EVP_aria_128_ccm, EVP_aria_192_ccm, EVP_aria_256_ccm, EVP_aria_128_gcm, EVP_aria_192_gcm, EVP_aria_256_gcm, \&\- EVP ARIA cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_ciphername(void) -.Ve -.PP -\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher -functions, such as \fIEVP_aria_128_cbc\fR. -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1ARIA\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fBEVP_aria_128_cbc()\fR, \fBEVP_aria_192_cbc()\fR, \fBEVP_aria_256_cbc()\fR, \fBEVP_aria_128_cfb()\fR, \fBEVP_aria_192_cfb()\fR, \fBEVP_aria_256_cfb()\fR, \fBEVP_aria_128_cfb1()\fR, \fBEVP_aria_192_cfb1()\fR, \fBEVP_aria_256_cfb1()\fR, \fBEVP_aria_128_cfb8()\fR, \fBEVP_aria_192_cfb8()\fR, \fBEVP_aria_256_cfb8()\fR, \fBEVP_aria_128_cfb128()\fR, \fBEVP_aria_192_cfb128()\fR, \fBEVP_aria_256_cfb128()\fR, \fBEVP_aria_128_ctr()\fR, \fBEVP_aria_192_ctr()\fR, \fBEVP_aria_256_ctr()\fR, \fBEVP_aria_128_ecb()\fR, \fBEVP_aria_192_ecb()\fR, \fBEVP_aria_256_ecb()\fR, \fBEVP_aria_128_ofb()\fR, \fBEVP_aria_192_ofb()\fR, \fBEVP_aria_256_ofb()\fR" 4 -.IX Item "EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()" -\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with -128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 -.IP "\fBEVP_aria_128_ccm()\fR, \fBEVP_aria_192_ccm()\fR, \fBEVP_aria_256_ccm()\fR, \fBEVP_aria_128_gcm()\fR, \fBEVP_aria_192_gcm()\fR, \fBEVP_aria_256_gcm()\fR," 4 -.IX Item "EVP_aria_128_ccm(), EVP_aria_192_ccm(), EVP_aria_256_ccm(), EVP_aria_128_gcm(), EVP_aria_192_gcm(), EVP_aria_256_gcm()," -\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0) and Galois Counter -Mode (\s-1GCM\s0). These ciphers require additional control operations to function -correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for details. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_bf_cbc.3 b/secure/lib/libcrypto/man/EVP_bf_cbc.3 deleted file mode 100644 index e04fc08cddb9..000000000000 --- a/secure/lib/libcrypto/man/EVP_bf_cbc.3 +++ /dev/null @@ -1,179 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_BF_CBC 3" -.TH EVP_BF_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_bf_cbc, EVP_bf_cfb, EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_bf_cbc(void) -\& const EVP_CIPHER *EVP_bf_cfb(void) -\& const EVP_CIPHER *EVP_bf_cfb64(void) -\& const EVP_CIPHER *EVP_bf_ecb(void) -\& const EVP_CIPHER *EVP_bf_ofb(void) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The Blowfish encryption algorithm for \s-1EVP.\s0 -.PP -This is a variable key length cipher. -.IP "\fBEVP_bf_cbc()\fR, \fBEVP_bf_cfb()\fR, \fBEVP_bf_cfb64()\fR, \fBEVP_bf_ecb()\fR, \fBEVP_bf_ofb()\fR" 4 -.IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()" -Blowfish encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_blake2b512.3 b/secure/lib/libcrypto/man/EVP_blake2b512.3 deleted file mode 100644 index 257b6707290c..000000000000 --- a/secure/lib/libcrypto/man/EVP_blake2b512.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_BLAKE2B512 3" -.TH EVP_BLAKE2B512 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_blake2b512, EVP_blake2s256 \&\- BLAKE2 For EVP -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_MD *EVP_blake2b512(void); -\& const EVP_MD *EVP_blake2s256(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1BLAKE2\s0 is an improved version of \s-1BLAKE,\s0 which was submitted to the \s-1NIST SHA\-3\s0 -algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in -\&\s-1RFC 7693.\s0 -.IP "\fBEVP_blake2s256()\fR" 4 -.IX Item "EVP_blake2s256()" -The BLAKE2s algorithm that produces a 256\-bit output from a given input. -.IP "\fBEVP_blake2b512()\fR" 4 -.IX Item "EVP_blake2b512()" -The BLAKE2b algorithm that produces a 512\-bit output from a given input. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1RFC 7693.\s0 -.SH "NOTES" -.IX Header "NOTES" -While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, -this implementation outputs a digest of a fixed length (the maximum length -supported), which is 512\-bits for BLAKE2b and 256\-bits for BLAKE2s. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_camellia.3 b/secure/lib/libcrypto/man/EVP_camellia.3 deleted file mode 100644 index f492975343af..000000000000 --- a/secure/lib/libcrypto/man/EVP_camellia.3 +++ /dev/null @@ -1,177 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_CAMELLIA 3" -.TH EVP_CAMELLIA 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_camellia_128_cbc, EVP_camellia_192_cbc, EVP_camellia_256_cbc, EVP_camellia_128_cfb, EVP_camellia_192_cfb, EVP_camellia_256_cfb, EVP_camellia_128_cfb1, EVP_camellia_192_cfb1, EVP_camellia_256_cfb1, EVP_camellia_128_cfb8, EVP_camellia_192_cfb8, EVP_camellia_256_cfb8, EVP_camellia_128_cfb128, EVP_camellia_192_cfb128, EVP_camellia_256_cfb128, EVP_camellia_128_ctr, EVP_camellia_192_ctr, EVP_camellia_256_ctr, EVP_camellia_128_ecb, EVP_camellia_192_ecb, EVP_camellia_256_ecb, EVP_camellia_128_ofb, EVP_camellia_192_ofb, EVP_camellia_256_ofb \&\- EVP Camellia cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_ciphername(void) -.Ve -.PP -\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher -functions, such as \fIEVP_camellia_128_cbc\fR. -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The Camellia encryption algorithm for \s-1EVP.\s0 -.IP "\fBEVP_camellia_128_cbc()\fR, \fBEVP_camellia_192_cbc()\fR, \fBEVP_camellia_256_cbc()\fR, \fBEVP_camellia_128_cfb()\fR, \fBEVP_camellia_192_cfb()\fR, \fBEVP_camellia_256_cfb()\fR, \fBEVP_camellia_128_cfb1()\fR, \fBEVP_camellia_192_cfb1()\fR, \fBEVP_camellia_256_cfb1()\fR, \fBEVP_camellia_128_cfb8()\fR, \fBEVP_camellia_192_cfb8()\fR, \fBEVP_camellia_256_cfb8()\fR, \fBEVP_camellia_128_cfb128()\fR, \fBEVP_camellia_192_cfb128()\fR, \fBEVP_camellia_256_cfb128()\fR, \fBEVP_camellia_128_ctr()\fR, \fBEVP_camellia_192_ctr()\fR, \fBEVP_camellia_256_ctr()\fR, \fBEVP_camellia_128_ecb()\fR, \fBEVP_camellia_192_ecb()\fR, \fBEVP_camellia_256_ecb()\fR, \fBEVP_camellia_128_ofb()\fR, \fBEVP_camellia_192_ofb()\fR, \fBEVP_camellia_256_ofb()\fR" 4 -.IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()" -Camellia for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with -128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_cast5_cbc.3 b/secure/lib/libcrypto/man/EVP_cast5_cbc.3 deleted file mode 100644 index 907808dbb23a..000000000000 --- a/secure/lib/libcrypto/man/EVP_cast5_cbc.3 +++ /dev/null @@ -1,179 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_CAST5_CBC 3" -.TH EVP_CAST5_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb \&\- EVP CAST cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_cast5_cbc(void) -\& const EVP_CIPHER *EVP_cast5_cfb(void) -\& const EVP_CIPHER *EVP_cast5_cfb64(void) -\& const EVP_CIPHER *EVP_cast5_ecb(void) -\& const EVP_CIPHER *EVP_cast5_ofb(void) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1CAST\s0 encryption algorithm for \s-1EVP.\s0 -.PP -This is a variable key length cipher. -.IP "\fBEVP_cast5_cbc()\fR, \fBEVP_cast5_ecb()\fR, \fBEVP_cast5_cfb()\fR, \fBEVP_cast5_cfb64()\fR, \fBEVP_cast5_ofb()\fR" 4 -.IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()" -\&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_chacha20.3 b/secure/lib/libcrypto/man/EVP_chacha20.3 deleted file mode 100644 index 0a3f1c52d8e5..000000000000 --- a/secure/lib/libcrypto/man/EVP_chacha20.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_CHACHA20 3" -.TH EVP_CHACHA20 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_chacha20, EVP_chacha20_poly1305 \&\- EVP ChaCha20 stream cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_chacha20(void) -\& const EVP_CIPHER *EVP_chacha20_poly1305(void) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The ChaCha20 stream cipher for \s-1EVP.\s0 -.IP "\fBEVP_chacha20()\fR" 4 -.IX Item "EVP_chacha20()" -The ChaCha20 stream cipher. The key length is 256 bits, the \s-1IV\s0 is 128 bits long. -The first 32 bits consists of a counter in little-endian order followed by a 96 -bit nonce. For example a nonce of: -.Sp -000000000000000000000002 -.Sp -With an initial counter of 42 (2a in hex) would be expressed as: -.Sp -2a000000000000000000000000000002 -.IP "\fBEVP_chacha20_poly1305()\fR" 4 -.IX Item "EVP_chacha20_poly1305()" -Authenticated encryption with ChaCha20\-Poly1305. Like \fBEVP_chacha20()\fR, the key -is 256 bits and the \s-1IV\s0 is 96 bits. This supports additional authenticated data -(\s-1AAD\s0) and produces a 128\-bit authentication tag. See the -\&\*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for more information. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_des.3 b/secure/lib/libcrypto/man/EVP_des.3 deleted file mode 100644 index 2e809fa8ae20..000000000000 --- a/secure/lib/libcrypto/man/EVP_des.3 +++ /dev/null @@ -1,187 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_DES 3" -.TH EVP_DES 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_des_cbc, EVP_des_cfb, EVP_des_cfb1, EVP_des_cfb8, EVP_des_cfb64, EVP_des_ecb, EVP_des_ofb, EVP_des_ede, EVP_des_ede_cbc, EVP_des_ede_cfb, EVP_des_ede_cfb64, EVP_des_ede_ecb, EVP_des_ede_ofb, EVP_des_ede3, EVP_des_ede3_cbc, EVP_des_ede3_cfb, EVP_des_ede3_cfb1, EVP_des_ede3_cfb8, EVP_des_ede3_cfb64, EVP_des_ede3_ecb, EVP_des_ede3_ofb, EVP_des_ede3_wrap \&\- EVP DES cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_ciphername(void) -.Ve -.PP -\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher -functions, such as \fIEVP_des_cbc\fR. -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1DES\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fBEVP_des_cbc()\fR, \fBEVP_des_ecb()\fR, \fBEVP_des_cfb()\fR, \fBEVP_des_cfb1()\fR, \fBEVP_des_cfb8()\fR, \fBEVP_des_cfb64()\fR, \fBEVP_des_ofb()\fR" 4 -.IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()" -\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit -shift and \s-1OFB\s0 modes. -.IP "\fBEVP_des_ede()\fR, \fBEVP_des_ede_cbc()\fR, \fBEVP_des_ede_cfb()\fR, \fBEVP_des_ede_cfb64()\fR, \fBEVP_des_ede_ecb()\fR, \fBEVP_des_ede_ofb()\fR" 4 -.IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()" -Two key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift and \s-1OFB\s0 modes. -.IP "\fBEVP_des_ede3()\fR, \fBEVP_des_ede3_cbc()\fR, \fBEVP_des_ede3_cfb()\fR, \fBEVP_des_ede3_cfb1()\fR, \fBEVP_des_ede3_cfb8()\fR, \fBEVP_des_ede3_cfb64()\fR, \fBEVP_des_ede3_ecb()\fR, \fBEVP_des_ede3_ofb()\fR" 4 -.IX Item "EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()" -Three-key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, -\&\s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. -.IP "\fBEVP_des_ede3_wrap()\fR" 4 -.IX Item "EVP_des_ede3_wrap()" -Triple-DES key wrap according to \s-1RFC 3217\s0 Section 3. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_desx_cbc.3 b/secure/lib/libcrypto/man/EVP_desx_cbc.3 deleted file mode 100644 index 4f50dd4a9ccc..000000000000 --- a/secure/lib/libcrypto/man/EVP_desx_cbc.3 +++ /dev/null @@ -1,175 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_DESX_CBC 3" -.TH EVP_DESX_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_desx_cbc \&\- EVP DES\-X cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_desx_cbc(void) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The DES-X encryption algorithm for \s-1EVP.\s0 -.PP -All modes below use a key length of 128 bits and acts on blocks of 128\-bits. -.IP "\fBEVP_desx_cbc()\fR" 4 -.IX Item "EVP_desx_cbc()" -The DES-X algorithm in \s-1CBC\s0 mode. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_idea_cbc.3 b/secure/lib/libcrypto/man/EVP_idea_cbc.3 deleted file mode 100644 index 5fca826ccf61..000000000000 --- a/secure/lib/libcrypto/man/EVP_idea_cbc.3 +++ /dev/null @@ -1,177 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_IDEA_CBC 3" -.TH EVP_IDEA_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_idea_cbc, EVP_idea_cfb, EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb \&\- EVP IDEA cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_idea_cbc(void) -\& const EVP_CIPHER *EVP_idea_cfb(void) -\& const EVP_CIPHER *EVP_idea_cfb64(void) -\& const EVP_CIPHER *EVP_idea_ecb(void) -\& const EVP_CIPHER *EVP_idea_ofb(void) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1IDEA\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fBEVP_idea_cbc()\fR, \fBEVP_idea_cfb()\fR, \fBEVP_idea_cfb64()\fR, \fBEVP_idea_ecb()\fR, \fBEVP_idea_ofb()\fR" 4 -.IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()" -The \s-1IDEA\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_md2.3 b/secure/lib/libcrypto/man/EVP_md2.3 deleted file mode 100644 index e01f4d9e9c4e..000000000000 --- a/secure/lib/libcrypto/man/EVP_md2.3 +++ /dev/null @@ -1,176 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_MD2 3" -.TH EVP_MD2 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_md2 \&\- MD2 For EVP -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_MD *EVP_md2(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1MD2\s0 is a cryptographic hash function standardized in \s-1RFC 1319\s0 and designed by -Ronald Rivest. -.IP "\fBEVP_md2()\fR" 4 -.IX Item "EVP_md2()" -The \s-1MD2\s0 algorithm which produces a 128\-bit output from a given input. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1IETF RFC 1319.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_md4.3 b/secure/lib/libcrypto/man/EVP_md4.3 deleted file mode 100644 index cfcf27ce4acb..000000000000 --- a/secure/lib/libcrypto/man/EVP_md4.3 +++ /dev/null @@ -1,176 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_MD4 3" -.TH EVP_MD4 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_md4 \&\- MD4 For EVP -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_MD *EVP_md4(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1MD4\s0 is a cryptographic hash function standardized in \s-1RFC 1320\s0 and designed by -Ronald Rivest, first published in 1990. -.IP "\fBEVP_md4()\fR" 4 -.IX Item "EVP_md4()" -The \s-1MD4\s0 algorithm which produces a 128\-bit output from a given input. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1IETF RFC 1320.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_md5.3 b/secure/lib/libcrypto/man/EVP_md5.3 deleted file mode 100644 index f512a8de247c..000000000000 --- a/secure/lib/libcrypto/man/EVP_md5.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_MD5 3" -.TH EVP_MD5 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_md5, EVP_md5_sha1 \&\- MD5 For EVP -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_MD *EVP_md5(void); -\& const EVP_MD *EVP_md5_sha1(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1MD5\s0 is a cryptographic hash function standardized in \s-1RFC 1321\s0 and designed by -Ronald Rivest. -.PP -The \s-1CMU\s0 Software Engineering Institute considers \s-1MD5\s0 unsuitable for further -use since its security has been severely compromised. -.IP "\fBEVP_md5()\fR" 4 -.IX Item "EVP_md5()" -The \s-1MD5\s0 algorithm which produces a 128\-bit output from a given input. -.IP "\fBEVP_md5_sha1()\fR" 4 -.IX Item "EVP_md5_sha1()" -A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as described in \s-1RFC -6101.\s0 -.Sp -\&\s-1WARNING:\s0 this algorithm is not intended for non-SSL usage. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1IETF RFC 1321.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_mdc2.3 b/secure/lib/libcrypto/man/EVP_mdc2.3 deleted file mode 100644 index 2f76da399c2d..000000000000 --- a/secure/lib/libcrypto/man/EVP_mdc2.3 +++ /dev/null @@ -1,177 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_MDC2 3" -.TH EVP_MDC2 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_mdc2 \&\- MDC\-2 For EVP -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_MD *EVP_mdc2(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1MDC\-2\s0 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic -hash function based on a block cipher. -.IP "\fBEVP_mdc2()\fR" 4 -.IX Item "EVP_mdc2()" -The \s-1MDC\-2DES\s0 algorithm of using \s-1MDC\-2\s0 with the \s-1DES\s0 block cipher. It produces a -128\-bit output from a given input. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_rc2_cbc.3 b/secure/lib/libcrypto/man/EVP_rc2_cbc.3 deleted file mode 100644 index 7129201573a3..000000000000 --- a/secure/lib/libcrypto/man/EVP_rc2_cbc.3 +++ /dev/null @@ -1,189 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_RC2_CBC 3" -.TH EVP_RC2_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_cfb64, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc \&\- EVP RC2 cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_rc2_cbc(void) -\& const EVP_CIPHER *EVP_rc2_cfb(void) -\& const EVP_CIPHER *EVP_rc2_cfb64(void) -\& const EVP_CIPHER *EVP_rc2_ecb(void) -\& const EVP_CIPHER *EVP_rc2_ofb(void) -\& const EVP_CIPHER *EVP_rc2_40_cbc(void) -\& const EVP_CIPHER *EVP_rc2_64_cbc(void) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1RC2\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fBEVP_rc2_cbc()\fR, \fBEVP_rc2_cfb()\fR, \fBEVP_rc2_cfb64()\fR, \fBEVP_rc2_ecb()\fR, \fBEVP_rc2_ofb()\fR" 4 -.IX Item "EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()" -\&\s-1RC2\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a -variable key length cipher with an additional parameter called \*(L"effective key -bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits. -.IP "\fBEVP_rc2_40_cbc()\fR, \fBEVP_rc2_64_cbc()\fR" 4 -.IX Item "EVP_rc2_40_cbc(), EVP_rc2_64_cbc()" -\&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of -40 and 64 bits. -.Sp -\&\s-1WARNING:\s0 these functions are obsolete. Their usage should be replaced with the -\&\fBEVP_rc2_cbc()\fR, \fBEVP_CIPHER_CTX_set_key_length()\fR and \fBEVP_CIPHER_CTX_ctrl()\fR -functions to set the key length and effective key length. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_rc4.3 b/secure/lib/libcrypto/man/EVP_rc4.3 deleted file mode 100644 index ddf2d5153416..000000000000 --- a/secure/lib/libcrypto/man/EVP_rc4.3 +++ /dev/null @@ -1,189 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_RC4 3" -.TH EVP_RC4 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5 \&\- EVP RC4 stream cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_rc4(void) -\& const EVP_CIPHER *EVP_rc4_40(void) -\& const EVP_CIPHER *EVP_rc4_hmac_md5(void) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1RC4\s0 stream cipher for \s-1EVP.\s0 -.IP "\fBEVP_rc4()\fR" 4 -.IX Item "EVP_rc4()" -\&\s-1RC4\s0 stream cipher. This is a variable key length cipher with a default key -length of 128 bits. -.IP "\fBEVP_rc4_40()\fR" 4 -.IX Item "EVP_rc4_40()" -\&\s-1RC4\s0 stream cipher with 40 bit key length. -.Sp -\&\s-1WARNING:\s0 this function is obsolete. Its usage should be replaced with the -\&\fBEVP_rc4()\fR and the \fBEVP_CIPHER_CTX_set_key_length()\fR functions. -.IP "\fBEVP_rc4_hmac_md5()\fR" 4 -.IX Item "EVP_rc4_hmac_md5()" -Authenticated encryption with the \s-1RC4\s0 stream cipher with \s-1MD5\s0 as \s-1HMAC.\s0 -.Sp -\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of -some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 -interface. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 b/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 deleted file mode 100644 index a6d21839c41c..000000000000 --- a/secure/lib/libcrypto/man/EVP_rc5_32_12_16_cbc.3 +++ /dev/null @@ -1,196 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_RC5_32_12_16_CBC 3" -.TH EVP_RC5_32_12_16_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_cfb64, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb \&\- EVP RC5 cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void) -\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) -\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void) -\& const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void) -\& const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1RC5\s0 encryption algorithm for \s-1EVP.\s0 -.IP "\fBEVP_rc5_32_12_16_cbc()\fR, \fBEVP_rc5_32_12_16_cfb()\fR, \fBEVP_rc5_32_12_16_cfb64()\fR, \fBEVP_rc5_32_12_16_ecb()\fR, \fBEVP_rc5_32_12_16_ofb()\fR" 4 -.IX Item "EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()" -\&\s-1RC5\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a -variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By -default the key length is set to 128 bits and 12 rounds. Alternative key lengths -can be set using \fBEVP_CIPHER_CTX_set_key_length\fR\|(3). The maximum key length is -2040 bits. -.Sp -The following rc5 specific \fIctrl\fRs are supported (see -\&\fBEVP_CIPHER_CTX_ctrl\fR\|(3)). -.RS 4 -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_SET_RC5_ROUNDS,\s0 rounds, \s-1NULL\s0)" 4 -.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)" -Sets the number of rounds to \fBrounds\fR. This must be one of \s-1RC5_8_ROUNDS, -RC5_12_ROUNDS\s0 or \s-1RC5_16_ROUNDS.\s0 -.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_GET_RC5_ROUNDS, 0,\s0 &rounds)" 4 -.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)" -Stores the number of rounds currently configured in \fB*rounds\fR where \fB*rounds\fR -is an int. -.RE -.RS 4 -.RE -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_ripemd160.3 b/secure/lib/libcrypto/man/EVP_ripemd160.3 deleted file mode 100644 index 8380f78ef3a5..000000000000 --- a/secure/lib/libcrypto/man/EVP_ripemd160.3 +++ /dev/null @@ -1,176 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_RIPEMD160 3" -.TH EVP_RIPEMD160 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_ripemd160 \&\- RIPEMD160 For EVP -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_MD *EVP_ripemd160(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1RIPEMD\-160\s0 is a cryptographic hash function first published in 1996 belonging -to the \s-1RIPEMD\s0 family (\s-1RACE\s0 Integrity Primitives Evaluation Message Digest). -.IP "\fBEVP_ripemd160()\fR" 4 -.IX Item "EVP_ripemd160()" -The \s-1RIPEMD\-160\s0 algorithm which produces a 160\-bit output from a given input. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_seed_cbc.3 b/secure/lib/libcrypto/man/EVP_seed_cbc.3 deleted file mode 100644 index 6dd6417db97f..000000000000 --- a/secure/lib/libcrypto/man/EVP_seed_cbc.3 +++ /dev/null @@ -1,179 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_SEED_CBC 3" -.TH EVP_SEED_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_seed_cbc, EVP_seed_cfb, EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb \&\- EVP SEED cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_seed_cbc(void) -\& const EVP_CIPHER *EVP_seed_cfb(void) -\& const EVP_CIPHER *EVP_seed_cfb128(void) -\& const EVP_CIPHER *EVP_seed_ecb(void) -\& const EVP_CIPHER *EVP_seed_ofb(void) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1SEED\s0 encryption algorithm for \s-1EVP.\s0 -.PP -All modes below use a key length of 128 bits and acts on blocks of 128\-bits. -.IP "\fBEVP_seed_cbc()\fR, \fBEVP_seed_cfb()\fR, \fBEVP_seed_cfb128()\fR, \fBEVP_seed_ecb()\fR, \fBEVP_seed_ofb()\fR" 4 -.IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()" -The \s-1SEED\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_sha1.3 b/secure/lib/libcrypto/man/EVP_sha1.3 deleted file mode 100644 index fd688d5f4c04..000000000000 --- a/secure/lib/libcrypto/man/EVP_sha1.3 +++ /dev/null @@ -1,177 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_SHA1 3" -.TH EVP_SHA1 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_sha1 \&\- SHA\-1 For EVP -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_MD *EVP_sha1(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1SHA\-1\s0 (Secure Hash Algorithm 1) is a cryptographic hash function standardized -in \s-1NIST FIPS 180\-4.\s0 The algorithm was designed by the United States National -Security Agency and initially published in 1995. -.IP "\fBEVP_sha1()\fR" 4 -.IX Item "EVP_sha1()" -The \s-1SHA\-1\s0 algorithm which produces a 160\-bit output from a given input. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1NIST FIPS 180\-4.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_sha224.3 b/secure/lib/libcrypto/man/EVP_sha224.3 deleted file mode 100644 index 3863fcdba82c..000000000000 --- a/secure/lib/libcrypto/man/EVP_sha224.3 +++ /dev/null @@ -1,187 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_SHA224 3" -.TH EVP_SHA224 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_sha224, EVP_sha256, EVP_sha512_224, EVP_sha512_256, EVP_sha384, EVP_sha512 \&\- SHA\-2 For EVP -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_MD *EVP_sha224(void); -\& const EVP_MD *EVP_sha256(void); -\& const EVP_MD *EVP_sha512_224(void); -\& const EVP_MD *EVP_sha512_256(void); -\& const EVP_MD *EVP_sha384(void); -\& const EVP_MD *EVP_sha512(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1SHA\-2\s0 (Secure Hash Algorithm 2) is a family of cryptographic hash functions -standardized in \s-1NIST FIPS 180\-4,\s0 first published in 2001. -.IP "\fBEVP_sha224()\fR, \fBEVP_sha256()\fR, EVP_sha512_224, EVP_sha512_256, \fBEVP_sha384()\fR, \fBEVP_sha512()\fR" 4 -.IX Item "EVP_sha224(), EVP_sha256(), EVP_sha512_224, EVP_sha512_256, EVP_sha384(), EVP_sha512()" -The \s-1SHA\-2 SHA\-224, SHA\-256, SHA\-512/224, SHA512/256, SHA\-384\s0 and \s-1SHA\-512\s0 -algorithms, which generate 224, 256, 224, 256, 384 and 512 bits -respectively of output from a given input. -.Sp -The two algorithms: \s-1SHA\-512/224\s0 and \s-1SHA512/256\s0 are truncated forms of the -\&\s-1SHA\-512\s0 algorithm. They are distinct from \s-1SHA\-224\s0 and \s-1SHA\-256\s0 even though -their outputs are of the same size. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1NIST FIPS 180\-4.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_sha3_224.3 b/secure/lib/libcrypto/man/EVP_sha3_224.3 deleted file mode 100644 index 80912d1f03f4..000000000000 --- a/secure/lib/libcrypto/man/EVP_sha3_224.3 +++ /dev/null @@ -1,192 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_SHA3_224 3" -.TH EVP_SHA3_224 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_sha3_224, EVP_sha3_256, EVP_sha3_384, EVP_sha3_512, EVP_shake128, EVP_shake256 \&\- SHA\-3 For EVP -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_MD *EVP_sha3_224(void); -\& const EVP_MD *EVP_sha3_256(void); -\& const EVP_MD *EVP_sha3_384(void); -\& const EVP_MD *EVP_sha3_512(void); -\& -\& const EVP_MD *EVP_shake128(void); -\& const EVP_MD *EVP_shake256(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1SHA\-3\s0 (Secure Hash Algorithm 3) is a family of cryptographic hash functions -standardized in \s-1NIST FIPS 202,\s0 first published in 2015. It is based on the -Keccak algorithm. -.IP "\fBEVP_sha3_224()\fR, \fBEVP_sha3_256()\fR, \fBEVP_sha3_384()\fR, \fBEVP_sha3_512()\fR" 4 -.IX Item "EVP_sha3_224(), EVP_sha3_256(), EVP_sha3_384(), EVP_sha3_512()" -The \s-1SHA\-3 SHA\-3\-224, SHA\-3\-256, SHA\-3\-384,\s0 and \s-1SHA\-3\-512\s0 algorithms -respectively. They produce 224, 256, 384 and 512 bits of output from a given -input. -.IP "\fBEVP_shake128()\fR, \fBEVP_shake256()\fR" 4 -.IX Item "EVP_shake128(), EVP_shake256()" -The \s-1SHAKE\-128\s0 and \s-1SHAKE\-256\s0 Extendable Output Functions (\s-1XOF\s0) that can generate -a variable hash length. -.Sp -Specifically, \fBEVP_shake128\fR provides an overall security of 128 bits, while -\&\fBEVP_shake256\fR provides that of 256 bits. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1NIST FIPS 202.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_sm3.3 b/secure/lib/libcrypto/man/EVP_sm3.3 deleted file mode 100644 index b43489ffe60e..000000000000 --- a/secure/lib/libcrypto/man/EVP_sm3.3 +++ /dev/null @@ -1,177 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_SM3 3" -.TH EVP_SM3 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_sm3 \&\- SM3 for EVP -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_MD *EVP_sm3(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1SM3\s0 is a cryptographic hash function with a 256\-bit output, defined in \s-1GB/T -32905\-2016.\s0 -.IP "\fBEVP_sm3()\fR" 4 -.IX Item "EVP_sm3()" -The \s-1SM3\s0 hash function. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1GB/T 32905\-2016\s0 and \s-1GM/T 0004\-2012.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -Copyright 2017 Ribose Inc. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_sm4_cbc.3 b/secure/lib/libcrypto/man/EVP_sm4_cbc.3 deleted file mode 100644 index f1bb99f33e4a..000000000000 --- a/secure/lib/libcrypto/man/EVP_sm4_cbc.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_SM4_CBC 3" -.TH EVP_SM4_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_cfb128, EVP_sm4_ofb, EVP_sm4_ctr \&\- EVP SM4 cipher -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_CIPHER *EVP_sm4_cbc(void); -\& const EVP_CIPHER *EVP_sm4_ecb(void); -\& const EVP_CIPHER *EVP_sm4_cfb(void); -\& const EVP_CIPHER *EVP_sm4_cfb128(void); -\& const EVP_CIPHER *EVP_sm4_ofb(void); -\& const EVP_CIPHER *EVP_sm4_ctr(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1SM4\s0 blockcipher (\s-1GB/T 32907\-2016\s0) for \s-1EVP.\s0 -.PP -All modes below use a key length of 128 bits and acts on blocks of 128 bits. -.IP "\fBEVP_sm4_cbc()\fR, \fBEVP_sm4_ecb()\fR, \fBEVP_sm4_cfb()\fR, \fBEVP_sm4_cfb128()\fR, \fBEVP_sm4_ofb()\fR, \fBEVP_sm4_ctr()\fR" 4 -.IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()" -The \s-1SM4\s0 blockcipher with a 128\-bit key in \s-1CBC, ECB, CFB, OFB\s0 and \s-1CTR\s0 modes -respectively. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_CIPHER\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for -details of the \fB\s-1EVP_CIPHER\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_EncryptInit\fR\|(3), -\&\fBEVP_CIPHER_meth_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -Copyright 2017 Ribose Inc. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/EVP_whirlpool.3 b/secure/lib/libcrypto/man/EVP_whirlpool.3 deleted file mode 100644 index 3b8c83942c32..000000000000 --- a/secure/lib/libcrypto/man/EVP_whirlpool.3 +++ /dev/null @@ -1,177 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "EVP_WHIRLPOOL 3" -.TH EVP_WHIRLPOOL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -EVP_whirlpool \&\- WHIRLPOOL For EVP -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const EVP_MD *EVP_whirlpool(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1WHIRLPOOL\s0 is a cryptographic hash function standardized in \s-1ISO/IEC 10118\-3:2004\s0 -designed by Vincent Rijmen and Paulo S. L. M. Barreto. -.IP "\fBEVP_whirlpool()\fR" 4 -.IX Item "EVP_whirlpool()" -The \s-1WHIRLPOOL\s0 algorithm that produces a message digest of 512\-bits from a given -input. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the -implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for -details of the \fB\s-1EVP_MD\s0\fR structure. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1ISO/IEC 10118\-3:2004.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/HMAC.3 b/secure/lib/libcrypto/man/HMAC.3 deleted file mode 100644 index 4ff9e1ddcc84..000000000000 --- a/secure/lib/libcrypto/man/HMAC.3 +++ /dev/null @@ -1,279 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "HMAC 3" -.TH HMAC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags, HMAC_CTX_get_md, HMAC_size \&\- HMAC message authentication code -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& unsigned char *HMAC(const EVP_MD *evp_md, const void *key, -\& int key_len, const unsigned char *d, int n, -\& unsigned char *md, unsigned int *md_len); -\& -\& HMAC_CTX *HMAC_CTX_new(void); -\& int HMAC_CTX_reset(HMAC_CTX *ctx); -\& -\& int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, -\& const EVP_MD *md, ENGINE *impl); -\& int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); -\& int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); -\& -\& void HMAC_CTX_free(HMAC_CTX *ctx); -\& -\& int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); -\& void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); -\& const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); -\& -\& size_t HMAC_size(const HMAC_CTX *e); -.Ve -.PP -Deprecated: -.PP -.Vb 4 -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, -\& const EVP_MD *md); -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash -function used for message authentication, which is based on a hash -function. -.PP -\&\s-1\fBHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at -\&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is -\&\fBkey_len\fR bytes long. -.PP -It places the result in \fBmd\fR (which must have space for the output of -the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes). -If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of -the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. Note: passing a \s-1NULL\s0 -value for \fBmd\fR to use the static array is not thread safe. -.PP -\&\fBevp_md\fR is a message digest such as \fBEVP_sha1()\fR, \fBEVP_ripemd160()\fR etc. \s-1HMAC\s0 does -not support variable output length digests such as \fBEVP_shake128()\fR and -\&\fBEVP_shake256()\fR. -.PP -\&\fBHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory. -.PP -\&\fBHMAC_CTX_reset()\fR zeroes an existing \fB\s-1HMAC_CTX\s0\fR and associated -resources, making it suitable for new computations as if it was newly -created with \fBHMAC_CTX_new()\fR. -.PP -\&\fBHMAC_CTX_free()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR, -releases any associated resources and finally frees the \fB\s-1HMAC_CTX\s0\fR -itself. -.PP -The following functions may be used if the message is not completely -stored in memory: -.PP -\&\fBHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash -function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL,\s0 or if \fBkey\fR is \s-1NULL\s0 -and \fBevp_md\fR is the same as the previous call, then the -existing key is -reused. \fBctx\fR must have been created with \fBHMAC_CTX_new()\fR before the first use -of an \fB\s-1HMAC_CTX\s0\fR in this function. -.PP -If \fBHMAC_Init_ex()\fR is called with \fBkey\fR \s-1NULL\s0 and \fBevp_md\fR is not the -same as the previous digest used by \fBctx\fR then an error is returned -because reuse of an existing key with a different digest is not supported. -.PP -\&\fBHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash -function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes -long. -.PP -\&\fBHMAC_Update()\fR can be called repeatedly with chunks of the message to -be authenticated (\fBlen\fR bytes at \fBdata\fR). -.PP -\&\fBHMAC_Final()\fR places the message authentication code in \fBmd\fR, which -must have space for the hash function output. -.PP -\&\fBHMAC_CTX_copy()\fR copies all of the internal state from \fBsctx\fR into \fBdctx\fR. -.PP -\&\fBHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs. -These flags have the same meaning as for \fBEVP_MD_CTX_set_flags\fR\|(3). -.PP -\&\fBHMAC_CTX_get_md()\fR returns the \s-1EVP_MD\s0 that has previously been set for the -supplied \s-1HMAC_CTX.\s0 -.PP -\&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\s-1\fBHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if -an error occurred. -.PP -\&\fBHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or -\&\fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBHMAC_CTX_reset()\fR, \fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR, \fBHMAC_Final()\fR and -\&\fBHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred. -.PP -\&\fBHMAC_CTX_get_md()\fR return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or -\&\s-1NULL\s0 if no \s-1EVP_MD\s0 has been set. -.PP -\&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output -or zero on error. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1RFC 2104\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\s-1\fBSHA1\s0\fR\|(3), \fBevp\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBHMAC_CTX_init()\fR was replaced with \fBHMAC_CTX_reset()\fR in OpenSSL 1.1.0. -.PP -\&\fBHMAC_CTX_cleanup()\fR existed in OpenSSL before version 1.1.0. -.PP -\&\fBHMAC_CTX_new()\fR, \fBHMAC_CTX_free()\fR and \fBHMAC_CTX_get_md()\fR are new in OpenSSL 1.1.0. -.PP -\&\fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR and \fBHMAC_Final()\fR did not return values in -OpenSSL before version 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/MD5.3 b/secure/lib/libcrypto/man/MD5.3 deleted file mode 100644 index 3d127a9e504f..000000000000 --- a/secure/lib/libcrypto/man/MD5.3 +++ /dev/null @@ -1,224 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "MD5 3" -.TH MD5 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); -\& -\& int MD2_Init(MD2_CTX *c); -\& int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); -\& int MD2_Final(unsigned char *md, MD2_CTX *c); -\& -\& -\& #include -\& -\& unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); -\& -\& int MD4_Init(MD4_CTX *c); -\& int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); -\& int MD4_Final(unsigned char *md, MD4_CTX *c); -\& -\& -\& #include -\& -\& unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); -\& -\& int MD5_Init(MD5_CTX *c); -\& int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); -\& int MD5_Final(unsigned char *md, MD5_CTX *c); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. -.PP -\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest -of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space -for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 -bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static -array. -.PP -The following functions may be used if the message is not completely -stored in memory: -.PP -\&\fBMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. -.PP -\&\fBMD2_Update()\fR can be called repeatedly with chunks of the message to -be hashed (\fBlen\fR bytes at \fBdata\fR). -.PP -\&\fBMD2_Final()\fR places the message digest in \fBmd\fR, which must have space -for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR. -.PP -\&\fBMD4_Init()\fR, \fBMD4_Update()\fR, \fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and -\&\fBMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. -.PP -Applications should use the higher level functions -\&\fBEVP_DigestInit\fR\|(3) -etc. instead of calling the hash functions directly. -.SH "NOTE" -.IX Header "NOTE" -\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are recommended only for compatibility with existing -applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be -preferred. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR return pointers to the hash value. -.PP -\&\fBMD2_Init()\fR, \fBMD2_Update()\fR, \fBMD2_Final()\fR, \fBMD4_Init()\fR, \fBMD4_Update()\fR, -\&\fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and \fBMD5_Final()\fR return 1 for -success, 0 otherwise. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1RFC 1319, RFC 1320, RFC 1321\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/MDC2_Init.3 b/secure/lib/libcrypto/man/MDC2_Init.3 deleted file mode 100644 index eec665c12704..000000000000 --- a/secure/lib/libcrypto/man/MDC2_Init.3 +++ /dev/null @@ -1,199 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "MDC2_INIT 3" -.TH MDC2_INIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& unsigned char *MDC2(const unsigned char *d, unsigned long n, -\& unsigned char *md); -\& -\& int MDC2_Init(MDC2_CTX *c); -\& int MDC2_Update(MDC2_CTX *c, const unsigned char *data, -\& unsigned long len); -\& int MDC2_Final(unsigned char *md, MDC2_CTX *c); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from -block ciphers. These functions are an implementation of \s-1MDC2\s0 with -\&\s-1DES.\s0 -.PP -\&\s-1\fBMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR -bytes at \fBd\fR and places it in \fBmd\fR (which must have space for -\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest -is placed in a static array. -.PP -The following functions may be used if the message is not completely -stored in memory: -.PP -\&\fBMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. -.PP -\&\fBMDC2_Update()\fR can be called repeatedly with chunks of the message to -be hashed (\fBlen\fR bytes at \fBdata\fR). -.PP -\&\fBMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space -for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR. -.PP -Applications should use the higher level functions -\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the -hash functions directly. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\s-1\fBMDC2\s0()\fR returns a pointer to the hash value. -.PP -\&\fBMDC2_Init()\fR, \fBMDC2_Update()\fR and \fBMDC2_Final()\fR return 1 for success, 0 otherwise. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 deleted file mode 100644 index 626bf1acd261..000000000000 --- a/secure/lib/libcrypto/man/OBJ_nid2obj.3 +++ /dev/null @@ -1,327 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OBJ_NID2OBJ 3" -.TH OBJ_NID2OBJ 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -i2t_ASN1_OBJECT, OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \&\- ASN1 object utility functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& ASN1_OBJECT *OBJ_nid2obj(int n); -\& const char *OBJ_nid2ln(int n); -\& const char *OBJ_nid2sn(int n); -\& -\& int OBJ_obj2nid(const ASN1_OBJECT *o); -\& int OBJ_ln2nid(const char *ln); -\& int OBJ_sn2nid(const char *sn); -\& -\& int OBJ_txt2nid(const char *s); -\& -\& ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); -\& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); -\& -\& int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); -\& -\& int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); -\& ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); -\& -\& int OBJ_create(const char *oid, const char *sn, const char *ln); -\& -\& size_t OBJ_length(const ASN1_OBJECT *obj); -\& const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); -.Ve -.PP -Deprecated: -.PP -.Vb 3 -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void OBJ_cleanup(void) -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are -a representation of the \s-1ASN1 OBJECT IDENTIFIER\s0 (\s-1OID\s0) type. -For convenience, OIDs are usually represented in source code as numeric -identifiers, or \fB\s-1NID\s0\fRs. OpenSSL has an internal table of OIDs that -are generated when the library is built, and their corresponding NIDs -are available as defined constants. For the functions below, application -code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as -constants. -.PP -\&\fBOBJ_nid2obj()\fR, \fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to -an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, -or \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 -for the object \fBo\fR, the long name or the short name respectively -or NID_undef if an error occurred. -.PP -\&\fBOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string . \fBs\fR can be -a long name, a short name or the numerical representation of an object. -.PP -\&\fBOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. -If \fBno_name\fR is 0 then long names and short names will be interpreted -as well as numerical forms. If \fBno_name\fR is 1 only the numerical form -is acceptable. -.PP -\&\fBOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. -The representation is written as a null terminated string to \fBbuf\fR -at most \fBbuf_len\fR bytes are written, truncating the result if necessary. -The total amount of space required is returned. If \fBno_name\fR is 0 then -if the object has a long or short name then that will be used, otherwise -the numerical form will be used. If \fBno_name\fR is 1 then the numerical -form will always be used. -.PP -\&\fBi2t_ASN1_OBJECT()\fR is the same as \fBOBJ_obj2txt()\fR with the \fBno_name\fR set to zero. -.PP -\&\fBOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. -.PP -\&\fBOBJ_dup()\fR returns a copy of \fBo\fR. -.PP -\&\fBOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the -numerical form of the object, \fBsn\fR the short name and \fBln\fR the -long name. A new \s-1NID\s0 is returned for the created object in case of -success and NID_undef in case of failure. -.PP -\&\fBOBJ_length()\fR returns the size of the content octets of \fBobj\fR. -.PP -\&\fBOBJ_get0_data()\fR returns a pointer to the content octets of \fBobj\fR. -The returned pointer is an internal pointer which \fBmust not\fR be freed. -.PP -\&\fBOBJ_cleanup()\fR releases any resources allocated by creating new objects. -.SH "NOTES" -.IX Header "NOTES" -Objects in OpenSSL can have a short name, a long name and a numerical -identifier (\s-1NID\s0) associated with them. A standard set of objects is -represented in an internal table. The appropriate values are defined -in the header file \fBobjects.h\fR. -.PP -For example the \s-1OID\s0 for commonName has the following definitions: -.PP -.Vb 3 -\& #define SN_commonName "CN" -\& #define LN_commonName "commonName" -\& #define NID_commonName 13 -.Ve -.PP -New objects can be added by calling \fBOBJ_create()\fR. -.PP -Table objects have certain advantages over other objects: for example -their NIDs can be used in a C language switch statement. They are -also static constant structures which are shared: that is there -is only a single constant structure for each table object. -.PP -Objects which are not in the table have the \s-1NID\s0 value NID_undef. -.PP -Objects do not need to be in the internal tables to be processed, -the functions \fBOBJ_txt2obj()\fR and \fBOBJ_obj2txt()\fR can process the numerical -form of an \s-1OID.\s0 -.PP -Some objects are used to represent algorithms which do not have a -corresponding \s-1ASN.1 OBJECT IDENTIFIER\s0 encoding (for example no \s-1OID\s0 currently -exists for a particular algorithm). As a result they \fBcannot\fR be encoded or -decoded as part of \s-1ASN.1\s0 structures. Applications can determine if there -is a corresponding \s-1OBJECT IDENTIFIER\s0 by checking \fBOBJ_length()\fR is not zero. -.PP -These functions cannot return \fBconst\fR because an \fB\s-1ASN1_OBJECT\s0\fR can -represent both an internal, constant, \s-1OID\s0 and a dynamically-created one. -The latter cannot be constant because it needs to be freed after use. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an -error occurred. -.PP -\&\fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR -on error. -.PP -\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR and \fBOBJ_txt2nid()\fR return -a \s-1NID\s0 or \fBNID_undef\fR on error. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Create an object for \fBcommonName\fR: -.PP -.Vb 1 -\& ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName); -.Ve -.PP -Check if an object is \fBcommonName\fR -.PP -.Vb 2 -\& if (OBJ_obj2nid(obj) == NID_commonName) -\& /* Do something */ -.Ve -.PP -Create a new \s-1NID\s0 and initialize an object from it: -.PP -.Vb 2 -\& int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); -\& ASN1_OBJECT *obj = OBJ_nid2obj(new_nid); -.Ve -.PP -Create a new object directly: -.PP -.Vb 1 -\& obj = OBJ_txt2obj("1.2.3.4", 1); -.Ve -.SH "BUGS" -.IX Header "BUGS" -\&\fBOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the -convention of other OpenSSL functions where the buffer can be set -to \fB\s-1NULL\s0\fR to determine the amount of data that should be written. -Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should -be set to a positive value. A buffer length of 80 should be more -than enough to handle any \s-1OID\s0 encountered in practice. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBOBJ_cleanup()\fR was deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto\fR\|(3) -and should not be used. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 b/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 deleted file mode 100644 index 7411aaa5561b..000000000000 --- a/secure/lib/libcrypto/man/OCSP_REQUEST_new.3 +++ /dev/null @@ -1,248 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OCSP_REQUEST_NEW 3" -.TH OCSP_REQUEST_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0 \- OCSP request functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& OCSP_REQUEST *OCSP_REQUEST_new(void); -\& void OCSP_REQUEST_free(OCSP_REQUEST *req); -\& -\& OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); -\& -\& int OCSP_request_sign(OCSP_REQUEST *req, -\& X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, -\& STACK_OF(X509) *certs, unsigned long flags); -\& -\& int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); -\& -\& int OCSP_request_onereq_count(OCSP_REQUEST *req); -\& OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBOCSP_REQUEST_new()\fR allocates and returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure. -.PP -\&\fBOCSP_REQUEST_free()\fR frees up the request structure \fBreq\fR. -.PP -\&\fBOCSP_request_add0_id()\fR adds certificate \s-1ID\s0 \fBcid\fR to \fBreq\fR. It returns -the \fB\s-1OCSP_ONEREQ\s0\fR structure added so an application can add additional -extensions to the request. The \fBid\fR parameter \fB\s-1MUST NOT\s0\fR be freed up after -the operation. -.PP -\&\fBOCSP_request_sign()\fR signs \s-1OCSP\s0 request \fBreq\fR using certificate -\&\fBsigner\fR, private key \fBkey\fR, digest \fBdgst\fR and additional certificates -\&\fBcerts\fR. If the \fBflags\fR option \fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates -will be included in the request. -.PP -\&\fBOCSP_request_add1_cert()\fR adds certificate \fBcert\fR to request \fBreq\fR. The -application is responsible for freeing up \fBcert\fR after use. -.PP -\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR -structures in \fBreq\fR. -.PP -\&\fBOCSP_request_onereq_get0()\fR returns an internal pointer to the \fB\s-1OCSP_ONEREQ\s0\fR -contained in \fBreq\fR of index \fBi\fR. The index value \fBi\fR runs from 0 to -OCSP_request_onereq_count(req) \- 1. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOCSP_REQUEST_new()\fR returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure or \fB\s-1NULL\s0\fR if -an error occurred. -.PP -\&\fBOCSP_request_add0_id()\fR returns the \fB\s-1OCSP_ONEREQ\s0\fR structure containing \fBcid\fR -or \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBOCSP_request_sign()\fR and \fBOCSP_request_add1_cert()\fR return 1 for success and 0 -for failure. -.PP -\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR -structures in \fBreq\fR. -.PP -\&\fBOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure -or \fB\s-1NULL\s0\fR if the index value is out or range. -.SH "NOTES" -.IX Header "NOTES" -An \s-1OCSP\s0 request structure contains one or more \fB\s-1OCSP_ONEREQ\s0\fR structures -corresponding to each certificate. -.PP -\&\fBOCSP_request_onereq_count()\fR and \fBOCSP_request_onereq_get0()\fR are mainly used by -\&\s-1OCSP\s0 responders. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Create an \fB\s-1OCSP_REQUEST\s0\fR structure for certificate \fBcert\fR with issuer -\&\fBissuer\fR: -.PP -.Vb 2 -\& OCSP_REQUEST *req; -\& OCSP_ID *cid; -\& -\& req = OCSP_REQUEST_new(); -\& if (req == NULL) -\& /* error */ -\& cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); -\& if (cid == NULL) -\& /* error */ -\& -\& if (OCSP_REQUEST_add0_id(req, cid) == NULL) -\& /* error */ -\& -\& /* Do something with req, e.g. query responder */ -\& -\& OCSP_REQUEST_free(req); -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), -\&\fBOCSP_cert_to_id\fR\|(3), -\&\fBOCSP_request_add1_nonce\fR\|(3), -\&\fBOCSP_resp_find_status\fR\|(3), -\&\fBOCSP_response_status\fR\|(3), -\&\fBOCSP_sendreq_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OCSP_cert_to_id.3 b/secure/lib/libcrypto/man/OCSP_cert_to_id.3 deleted file mode 100644 index 4e363ece6a15..000000000000 --- a/secure/lib/libcrypto/man/OCSP_cert_to_id.3 +++ /dev/null @@ -1,218 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OCSP_CERT_TO_ID 3" -.TH OCSP_CERT_TO_ID 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, OCSP_id_cmp, OCSP_id_get0_info \- OCSP certificate ID utility functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, -\& X509 *subject, X509 *issuer); -\& -\& OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, -\& X509_NAME *issuerName, -\& ASN1_BIT_STRING *issuerKey, -\& ASN1_INTEGER *serialNumber); -\& -\& void OCSP_CERTID_free(OCSP_CERTID *id); -\& -\& int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); -\& int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); -\& -\& int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, -\& ASN1_OCTET_STRING **pikeyHash, -\& ASN1_INTEGER **pserial, OCSP_CERTID *cid); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBOCSP_cert_to_id()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR structure using -message digest \fBdgst\fR for certificate \fBsubject\fR with issuer \fBissuer\fR. If -\&\fBdgst\fR is \fB\s-1NULL\s0\fR then \s-1SHA1\s0 is used. -.PP -\&\fBOCSP_cert_id_new()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR using \fBdgst\fR and -issuer name \fBissuerName\fR, issuer key hash \fBissuerKey\fR and serial number -\&\fBserialNumber\fR. -.PP -\&\fBOCSP_CERTID_free()\fR frees up \fBid\fR. -.PP -\&\fBOCSP_id_cmp()\fR compares \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. -.PP -\&\fBOCSP_id_issuer_cmp()\fR compares only the issuer name of \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. -.PP -\&\fBOCSP_id_get0_info()\fR returns the issuer name hash, hash \s-1OID,\s0 issuer key hash and -serial number contained in \fBcid\fR. If any of the values are not required the -corresponding parameter can be set to \fB\s-1NULL\s0\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOCSP_cert_to_id()\fR and \fBOCSP_cert_id_new()\fR return either a pointer to a valid -\&\fB\s-1OCSP_CERTID\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBOCSP_id_cmp()\fR and \fBOCSP_id_issuer_cmp()\fR returns zero for a match and non-zero -otherwise. -.PP -\&\fBOCSP_CERTID_free()\fR does not return a value. -.PP -\&\fBOCSP_id_get0_info()\fR returns 1 for success and 0 for failure. -.SH "NOTES" -.IX Header "NOTES" -\&\s-1OCSP\s0 clients will typically only use \fBOCSP_cert_to_id()\fR or \fBOCSP_cert_id_new()\fR: -the other functions are used by responder applications. -.PP -The values returned by \fBOCSP_id_get0_info()\fR are internal pointers and \fB\s-1MUST -NOT\s0\fR be freed up by an application: they will be freed when the corresponding -\&\fB\s-1OCSP_CERTID\s0\fR structure is freed. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), -\&\fBOCSP_request_add1_nonce\fR\|(3), -\&\fBOCSP_REQUEST_new\fR\|(3), -\&\fBOCSP_resp_find_status\fR\|(3), -\&\fBOCSP_response_status\fR\|(3), -\&\fBOCSP_sendreq_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 b/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 deleted file mode 100644 index a79b659337da..000000000000 --- a/secure/lib/libcrypto/man/OCSP_request_add1_nonce.3 +++ /dev/null @@ -1,215 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OCSP_REQUEST_ADD1_NONCE 3" -.TH OCSP_REQUEST_ADD1_NONCE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce \- OCSP nonce functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); -\& int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); -\& int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); -\& int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBOCSP_request_add1_nonce()\fR adds a nonce of value \fBval\fR and length \fBlen\fR to -\&\s-1OCSP\s0 request \fBreq\fR. If \fBval\fR is \fB\s-1NULL\s0\fR a random nonce is used. If \fBlen\fR -is zero or negative a default length will be used (currently 16 bytes). -.PP -\&\fBOCSP_basic_add1_nonce()\fR is identical to \fBOCSP_request_add1_nonce()\fR except -it adds a nonce to \s-1OCSP\s0 basic response \fBresp\fR. -.PP -\&\fBOCSP_check_nonce()\fR compares the nonce value in \fBreq\fR and \fBresp\fR. -.PP -\&\fBOCSP_copy_nonce()\fR copys any nonce value present in \fBreq\fR to \fBresp\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOCSP_request_add1_nonce()\fR and \fBOCSP_basic_add1_nonce()\fR return 1 for success -and 0 for failure. -.PP -\&\fBOCSP_copy_nonce()\fR returns 1 if a nonce was successfully copied, 2 if no nonce -was present in \fBreq\fR and 0 if an error occurred. -.PP -\&\fBOCSP_check_nonce()\fR returns the result of the nonce comparison between \fBreq\fR -and \fBresp\fR. The return value indicates the result of the comparison. If -nonces are present and equal 1 is returned. If the nonces are absent 2 is -returned. If a nonce is present in the response only 3 is returned. If nonces -are present and unequal 0 is returned. If the nonce is present in the request -only then \-1 is returned. -.SH "NOTES" -.IX Header "NOTES" -For most purposes the nonce value in a request is set to a random value so -the \fBval\fR parameter in \fBOCSP_request_add1_nonce()\fR is usually \s-1NULL.\s0 -.PP -An \s-1OCSP\s0 nonce is typically added to an \s-1OCSP\s0 request to thwart replay attacks -by checking the same nonce value appears in the response. -.PP -Some responders may include a nonce in all responses even if one is not -supplied. -.PP -Some responders cache \s-1OCSP\s0 responses and do not sign each response for -performance reasons. As a result they do not support nonces. -.PP -The return values of \fBOCSP_check_nonce()\fR can be checked to cover each case. A -positive return value effectively indicates success: nonces are both present -and match, both absent or present in the response only. A non-zero return -additionally covers the case where the nonce is present in the request only: -this will happen if the responder doesn't support nonces. A zero return value -indicates present and mismatched nonces: this should be treated as an error -condition. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), -\&\fBOCSP_cert_to_id\fR\|(3), -\&\fBOCSP_REQUEST_new\fR\|(3), -\&\fBOCSP_resp_find_status\fR\|(3), -\&\fBOCSP_response_status\fR\|(3), -\&\fBOCSP_sendreq_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OCSP_resp_find_status.3 b/secure/lib/libcrypto/man/OCSP_resp_find_status.3 deleted file mode 100644 index 302ebaca8264..000000000000 --- a/secure/lib/libcrypto/man/OCSP_resp_find_status.3 +++ /dev/null @@ -1,319 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OCSP_RESP_FIND_STATUS 3" -.TH OCSP_RESP_FIND_STATUS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get1_id, OCSP_resp_get0_produced_at, OCSP_resp_get0_signature, OCSP_resp_get0_tbs_sigalg, OCSP_resp_get0_respdata, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity, OCSP_basic_verify \&\- OCSP response utility functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, -\& int *reason, -\& ASN1_GENERALIZEDTIME **revtime, -\& ASN1_GENERALIZEDTIME **thisupd, -\& ASN1_GENERALIZEDTIME **nextupd); -\& -\& int OCSP_resp_count(OCSP_BASICRESP *bs); -\& OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); -\& int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); -\& int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, -\& ASN1_GENERALIZEDTIME **revtime, -\& ASN1_GENERALIZEDTIME **thisupd, -\& ASN1_GENERALIZEDTIME **nextupd); -\& -\& const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( -\& const OCSP_BASICRESP* single); -\& -\& const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); -\& const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); -\& const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); -\& const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); -\& -\& int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, -\& STACK_OF(X509) *extra_certs); -\& -\& int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, -\& const ASN1_OCTET_STRING **pid, -\& const X509_NAME **pname); -\& int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, -\& ASN1_OCTET_STRING **pid, -\& X509_NAME **pname); -\& -\& int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, -\& ASN1_GENERALIZEDTIME *nextupd, -\& long sec, long maxsec); -\& -\& int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, -\& X509_STORE *st, unsigned long flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is -successful the fields of the response are returned in \fB*status\fR, \fB*reason\fR, -\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. The \fB*status\fR value will be one of -\&\fBV_OCSP_CERTSTATUS_GOOD\fR, \fBV_OCSP_CERTSTATUS_REVOKED\fR or -\&\fBV_OCSP_CERTSTATUS_UNKNOWN\fR. The \fB*reason\fR and \fB*revtime\fR fields are only -set if the status is \fBV_OCSP_CERTSTATUS_REVOKED\fR. If set the \fB*reason\fR field -will be set to the revocation reason which will be one of -\&\fB\s-1OCSP_REVOKED_STATUS_NOSTATUS\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_UNSPECIFIED\s0\fR, -\&\fB\s-1OCSP_REVOKED_STATUS_KEYCOMPROMISE\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_CACOMPROMISE\s0\fR, -\&\fB\s-1OCSP_REVOKED_STATUS_AFFILIATIONCHANGED\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_SUPERSEDED\s0\fR, -\&\fB\s-1OCSP_REVOKED_STATUS_CESSATIONOFOPERATION\s0\fR, -\&\fB\s-1OCSP_REVOKED_STATUS_CERTIFICATEHOLD\s0\fR or \fB\s-1OCSP_REVOKED_STATUS_REMOVEFROMCRL\s0\fR. -.PP -\&\fBOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR. -.PP -\&\fBOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR -corresponding to index \fBidx\fR. Where \fBidx\fR runs from 0 to -OCSP_resp_count(bs) \- 1. -.PP -\&\fBOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first -matching entry after \fBlast\fR or starting from the beginning if \fBlast\fR is \-1. -.PP -\&\fBOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR, -\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. -.PP -\&\fBOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the -single response \fBbs\fR. -.PP -\&\fBOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR. -.PP -\&\fBOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR. -.PP -\&\fBOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR. -.PP -\&\fBOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR. -.PP -\&\fBOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly -signed \fBbs\fR. The \s-1OCSP\s0 protocol does not require that this certificate -is included in the \fBcerts\fR field of the response, so additional certificates -can be supplied in \fBextra_certs\fR if the certificates that may have -signed the response are known via some out-of-band mechanism. -.PP -\&\fBOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is -a name then <*pname> is set to the name and \fB*pid\fR is set to \s-1NULL.\s0 If the -responder \s-1ID\s0 is by key \s-1ID\s0 then \fB*pid\fR is set to the key \s-1ID\s0 and \fB*pname\fR -is set to \s-1NULL.\s0 \fBOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR -with the caller, who is responsible for freeing them. Both functions return 1 -in case of success and 0 in case of failure. If \fBOCSP_resp_get1_id()\fR returns 0, -no freeing of the results is necessary. -.PP -\&\fBOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values -which will be typically obtained from \fBOCSP_resp_find_status()\fR or -\&\fBOCSP_single_get0_status()\fR. If \fBsec\fR is non-zero it indicates how many seconds -leeway should be allowed in the check. If \fBmaxsec\fR is positive it indicates -the maximum age of \fBthisupd\fR in seconds. -.PP -\&\fBOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly -signed and that the signer certificate can be validated. It takes \fBst\fR as -the trusted store and \fBcerts\fR as a set of untrusted intermediate certificates. -The function first tries to find the signer certificate of the response -in . It also searches the certificates the responder may have included -in \fBbs\fR unless the \fBflags\fR contain \fB\s-1OCSP_NOINTERN\s0\fR. -It fails if the signer certificate cannot be found. -Next, the function checks the signature of \fBbs\fR and fails on error -unless the \fBflags\fR contain \fB\s-1OCSP_NOSIGS\s0\fR. Then the function already returns -success if the \fBflags\fR contain \fB\s-1OCSP_NOVERIFY\s0\fR or if the signer certificate -was found in \fBcerts\fR and the \fBflags\fR contain \fB\s-1OCSP_TRUSTOTHER\s0\fR. -Otherwise the function continues by validating the signer certificate. -To this end, all certificates in \fBcert\fR and in \fBbs\fR are considered as -untrusted certificates for the construction of the validation path for the -signer certificate unless the \fB\s-1OCSP_NOCHAIN\s0\fR flag is set. After successful path -validation the function returns success if the \fB\s-1OCSP_NOCHECKS\s0\fR flag is set. -Otherwise it verifies that the signer certificate meets the \s-1OCSP\s0 issuer -criteria including potential delegation. If this does not succeed and the -\&\fBflags\fR do not contain \fB\s-1OCSP_NOEXPLICIT\s0\fR the function checks for explicit -trust for \s-1OCSP\s0 signing in the root \s-1CA\s0 certificate. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise. -.PP -\&\fBOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in -\&\fBbs\fR. -.PP -\&\fBOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or -\&\fB\s-1NULL\s0\fR if \fBidx\fR is out of range. -.PP -\&\fBOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if -\&\fBid\fR was not found. -.PP -\&\fBOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error -occurred. -.PP -\&\fBOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located, -or 0 on error. -.PP -\&\fBOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such -as malloc failure. -.SH "NOTES" -.IX Header "NOTES" -Applications will typically call \fBOCSP_resp_find_status()\fR using the certificate -\&\s-1ID\s0 of interest and then check its validity using \fBOCSP_check_validity()\fR. They -can then take appropriate action based on the status of the certificate. -.PP -An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR -fields. Normally the current time should be between these two values. To -account for clock skew the \fBmaxsec\fR field can be set to non-zero in -\&\fBOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this -would otherwise mean an ancient response would be considered valid: the -\&\fBmaxsec\fR parameter to \fBOCSP_check_validity()\fR can be used to limit the permitted -age of responses. -.PP -The values written to \fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR by -\&\fBOCSP_resp_find_status()\fR and \fBOCSP_single_get0_status()\fR are internal pointers -which \fB\s-1MUST NOT\s0\fR be freed up by the calling application. Any or all of these -parameters can be set to \s-1NULL\s0 if their value is not required. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), -\&\fBOCSP_cert_to_id\fR\|(3), -\&\fBOCSP_request_add1_nonce\fR\|(3), -\&\fBOCSP_REQUEST_new\fR\|(3), -\&\fBOCSP_response_status\fR\|(3), -\&\fBOCSP_sendreq_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OCSP_response_status.3 b/secure/lib/libcrypto/man/OCSP_response_status.3 deleted file mode 100644 index 5a2283240bca..000000000000 --- a/secure/lib/libcrypto/man/OCSP_response_status.3 +++ /dev/null @@ -1,244 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OCSP_RESPONSE_STATUS 3" -.TH OCSP_RESPONSE_STATUS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, OCSP_RESPID_set_by_key, OCSP_RESPID_match, OCSP_basic_sign, OCSP_basic_sign_ctx \- OCSP response functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int OCSP_response_status(OCSP_RESPONSE *resp); -\& OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); -\& OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); -\& void OCSP_RESPONSE_free(OCSP_RESPONSE *resp); -\& -\& int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); -\& int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); -\& int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); -\& -\& int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, -\& const EVP_MD *dgst, STACK_OF(X509) *certs, -\& unsigned long flags); -\& int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, -\& STACK_OF(X509) *certs, unsigned long flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fBresp\fR. It returns -one of the values: \fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR, -\&\fB\s-1OCSP_RESPONSE_STATUS_MALFORMEDREQUEST\s0\fR, -\&\fB\s-1OCSP_RESPONSE_STATUS_INTERNALERROR\s0\fR, \fB\s-1OCSP_RESPONSE_STATUS_TRYLATER\s0\fR -\&\fB\s-1OCSP_RESPONSE_STATUS_SIGREQUIRED\s0\fR, or \fB\s-1OCSP_RESPONSE_STATUS_UNAUTHORIZED\s0\fR. -.PP -\&\fBOCSP_response_get1_basic()\fR decodes and returns the \fB\s-1OCSP_BASICRESP\s0\fR structure -contained in \fBresp\fR. -.PP -\&\fBOCSP_response_create()\fR creates and returns an \fB\s-1OCSP_RESPONSE\s0\fR structure for -\&\fBstatus\fR and optionally including basic response \fBbs\fR. -.PP -\&\fBOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fBresp\fR. -.PP -\&\fBOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the -subject name in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. -.PP -\&\fBOCSP_RESPID_set_by_key()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the -key in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. The key is -stored as a \s-1SHA1\s0 hash. -.PP -Note that an \s-1OCSP_RESPID\s0 can only have one of the name, or the key set. Calling -\&\fBOCSP_RESPID_set_by_name()\fR or \fBOCSP_RESPID_set_by_key()\fR will clear any existing -setting. -.PP -\&\fBOCSP_RESPID_match()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fBrespid\fR matches -with the X509 certificate \fBcert\fR. -.PP -\&\fBOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fBbrsp\fR using certificate \fBsigner\fR, private key -\&\fBkey\fR, digest \fBdgst\fR and additional certificates \fBcerts\fR. If the \fBflags\fR option -\&\fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the request. If the -\&\fBflags\fR option \fB\s-1OCSP_RESPID_KEY\s0\fR is set then the responder is identified by key \s-1ID\s0 -rather than by name. \fBOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fBbrsp\fR but -uses the parameters contained in digest context \fBctx\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOCSP_RESPONSE_status()\fR returns a status value. -.PP -\&\fBOCSP_response_get1_basic()\fR returns an \fB\s-1OCSP_BASICRESP\s0\fR structure pointer or -\&\fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBOCSP_response_create()\fR returns an \fB\s-1OCSP_RESPONSE\s0\fR structure pointer or \fB\s-1NULL\s0\fR -if an error occurred. -.PP -\&\fBOCSP_RESPONSE_free()\fR does not return a value. -.PP -\&\fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR, \fBOCSP_basic_sign()\fR, and -\&\fBOCSP_basic_sign_ctx()\fR return 1 on success or 0 -on failure. -.PP -\&\fBOCSP_RESPID_match()\fR returns 1 if the \s-1OCSP_RESPID\s0 and the X509 certificate match -or 0 otherwise. -.SH "NOTES" -.IX Header "NOTES" -\&\fBOCSP_response_get1_basic()\fR is only called if the status of a response is -\&\fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7) -\&\fBOCSP_cert_to_id\fR\|(3) -\&\fBOCSP_request_add1_nonce\fR\|(3) -\&\fBOCSP_REQUEST_new\fR\|(3) -\&\fBOCSP_resp_find_status\fR\|(3) -\&\fBOCSP_sendreq_new\fR\|(3) -\&\fBOCSP_RESPID_new\fR\|(3) -\&\fBOCSP_RESPID_free\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR and \fBOCSP_RESPID_match()\fR -functions were added in OpenSSL 1.1.0a. -.PP -The \fBOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OCSP_sendreq_new.3 b/secure/lib/libcrypto/man/OCSP_sendreq_new.3 deleted file mode 100644 index ae83ab3b6d60..000000000000 --- a/secure/lib/libcrypto/man/OCSP_sendreq_new.3 +++ /dev/null @@ -1,253 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OCSP_SENDREQ_NEW 3" -.TH OCSP_SENDREQ_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio \- OCSP responder query functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, -\& int maxline); -\& -\& int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); -\& -\& void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); -\& -\& void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); -\& -\& int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, -\& const char *name, const char *value); -\& -\& int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); -\& -\& OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req, -\& int maxline); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBOCSP_sendreq_new()\fR returns an \fB\s-1OCSP_CTX\s0\fR structure using the -responder \fBio\fR, the \s-1URL\s0 path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a -response header maximum line length of \fBmaxline\fR. If \fBmaxline\fR is zero a -default value of 4k is used. The \s-1OCSP\s0 request \fBreq\fR may be set to \fB\s-1NULL\s0\fR -and provided later if required. -.PP -\&\fBOCSP_sendreq_nbio()\fR performs non-blocking I/O on the \s-1OCSP\s0 request context -\&\fBrctx\fR. When the operation is complete it returns the response in \fB*presp\fR. -.PP -\&\fBOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR. -.PP -\&\fBOCSP_set_max_response_length()\fR sets the maximum response length for \fBrctx\fR -to \fBlen\fR. If the response exceeds this length an error occurs. If not -set a default value of 100k is used. -.PP -\&\fBOCSP_REQ_CTX_add1_header()\fR adds header \fBname\fR with value \fBvalue\fR to the -context \fBrctx\fR. It can be called more than once to add multiple headers. -It \fB\s-1MUST\s0\fR be called before any calls to \fBOCSP_sendreq_nbio()\fR. The \fBreq\fR -parameter in the initial to \fBOCSP_sendreq_new()\fR call \s-1MUST\s0 be set to \fB\s-1NULL\s0\fR if -additional headers are set. -.PP -\&\fBOCSP_REQ_CTX_set1_req()\fR sets the \s-1OCSP\s0 request in \fBrctx\fR to \fBreq\fR. This -function should be called after any calls to \fBOCSP_REQ_CTX_add1_header()\fR. -.PP -\&\fBOCSP_sendreq_bio()\fR performs an \s-1OCSP\s0 request using the responder \fBio\fR, the \s-1URL\s0 -path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a response header maximum line -length of \fBmaxline\fR. If \fBmaxline\fR is zero a default value of 4k is used. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOCSP_sendreq_new()\fR returns a valid \fB\s-1OCSP_REQ_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if -an error occurred. -.PP -\&\fBOCSP_sendreq_nbio()\fR returns \fB1\fR if the operation was completed successfully, -\&\fB\-1\fR if the operation should be retried and \fB0\fR if an error occurred. -.PP -\&\fBOCSP_REQ_CTX_add1_header()\fR and \fBOCSP_REQ_CTX_set1_req()\fR return \fB1\fR for success -and \fB0\fR for failure. -.PP -\&\fBOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the -responder or \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBOCSP_REQ_CTX_free()\fR and \fBOCSP_set_max_response_length()\fR do not return values. -.SH "NOTES" -.IX Header "NOTES" -These functions only perform a minimal \s-1HTTP\s0 query to a responder. If an -application wishes to support more advanced features it should use an -alternative more complete \s-1HTTP\s0 library. -.PP -Currently only \s-1HTTP POST\s0 queries to responders are supported. -.PP -The arguments to \fBOCSP_sendreq_new()\fR correspond to the components of the \s-1URL.\s0 -For example if the responder \s-1URL\s0 is \fBhttp://ocsp.com/ocspreq\fR the \s-1BIO\s0 -\&\fBio\fR should be connected to host \fBocsp.com\fR on port 80 and \fBpath\fR -should be set to \fB\*(L"/ocspreq\*(R"\fR -.PP -The headers added with \fBOCSP_REQ_CTX_add1_header()\fR are of the form -"\fBname\fR: \fBvalue\fR\*(L" or just \*(R"\fBname\fR" if \fBvalue\fR is \fB\s-1NULL\s0\fR. So to add -a Host header for \fBocsp.com\fR you would call: -.PP -.Vb 1 -\& OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); -.Ve -.PP -If \fBOCSP_sendreq_nbio()\fR indicates an operation should be retried the -corresponding \s-1BIO\s0 can be examined to determine which operation (read or -write) should be retried and appropriate action taken (for example a \fBselect()\fR -call on the underlying socket). -.PP -\&\fBOCSP_sendreq_bio()\fR does not support retries and so cannot handle non-blocking -I/O efficiently. It is retained for compatibility and its use in new -applications is not recommended. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), -\&\fBOCSP_cert_to_id\fR\|(3), -\&\fBOCSP_request_add1_nonce\fR\|(3), -\&\fBOCSP_REQUEST_new\fR\|(3), -\&\fBOCSP_resp_find_status\fR\|(3), -\&\fBOCSP_response_status\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3 deleted file mode 100644 index 90d634ad4c9f..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_Applink.3 +++ /dev/null @@ -1,168 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_APPLINK 3" -.TH OPENSSL_APPLINK 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OPENSSL_Applink \- glue between OpenSSL BIO and Win32 compiler run\-time -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& _\|_declspec(dllexport) void **OPENSSL_Applink(); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -OPENSSL_Applink is application-side interface which provides a glue -between OpenSSL \s-1BIO\s0 layer and Win32 compiler run-time environment. -Even though it appears at application side, it's essentially OpenSSL -private interface. For this reason application developers are not -expected to implement it, but to compile provided module with -compiler of their choice and link it into the target application. -The referred module is available as \fIapplink.c\fR, located alongside -the public header files (only on the platforms where applicable). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Not available. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 b/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 deleted file mode 100644 index bf096f92889c..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_LH_COMPFUNC.3 +++ /dev/null @@ -1,369 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_LH_COMPFUNC 3" -.TH OPENSSL_LH_COMPFUNC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -LHASH, DECLARE_LHASH_OF, OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, LHASH_DOALL_ARG_FN_TYPE, IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, lh_TYPE_new, lh_TYPE_free, lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error \- dynamic hash table -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& DECLARE_LHASH_OF(TYPE); -\& -\& LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare); -\& void lh_TYPE_free(LHASH_OF(TYPE) *table); -\& -\& TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data); -\& TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data); -\& TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data); -\& -\& void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func); -\& void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, -\& TYPE *arg); -\& -\& int lh_TYPE_error(LHASH_OF(TYPE) *table); -\& -\& typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *); -\& typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *); -\& typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *); -\& typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This library implements type-checked dynamic hash tables. The hash -table entries can be arbitrary structures. Usually they consist of key -and value fields. In the description here, \fI\s-1TYPE\s0\fR is used a placeholder -for any of the OpenSSL datatypes, such as \fI\s-1SSL_SESSION\s0\fR. -.PP -\&\fBlh_TYPE_new()\fR creates a new \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure to store -arbitrary data entries, and specifies the 'hash' and 'compare' -callbacks to be used in organising the table's entries. The \fBhash\fR -callback takes a pointer to a table entry as its argument and returns -an unsigned long hash value for its key field. The hash value is -normally truncated to a power of 2, so make sure that your hash -function returns well mixed low order bits. The \fBcompare\fR callback -takes two arguments (pointers to two hash table entries), and returns -0 if their keys are equal, non-zero otherwise. -.PP -If your hash table -will contain items of some particular type and the \fBhash\fR and -\&\fBcompare\fR callbacks hash/compare these types, then the -\&\fB\s-1IMPLEMENT_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be -used to create callback wrappers of the prototypes required by -\&\fBlh_TYPE_new()\fR as shown in this example: -.PP -.Vb 11 -\& /* -\& * Implement the hash and compare functions; "stuff" can be any word. -\& */ -\& static unsigned long stuff_hash(const TYPE *a) -\& { -\& ... -\& } -\& static int stuff_cmp(const TYPE *a, const TYPE *b) -\& { -\& ... -\& } -\& -\& /* -\& * Implement the wrapper functions. -\& */ -\& static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE) -\& static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE) -.Ve -.PP -If the type is going to be used in several places, the following macros -can be used in a common header file to declare the function wrappers: -.PP -.Vb 2 -\& DECLARE_LHASH_HASH_FN(stuff, TYPE) -\& DECLARE_LHASH_COMP_FN(stuff, TYPE) -.Ve -.PP -Then a hash table of \s-1TYPE\s0 objects can be created using this: -.PP -.Vb 1 -\& LHASH_OF(TYPE) *htable; -\& -\& htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff)); -.Ve -.PP -\&\fBlh_TYPE_free()\fR frees the \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure -\&\fBtable\fR. Allocated hash table entries will not be freed; consider -using \fBlh_TYPE_doall()\fR to deallocate any remaining entries in the -hash table (see below). -.PP -\&\fBlh_TYPE_insert()\fR inserts the structure pointed to by \fBdata\fR into -\&\fBtable\fR. If there already is an entry with the same key, the old -value is replaced. Note that \fBlh_TYPE_insert()\fR stores pointers, the -data are not copied. -.PP -\&\fBlh_TYPE_delete()\fR deletes an entry from \fBtable\fR. -.PP -\&\fBlh_TYPE_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR -is a structure with the key field(s) set; the function will return a -pointer to a fully populated structure. -.PP -\&\fBlh_TYPE_doall()\fR will, for every entry in the hash table, call -\&\fBfunc\fR with the data item as its parameter. -For example: -.PP -.Vb 2 -\& /* Cleans up resources belonging to \*(Aqa\*(Aq (this is implemented elsewhere) */ -\& void TYPE_cleanup_doall(TYPE *a); -\& -\& /* Implement a prototype\-compatible wrapper for "TYPE_cleanup" */ -\& IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE) -\& -\& /* Call "TYPE_cleanup" against all items in a hash table. */ -\& lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup)); -\& -\& /* Then the hash table itself can be deallocated */ -\& lh_TYPE_free(hashtable); -.Ve -.PP -When doing this, be careful if you delete entries from the hash table -in your callbacks: the table may decrease in size, moving the item -that you are currently on down lower in the hash table \- this could -cause some entries to be skipped during the iteration. The second -best solution to this problem is to set hash\->down_load=0 before -you start (which will stop the hash table ever decreasing in size). -The best solution is probably to avoid deleting items from the hash -table inside a \*(L"doall\*(R" callback! -.PP -\&\fBlh_TYPE_doall_arg()\fR is the same as \fBlh_TYPE_doall()\fR except that -\&\fBfunc\fR will be called with \fBarg\fR as the second argument and \fBfunc\fR -should be of type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype -that is passed both the table entry and an extra argument). As with -\&\fBlh_doall()\fR, you can instead choose to declare your callback with a -prototype matching the types you are dealing with and use the -declare/implement macros to create compatible wrappers that cast -variables before calling your type-specific callbacks. An example of -this is demonstrated here (printing all hash table entries to a \s-1BIO\s0 -that is provided by the caller): -.PP -.Vb 2 -\& /* Prints item \*(Aqa\*(Aq to \*(Aqoutput_bio\*(Aq (this is implemented elsewhere) */ -\& void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio); -\& -\& /* Implement a prototype\-compatible wrapper for "TYPE_print" */ -\& static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO) -\& -\& /* Print out the entire hashtable to a particular BIO */ -\& lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO, -\& logging_bio); -.Ve -.PP -\&\fBlh_TYPE_error()\fR can be used to determine if an error occurred in the last -operation. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBlh_TYPE_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new -\&\fB\s-1LHASH\s0\fR structure. -.PP -When a hash table entry is replaced, \fBlh_TYPE_insert()\fR returns the value -being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error. -.PP -\&\fBlh_TYPE_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if -there is no such value in the hash table. -.PP -\&\fBlh_TYPE_retrieve()\fR returns the hash table entry if it has been found, -\&\fB\s-1NULL\s0\fR otherwise. -.PP -\&\fBlh_TYPE_error()\fR returns 1 if an error occurred in the last operation, 0 -otherwise. It's meaningful only after non-retrieve operations. -.PP -\&\fBlh_TYPE_free()\fR, \fBlh_TYPE_doall()\fR and \fBlh_TYPE_doall_arg()\fR return no values. -.SH "NOTE" -.IX Header "NOTE" -The \s-1LHASH\s0 code is not thread safe. All updating operations, as well as -lh_TYPE_error call must be performed under a write lock. All retrieve -operations should be performed under a read lock, \fIunless\fR accurate -usage statistics are desired. In which case, a write lock should be used -for retrieve operations as well. For output of the usage statistics, -using the functions from \fBOPENSSL_LH_stats\fR\|(3), a read lock suffices. -.PP -The \s-1LHASH\s0 code regards table entries as constant data. As such, it -internally represents \fBlh_insert()\fR'd items with a \*(L"const void *\*(R" -pointer type. This is why callbacks such as those used by \fBlh_doall()\fR -and \fBlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the -parameters that pass back the table items' data pointers \- for -consistency, user-provided data is \*(L"const\*(R" at all times as far as the -\&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing -these pointers, they can choose whether they too should be treating -all such parameters as constant. -.PP -As an example, a hash table may be maintained by code that, for -reasons of encapsulation, has only \*(L"const\*(R" access to the data being -indexed in the hash table (ie. it is returned as \*(L"const\*(R" from -elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are -appropriate as-is. Conversely, if the caller is responsible for the -life-time of the data in question, then they may well wish to make -modifications to table item passed back in the \fBlh_doall()\fR or -\&\fBlh_doall_arg()\fR callbacks (see the \*(L"TYPE_cleanup\*(R" example above). If -so, the caller can either cast the \*(L"const\*(R" away (if they're providing -the raw callbacks themselves) or use the macros to declare/implement -the wrapper functions without \*(L"const\*(R" types. -.PP -Callers that only have \*(L"const\*(R" access to data they're indexing in a -table, yet declare callbacks without constant types (or cast the -\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs -without being encouraged to do so by the \s-1API.\s0 On a related note, -those auditing code should pay special attention to any instances of -DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types -without any \*(L"const\*(R" qualifiers. -.SH "BUGS" -.IX Header "BUGS" -\&\fBlh_TYPE_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBOPENSSL_LH_stats\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -In OpenSSL 1.0.0, the lhash interface was revamped for better -type checking. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 b/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 deleted file mode 100644 index db711b2092c2..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_LH_stats.3 +++ /dev/null @@ -1,197 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_LH_STATS 3" -.TH OPENSSL_LH_STATS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio \- LHASH statistics -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void OPENSSL_LH_stats(LHASH *table, FILE *out); -\& void OPENSSL_LH_node_stats(LHASH *table, FILE *out); -\& void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out); -\& -\& void OPENSSL_LH_stats_bio(LHASH *table, BIO *out); -\& void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out); -\& void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of -accessing the hash table. -.PP -\&\fBOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table, how -many entries are in it, and the number and result of calls to the -routines in this library. -.PP -\&\fBOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the -hash table. -.PP -\&\fBOPENSSL_LH_node_usage_stats()\fR prints out a short summary of the state of the -hash table. It prints the 'load' and the 'actual load'. The load is -the average number of data items per 'bucket' in the hash table. The -\&'actual load' is the average number of items per 'bucket', but only -for buckets which contain entries. So the 'actual load' is the -average number of searches that will need to find an item in the hash -table, while the 'load' is the average number that will be done to -record a miss. -.PP -\&\fBOPENSSL_LH_stats_bio()\fR, \fBOPENSSL_LH_node_stats_bio()\fR and \fBOPENSSL_LH_node_usage_stats_bio()\fR -are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions do not return values. -.SH "NOTE" -.IX Header "NOTE" -These calls should be made under a read lock. Refer to -\&\*(L"\s-1NOTE\*(R"\s0 in \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) for more details about the locks required -when using the \s-1LHASH\s0 data structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBbio\fR\|(7), \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 deleted file mode 100644 index 0988b613a75e..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ /dev/null @@ -1,242 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version, OpenSSL_version_num \- get OpenSSL version number -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 3 -\& #include -\& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL -\& #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" -\& -\& #include -\& -\& unsigned long OpenSSL_version_num(); -\& const char *OpenSSL_version(int t); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1OPENSSL_VERSION_NUMBER\s0 is a numeric release version identifier: -.PP -.Vb 1 -\& MNNFFPPS: major minor fix patch status -.Ve -.PP -The status nibble has one of the values 0 for development, 1 to e for betas -1 to 14, and f for release. -.PP -for example -.PP -.Vb 3 -\& 0x000906000 == 0.9.6 dev -\& 0x000906023 == 0.9.6b beta 3 -\& 0x00090605f == 0.9.6e release -.Ve -.PP -Versions prior to 0.9.3 have identifiers < 0x0930. -Versions between 0.9.3 and 0.9.5 had a version identifier with this -interpretation: -.PP -.Vb 1 -\& MMNNFFRBB major minor fix final beta/patch -.Ve -.PP -for example -.PP -.Vb 2 -\& 0x000904100 == 0.9.4 release -\& 0x000905000 == 0.9.5 dev -.Ve -.PP -Version 0.9.5a had an interim interpretation that is like the current one, -except the patch level got the highest bit set, to keep continuity. The -number was therefore 0x0090581f. -.PP -\&\s-1OPENSSL_VERSION_TEXT\s0 is the text variant of the version number and the -release date. For example, -\&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". -.PP -\&\fBOpenSSL_version_num()\fR returns the version number. -.PP -\&\fBOpenSSL_version()\fR returns different strings depending on \fBt\fR: -.IP "\s-1OPENSSL_VERSION\s0" 4 -.IX Item "OPENSSL_VERSION" -The text variant of the version number and the release date. For example, -\&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". -.IP "\s-1OPENSSL_CFLAGS\s0" 4 -.IX Item "OPENSSL_CFLAGS" -The compiler flags set for the compilation process in the form -\&\*(L"compiler: ...\*(R" if available or \*(L"compiler: information not available\*(R" -otherwise. -.IP "\s-1OPENSSL_BUILT_ON\s0" 4 -.IX Item "OPENSSL_BUILT_ON" -The date of the build process in the form \*(L"built on: ...\*(R" if available -or \*(L"built on: date not available\*(R" otherwise. -.IP "\s-1OPENSSL_PLATFORM\s0" 4 -.IX Item "OPENSSL_PLATFORM" -The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: ...\*(R" -if available or \*(L"platform: information not available\*(R" otherwise. -.IP "\s-1OPENSSL_DIR\s0" 4 -.IX Item "OPENSSL_DIR" -The \*(L"\s-1OPENSSLDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1OPENSSLDIR: \*(R"..."\*(L"\s0 -if available or \*(R"\s-1OPENSSLDIR: N/A"\s0 otherwise. -.IP "\s-1OPENSSL_ENGINES_DIR\s0" 4 -.IX Item "OPENSSL_ENGINES_DIR" -The \*(L"\s-1ENGINESDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1ENGINESDIR: \*(R"..."\*(L"\s0 -if available or \*(R"\s-1ENGINESDIR: N/A"\s0 otherwise. -.PP -For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOpenSSL_version_num()\fR returns the version number. -.PP -\&\fBOpenSSL_version()\fR returns requested version strings. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3 deleted file mode 100644 index ea738358f653..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_config.3 +++ /dev/null @@ -1,210 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_CONFIG 3" -.TH OPENSSL_CONFIG 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void OPENSSL_config(const char *appname); -\& void OPENSSL_no_config(void); -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and -reads from the application section \fBappname\fR. If \fBappname\fR is \s-1NULL\s0 then -the default section, \fBopenssl_conf\fR, will be used. -Errors are silently ignored. -Multiple calls have no effect. -.PP -\&\fBOPENSSL_no_config()\fR disables configuration. If called before \fBOPENSSL_config()\fR -no configuration takes place. -.PP -If the application is built with \fB\s-1OPENSSL_LOAD_CONF\s0\fR defined, then a -call to \fBOpenSSL_add_all_algorithms()\fR will implicitly call \fBOPENSSL_config()\fR -first. -.SH "NOTES" -.IX Header "NOTES" -The \fBOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and -forget it\*(R" function. -It is however \fBmuch\fR better than nothing. Applications which need finer -control over their configuration functionality should use the configuration -functions such as \fBCONF_modules_load()\fR directly. This function is deprecated -and its use should be avoided. -Applications should instead call \fBCONF_modules_load()\fR during -initialization (that is before starting any threads). -.PP -There are several reasons why calling the OpenSSL configuration routines is -advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). -However very few applications currently support the control interface and so -very few can load and use dynamic ENGINEs. Equally in future more sophisticated -ENGINEs will require certain control operations to customize them. If an -application calls \fBOPENSSL_config()\fR it doesn't need to know or care about -\&\s-1ENGINE\s0 control operations because they can be performed by editing a -configuration file. -.SH "ENVIRONMENT" -.IX Header "ENVIRONMENT" -.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 -.IX Item "OPENSSL_CONF" -The path to the config file. -Ignored in set-user-ID and set-group-ID programs. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Neither \fBOPENSSL_config()\fR nor \fBOPENSSL_no_config()\fR return a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBconfig\fR\|(5), -\&\fBCONF_modules_load_file\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBOPENSSL_no_config()\fR and \fBOPENSSL_config()\fR functions were -deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 b/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 deleted file mode 100644 index 599dc0197990..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_fork_prepare.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_FORK_PREPARE 3" -.TH OPENSSL_FORK_PREPARE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OPENSSL_fork_prepare, OPENSSL_fork_parent, OPENSSL_fork_child \&\- OpenSSL fork handlers -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void OPENSSL_fork_prepare(void); -\& void OPENSSL_fork_parent(void); -\& void OPENSSL_fork_child(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -OpenSSL has state that should be reset when a process forks. For example, -the entropy pool used to generate random numbers (and therefore encryption -keys) should not be shared across multiple programs. -The \fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR, and \fBOPENSSL_fork_child()\fR -functions are used to reset this internal state. -.PP -Platforms without \fBfork\fR\|(2) will probably not need to use these functions. -Platforms with \fBfork\fR\|(2) but without \fBpthread_atfork\fR\|(3) will probably need -to call them manually, as described in the following paragraph. Platforms -such as Linux that have both functions will normally not need to call these -functions as the OpenSSL library will do so automatically. -.PP -\&\fBOPENSSL_init_crypto\fR\|(3) will register these functions with the appropriate -handler, when the \fB\s-1OPENSSL_INIT_ATFORK\s0\fR flag is used. For other -applications, these functions can be called directly. They should be used -according to the calling sequence described by the \fBpthread_atfork\fR\|(3) -documentation, which is summarized here. \fBOPENSSL_fork_prepare()\fR should -be called before a \fBfork()\fR is done. After the \fBfork()\fR returns, the parent -process should call \fBOPENSSL_fork_parent()\fR and the child process should -call \fBOPENSSL_fork_child()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR and \fBOPENSSL_fork_child()\fR do not -return values. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBOPENSSL_init_crypto\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 deleted file mode 100644 index c2e3b850f0ca..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 +++ /dev/null @@ -1,295 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_IA32CAP 3" -.TH OPENSSL_IA32CAP 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OPENSSL_ia32cap \- the x86[_64] processor capabilities vector -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& env OPENSSL_ia32cap=... -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -OpenSSL supports a range of x86[_64] instruction set extensions. These -extensions are denoted by individual bits in capability vector returned -by processor in \s-1EDX:ECX\s0 register pair after executing \s-1CPUID\s0 instruction -with EAX=1 input value (see Intel Application Note #241618). This vector -is copied to memory upon toolkit initialization and used to choose -between different code paths to provide optimal performance across wide -range of processors. For the moment of this writing following bits are -significant: -.IP "bit #4 denoting presence of Time-Stamp Counter." 4 -.IX Item "bit #4 denoting presence of Time-Stamp Counter." -.PD 0 -.IP "bit #19 denoting availability of \s-1CLFLUSH\s0 instruction;" 4 -.IX Item "bit #19 denoting availability of CLFLUSH instruction;" -.IP "bit #20, reserved by Intel, is used to choose among \s-1RC4\s0 code paths;" 4 -.IX Item "bit #20, reserved by Intel, is used to choose among RC4 code paths;" -.IP "bit #23 denoting \s-1MMX\s0 support;" 4 -.IX Item "bit #23 denoting MMX support;" -.IP "bit #24, \s-1FXSR\s0 bit, denoting availability of \s-1XMM\s0 registers;" 4 -.IX Item "bit #24, FXSR bit, denoting availability of XMM registers;" -.IP "bit #25 denoting \s-1SSE\s0 support;" 4 -.IX Item "bit #25 denoting SSE support;" -.IP "bit #26 denoting \s-1SSE2\s0 support;" 4 -.IX Item "bit #26 denoting SSE2 support;" -.IP "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" 4 -.IX Item "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" -.IP "bit #30, reserved by Intel, denotes specifically Intel CPUs;" 4 -.IX Item "bit #30, reserved by Intel, denotes specifically Intel CPUs;" -.IP "bit #33 denoting availability of \s-1PCLMULQDQ\s0 instruction;" 4 -.IX Item "bit #33 denoting availability of PCLMULQDQ instruction;" -.IP "bit #41 denoting \s-1SSSE3,\s0 Supplemental \s-1SSE3,\s0 support;" 4 -.IX Item "bit #41 denoting SSSE3, Supplemental SSE3, support;" -.IP "bit #43 denoting \s-1AMD XOP\s0 support (forced to zero on non-AMD CPUs);" 4 -.IX Item "bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);" -.IP "bit #54 denoting availability of \s-1MOVBE\s0 instruction;" 4 -.IX Item "bit #54 denoting availability of MOVBE instruction;" -.IP "bit #57 denoting AES-NI instruction set extension;" 4 -.IX Item "bit #57 denoting AES-NI instruction set extension;" -.IP "bit #58, \s-1XSAVE\s0 bit, lack of which in combination with \s-1MOVBE\s0 is used to identify Atom Silvermont core;" 4 -.IX Item "bit #58, XSAVE bit, lack of which in combination with MOVBE is used to identify Atom Silvermont core;" -.IP "bit #59, \s-1OSXSAVE\s0 bit, denoting availability of \s-1YMM\s0 registers;" 4 -.IX Item "bit #59, OSXSAVE bit, denoting availability of YMM registers;" -.IP "bit #60 denoting \s-1AVX\s0 extension;" 4 -.IX Item "bit #60 denoting AVX extension;" -.IP "bit #62 denoting availability of \s-1RDRAND\s0 instruction;" 4 -.IX Item "bit #62 denoting availability of RDRAND instruction;" -.PD -.PP -For example, in 32\-bit application context clearing bit #26 at run-time -disables high-performance \s-1SSE2\s0 code present in the crypto library, while -clearing bit #24 disables \s-1SSE2\s0 code operating on 128\-bit \s-1XMM\s0 register -bank. You might have to do the latter if target OpenSSL application is -executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under control of \s-1OS\s0 that does not -enable \s-1XMM\s0 registers. Historically address of the capability vector copy -was exposed to application through \fBOPENSSL_ia32cap_loc()\fR, but not -anymore. Now the only way to affect the capability detection is to set -OPENSSL_ia32cap environment variable prior target application start. To -give a specific example, on Intel P4 processor 'env -OPENSSL_ia32cap=0x16980010 apps/openssl', or better yet 'env -OPENSSL_ia32cap=~0x1000000 apps/openssl' would achieve the desired -effect. Alternatively you can reconfigure the toolkit with no\-sse2 -option and recompile. -.PP -Less intuitive is clearing bit #28, or ~0x10000000 in the \*(L"environment -variable\*(R" terms. The truth is that it's not copied from \s-1CPUID\s0 output -verbatim, but is adjusted to reflect whether or not the data cache is -actually shared between logical cores. This in turn affects the decision -on whether or not expensive countermeasures against cache-timing attacks -are applied, most notably in \s-1AES\s0 assembler module. -.PP -The capability vector is further extended with \s-1EBX\s0 value returned by -\&\s-1CPUID\s0 with EAX=7 and ECX=0 as input. Following bits are significant: -.IP "bit #64+3 denoting availability of \s-1BMI1\s0 instructions, e.g. \s-1ANDN\s0;" 4 -.IX Item "bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;" -.PD 0 -.IP "bit #64+5 denoting availability of \s-1AVX2\s0 instructions;" 4 -.IX Item "bit #64+5 denoting availability of AVX2 instructions;" -.IP "bit #64+8 denoting availability of \s-1BMI2\s0 instructions, e.g. \s-1MULX\s0 and \s-1RORX\s0;" 4 -.IX Item "bit #64+8 denoting availability of BMI2 instructions, e.g. MULX and RORX;" -.IP "bit #64+16 denoting availability of \s-1AVX512F\s0 extension;" 4 -.IX Item "bit #64+16 denoting availability of AVX512F extension;" -.IP "bit #64+18 denoting availability of \s-1RDSEED\s0 instruction;" 4 -.IX Item "bit #64+18 denoting availability of RDSEED instruction;" -.IP "bit #64+19 denoting availability of \s-1ADCX\s0 and \s-1ADOX\s0 instructions;" 4 -.IX Item "bit #64+19 denoting availability of ADCX and ADOX instructions;" -.IP "bit #64+21 denoting availability of VPMADD52[\s-1LH\s0]UQ instructions, a.k.a. \s-1AVX512IFMA\s0 extension;" 4 -.IX Item "bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, a.k.a. AVX512IFMA extension;" -.IP "bit #64+29 denoting availability of \s-1SHA\s0 extension;" 4 -.IX Item "bit #64+29 denoting availability of SHA extension;" -.IP "bit #64+30 denoting availability of \s-1AVX512BW\s0 extension;" 4 -.IX Item "bit #64+30 denoting availability of AVX512BW extension;" -.IP "bit #64+31 denoting availability of \s-1AVX512VL\s0 extension;" 4 -.IX Item "bit #64+31 denoting availability of AVX512VL extension;" -.IP "bit #64+41 denoting availability of \s-1VAES\s0 extension;" 4 -.IX Item "bit #64+41 denoting availability of VAES extension;" -.IP "bit #64+42 denoting availability of \s-1VPCLMULQDQ\s0 extension;" 4 -.IX Item "bit #64+42 denoting availability of VPCLMULQDQ extension;" -.PD -.PP -To control this extended capability word use ':' as delimiter when -setting up OPENSSL_ia32cap environment variable. For example assigning -\&':~0x20' would disable \s-1AVX2\s0 code paths, and ':0' \- all post-AVX -extensions. -.PP -It should be noted that whether or not some of the most \*(L"fancy\*(R" -extension code paths are actually assembled depends on current assembler -version. Base minimum of \s-1AES\-NI/PCLMULQDQ, SSSE3\s0 and \s-1SHA\s0 extension code -paths are always assembled. Apart from that, minimum assembler version -requirements are summarized in below table: -.PP -.Vb 8 -\& Extension | GNU as | nasm | llvm -\& \-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\- -\& AVX | 2.19 | 2.09 | 3.0 -\& AVX2 | 2.22 | 2.10 | 3.1 -\& ADCX/ADOX | 2.23 | 2.10 | 3.3 -\& AVX512 | 2.25 | 2.11.8 | see NOTES -\& AVX512IFMA | 2.26 | 2.11.8 | see NOTES -\& VAES | 2.30 | 2.13.3 | -.Ve -.SH "NOTES" -.IX Header "NOTES" -Even though \s-1AVX512\s0 support was implemented in llvm 3.6, compilation of -assembly modules apparently requires explicit \-march flag. But then -compiler generates processor-specific code, which in turn contradicts -the mere idea of run-time switch execution facilitated by the variable -in question. Till the limitation is lifted, it's possible to work around -the problem by making build procedure use following script: -.PP -.Vb 2 -\& #!/bin/sh -\& exec clang \-no\-integrated\-as "$@" -.Ve -.PP -instead of real clang. In which case it doesn't matter which clang -version is used, as it is \s-1GNU\s0 assembler version that will be checked. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Not available. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 b/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 deleted file mode 100644 index 18c08554a47c..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_init_crypto.3 +++ /dev/null @@ -1,379 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_INIT_CRYPTO 3" -.TH OPENSSL_INIT_CRYPTO 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop \- OpenSSL initialisation and deinitialisation functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void OPENSSL_cleanup(void); -\& int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); -\& int OPENSSL_atexit(void (*handler)(void)); -\& void OPENSSL_thread_stop(void); -\& -\& OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); -\& int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, -\& const char* filename); -\& int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, -\& unsigned long flags); -\& int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, -\& const char* name); -\& void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -During normal operation OpenSSL (libcrypto) will allocate various resources at -start up that must, subsequently, be freed on close down of the library. -Additionally some resources are allocated on a per thread basis (if the -application is multi-threaded), and these resources must be freed prior to the -thread closing. -.PP -As of version 1.1.0 OpenSSL will automatically allocate all resources that it -needs so no explicit initialisation is required. Similarly it will also -automatically deinitialise as required. -.PP -However, there may be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The -function \fBOPENSSL_init_crypto()\fR can be used for this purpose for -libcrypto (see also \fBOPENSSL_init_ssl\fR\|(3) for the libssl -equivalent). -.PP -Numerous internal OpenSSL functions call \fBOPENSSL_init_crypto()\fR. -Therefore, in order to perform non-default initialisation, -\&\fBOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to -any other OpenSSL function calls. -.PP -The \fBopts\fR parameter specifies which aspects of libcrypto should be -initialised. Valid options are: -.IP "\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0" 4 -.IX Item "OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS" -Suppress automatic loading of the libcrypto error strings. This option is -not a default option. Once selected subsequent calls to -\&\fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0" 4 -.IX Item "OPENSSL_INIT_LOAD_CRYPTO_STRINGS" -Automatic loading of the libcrypto error strings. With this option the -library will automatically load the libcrypto error strings. -This option is a default option. Once selected subsequent calls to -\&\fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0" 4 -.IX Item "OPENSSL_INIT_ADD_ALL_CIPHERS" -With this option the library will automatically load and make available all -libcrypto ciphers. This option is a default option. Once selected subsequent -calls to \fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0" 4 -.IX Item "OPENSSL_INIT_ADD_ALL_DIGESTS" -With this option the library will automatically load and make available all -libcrypto digests. This option is a default option. Once selected subsequent -calls to \fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4 -.IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS" -With this option the library will suppress automatic loading of libcrypto -ciphers. This option is not a default option. Once selected subsequent -calls to \fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0" 4 -.IX Item "OPENSSL_INIT_NO_ADD_ALL_DIGESTS" -With this option the library will suppress automatic loading of libcrypto -digests. This option is not a default option. Once selected subsequent -calls to \fBOPENSSL_init_crypto()\fR with the option -\&\fB\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4 -.IX Item "OPENSSL_INIT_LOAD_CONFIG" -With this option an OpenSSL configuration file will be automatically loaded and -used by calling \fBOPENSSL_config()\fR. This is not a default option for libcrypto. -As of OpenSSL 1.1.1 this is a default option for libssl (see -\&\fBOPENSSL_init_ssl\fR\|(3) for further details about libssl initialisation). See the -description of \fBOPENSSL_INIT_new()\fR, below. -.IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4 -.IX Item "OPENSSL_INIT_NO_LOAD_CONFIG" -With this option the loading of OpenSSL configuration files will be suppressed. -It is the equivalent of calling \fBOPENSSL_no_config()\fR. This is not a default -option. -.IP "\s-1OPENSSL_INIT_ASYNC\s0" 4 -.IX Item "OPENSSL_INIT_ASYNC" -With this option the library with automatically initialise the libcrypto async -sub-library (see \fBASYNC_start_job\fR\|(3)). This is a default option. -.IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4 -.IX Item "OPENSSL_INIT_ENGINE_RDRAND" -With this option the library will automatically load and initialise the -\&\s-1RDRAND\s0 engine (if available). This not a default option. -.IP "\s-1OPENSSL_INIT_ENGINE_DYNAMIC\s0" 4 -.IX Item "OPENSSL_INIT_ENGINE_DYNAMIC" -With this option the library will automatically load and initialise the -dynamic engine. This not a default option. -.IP "\s-1OPENSSL_INIT_ENGINE_OPENSSL\s0" 4 -.IX Item "OPENSSL_INIT_ENGINE_OPENSSL" -With this option the library will automatically load and initialise the -openssl engine. This not a default option. -.IP "\s-1OPENSSL_INIT_ENGINE_CRYPTODEV\s0" 4 -.IX Item "OPENSSL_INIT_ENGINE_CRYPTODEV" -With this option the library will automatically load and initialise the -cryptodev engine (if available). This not a default option. -.IP "\s-1OPENSSL_INIT_ENGINE_CAPI\s0" 4 -.IX Item "OPENSSL_INIT_ENGINE_CAPI" -With this option the library will automatically load and initialise the -\&\s-1CAPI\s0 engine (if available). This not a default option. -.IP "\s-1OPENSSL_INIT_ENGINE_PADLOCK\s0" 4 -.IX Item "OPENSSL_INIT_ENGINE_PADLOCK" -With this option the library will automatically load and initialise the -padlock engine (if available). This not a default option. -.IP "\s-1OPENSSL_INIT_ENGINE_AFALG\s0" 4 -.IX Item "OPENSSL_INIT_ENGINE_AFALG" -With this option the library will automatically load and initialise the -\&\s-1AFALG\s0 engine. This not a default option. -.IP "\s-1OPENSSL_INIT_ENGINE_ALL_BUILTIN\s0" 4 -.IX Item "OPENSSL_INIT_ENGINE_ALL_BUILTIN" -With this option the library will automatically load and initialise all the -built in engines listed above with the exception of the openssl and afalg -engines. This not a default option. -.IP "\s-1OPENSSL_INIT_ATFORK\s0" 4 -.IX Item "OPENSSL_INIT_ATFORK" -With this option the library will register its fork handlers. -See \fBOPENSSL_fork_prepare\fR\|(3) for details. -.IP "\s-1OPENSSL_INIT_NO_ATEXIT\s0" 4 -.IX Item "OPENSSL_INIT_NO_ATEXIT" -By default OpenSSL will attempt to clean itself up when the process exits via an -\&\*(L"atexit\*(R" handler. Using this option suppresses that behaviour. This means that -the application will have to clean up OpenSSL explicitly using -\&\fBOPENSSL_cleanup()\fR. -.PP -Multiple options may be combined together in a single call to -\&\fBOPENSSL_init_crypto()\fR. For example: -.PP -.Vb 2 -\& OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS -\& | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); -.Ve -.PP -The \fBOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto -and libssl). All resources allocated by OpenSSL are freed. Typically there -should be no need to call this function directly as it is initiated -automatically on application exit. This is done via the standard C library -\&\fBatexit()\fR function. In the event that the application will close in a manner -that will not call the registered \fBatexit()\fR handlers then the application should -call \fBOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL -are discouraged from calling this function and should instead, typically, rely -on auto-deinitialisation. This is to avoid error conditions where both an -application and a library it depends on both use OpenSSL, and the library -deinitialises it before the application has finished using it. -.PP -Once \fBOPENSSL_cleanup()\fR has been called the library cannot be reinitialised. -Attempts to call \fBOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error -will be added to the error stack. Note that because initialisation has failed -OpenSSL error strings will not be available, only an error code. This code can -be put through the openssl errstr command line application to produce a human -readable error (see \fBerrstr\fR\|(1)). -.PP -The \fBOPENSSL_atexit()\fR function enables the registration of a -function to be called during \fBOPENSSL_cleanup()\fR. Stop handlers are -called after deinitialisation of resources local to a thread, but before other -process wide resources are freed. In the event that multiple stop handlers are -registered, no guarantees are made about the order of execution. -.PP -The \fBOPENSSL_thread_stop()\fR function deallocates resources associated -with the current thread. Typically this function will be called automatically by -the library when the thread exits. This should only be called directly if -resources should be freed at an earlier time, or under the circumstances -described in the \s-1NOTES\s0 section below. -.PP -The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with -\&\fBCONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the -\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR, \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR and -\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags. -The filename, application name, and flags can be customized by providing a -non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object. -The object can be allocated via \fB\fBOPENSSL_init_new()\fB\fR. -The \fB\fBOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a -non-default filename, which is copied and need not refer to persistent storage. -Similarly, \fBOPENSSL_INIT_set_config_appname()\fR can be used to specify a -non-default application name. -Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. -If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in -the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR -or indirectly \fBOPENSSL_init_ssl\fR\|(3). -The object can be released with \fBOPENSSL_INIT_free()\fR when done. -.SH "NOTES" -.IX Header "NOTES" -Resources local to a thread are deallocated automatically when the thread exits -(e.g. in a pthreads environment, when \fBpthread_exit()\fR is called). On Windows -platforms this is done in response to a \s-1DLL_THREAD_DETACH\s0 message being sent to -the libcrypto32.dll entry point. Some windows functions may cause threads to exit -without sending this message (for example \fBExitProcess()\fR). If the application -uses such functions, then the application must free up OpenSSL resources -directly via a call to \fBOPENSSL_thread_stop()\fR on each thread. Similarly this -message will also not be sent if OpenSSL is linked statically, and therefore -applications using static linking should also call \fBOPENSSL_thread_stop()\fR on each -thread. Additionally if OpenSSL is loaded dynamically via \fBLoadLibrary()\fR and the -threads are not destroyed until after \fBFreeLibrary()\fR is called then each thread -should call \fBOPENSSL_thread_stop()\fR prior to the \fBFreeLibrary()\fR call. -.PP -On Linux/Unix where OpenSSL has been loaded via \fBdlopen()\fR and the application is -multi-threaded and if \fBdlclose()\fR is subsequently called prior to the threads -being destroyed then OpenSSL will not be able to deallocate resources associated -with those threads. The application should either call \fBOPENSSL_thread_stop()\fR on -each thread prior to the \fBdlclose()\fR call, or alternatively the original \fBdlopen()\fR -call should use the \s-1RTLD_NODELETE\s0 flag (where available on the platform). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The functions OPENSSL_init_crypto, \fBOPENSSL_atexit()\fR and -\&\fBOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBOPENSSL_init_ssl\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBOPENSSL_init_crypto()\fR, \fBOPENSSL_cleanup()\fR, \fBOPENSSL_atexit()\fR, -\&\fBOPENSSL_thread_stop()\fR, \fBOPENSSL_INIT_new()\fR, \fBOPENSSL_INIT_set_config_appname()\fR -and \fBOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 b/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 deleted file mode 100644 index 349bbd3aae08..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_init_ssl.3 +++ /dev/null @@ -1,209 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_INIT_SSL 3" -.TH OPENSSL_INIT_SSL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OPENSSL_init_ssl \- OpenSSL (libssl and libcrypto) initialisation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -During normal operation OpenSSL (libssl and libcrypto) will allocate various -resources at start up that must, subsequently, be freed on close down of the -library. Additionally some resources are allocated on a per thread basis (if the -application is multi-threaded), and these resources must be freed prior to the -thread closing. -.PP -As of version 1.1.0 OpenSSL will automatically allocate all resources that it -needs so no explicit initialisation is required. Similarly it will also -automatically deinitialise as required. -.PP -However, there may be situations when explicit initialisation is desirable or -needed, for example when some non-default initialisation is required. The -function \fBOPENSSL_init_ssl()\fR can be used for this purpose. Calling -this function will explicitly initialise \s-1BOTH\s0 libcrypto and libssl. To -explicitly initialise \s-1ONLY\s0 libcrypto see the -\&\fBOPENSSL_init_crypto\fR\|(3) function. -.PP -Numerous internal OpenSSL functions call \fBOPENSSL_init_ssl()\fR. -Therefore, in order to perform non-default initialisation, -\&\fBOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to -any other OpenSSL function calls. -.PP -The \fBopts\fR parameter specifies which aspects of libssl and libcrypto should be -initialised. Valid options for libcrypto are described on the -\&\fBOPENSSL_init_crypto\fR\|(3) page. In addition to any libcrypto -specific option the following libssl options can also be used: -.IP "\s-1OPENSSL_INIT_NO_LOAD_SSL_STRINGS\s0" 4 -.IX Item "OPENSSL_INIT_NO_LOAD_SSL_STRINGS" -Suppress automatic loading of the libssl error strings. This option is -not a default option. Once selected subsequent calls to -\&\fBOPENSSL_init_ssl()\fR with the option -\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. -.IP "\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0" 4 -.IX Item "OPENSSL_INIT_LOAD_SSL_STRINGS" -Automatic loading of the libssl error strings. This option is a -default option. Once selected subsequent calls to -\&\fBOPENSSL_init_ssl()\fR with the option -\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. -.PP -\&\fBOPENSSL_init_ssl()\fR takes a \fBsettings\fR parameter which can be used to -set parameter values. See \fBOPENSSL_init_crypto\fR\|(3) for details. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The function \fBOPENSSL_init_ssl()\fR returns 1 on success or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBOPENSSL_init_crypto\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 deleted file mode 100644 index 8bd2a1e85a30..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_INSTRUMENT_BUS 3" -.TH OPENSSL_INSTRUMENT_BUS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OPENSSL_instrument_bus, OPENSSL_instrument_bus2 \- instrument references to memory bus -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 4 -\& #ifdef OPENSSL_CPUID_OBJ -\& size_t OPENSSL_instrument_bus(int *vector, size_t num); -\& size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max); -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -It was empirically found that timings of references to primary memory -are subject to irregular, apparently non-deterministic variations. The -subroutines in question instrument these references for purposes of -gathering randomness for random number generator. In order to make it -bus-bound a 'flush cache line' instruction is used between probes. In -addition probes are added to \fBvector\fR elements in atomic or -interlocked manner, which should contribute additional noise on -multi-processor systems. This also means that \fBvector[num]\fR should be -zeroed upon invocation (if you want to retrieve actual probe values). -.PP -\&\fBOPENSSL_instrument_bus()\fR performs \fBnum\fR probes and records the number of -oscillator cycles every probe took. -.PP -\&\fBOPENSSL_instrument_bus2()\fR on the other hand \fBaccumulates\fR consecutive -probes with the same value, i.e. in a way it records duration of -periods when probe values appeared deterministic. The subroutine -performs at most \fBmax\fR probes in attempt to fill the \fBvector[num]\fR, -with \fBmax\fR value of 0 meaning \*(L"as many as it takes.\*(R" -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Return value of 0 indicates that \s-1CPU\s0 is not capable of performing the -benchmark, either because oscillator counter or 'flush cache line' is -not available on current platform. For reference, on x86 'flush cache -line' was introduced with the \s-1SSE2\s0 extensions. -.PP -Otherwise number of recorded values is returned. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2011\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 deleted file mode 100644 index 6ae621919108..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 +++ /dev/null @@ -1,187 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3" -.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module \- add standard configuration modules -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void OPENSSL_load_builtin_modules(void); -\& void ASN1_add_oid_module(void); -\& void ENGINE_add_conf_module(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL -configuration modules to the internal list. They can then be used by the -OpenSSL configuration code. -.PP -\&\fBASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module. -.PP -\&\fBENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. -.SH "NOTES" -.IX Header "NOTES" -If the simple configuration function \fBOPENSSL_config()\fR is called then -\&\fBOPENSSL_load_builtin_modules()\fR is called automatically. -.PP -Applications which use the configuration functions directly will need to -call \fBOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other -configuration code. -.PP -Applications should call \fBOPENSSL_load_builtin_modules()\fR to load all -configuration modules instead of adding modules selectively: otherwise -functionality may be missing from the application if an when new -modules are added. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -None of the functions return a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_malloc.3 b/secure/lib/libcrypto/man/OPENSSL_malloc.3 deleted file mode 100644 index d4d9cc8b38ff..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_malloc.3 +++ /dev/null @@ -1,371 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_MALLOC 3" -.TH OPENSSL_MALLOC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OPENSSL_malloc_init, OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, OPENSSL_strdup, OPENSSL_strndup, OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, OPENSSL_hexstr2buf, OPENSSL_buf2hexstr, OPENSSL_hexchar2int, CRYPTO_strdup, CRYPTO_strndup, OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, CRYPTO_clear_realloc, CRYPTO_clear_free, CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, CRYPTO_get_alloc_counts, CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, OPENSSL_MALLOC_FAILURES, OPENSSL_MALLOC_FD \&\- Memory allocation functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int OPENSSL_malloc_init(void) -\& -\& void *OPENSSL_malloc(size_t num) -\& void *OPENSSL_zalloc(size_t num) -\& void *OPENSSL_realloc(void *addr, size_t num) -\& void OPENSSL_free(void *addr) -\& char *OPENSSL_strdup(const char *str) -\& char *OPENSSL_strndup(const char *str, size_t s) -\& size_t OPENSSL_strlcat(char *dst, const char *src, size_t size); -\& size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size); -\& void *OPENSSL_memdup(void *data, size_t s) -\& void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num) -\& void OPENSSL_clear_free(void *str, size_t num) -\& void OPENSSL_cleanse(void *ptr, size_t len); -\& -\& unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); -\& char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); -\& int OPENSSL_hexchar2int(unsigned char c); -\& -\& void *CRYPTO_malloc(size_t num, const char *file, int line) -\& void *CRYPTO_zalloc(size_t num, const char *file, int line) -\& void *CRYPTO_realloc(void *p, size_t num, const char *file, int line) -\& void CRYPTO_free(void *str, const char *, int) -\& char *CRYPTO_strdup(const char *p, const char *file, int line) -\& char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line) -\& void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, -\& const char *file, int line) -\& void CRYPTO_clear_free(void *str, size_t num, const char *, int) -\& -\& void CRYPTO_get_mem_functions( -\& void *(**m)(size_t, const char *, int), -\& void *(**r)(void *, size_t, const char *, int), -\& void (**f)(void *, const char *, int)) -\& int CRYPTO_set_mem_functions( -\& void *(*m)(size_t, const char *, int), -\& void *(*r)(void *, size_t, const char *, int), -\& void (*f)(void *, const char *, int)) -\& -\& void CRYPTO_get_alloc_counts(int *m, int *r, int *f) -\& -\& int CRYPTO_set_mem_debug(int onoff) -\& -\& env OPENSSL_MALLOC_FAILURES=... -\& env OPENSSL_MALLOC_FD=... -\& -\& int CRYPTO_mem_ctrl(int mode); -\& -\& int OPENSSL_mem_debug_push(const char *info) -\& int OPENSSL_mem_debug_pop(void); -\& -\& int CRYPTO_mem_debug_push(const char *info, const char *file, int line); -\& int CRYPTO_mem_debug_pop(void); -\& -\& int CRYPTO_mem_leaks(BIO *b); -\& int CRYPTO_mem_leaks_fp(FILE *fp); -\& int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), -\& void *u); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -OpenSSL memory allocation is handled by the \fBOPENSSL_xxx\fR \s-1API.\s0 These are -generally macro's that add the standard C \fB_\|_FILE_\|_\fR and \fB_\|_LINE_\|_\fR -parameters and call a lower-level \fBCRYPTO_xxx\fR \s-1API.\s0 -Some functions do not add those parameters, but exist for consistency. -.PP -\&\fBOPENSSL_malloc_init()\fR does nothing and does not need to be called. It is -included for compatibility with older versions of OpenSSL. -.PP -\&\fBOPENSSL_malloc()\fR, \fBOPENSSL_realloc()\fR, and \fBOPENSSL_free()\fR are like the -C \fBmalloc()\fR, \fBrealloc()\fR, and \fBfree()\fR functions. -\&\fBOPENSSL_zalloc()\fR calls \fBmemset()\fR to zero the memory before returning. -.PP -\&\fBOPENSSL_clear_realloc()\fR and \fBOPENSSL_clear_free()\fR should be used -when the buffer at \fBaddr\fR holds sensitive information. -The old buffer is filled with zero's by calling \fBOPENSSL_cleanse()\fR -before ultimately calling \fBOPENSSL_free()\fR. -.PP -\&\fBOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0's. -Use \fBOPENSSL_cleanse()\fR with care if the memory is a mapping of a file. -If the storage controller uses write compression, then its possible -that sensitive tail bytes will survive zeroization because the block of -zeros will be compressed. If the storage controller uses wear leveling, -then the old sensitive data will not be overwritten; rather, a block of -0's will be written at a new physical location. -.PP -\&\fBOPENSSL_strdup()\fR, \fBOPENSSL_strndup()\fR and \fBOPENSSL_memdup()\fR are like the -equivalent C functions, except that memory is allocated by calling the -\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. -.PP -\&\fBOPENSSL_strlcpy()\fR, -\&\fBOPENSSL_strlcat()\fR and \fBOPENSSL_strnlen()\fR are equivalents of the common C -library functions and are provided for portability. -.PP -\&\fBOPENSSL_hexstr2buf()\fR parses \fBstr\fR as a hex string and returns a -pointer to the parsed value. The memory is allocated by calling -\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. -If \fBlen\fR is not \s-1NULL,\s0 it is filled in with the output length. -Colons between two-character hex \*(L"bytes\*(R" are ignored. -An odd number of hex digits is an error. -.PP -\&\fBOPENSSL_buf2hexstr()\fR takes the specified buffer and length, and returns -a hex string for value, or \s-1NULL\s0 on error. -\&\fBBuffer\fR cannot be \s-1NULL\s0; if \fBlen\fR is 0 an empty string is returned. -.PP -\&\fBOPENSSL_hexchar2int()\fR converts a character to the hexadecimal equivalent, -or returns \-1 on error. -.PP -If no allocations have been done, it is possible to \*(L"swap out\*(R" the default -implementations for \fBOPENSSL_malloc()\fR, OPENSSL_realloc and \fBOPENSSL_free()\fR -and replace them with alternate versions (hooks). -\&\fBCRYPTO_get_mem_functions()\fR function fills in the given arguments with the -function pointers for the current implementations. -With \fBCRYPTO_set_mem_functions()\fR, you can specify a different set of functions. -If any of \fBm\fR, \fBr\fR, or \fBf\fR are \s-1NULL,\s0 then the function is not changed. -.PP -The default implementation can include some debugging capability (if enabled -at build-time). -This adds some overhead by keeping a list of all memory allocations, and -removes items from the list when they are free'd. -This is most useful for identifying memory leaks. -\&\fBCRYPTO_set_mem_debug()\fR turns this tracking on and off. In order to have -any effect, is must be called before any of the allocation functions -(e.g., \fBCRYPTO_malloc()\fR) are called, and is therefore normally one of the -first lines of \fBmain()\fR in an application. -\&\fBCRYPTO_mem_ctrl()\fR provides fine-grained control of memory leak tracking. -To enable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of -the \fB\s-1CRYPTO_MEM_CHECK_ON\s0\fR. -To disable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of -the \fB\s-1CRYPTO_MEM_CHECK_OFF\s0\fR. -.PP -While checking memory, it can be useful to store additional context -about what is being done. -For example, identifying the field names when parsing a complicated -data structure. -\&\fBOPENSSL_mem_debug_push()\fR (which calls \fBCRYPTO_mem_debug_push()\fR) -attachs an identifying string to the allocation stack. -This must be a global or other static string; it is not copied. -\&\fBOPENSSL_mem_debug_pop()\fR removes identifying state from the stack. -.PP -At the end of the program, calling \fBCRYPTO_mem_leaks()\fR or -\&\fBCRYPTO_mem_leaks_fp()\fR will report all \*(L"leaked\*(R" memory, writing it -to the specified \s-1BIO\s0 \fBb\fR or \s-1FILE\s0 \fBfp\fR. These functions return 1 if -there are no leaks, 0 if there are leaks and \-1 if an error occurred. -.PP -\&\fBCRYPTO_mem_leaks_cb()\fR does the same as \fBCRYPTO_mem_leaks()\fR, but instead -of writing to a given \s-1BIO,\s0 the callback function is called for each -output string with the string, length, and userdata \fBu\fR as the callback -parameters. -.PP -If the library is built with the \f(CW\*(C`crypto\-mdebug\*(C'\fR option, then one -function, \fBCRYPTO_get_alloc_counts()\fR, and two additional environment -variables, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR and \fB\s-1OPENSSL_MALLOC_FD\s0\fR, -are available. -.PP -The function \fBCRYPTO_get_alloc_counts()\fR fills in the number of times -each of \fBCRYPTO_malloc()\fR, \fBCRYPTO_realloc()\fR, and \fBCRYPTO_free()\fR have been -called, into the values pointed to by \fBmcount\fR, \fBrcount\fR, and \fBfcount\fR, -respectively. If a pointer is \s-1NULL,\s0 then the corresponding count is not stored. -.PP -The variable -\&\fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR controls how often allocations should fail. -It is a set of fields separated by semicolons, which each field is a count -(defaulting to zero) and an optional atsign and percentage (defaulting -to 100). If the count is zero, then it lasts forever. For example, -\&\f(CW\*(C`100;@25\*(C'\fR or \f(CW\*(C`100@0;0@25\*(C'\fR means the first 100 allocations pass, then all -other allocations (until the program exits or crashes) have a 25% chance of -failing. -.PP -If the variable \fB\s-1OPENSSL_MALLOC_FD\s0\fR is parsed as a positive integer, then -it is taken as an open file descriptor, and a record of all allocations is -written to that descriptor. If an allocation will fail, and the platform -supports it, then a backtrace will be written to the descriptor. This can -be useful because a malloc may fail but not be checked, and problems will -only occur later. The following example in classic shell syntax shows how -to use this (will not work on all platforms): -.PP -.Vb 5 -\& OPENSSL_MALLOC_FAILURES=\*(Aq200;@10\*(Aq -\& export OPENSSL_MALLOC_FAILURES -\& OPENSSL_MALLOC_FD=3 -\& export OPENSSL_MALLOC_FD -\& ...app invocation... 3>/tmp/log$$ -.Ve -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOPENSSL_malloc_init()\fR, \fBOPENSSL_free()\fR, \fBOPENSSL_clear_free()\fR -\&\fBCRYPTO_free()\fR, \fBCRYPTO_clear_free()\fR and \fBCRYPTO_get_mem_functions()\fR -return no value. -.PP -\&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_fp()\fR and \fBCRYPTO_mem_leaks_cb()\fR return 1 if -there are no leaks, 0 if there are leaks and \-1 if an error occurred. -.PP -\&\fBOPENSSL_malloc()\fR, \fBOPENSSL_zalloc()\fR, \fBOPENSSL_realloc()\fR, -\&\fBOPENSSL_clear_realloc()\fR, -\&\fBCRYPTO_malloc()\fR, \fBCRYPTO_zalloc()\fR, \fBCRYPTO_realloc()\fR, -\&\fBCRYPTO_clear_realloc()\fR, -\&\fBOPENSSL_buf2hexstr()\fR, \fBOPENSSL_hexstr2buf()\fR, -\&\fBOPENSSL_strdup()\fR, and \fBOPENSSL_strndup()\fR -return a pointer to allocated memory or \s-1NULL\s0 on error. -.PP -\&\fBCRYPTO_set_mem_functions()\fR and \fBCRYPTO_set_mem_debug()\fR -return 1 on success or 0 on failure (almost -always because allocations have already happened). -.PP -\&\fBCRYPTO_mem_ctrl()\fR returns \-1 if an error occurred, otherwise the -previous value of the mode. -.PP -\&\fBOPENSSL_mem_debug_push()\fR and \fBOPENSSL_mem_debug_pop()\fR -return 1 on success or 0 on failure. -.SH "NOTES" -.IX Header "NOTES" -While it's permitted to swap out only a few and not all the functions -with \fBCRYPTO_set_mem_functions()\fR, it's recommended to swap them all out -at once. \fIThis applies specially if OpenSSL was built with the -configuration option\fR \f(CW\*(C`crypto\-mdebug\*(C'\fR \fIenabled. In case, swapping out -only, say, the \f(BImalloc()\fI implementation is outright dangerous.\fR -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 b/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 deleted file mode 100644 index 032d205fd785..000000000000 --- a/secure/lib/libcrypto/man/OPENSSL_secure_malloc.3 +++ /dev/null @@ -1,260 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_SECURE_MALLOC 3" -.TH OPENSSL_SECURE_MALLOC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, CRYPTO_secure_free, OPENSSL_secure_clear_free, CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, CRYPTO_secure_used \- secure heap storage -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int CRYPTO_secure_malloc_init(size_t size, int minsize); -\& -\& int CRYPTO_secure_malloc_initialized(); -\& -\& int CRYPTO_secure_malloc_done(); -\& -\& void *OPENSSL_secure_malloc(size_t num); -\& void *CRYPTO_secure_malloc(size_t num, const char *file, int line); -\& -\& void *OPENSSL_secure_zalloc(size_t num); -\& void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); -\& -\& void OPENSSL_secure_free(void* ptr); -\& void CRYPTO_secure_free(void *ptr, const char *, int); -\& -\& void OPENSSL_secure_clear_free(void* ptr, size_t num); -\& void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int); -\& -\& size_t OPENSSL_secure_actual_size(const void *ptr); -\& -\& size_t CRYPTO_secure_used(); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -In order to help protect applications (particularly long-running servers) -from pointer overruns or underruns that could return arbitrary data from -the program's dynamic memory area, where keys and other sensitive -information might be stored, OpenSSL supports the concept of a \*(L"secure heap.\*(R" -The level and type of security guarantees depend on the operating system. -It is a good idea to review the code and see if it addresses your -threat model and concerns. -.PP -If a secure heap is used, then private key \fB\s-1BIGNUM\s0\fR values are stored there. -This protects long-term storage of private keys, but will not necessarily -put all intermediate values and computations there. -.PP -\&\fBCRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified -\&\f(CW\*(C`size\*(C'\fR in bytes. The \f(CW\*(C`minsize\*(C'\fR parameter is the minimum size to -allocate from the heap. Both \f(CW\*(C`size\*(C'\fR and \f(CW\*(C`minsize\*(C'\fR must be a power -of two. -.PP -\&\fBCRYPTO_secure_malloc_initialized()\fR indicates whether or not the secure -heap as been initialized and is available. -.PP -\&\fBCRYPTO_secure_malloc_done()\fR releases the heap and makes the memory unavailable -to the process if all secure memory has been freed. -It can take noticeably long to complete. -.PP -\&\fBOPENSSL_secure_malloc()\fR allocates \f(CW\*(C`num\*(C'\fR bytes from the heap. -If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to -calling \fBOPENSSL_malloc()\fR. -It is a macro that expands to -\&\fBCRYPTO_secure_malloc()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters. -.PP -\&\fBOPENSSL_secure_zalloc()\fR and \fBCRYPTO_secure_zalloc()\fR are like -\&\fBOPENSSL_secure_malloc()\fR and \fBCRYPTO_secure_malloc()\fR, respectively, -except that they call \fBmemset()\fR to zero the memory before returning. -.PP -\&\fBOPENSSL_secure_free()\fR releases the memory at \f(CW\*(C`ptr\*(C'\fR back to the heap. -It must be called with a value previously obtained from -\&\fBOPENSSL_secure_malloc()\fR. -If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to -calling \fBOPENSSL_free()\fR. -It exists for consistency with \fBOPENSSL_secure_malloc()\fR , and -is a macro that expands to \fBCRYPTO_secure_free()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR -and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters.. -.PP -\&\fBOPENSSL_secure_clear_free()\fR is similar to \fBOPENSSL_secure_free()\fR except -that it has an additional \f(CW\*(C`num\*(C'\fR parameter which is used to clear -the memory if it was not allocated from the secure heap. -If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to -calling \fBOPENSSL_clear_free()\fR. -.PP -\&\fBOPENSSL_secure_actual_size()\fR tells the actual size allocated to the -pointer; implementations may allocate more space than initially -requested, in order to \*(L"round up\*(R" and reduce secure heap fragmentation. -.PP -\&\fBCRYPTO_secure_used()\fR returns the number of bytes allocated in the -secure heap. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBCRYPTO_secure_malloc_init()\fR returns 0 on failure, 1 if successful, -and 2 if successful but the heap could not be protected by memory -mapping. -.PP -\&\fBCRYPTO_secure_malloc_initialized()\fR returns 1 if the secure heap is -available (that is, if \fBCRYPTO_secure_malloc_init()\fR has been called, -but \fBCRYPTO_secure_malloc_done()\fR has not been called or failed) or 0 if not. -.PP -\&\fBOPENSSL_secure_malloc()\fR and \fBOPENSSL_secure_zalloc()\fR return a pointer into -the secure heap of the requested size, or \f(CW\*(C`NULL\*(C'\fR if memory could not be -allocated. -.PP -\&\fBCRYPTO_secure_allocated()\fR returns 1 if the pointer is in the secure heap, or 0 if not. -.PP -\&\fBCRYPTO_secure_malloc_done()\fR returns 1 if the secure memory area is released, or 0 if not. -.PP -\&\fBOPENSSL_secure_free()\fR and \fBOPENSSL_secure_clear_free()\fR return no values. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBOPENSSL_malloc\fR\|(3), -\&\fBBN_new\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBOPENSSL_secure_clear_free()\fR function was added in OpenSSL 1.1.0g. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 b/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 deleted file mode 100644 index ea47f5858d9e..000000000000 --- a/secure/lib/libcrypto/man/OSSL_STORE_INFO.3 +++ /dev/null @@ -1,314 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OSSL_STORE_INFO 3" -.TH OSSL_STORE_INFO 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, OSSL_STORE_INFO_get1_CERT, OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL \- Functions to manipulate OSSL_STORE_INFO objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef struct ossl_store_info_st OSSL_STORE_INFO; -\& -\& int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info); -\& const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *store_info); -\& char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *store_info); -\& const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO -\& *store_info); -\& char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info); -\& EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info); -\& EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info); -\& EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info); -\& EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info); -\& X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info); -\& X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *store_info); -\& X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *store_info); -\& X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *store_info); -\& -\& const char *OSSL_STORE_INFO_type_string(int type); -\& -\& void OSSL_STORE_INFO_free(OSSL_STORE_INFO *store_info); -\& -\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); -\& int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); -\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params); -\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); -\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); -\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions are primarily useful for applications to retrieve -supported objects from \fB\s-1OSSL_STORE_INFO\s0\fR objects and for scheme specific -loaders to create \fB\s-1OSSL_STORE_INFO\s0\fR holders. -.SS "Types" -.IX Subsection "Types" -\&\fB\s-1OSSL_STORE_INFO\s0\fR is an opaque type that's just an intermediary holder for -the objects that have been retrieved by \fBOSSL_STORE_load()\fR and similar -functions. -Supported OpenSSL type object can be extracted using one of -\&\fBSTORE_INFO_get0_TYPE()\fR. -The life time of this extracted object is as long as the life time of -the \fB\s-1OSSL_STORE_INFO\s0\fR it was extracted from, so care should be taken not -to free the latter too early. -As an alternative, \fBSTORE_INFO_get1_TYPE()\fR extracts a duplicate (or the -same object with its reference count increased), which can be used -after the containing \fB\s-1OSSL_STORE_INFO\s0\fR has been freed. -The object returned by \fBSTORE_INFO_get1_TYPE()\fR must be freed separately -by the caller. -See \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 for more information on the types that are -supported. -.SS "Functions" -.IX Subsection "Functions" -\&\fBOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0 -type number for the object inside. -\&\fBSTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a -short string describing it. -.PP -\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, -\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, -\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all take a -\&\fB\s-1OSSL_STORE_INFO\s0\fR and return the held object of the appropriate OpenSSL -type provided that's what's held. -.PP -\&\fBOSSL_STORE_INFO_get1_NAME()\fR, \fBOSSL_STORE_INFO_get1_NAME_description()\fR, -\&\fBOSSL_STORE_INFO_get1_PARAMS()\fR, \fBOSSL_STORE_INFO_get1_PKEY()\fR, -\&\fBOSSL_STORE_INFO_get1_CERT()\fR and \fBOSSL_STORE_INFO_get1_CRL()\fR all take a -\&\fB\s-1OSSL_STORE_INFO\s0\fR and return a duplicate of the held object of the -appropriate OpenSSL type provided that's what's held. -.PP -\&\fBOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type. -.PP -\&\fBOSSL_STORE_INFO_new_NAME()\fR , \fBOSSL_STORE_INFO_new_PARAMS()\fR, -\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and -\&\fBOSSL_STORE_INFO_new_CRL()\fR create a \fB\s-1OSSL_STORE_INFO\s0\fR -object to hold the given input object. -Additionally, for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR` objects, -\&\fBOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra -description. -This description is meant to be human readable and should be used for -information printout. -.SH "SUPPORTED OBJECTS" -.IX Header "SUPPORTED OBJECTS" -Currently supported object types are: -.IP "\s-1OSSL_STORE_INFO_NAME\s0" 4 -.IX Item "OSSL_STORE_INFO_NAME" -A name is exactly that, a name. -It's like a name in a directory, but formatted as a complete \s-1URI.\s0 -For example, the path in \s-1URI\s0 \f(CW\*(C`file:/foo/bar/\*(C'\fR could include a file -named \f(CW\*(C`cookie.pem\*(C'\fR, and in that case, the returned \fB\s-1OSSL_STORE_INFO_NAME\s0\fR -object would have the \s-1URI\s0 \f(CW\*(C`file:/foo/bar/cookie.pem\*(C'\fR, which can be -used by the application to get the objects in that file. -This can be applied to all schemes that can somehow support a listing -of object URIs. -.Sp -For \f(CW\*(C`file:\*(C'\fR URIs that are used without the explicit scheme, the -returned name will be the path of each object, so if \f(CW\*(C`/foo/bar\*(C'\fR was -given and that path has the file \f(CW\*(C`cookie.pem\*(C'\fR, the name -\&\f(CW\*(C`/foo/bar/cookie.pem\*(C'\fR will be returned. -.Sp -The returned \s-1URI\s0 is considered canonical and must be unique and permanent -for the storage where the object (or collection of objects) resides. -Each loader is responsible for ensuring that it only returns canonical -URIs. -However, it's possible that certain schemes allow an object (or collection -thereof) to be reached with alternative URIs; just because one \s-1URI\s0 is -canonical doesn't mean that other variants can't be used. -.Sp -At the discretion of the loader that was used to get these names, an -extra description may be attached as well. -.IP "\s-1OSSL_STORE_INFO_PARAMS\s0" 4 -.IX Item "OSSL_STORE_INFO_PARAMS" -Key parameters. -.IP "\s-1OSSL_STORE_INFO_PKEY\s0" 4 -.IX Item "OSSL_STORE_INFO_PKEY" -A private/public key of some sort. -.IP "\s-1OSSL_STORE_INFO_CERT\s0" 4 -.IX Item "OSSL_STORE_INFO_CERT" -An X.509 certificate. -.IP "\s-1OSSL_STORE_INFO_CRL\s0" 4 -.IX Item "OSSL_STORE_INFO_CRL" -A X.509 certificate revocation list. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOSSL_STORE_INFO_get_type()\fR returns the \s-1STORE\s0 type number of the given -\&\fB\s-1OSSL_STORE_INFO\s0\fR. -There is no error value. -.PP -\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, -\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, -\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return -a pointer to the OpenSSL object on success, \s-1NULL\s0 otherwise. -.PP -\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, -\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, -\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return -a pointer to a duplicate of the OpenSSL object on success, \s-1NULL\s0 otherwise. -.PP -\&\fBOSSL_STORE_INFO_type_string()\fR returns a string on success, or \fB\s-1NULL\s0\fR on -failure. -.PP -\&\fBOSSL_STORE_INFO_new_NAME()\fR, \fBOSSL_STORE_INFO_new_PARAMS()\fR, -\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and -\&\fBOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR -pointer on success, or \fB\s-1NULL\s0\fR on failure. -.PP -\&\fBOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on -failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\s-1\fBOSSL_STORE_INFO\s0()\fR, \fBOSSL_STORE_INFO_get_type()\fR, \fBOSSL_STORE_INFO_get0_NAME()\fR, -\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, -\&\fBOSSL_STORE_INFO_get0_CERT()\fR, \fBOSSL_STORE_INFO_get0_CRL()\fR, -\&\fBOSSL_STORE_INFO_type_string()\fR, \fBOSSL_STORE_INFO_free()\fR, \fBOSSL_STORE_INFO_new_NAME()\fR, -\&\fBOSSL_STORE_INFO_new_PARAMS()\fR, \fBOSSL_STORE_INFO_new_PKEY()\fR, -\&\fBOSSL_STORE_INFO_new_CERT()\fR and \fBOSSL_STORE_INFO_new_CRL()\fR -were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 b/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 deleted file mode 100644 index 45b15c3a644a..000000000000 --- a/secure/lib/libcrypto/man/OSSL_STORE_LOADER.3 +++ /dev/null @@ -1,362 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OSSL_STORE_LOADER 3" -.TH OSSL_STORE_LOADER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, OSSL_STORE_close_fn \- Types and functions to manipulate, register and unregister STORE loaders for different URI schemes -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef struct ossl_store_loader_st OSSL_STORE_LOADER; -\& -\& OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); -\& const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER -\& *store_loader); -\& const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER -\& *store_loader); -\& -\& /* struct ossl_store_loader_ctx_st is defined differently by each loader */ -\& typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; -\& -\& typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri, -\& const UI_METHOD *ui_method, -\& void *ui_data); -\& int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader, -\& OSSL_STORE_open_fn store_open_function); -\& typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, -\& va_list args); -\& int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader, -\& OSSL_STORE_ctrl_fn store_ctrl_function); -\& typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); -\& int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, -\& OSSL_STORE_expect_fn expect_function); -\& typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, -\& OSSL_STORE_SEARCH *criteria); -\& int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, -\& OSSL_STORE_find_fn find_function); -\& typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, -\& UI_METHOD *ui_method, -\& void *ui_data); -\& int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *store_loader, -\& OSSL_STORE_load_fn store_load_function); -\& typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); -\& int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *store_loader, -\& OSSL_STORE_eof_fn store_eof_function); -\& typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); -\& int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *store_loader, -\& OSSL_STORE_error_fn store_error_function); -\& typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); -\& int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader, -\& OSSL_STORE_close_fn store_close_function); -\& void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader); -\& -\& int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); -\& OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions help applications and engines to create loaders for -schemes they support. -.SS "Types" -.IX Subsection "Types" -\&\fB\s-1OSSL_STORE_LOADER\s0\fR is the type to hold a loader. -It contains a scheme and the functions needed to implement -\&\fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR, \fBOSSL_STORE_error()\fR and -\&\fBOSSL_STORE_close()\fR for this scheme. -.PP -\&\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR is a type template, to be defined by each loader -using \fBstruct ossl_store_loader_ctx_st { ... }\fR. -.PP -\&\fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, \fBOSSL_STORE_expect_fn\fR, -\&\fBOSSL_STORE_find_fn\fR, \fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR, -and \fBOSSL_STORE_close_fn\fR -are the function pointer types used within a \s-1STORE\s0 loader. -The functions pointed at define the functionality of the given loader. -.IP "\fBOSSL_STORE_open_fn\fR" 4 -.IX Item "OSSL_STORE_open_fn" -This function takes a \s-1URI\s0 and is expected to interpret it in the best -manner possible according to the scheme the loader implements, it also -takes a \fB\s-1UI_METHOD\s0\fR and associated data, to be used any time -something needs to be prompted for. -Furthermore, this function is expected to initialize what needs to be -initialized, to create a private data store (\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR, see -above), and to return it. -If something goes wrong, this function is expected to return \s-1NULL.\s0 -.IP "\fBOSSL_STORE_ctrl_fn\fR" 4 -.IX Item "OSSL_STORE_ctrl_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer, a command number -\&\fBcmd\fR and a \fBva_list\fR \fBargs\fR and is used to manipulate loader -specific parameters. -.Sp -Loader specific command numbers must begin at \fB\s-1OSSL_STORE_C_CUSTOM_START\s0\fR. -Any number below that is reserved for future globally known command -numbers. -.Sp -This function is expected to return 1 on success, 0 on error. -.IP "\fBOSSL_STORE_expect_fn\fR" 4 -.IX Item "OSSL_STORE_expect_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1OSSL_STORE_INFO\s0\fR -identity \fBexpected\fR, and is used to tell the loader what object type is -expected. -\&\fBexpected\fR may be zero to signify that no specific object type is expected. -.Sp -This function is expected to return 1 on success, 0 on error. -.IP "\fBOSSL_STORE_find_fn\fR" 4 -.IX Item "OSSL_STORE_find_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR search criterion, and is used to tell the loader what -to search for. -.Sp -When called with the loader context being \fB\s-1NULL\s0\fR, this function is expected -to return 1 if the loader supports the criterion, otherwise 0. -.Sp -When called with the loader context being something other than \fB\s-1NULL\s0\fR, this -function is expected to return 1 on success, 0 on error. -.IP "\fBOSSL_STORE_load_fn\fR" 4 -.IX Item "OSSL_STORE_load_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1UI_METHOD\s0\fR -with associated data. -It's expected to load the next available data, mold it into a data -structure that can be wrapped in a \fB\s-1OSSL_STORE_INFO\s0\fR using one of the -\&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3) functions. -If no more data is available or an error occurs, this function is -expected to return \s-1NULL.\s0 -The \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_error_fn\fR functions must indicate if -it was in fact the end of data or if an error occurred. -.Sp -Note that this function retrieves \fIone\fR data item only. -.IP "\fBOSSL_STORE_eof_fn\fR" 4 -.IX Item "OSSL_STORE_eof_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to -return 1 to indicate that the end of available data has been reached. -It is otherwise expected to return 0. -.IP "\fBOSSL_STORE_error_fn\fR" 4 -.IX Item "OSSL_STORE_error_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to -return 1 to indicate that an error occurred in a previous call to the -\&\fBOSSL_STORE_load_fn\fR function. -It is otherwise expected to return 0. -.IP "\fBOSSL_STORE_close_fn\fR" 4 -.IX Item "OSSL_STORE_close_fn" -This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to -close or shut down what needs to be closed, and finally free the -contents of the \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer. -It returns 1 on success and 0 on error. -.SS "Functions" -.IX Subsection "Functions" -\&\fBOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR. -It takes an \fB\s-1ENGINE\s0\fR \fBe\fR and a string \fBscheme\fR. -\&\fBscheme\fR must \fIalways\fR be set. -Both \fBe\fR and \fBscheme\fR are used as is and must therefore be alive as -long as the created loader is. -.PP -\&\fBOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fBstore_loader\fR. -\&\fBOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fBstore_loader\fR. -.PP -\&\fBOSSL_STORE_LOADER_set_open()\fR sets the opener function for the -\&\fBstore_loader\fR. -.PP -\&\fBOSSL_STORE_LOADER_set_ctrl()\fR sets the control function for the -\&\fBstore_loader\fR. -.PP -\&\fBOSSL_STORE_LOADER_set_expect()\fR sets the expect function for the -\&\fBstore_loader\fR. -.PP -\&\fBOSSL_STORE_LOADER_set_load()\fR sets the loader function for the -\&\fBstore_loader\fR. -.PP -\&\fBOSSL_STORE_LOADER_set_eof()\fR sets the end of file checker function for the -\&\fBstore_loader\fR. -.PP -\&\fBOSSL_STORE_LOADER_set_close()\fR sets the closing function for the -\&\fBstore_loader\fR. -.PP -\&\fBOSSL_STORE_LOADER_free()\fR frees the given \fBstore_loader\fR. -.PP -\&\fBOSSL_STORE_register_loader()\fR register the given \fBstore_loader\fR and thereby -makes it available for use with \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, -\&\fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR. -.PP -\&\fBOSSL_STORE_unregister_loader()\fR unregister the store loader for the given -\&\fBscheme\fR. -.SH "NOTES" -.IX Header "NOTES" -The \fBfile:\fR scheme has built in support. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The functions with the types \fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, -\&\fBOSSL_STORE_expect_fn\fR, -\&\fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_close_fn\fR have the -same return values as \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_expect()\fR, -\&\fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR, respectively. -.PP -\&\fBOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success, -or \fB\s-1NULL\s0\fR on failure. -.PP -\&\fBOSSL_STORE_LOADER_set_open()\fR, \fBOSSL_STORE_LOADER_set_ctrl()\fR, -\&\fBOSSL_STORE_LOADER_set_load()\fR, \fBOSSL_STORE_LOADER_set_eof()\fR and -\&\fBOSSL_STORE_LOADER_set_close()\fR return 1 on success, or 0 on failure. -.PP -\&\fBOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure. -.PP -\&\fBOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success, -or \fB\s-1NULL\s0\fR on failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\s-1\fBOSSL_STORE_LOADER\s0()\fR, \s-1\fBOSSL_STORE_LOADER_CTX\s0()\fR, \fBOSSL_STORE_LOADER_new()\fR, -\&\fBOSSL_STORE_LOADER_set0_scheme()\fR, \fBOSSL_STORE_LOADER_set_open()\fR, -\&\fBOSSL_STORE_LOADER_set_ctrl()\fR, \fBOSSL_STORE_LOADER_set_load()\fR, -\&\fBOSSL_STORE_LOADER_set_eof()\fR, \fBOSSL_STORE_LOADER_set_close()\fR, -\&\fBOSSL_STORE_LOADER_free()\fR, \fBOSSL_STORE_register_loader()\fR, -\&\fBOSSL_STORE_unregister_loader()\fR, \fBOSSL_STORE_open_fn()\fR, \fBOSSL_STORE_ctrl_fn()\fR, -\&\fBOSSL_STORE_load_fn()\fR, \fBOSSL_STORE_eof_fn()\fR and \fBOSSL_STORE_close_fn()\fR -were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 b/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 deleted file mode 100644 index b707a97cd9be..000000000000 --- a/secure/lib/libcrypto/man/OSSL_STORE_SEARCH.3 +++ /dev/null @@ -1,300 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OSSL_STORE_SEARCH 3" -.TH OSSL_STORE_SEARCH 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name, OSSL_STORE_SEARCH_by_issuer_serial, OSSL_STORE_SEARCH_by_key_fingerprint, OSSL_STORE_SEARCH_by_alias, OSSL_STORE_SEARCH_free, OSSL_STORE_SEARCH_get_type, OSSL_STORE_SEARCH_get0_name, OSSL_STORE_SEARCH_get0_serial, OSSL_STORE_SEARCH_get0_bytes, OSSL_STORE_SEARCH_get0_string, OSSL_STORE_SEARCH_get0_digest \&\- Type and functions to create OSSL_STORE search criteria -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef struct ossl_store_search_st OSSL_STORE_SEARCH; -\& -\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); -\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, -\& const ASN1_INTEGER -\& *serial); -\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, -\& const unsigned char -\& *bytes, int len); -\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); -\& -\& void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); -\& -\& int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); -\& X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); -\& const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH -\& *criterion); -\& const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH -\& *criterion, size_t *length); -\& const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); -\& const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH -\& *criterion); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions are used to specify search criteria to help search for specific -objects through other names than just the \s-1URI\s0 that's given to \fBOSSL_STORE_open()\fR. -For example, this can be useful for an application that has received a \s-1URI\s0 -and then wants to add on search criteria in a uniform and supported manner. -.SS "Types" -.IX Subsection "Types" -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR is an opaque type that holds the constructed search -criterion, and that can be given to an \s-1OSSL_STORE\s0 context with -\&\fBOSSL_STORE_find()\fR. -.PP -The calling application owns the allocation of an \fB\s-1OSSL_STORE_SEARCH\s0\fR at all -times, and should therefore be careful not to deallocate it before -\&\fBOSSL_STORE_close()\fR has been called for the \s-1OSSL_STORE\s0 context it was given -to. -.SS "Application Functions" -.IX Subsection "Application Functions" -\&\fBOSSL_STORE_SEARCH_by_name()\fR, -\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, -\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, -and \fBOSSL_STORE_SEARCH_by_alias()\fR -are used to create an \fB\s-1OSSL_STORE_SEARCH\s0\fR from a subject name, an issuer name -and serial number pair, a key fingerprint, and an alias (for example a friendly -name). -The parameters that are provided are not copied, only referred to in a -criterion, so they must have at least the same life time as the created -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. -.PP -\&\fBOSSL_STORE_SEARCH_free()\fR is used to free the \fB\s-1OSSL_STORE_SEARCH\s0\fR. -.SS "Loader Functions" -.IX Subsection "Loader Functions" -\&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type for the given -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. -.PP -\&\fBOSSL_STORE_SEARCH_get0_name()\fR, \fBOSSL_STORE_SEARCH_get0_serial()\fR, -\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, \fBOSSL_STORE_SEARCH_get0_string()\fR, -and \fBOSSL_STORE_SEARCH_get0_digest()\fR -are used to retrieve different data from a \fB\s-1OSSL_STORE_SEARCH\s0\fR, as -available for each type. -For more information, see \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 below. -.SH "SUPPORTED CRITERION TYPES" -.IX Header "SUPPORTED CRITERION TYPES" -Currently supported criterion types are: -.IP "\s-1OSSL_STORE_SEARCH_BY_NAME\s0" 4 -.IX Item "OSSL_STORE_SEARCH_BY_NAME" -This criterion supports a search by exact match of subject name. -The subject name itself is a \fBX509_NAME\fR pointer. -A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_name()\fR, -and the actual subject name is retrieved with \fBOSSL_STORE_SEARCH_get0_name()\fR. -.IP "\s-1OSSL_STORE_SEARCH_BY_ISSUER_SERIAL\s0" 4 -.IX Item "OSSL_STORE_SEARCH_BY_ISSUER_SERIAL" -This criterion supports a search by exact match of both issuer name and serial -number. -The issuer name itself is a \fBX509_NAME\fR pointer, and the serial number is -a \fB\s-1ASN1_INTEGER\s0\fR pointer. -A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_issuer_serial()\fR -and the actual issuer name and serial number are retrieved with -\&\fBOSSL_STORE_SEARCH_get0_name()\fR and \fBOSSL_STORE_SEARCH_get0_serial()\fR. -.IP "\s-1OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT\s0" 4 -.IX Item "OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT" -This criterion supports a search by exact match of key fingerprint. -The key fingerprint in itself is a string of bytes and its length, as -well as the algorithm that was used to compute the fingerprint. -The digest may be left unspecified (\s-1NULL\s0), and in that case, the -loader has to decide on a default digest and compare fingerprints -accordingly. -A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR -and the actual fingerprint and its length can be retrieved with -\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR. -The digest can be retrieved with \fBOSSL_STORE_SEARCH_get0_digest()\fR. -.IP "\s-1OSSL_STORE_SEARCH_BY_ALIAS\s0" 4 -.IX Item "OSSL_STORE_SEARCH_BY_ALIAS" -This criterion supports a search by match of an alias of some kind. -The alias in itself is a simple C string. -A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_alias()\fR -and the actual alias is retrieved with \fBOSSL_STORE_SEARCH_get0_string()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOSSL_STORE_SEARCH_by_name()\fR, -\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, -\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, -and \fBOSSL_STORE_SEARCH_by_alias()\fR -return a \fB\s-1OSSL_STORE_SEARCH\s0\fR pointer on success, or \fB\s-1NULL\s0\fR on failure. -.PP -\&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. -There is no error value. -.PP -\&\fBOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success, -or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. -.PP -\&\fBOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success, -or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. -.PP -\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and -sets \fB*length\fR to the strings length on success, or \fB\s-1NULL\s0\fR when the given -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. -.PP -\&\fBOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success, -or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. -.PP -\&\fBOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer. -\&\fB\s-1NULL\s0\fR is a valid value and means that the store loader default will -be used when applicable. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBossl_store\fR\|(7), \fBOSSL_STORE_supports_search\fR\|(3), \fBOSSL_STORE_find\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fB\s-1OSSL_STORE_SEARCH\s0\fR, -\&\fBOSSL_STORE_SEARCH_by_name()\fR, -\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, -\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, -\&\fBOSSL_STORE_SEARCH_by_alias()\fR, -\&\fBOSSL_STORE_SEARCH_free()\fR, -\&\fBOSSL_STORE_SEARCH_get_type()\fR, -\&\fBOSSL_STORE_SEARCH_get0_name()\fR, -\&\fBOSSL_STORE_SEARCH_get0_serial()\fR, -\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, -and \fBOSSL_STORE_SEARCH_get0_string()\fR -were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OSSL_STORE_expect.3 b/secure/lib/libcrypto/man/OSSL_STORE_expect.3 deleted file mode 100644 index 3a6ae5f85a79..000000000000 --- a/secure/lib/libcrypto/man/OSSL_STORE_expect.3 +++ /dev/null @@ -1,206 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OSSL_STORE_EXPECT 3" -.TH OSSL_STORE_EXPECT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OSSL_STORE_expect, OSSL_STORE_supports_search, OSSL_STORE_find \&\- Specify what object type is expected -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); -\& -\& int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int criterion_type); -\& -\& int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBOSSL_STORE_expect()\fR helps applications filter what \fBOSSL_STORE_load()\fR returns -by specifying a \fB\s-1OSSL_STORE_INFO\s0\fR type. -For example, if \f(CW\*(C`file:/foo/bar/store.pem\*(C'\fR contains several different objects -and only the certificates are interesting, the application can simply say -that it expects the type \fB\s-1OSSL_STORE_INFO_CERT\s0\fR. -All known object types (see \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3)) -except for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR are supported. -.PP -\&\fBOSSL_STORE_find()\fR helps applications specify a criterion for a more fine -grained search of objects. -.PP -\&\fBOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0 -context supports the given search type. -See \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 in \s-1OSSL_STORE_SEARCH\s0 for information on the -supported search criterion types. -.PP -\&\fBOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first -\&\fBOSSL_STORE_load()\fR of a given session, or they will fail. -.SH "NOTES" -.IX Header "NOTES" -If a more elaborate filter is required by the application, a better choice -would be to use a post-processing function. -See \fBOSSL_STORE_open\fR\|(3) for more information. -.PP -However, some loaders may take advantage of the knowledge of an expected type -to make object retrieval more efficient, so if a single type is expected, this -method is usually preferable. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOSSL_STORE_expect()\fR returns 1 on success, or 0 on failure. -.PP -\&\fBOSSL_STORE_supports_search()\fR returns 1 if the criterion is supported, or 0 -otherwise. -.PP -\&\fBOSSL_STORE_find()\fR returns 1 on success, or 0 on failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3), -\&\fBOSSL_STORE_load\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBOSSL_STORE_expect()\fR, \fBOSSL_STORE_supports_search()\fR and \fBOSSL_STORE_find()\fR -were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OSSL_STORE_open.3 b/secure/lib/libcrypto/man/OSSL_STORE_open.3 deleted file mode 100644 index b69fe039e421..000000000000 --- a/secure/lib/libcrypto/man/OSSL_STORE_open.3 +++ /dev/null @@ -1,281 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OSSL_STORE_OPEN 3" -.TH OSSL_STORE_OPEN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, OSSL_STORE_close \- Types and functions to read objects from a URI -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef struct ossl_store_ctx_st OSSL_STORE_CTX; -\& -\& typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, -\& void *); -\& -\& OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, -\& void *ui_data, -\& OSSL_STORE_post_process_info_fn post_process, -\& void *post_process_data); -\& int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); -\& OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); -\& int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); -\& int OSSL_STORE_error(OSSL_STORE_CTX *ctx); -\& int OSSL_STORE_close(OSSL_STORE_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions help the application to fetch supported objects (see -\&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3) for information on which those are) -from a given \s-1URI\s0 (see \*(L"\s-1SUPPORTED SCHEMES\*(R"\s0 for more information on -the supported \s-1URI\s0 schemes). -The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fBOSSL_STORE_open()\fR, -read each available and supported object using \fBOSSL_STORE_load()\fR as long as -\&\fBOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fBOSSL_STORE_close()\fR. -.PP -The retrieved information is stored in a \fB\s-1OSSL_STORE_INFO\s0\fR, which is further -described in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3). -.SS "Types" -.IX Subsection "Types" -\&\fB\s-1OSSL_STORE_CTX\s0\fR is a context variable that holds all the internal -information for \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and -\&\fBOSSL_STORE_close()\fR to work together. -.SS "Functions" -.IX Subsection "Functions" -\&\fBOSSL_STORE_open()\fR takes a uri or path \fBuri\fR, password \s-1UI\s0 method -\&\fBui_method\fR with associated data \fBui_data\fR, and post processing -callback \fBpost_process\fR with associated data \fBpost_process_data\fR, -opens a channel to the data located at that \s-1URI\s0 and returns a -\&\fB\s-1OSSL_STORE_CTX\s0\fR with all necessary internal information. -The given \fBui_method\fR and \fBui_data_data\fR will be reused by all -functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed. -The given \fBpost_process\fR and \fBpost_process_data\fR will be reused by -\&\fBOSSL_STORE_load()\fR to manipulate or drop the value to be returned. -The \fBpost_process\fR function drops values by returning \fB\s-1NULL\s0\fR, which -will cause \fBOSSL_STORE_load()\fR to start its process over with loading -the next object, until \fBpost_process\fR returns something other than -\&\fB\s-1NULL\s0\fR, or the end of data is reached as indicated by \fBOSSL_STORE_eof()\fR. -.PP -\&\fBOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fBcmd\fR and -more arguments not specified here. -The available loader specific command numbers and arguments they each -take depends on the loader that's used and is documented together with -that loader. -.PP -There are also global controls available: -.IP "\fB\s-1OSSL_STORE_C_USE_SECMEM\s0\fR" 4 -.IX Item "OSSL_STORE_C_USE_SECMEM" -Controls if the loader should attempt to use secure memory for any -allocated \fB\s-1OSSL_STORE_INFO\s0\fR and its contents. -This control expects one argument, a pointer to an \fBint\fR that is expected to -have the value 1 (yes) or 0 (no). -Any other value is an error. -.PP -\&\fBOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, tries to load the next available -object and return it wrapped with \fB\s-1OSSL_STORE_INFO\s0\fR. -.PP -\&\fBOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end -of data. -.PP -\&\fBOSSL_STORE_error()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if an error occurred in -the last \fBOSSL_STORE_load()\fR call. -Note that it may still be meaningful to try and load more objects, unless -\&\fBOSSL_STORE_eof()\fR shows that the end of data has been reached. -.PP -\&\fBOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened -by \fBOSSL_STORE_open()\fR and frees all other information that was stored in the -\&\fB\s-1OSSL_STORE_CTX\s0\fR, as well as the \fB\s-1OSSL_STORE_CTX\s0\fR itself. -.SH "SUPPORTED SCHEMES" -.IX Header "SUPPORTED SCHEMES" -The basic supported scheme is \fBfile:\fR. -Any other scheme can be added dynamically, using -\&\fBOSSL_STORE_register_loader()\fR. -.SH "NOTES" -.IX Header "NOTES" -A string without a scheme prefix (that is, a non-URI string) is -implicitly interpreted as using the \fIfile:\fR scheme. -.PP -There are some tools that can be used together with -\&\fBOSSL_STORE_open()\fR to determine if any failure is caused by an unparsable -\&\s-1URI,\s0 or if it's a different error (such as memory allocation -failures); if the \s-1URI\s0 was parsable but the scheme unregistered, the -top error will have the reason \f(CW\*(C`OSSL_STORE_R_UNREGISTERED_SCHEME\*(C'\fR. -.PP -These functions make no direct assumption regarding the pass phrase received -from the password callback. -The loaders may make assumptions, however. -For example, the \fBfile:\fR scheme loader inherits the assumptions made by -OpenSSL functionality that handles the different file types; this is mostly -relevant for PKCS#12 objects. -See \fBpassphrase\-encoding\fR\|(7) for further information. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or -\&\fB\s-1NULL\s0\fR on failure. -.PP -\&\fBOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or -\&\fB\s-1NULL\s0\fR on error or when end of data is reached. -Use \fBOSSL_STORE_error()\fR and \fBOSSL_STORE_eof()\fR to determine the meaning of a -returned \fB\s-1NULL\s0\fR. -.PP -\&\fBOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise -0. -.PP -\&\fBOSSL_STORE_error()\fR returns 1 if an error occurred in an \fBOSSL_STORE_load()\fR call, -otherwise 0. -.PP -\&\fBOSSL_STORE_ctrl()\fR and \fBOSSL_STORE_close()\fR returns 1 on success, or 0 on failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3), -\&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -\&\s-1\fBOSSL_STORE_CTX\s0()\fR, \fBOSSL_STORE_post_process_info_fn()\fR, \fBOSSL_STORE_open()\fR, -\&\fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR -were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 deleted file mode 100644 index 262ded0944e8..000000000000 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ /dev/null @@ -1,195 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3" -.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup \- add algorithms to internal table -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -.Ve -.PP -Deprecated: -.PP -.Vb 4 -\& # if OPENSSL_API_COMPAT < 0x10100000L -\& void OpenSSL_add_all_algorithms(void); -\& void OpenSSL_add_all_ciphers(void); -\& void OpenSSL_add_all_digests(void); -\& -\& void EVP_cleanup(void) -\&# endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -OpenSSL keeps an internal table of digest algorithms and ciphers. It uses -this table to lookup ciphers via functions such as \fBEVP_get_cipher_byname()\fR. -.PP -\&\fBOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. -.PP -\&\fBOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and -ciphers). -.PP -\&\fBOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including -password based encryption algorithms. -.PP -In versions prior to 1.1.0 \fBEVP_cleanup()\fR removed all ciphers and digests from -the table. It no longer has any effect in OpenSSL 1.1.0. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -None of the functions return a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), \fBEVP_DigestInit\fR\|(3), -\&\fBEVP_EncryptInit\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBOpenSSL_add_all_algorithms()\fR, \fBOpenSSL_add_all_ciphers()\fR, -\&\fBOpenSSL_add_all_digests()\fR, and \fBEVP_cleanup()\fR, functions -were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR and should -not be used. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 b/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 deleted file mode 100644 index 08eb6eb4bbdc..000000000000 --- a/secure/lib/libcrypto/man/PEM_bytes_read_bio.3 +++ /dev/null @@ -1,216 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PEM_BYTES_READ_BIO 3" -.TH PEM_BYTES_READ_BIO 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PEM_bytes_read_bio, PEM_bytes_read_bio_secmem \- read a PEM\-encoded data structure from a BIO -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, -\& const char *name, BIO *bp, pem_password_cb *cb, -\& void *u); -\& int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, -\& const char *name, BIO *bp, pem_password_cb *cb, -\& void *u); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBPEM_bytes_read_bio()\fR reads PEM-formatted (\s-1RFC 1421\s0) data from the \s-1BIO\s0 -\&\fIbp\fR for the data type given in \fIname\fR (\s-1RSA PRIVATE KEY, CERTIFICATE,\s0 -etc.). If multiple PEM-encoded data structures are present in the same -stream, \fBPEM_bytes_read_bio()\fR will skip non-matching data types and -continue reading. Non-PEM data present in the stream may cause an -error. -.PP -The \s-1PEM\s0 header may indicate that the following data is encrypted; if so, -the data will be decrypted, waiting on user input to supply a passphrase -if needed. The password callback \fIcb\fR and rock \fIu\fR are used to obtain -the decryption passphrase, if applicable. -.PP -Some data types have compatibility aliases, such as a file containing -X509 \s-1CERTIFICATE\s0 matching a request for the deprecated type \s-1CERTIFICATE.\s0 -The actual type indicated by the file is returned in \fI*pnm\fR if \fIpnm\fR is -non-NULL. The caller must free the storage pointed to by \fI*pnm\fR. -.PP -The returned data is the DER-encoded form of the requested type, in -\&\fI*pdata\fR with length \fI*plen\fR. The caller must free the storage pointed -to by \fI*pdata\fR. -.PP -\&\fBPEM_bytes_read_bio_secmem()\fR is similar to \fBPEM_bytes_read_bio()\fR, but uses -memory from the secure heap for its temporary buffers and the storage -returned in \fI*pdata\fR and \fI*pnm\fR. Accordingly, the caller must use -\&\fBOPENSSL_secure_free()\fR to free that storage. -.SH "NOTES" -.IX Header "NOTES" -\&\fBPEM_bytes_read_bio_secmem()\fR only enforces that the secure heap is used for -storage allocated within the \s-1PEM\s0 processing stack. The \s-1BIO\s0 stack from -which input is read may also use temporary buffers, which are not necessarily -allocated from the secure heap. In cases where it is desirable to ensure -that the contents of the \s-1PEM\s0 file only appears in memory from the secure heap, -care is needed in generating the \s-1BIO\s0 passed as \fIbp\fR. In particular, the -use of \fBBIO_s_file()\fR indicates the use of the operating system stdio -functionality, which includes buffering as a feature; \fBBIO_s_fd()\fR is likely -to be more appropriate in such cases. -.PP -These functions make no assumption regarding the pass phrase received from the -password callback. -It will simply be treated as a byte sequence. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPEM_bytes_read_bio()\fR and \fBPEM_bytes_read_bio_secmem()\fR return 1 for success or -0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\s-1\fBPEM\s0\fR\|(3), -\&\fBPEM_read_bio_ex\fR\|(3), -\&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBPEM_bytes_read_bio_secmem()\fR was introduced in OpenSSL 1.1.1 -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PEM_read.3 b/secure/lib/libcrypto/man/PEM_read.3 deleted file mode 100644 index 3b8dbd89ac05..000000000000 --- a/secure/lib/libcrypto/man/PEM_read.3 +++ /dev/null @@ -1,263 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PEM_READ 3" -.TH PEM_READ 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PEM_write, PEM_write_bio, PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO \&\- PEM encoding routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int PEM_write(FILE *fp, const char *name, const char *header, -\& const unsigned char *data, long len) -\& int PEM_write_bio(BIO *bp, const char *name, const char *header, -\& const unsigned char *data, long len) -\& -\& int PEM_read(FILE *fp, char **name, char **header, -\& unsigned char **data, long *len); -\& int PEM_read_bio(BIO *bp, char **name, char **header, -\& unsigned char **data, long *len); -\& -\& int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo); -\& int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len, -\& pem_password_cb *cb, void *u); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions read and write PEM-encoded objects, using the \s-1PEM\s0 -type \fBname\fR, any additional \fBheader\fR information, and the raw -\&\fBdata\fR of length \fBlen\fR. -.PP -\&\s-1PEM\s0 is the term used for binary content encoding first defined in \s-1IETF -RFC 1421.\s0 The content is a series of base64\-encoded lines, surrounded -by begin/end markers each on their own line. For example: -.PP -.Vb 4 -\& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- -\& MIICdg.... -\& ... bhTQ== -\& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- -.Ve -.PP -Optional header line(s) may appear after the begin line, and their -existence depends on the type of object being written or read. -.PP -\&\fBPEM_write()\fR writes to the file \fBfp\fR, while \fBPEM_write_bio()\fR writes to -the \s-1BIO\s0 \fBbp\fR. The \fBname\fR is the name to use in the marker, the -\&\fBheader\fR is the header value or \s-1NULL,\s0 and \fBdata\fR and \fBlen\fR specify -the data and its length. -.PP -The final \fBdata\fR buffer is typically an \s-1ASN.1\s0 object which can be decoded with -the \fBd2i\fR function appropriate to the type \fBname\fR; see \fBd2i_X509\fR\|(3) -for examples. -.PP -\&\fBPEM_read()\fR reads from the file \fBfp\fR, while \fBPEM_read_bio()\fR reads -from the \s-1BIO\s0 \fBbp\fR. -Both skip any non-PEM data that precedes the start of the next \s-1PEM\s0 object. -When an object is successfully retrieved, the type name from the \*(L"\-\-\-\-BEGIN -\-\-\-\-\-\*(R" is returned via the \fBname\fR argument, any encapsulation headers -are returned in \fBheader\fR and the base64\-decoded content and its length are -returned via \fBdata\fR and \fBlen\fR respectively. -The \fBname\fR, \fBheader\fR and \fBdata\fR pointers are allocated via \fBOPENSSL_malloc()\fR -and should be freed by the caller via \fBOPENSSL_free()\fR when no longer needed. -.PP -\&\fBPEM_get_EVP_CIPHER_INFO()\fR can be used to determine the \fBdata\fR returned by -\&\fBPEM_read()\fR or \fBPEM_read_bio()\fR is encrypted and to retrieve the associated cipher -and \s-1IV.\s0 -The caller passes a pointer to structure of type \fB\s-1EVP_CIPHER_INFO\s0\fR via the -\&\fBcinfo\fR argument and the \fBheader\fR returned via \fBPEM_read()\fR or \fBPEM_read_bio()\fR. -If the call is successful 1 is returned and the cipher and \s-1IV\s0 are stored at the -address pointed to by \fBcinfo\fR. -When the header is malformed, or not supported or when the cipher is unknown -or some internal error happens 0 is returned. -This function is deprecated, see \fB\s-1NOTES\s0\fR below. -.PP -\&\fBPEM_do_header()\fR can then be used to decrypt the data if the header -indicates encryption. -The \fBcinfo\fR argument is a pointer to the structure initialized by the previous -call to \fBPEM_get_EVP_CIPHER_INFO()\fR. -The \fBdata\fR and \fBlen\fR arguments are those returned by the previous call to -\&\fBPEM_read()\fR or \fBPEM_read_bio()\fR. -The \fBcb\fR and \fBu\fR arguments make it possible to override the default password -prompt function as described in \fBPEM_read_PrivateKey\fR\|(3). -On successful completion the \fBdata\fR is decrypted in place, and \fBlen\fR is -updated to indicate the plaintext length. -This function is deprecated, see \fB\s-1NOTES\s0\fR below. -.PP -If the data is a priori known to not be encrypted, then neither \fBPEM_do_header()\fR -nor \fBPEM_get_EVP_CIPHER_INFO()\fR need be called. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPEM_read()\fR and \fBPEM_read_bio()\fR return 1 on success and 0 on failure, the latter -includes the case when no more \s-1PEM\s0 objects remain in the input file. -To distinguish end of file from more serious errors the caller must peek at the -error stack and check for \fB\s-1PEM_R_NO_START_LINE\s0\fR, which indicates that no more -\&\s-1PEM\s0 objects were found. See \fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_REASON\s0\fR\|(3). -.PP -\&\fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR return 1 on success, and 0 on -failure. -The \fBdata\fR is likely meaningless if these functions fail. -.SH "NOTES" -.IX Header "NOTES" -The \fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR functions are deprecated. -This is because the underlying \s-1PEM\s0 encryption format is obsolete, and should -be avoided. -It uses an encryption format with an OpenSSL-specific key-derivation function, -which employs \s-1MD5\s0 with an iteration count of 1! -Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 -v2.0 \s-1PBE.\s0 -See \fBPEM_write_PrivateKey\fR\|(3) and \fBd2i_PKCS8PrivateKey_bio\fR\|(3). -.PP -\&\fBPEM_do_header()\fR makes no assumption regarding the pass phrase received from the -password callback. -It will simply be treated as a byte sequence. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_LIB\s0\fR\|(3), -\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3), -\&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PEM_read_CMS.3 b/secure/lib/libcrypto/man/PEM_read_CMS.3 deleted file mode 100644 index 40005ae8c6b9..000000000000 --- a/secure/lib/libcrypto/man/PEM_read_CMS.3 +++ /dev/null @@ -1,199 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PEM_READ_CMS 3" -.TH PEM_READ_CMS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DECLARE_PEM_rw, PEM_read_CMS, PEM_read_bio_CMS, PEM_write_CMS, PEM_write_bio_CMS, PEM_write_DHxparams, PEM_write_bio_DHxparams, PEM_read_ECPKParameters, PEM_read_bio_ECPKParameters, PEM_write_ECPKParameters, PEM_write_bio_ECPKParameters, PEM_read_ECPrivateKey, PEM_write_ECPrivateKey, PEM_write_bio_ECPrivateKey, PEM_read_EC_PUBKEY, PEM_read_bio_EC_PUBKEY, PEM_write_EC_PUBKEY, PEM_write_bio_EC_PUBKEY, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_PKCS8, PEM_read_bio_PKCS8, PEM_write_PKCS8, PEM_write_bio_PKCS8, PEM_write_PKCS8_PRIV_KEY_INFO, PEM_read_bio_PKCS8_PRIV_KEY_INFO, PEM_read_PKCS8_PRIV_KEY_INFO, PEM_write_bio_PKCS8_PRIV_KEY_INFO, PEM_read_SSL_SESSION, PEM_read_bio_SSL_SESSION, PEM_write_SSL_SESSION, PEM_write_bio_SSL_SESSION \&\- PEM object encoding routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& DECLARE_PEM_rw(name, TYPE) -\& -\& TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u); -\& TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u); -\& int PEM_write_TYPE(FILE *fp, const TYPE *a); -\& int PEM_write_bio_TYPE(BIO *bp, const TYPE *a); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -In the description below, \fI\s-1TYPE\s0\fR is used -as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. -The macro \fBDECLARE_PEM_rw\fR expands to the set of declarations shown in -the next four lines of the synopsis. -.PP -These routines convert between local instances of \s-1ASN1\s0 datatypes and -the \s-1PEM\s0 encoding. For more information on the templates, see -\&\s-1\fBASN1_ITEM\s0\fR\|(3). For more information on the lower-level routines used -by the functions here, see \fBPEM_read\fR\|(3). -.PP -\&\fBPEM_read_TYPE()\fR reads a PEM-encoded object of \fI\s-1TYPE\s0\fR from the file \fBfp\fR -and returns it. The \fBcb\fR and \fBu\fR parameters are as described in -\&\fBpem_password_cb\fR\|(3). -.PP -\&\fBPEM_read_bio_TYPE()\fR is similar to \fBPEM_read_TYPE()\fR but reads from the \s-1BIO\s0 \fBbp\fR. -.PP -\&\fBPEM_write_TYPE()\fR writes the \s-1PEM\s0 encoding of the object \fBa\fR to the file \fBfp\fR. -.PP -\&\fBPEM_write_bio_TYPE()\fR similarly writes to the \s-1BIO\s0 \fBbp\fR. -.SH "NOTES" -.IX Header "NOTES" -These functions make no assumption regarding the pass phrase received from the -password callback. -It will simply be treated as a byte sequence. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPEM_read_TYPE()\fR and \fBPEM_read_bio_TYPE()\fR return a pointer to an allocated -object, which should be released by calling \fBTYPE_free()\fR, or \s-1NULL\s0 on error. -.PP -\&\fBPEM_write_TYPE()\fR and \fBPEM_write_bio_TYPE()\fR return the number of bytes written -or zero on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBPEM_read\fR\|(3), -\&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 b/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 deleted file mode 100644 index 675bfcce7eb5..000000000000 --- a/secure/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 +++ /dev/null @@ -1,613 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PEM_READ_BIO_PRIVATEKEY 3" -.TH PEM_READ_BIO_PRIVATEKEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -pem_password_cb, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7 \- PEM routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef int pem_password_cb(char *buf, int size, int rwflag, void *u); -\& -\& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, -\& pem_password_cb *cb, void *u); -\& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, -\& unsigned char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, -\& const EVP_CIPHER *enc, -\& unsigned char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, -\& unsigned char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& -\& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, -\& char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, -\& char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, -\& char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, -\& char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& -\& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, -\& pem_password_cb *cb, void *u); -\& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); -\& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x); -\& -\& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, -\& pem_password_cb *cb, void *u); -\& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, -\& unsigned char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, -\& unsigned char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& -\& RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, -\& pem_password_cb *cb, void *u); -\& RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x); -\& int PEM_write_RSAPublicKey(FILE *fp, RSA *x); -\& -\& RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x, -\& pem_password_cb *cb, void *u); -\& RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x); -\& int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x); -\& -\& DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x, -\& pem_password_cb *cb, void *u); -\& DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, -\& unsigned char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, -\& unsigned char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& -\& DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x, -\& pem_password_cb *cb, void *u); -\& DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); -\& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); -\& -\& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); -\& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); -\& int PEM_write_bio_DSAparams(BIO *bp, DSA *x); -\& int PEM_write_DSAparams(FILE *fp, DSA *x); -\& -\& DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); -\& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); -\& int PEM_write_bio_DHparams(BIO *bp, DH *x); -\& int PEM_write_DHparams(FILE *fp, DH *x); -\& -\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); -\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u); -\& int PEM_write_bio_X509(BIO *bp, X509 *x); -\& int PEM_write_X509(FILE *fp, X509 *x); -\& -\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); -\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); -\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x); -\& int PEM_write_X509_AUX(FILE *fp, X509 *x); -\& -\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, -\& pem_password_cb *cb, void *u); -\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x); -\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x); -\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x); -\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x); -\& -\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, -\& pem_password_cb *cb, void *u); -\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, -\& pem_password_cb *cb, void *u); -\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x); -\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x); -\& -\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u); -\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u); -\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x); -\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In -this sense \s-1PEM\s0 format is simply base64 encoded data surrounded -by header lines. -.PP -For more details about the meaning of arguments see the -\&\fB\s-1PEM FUNCTION ARGUMENTS\s0\fR section. -.PP -Each operation has four functions associated with it. For -brevity the term "\fB\s-1TYPE\s0\fR functions" will be used below to collectively -refer to the \fBPEM_read_bio_TYPE()\fR, \fBPEM_read_TYPE()\fR, -\&\fBPEM_write_bio_TYPE()\fR, and \fBPEM_write_TYPE()\fR functions. -.PP -The \fBPrivateKey\fR functions read or write a private key in \s-1PEM\s0 format using an -\&\s-1EVP_PKEY\s0 structure. The write routines use PKCS#8 private key format and are -equivalent to \fBPEM_write_bio_PKCS8PrivateKey()\fR.The read functions transparently -handle traditional and PKCS#8 format encrypted and unencrypted keys. -.PP -\&\fBPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the -\&\*(L"traditional\*(R" format with a simple private key marker and should only -be used for compatibility with legacy programs. -.PP -\&\fBPEM_write_bio_PKCS8PrivateKey()\fR and \fBPEM_write_PKCS8PrivateKey()\fR write a private -key in an \s-1EVP_PKEY\s0 structure in PKCS#8 EncryptedPrivateKeyInfo format using -PKCS#5 v2.0 password based encryption algorithms. The \fBcipher\fR argument -specifies the encryption algorithm to use: unlike some other \s-1PEM\s0 routines the -encryption is applied at the PKCS#8 level and not in the \s-1PEM\s0 headers. If -\&\fBcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo -structure is used instead. -.PP -\&\fBPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fBPEM_write_PKCS8PrivateKey_nid()\fR -also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however -it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm -to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the -corresponding \s-1OBJECT IDENTIFIER\s0 (see \s-1NOTES\s0 section). -.PP -The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 -structure. The public key is encoded as a SubjectPublicKeyInfo -structure. -.PP -The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an -\&\s-1RSA\s0 structure. The write routines uses traditional format. The read -routines handles the same formats as the \fBPrivateKey\fR -functions but an error occurs if the private key is not \s-1RSA.\s0 -.PP -The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an -\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey -structure. -.PP -The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using -an \s-1RSA\s0 structure. However the public key is encoded using a -SubjectPublicKeyInfo structure and an error occurs if the public -key is not \s-1RSA.\s0 -.PP -The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a -\&\s-1DSA\s0 structure. The write routines uses traditional format. The read -routines handles the same formats as the \fBPrivateKey\fR -functions but an error occurs if the private key is not \s-1DSA.\s0 -.PP -The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using -a \s-1DSA\s0 structure. The public key is encoded using a -SubjectPublicKeyInfo structure and an error occurs if the public -key is not \s-1DSA.\s0 -.PP -The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 -structure. The parameters are encoded using a Dss-Parms structure -as defined in \s-1RFC2459.\s0 -.PP -The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0 -structure. The parameters are encoded using a PKCS#3 DHparameter -structure. -.PP -The \fBX509\fR functions process an X509 certificate using an X509 -structure. They will also process a trusted X509 certificate but -any trust settings are discarded. -.PP -The \fBX509_AUX\fR functions process a trusted X509 certificate using -an X509 structure. -.PP -The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 -certificate request using an X509_REQ structure. The \fBX509_REQ\fR -write functions use \fB\s-1CERTIFICATE REQUEST\s0\fR in the header whereas -the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW CERTIFICATE REQUEST\s0\fR -(as required by some CAs). The \fBX509_REQ\fR read functions will -handle either form so there are no \fBX509_REQ_NEW\fR read functions. -.PP -The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL -structure. -.PP -The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0 -structure. -.SH "PEM FUNCTION ARGUMENTS" -.IX Header "PEM FUNCTION ARGUMENTS" -The \s-1PEM\s0 functions have many common arguments. -.PP -The \fBbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from -or write to. -.PP -The \fBfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to -read from or write to. -.PP -The \s-1PEM\s0 read functions all take an argument \fB\s-1TYPE\s0 **x\fR and return -a \fB\s-1TYPE\s0 *\fR pointer. Where \fB\s-1TYPE\s0\fR is whatever structure the function -uses. If \fBx\fR is \s-1NULL\s0 then the parameter is ignored. If \fBx\fR is not -\&\s-1NULL\s0 but \fB*x\fR is \s-1NULL\s0 then the structure returned will be written -to \fB*x\fR. If neither \fBx\fR nor \fB*x\fR is \s-1NULL\s0 then an attempt is made -to reuse the structure at \fB*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). -Irrespective of the value of \fBx\fR a pointer to the structure is always -returned (or \s-1NULL\s0 if an error occurred). -.PP -The \s-1PEM\s0 functions which write private keys take an \fBenc\fR parameter -which specifies the encryption algorithm to use, encryption is done -at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private -key is written in unencrypted form. -.PP -The \fBcb\fR argument is the callback to use when querying for the pass -phrase used for encrypted \s-1PEM\s0 structures (normally only private keys). -.PP -For the \s-1PEM\s0 write routines if the \fBkstr\fR parameter is not \s-1NULL\s0 then -\&\fBklen\fR bytes at \fBkstr\fR are used as the passphrase and \fBcb\fR is -ignored. -.PP -If the \fBcb\fR parameters is set to \s-1NULL\s0 and the \fBu\fR parameter is not -\&\s-1NULL\s0 then the \fBu\fR parameter is interpreted as a null terminated string -to use as the passphrase. If both \fBcb\fR and \fBu\fR are \s-1NULL\s0 then the -default callback routine is used which will typically prompt for the -passphrase on the current terminal with echoing turned off. -.PP -The default passphrase callback is sometimes inappropriate (for example -in a \s-1GUI\s0 application) so an alternative can be supplied. The callback -routine has the following form: -.PP -.Vb 1 -\& int cb(char *buf, int size, int rwflag, void *u); -.Ve -.PP -\&\fBbuf\fR is the buffer to write the passphrase to. \fBsize\fR is the maximum -length of the passphrase (i.e. the size of buf). \fBrwflag\fR is a flag -which is set to 0 when reading and 1 when writing. A typical routine -will ask the user to verify the passphrase (for example by prompting -for it twice) if \fBrwflag\fR is 1. The \fBu\fR parameter has the same -value as the \fBu\fR parameter passed to the \s-1PEM\s0 routine. It allows -arbitrary data to be passed to the callback by the application -(for example a window handle in a \s-1GUI\s0 application). The callback -\&\fBmust\fR return the number of characters in the passphrase or \-1 if -an error occurred. -.SH "NOTES" -.IX Header "NOTES" -The old \fBPrivateKey\fR write routines are retained for compatibility. -New applications should write private keys using the -\&\fBPEM_write_bio_PKCS8PrivateKey()\fR or \fBPEM_write_PKCS8PrivateKey()\fR routines -because they are more secure (they use an iteration count of 2048 whereas -the traditional routines use a count of 1) unless compatibility with older -versions of OpenSSL is important. -.PP -The \fBPrivateKey\fR read routines can be used in all applications because -they handle all formats transparently. -.PP -A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like -this: -.PP -.Vb 1 -\& X509 *x; -\& -\& PEM_read_bio_X509(bp, &x, 0, NULL); -.Ve -.PP -this is a bug because an attempt will be made to reuse the data at \fBx\fR -which is an uninitialised pointer. -.PP -These functions make no assumption regarding the pass phrase received from the -password callback. -It will simply be treated as a byte sequence. -.SH "PEM ENCRYPTION FORMAT" -.IX Header "PEM ENCRYPTION FORMAT" -These old \fBPrivateKey\fR routines use a non standard technique for encryption. -.PP -The private key (or other data) takes the following form: -.PP -.Vb 3 -\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- -\& Proc\-Type: 4,ENCRYPTED -\& DEK\-Info: DES\-EDE3\-CBC,3F17F5316E2BAC89 -\& -\& ...base64 encoded data... -\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- -.Ve -.PP -The line beginning with \fIProc-Type\fR contains the version and the -protection on the encapsulated data. The line beginning \fIDEK-Info\fR -contains two comma separated values: the encryption algorithm name as -used by \fBEVP_get_cipherbyname()\fR and an initialization vector used by the -cipher encoded as a set of hexadecimal digits. After those two lines is -the base64\-encoded encrypted data. -.PP -The encryption key is derived using \fBEVP_BytesToKey()\fR. The cipher's -initialization vector is passed to \fBEVP_BytesToKey()\fR as the \fBsalt\fR -parameter. Internally, \fB\s-1PKCS5_SALT_LEN\s0\fR bytes of the salt are used -(regardless of the size of the initialization vector). The user's -password is passed to \fBEVP_BytesToKey()\fR using the \fBdata\fR and \fBdatal\fR -parameters. Finally, the library uses an iteration count of 1 for -\&\fBEVP_BytesToKey()\fR. -.PP -The \fBkey\fR derived by \fBEVP_BytesToKey()\fR along with the original initialization -vector is then used to decrypt the encrypted data. The \fBiv\fR produced by -\&\fBEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to -the function. -.PP -The pseudo code to derive the key would look similar to: -.PP -.Vb 2 -\& EVP_CIPHER* cipher = EVP_des_ede3_cbc(); -\& EVP_MD* md = EVP_md5(); -\& -\& unsigned int nkey = EVP_CIPHER_key_length(cipher); -\& unsigned int niv = EVP_CIPHER_iv_length(cipher); -\& unsigned char key[nkey]; -\& unsigned char iv[niv]; -\& -\& memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv); -\& rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/); -\& if (rc != nkey) -\& /* Error */ -\& -\& /* On success, use key and iv to initialize the cipher */ -.Ve -.SH "BUGS" -.IX Header "BUGS" -The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse -an existing structure. Therefore the following: -.PP -.Vb 1 -\& PEM_read_bio_X509(bp, &x, 0, NULL); -.Ve -.PP -where \fBx\fR already contains a valid certificate, may not work, whereas: -.PP -.Vb 2 -\& X509_free(x); -\& x = PEM_read_bio_X509(bp, NULL, 0, NULL); -.Ve -.PP -is guaranteed to work. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The read routines return either a pointer to the structure read or \s-1NULL\s0 -if an error occurred. -.PP -The write routines return 1 for success or 0 for failure. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Although the \s-1PEM\s0 routines take several arguments in almost all applications -most of them are set to 0 or \s-1NULL.\s0 -.PP -Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 -.PP -.Vb 1 -\& X509 *x; -\& -\& x = PEM_read_bio_X509(bp, NULL, 0, NULL); -\& if (x == NULL) -\& /* Error */ -.Ve -.PP -Alternative method: -.PP -.Vb 1 -\& X509 *x = NULL; -\& -\& if (!PEM_read_bio_X509(bp, &x, 0, NULL)) -\& /* Error */ -.Ve -.PP -Write a certificate to a \s-1BIO:\s0 -.PP -.Vb 2 -\& if (!PEM_write_bio_X509(bp, x)) -\& /* Error */ -.Ve -.PP -Write a private key (using traditional format) to a \s-1BIO\s0 using -triple \s-1DES\s0 encryption, the pass phrase is prompted for: -.PP -.Vb 2 -\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) -\& /* Error */ -.Ve -.PP -Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple -\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R": -.PP -.Vb 3 -\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), -\& NULL, 0, 0, "hello")) -\& /* Error */ -.Ve -.PP -Read a private key from a \s-1BIO\s0 using a pass phrase callback: -.PP -.Vb 3 -\& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); -\& if (key == NULL) -\& /* Error */ -.Ve -.PP -Skeleton pass phrase callback: -.PP -.Vb 2 -\& int pass_cb(char *buf, int size, int rwflag, void *u) -\& { -\& -\& /* We\*(Aqd probably do something else if \*(Aqrwflag\*(Aq is 1 */ -\& printf("Enter pass phrase for \e"%s\e"\en", (char *)u); -\& -\& /* get pass phrase, length \*(Aqlen\*(Aq into \*(Aqtmp\*(Aq */ -\& char *tmp = "hello"; -\& if (tmp == NULL) /* An error occurred */ -\& return \-1; -\& -\& size_t len = strlen(tmp); -\& -\& if (len > size) -\& len = size; -\& memcpy(buf, tmp, len); -\& return len; -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_EncryptInit\fR\|(3), \fBEVP_BytesToKey\fR\|(3), -\&\fBpassphrase\-encoding\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The old Netscape certificate sequences were no longer documented -in OpenSSL 1.1.0; applications should use the \s-1PKCS7\s0 standard instead -as they will be formally deprecated in a future releases. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PEM_read_bio_ex.3 b/secure/lib/libcrypto/man/PEM_read_bio_ex.3 deleted file mode 100644 index f70f75118bc0..000000000000 --- a/secure/lib/libcrypto/man/PEM_read_bio_ex.3 +++ /dev/null @@ -1,199 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PEM_READ_BIO_EX 3" -.TH PEM_READ_BIO_EX 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, PEM_FLAG_ONLY_B64 \- read PEM format files with custom processing -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& #define PEM_FLAG_SECURE 0x1 -\& #define PEM_FLAG_EAY_COMPATIBLE 0x2 -\& #define PEM_FLAG_ONLY_B64 0x4 -\& int PEM_read_bio_ex(BIO *in, char **name, char **header, -\& unsigned char **data, long *len, unsigned int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBPEM_read_bio_ex()\fR reads in \s-1PEM\s0 formatted data from an input \s-1BIO,\s0 outputting -the name of the type of contained data, the header information regarding -the possibly encrypted data, and the binary data payload (after base64 decoding). -It should generally only be used to implement PEM_read_bio_\-family functions -for specific data types or other usage, but is exposed to allow greater flexibility -over how processing is performed, if needed. -.PP -If \s-1PEM_FLAG_SECURE\s0 is set, the intermediate buffers used to read in lines of -input are allocated from the secure heap. -.PP -If \s-1PEM_FLAG_EAY_COMPATIBLE\s0 is set, a simple algorithm is used to remove whitespace -and control characters from the end of each line, so as to be compatible with -the historical behavior of \fBPEM_read_bio()\fR. -.PP -If \s-1PEM_FLAG_ONLY_B64\s0 is set, all characters are required to be valid base64 -characters (or newlines); non\-base64 characters are treated as end of input. -.PP -If neither \s-1PEM_FLAG_EAY_COMPATIBLE\s0 or \s-1PEM_FLAG_ONLY_B64\s0 is set, control characters -are ignored. -.PP -If both \s-1PEM_FLAG_EAY_COMPATIBLE\s0 and \s-1PEM_FLAG_ONLY_B64\s0 are set, an error is returned; -these options are not compatible with each other. -.SH "NOTES" -.IX Header "NOTES" -The caller must release the storage allocated for *name, *header, and *data. -If \s-1PEM_FLAG_SECURE\s0 was set, use \fBOPENSSL_secure_free()\fR; otherwise, -\&\fBOPENSSL_free()\fR is used. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPEM_read_bio_ex()\fR returns 1 for success or 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\s-1\fBPEM\s0\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBPEM_read_bio_ex()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 deleted file mode 100644 index 19c4dab8d38a..000000000000 --- a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 +++ /dev/null @@ -1,180 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PEM_WRITE_BIO_CMS_STREAM 3" -.TH PEM_WRITE_BIO_CMS_STREAM 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. -.PP -It is otherwise identical to the function \fBSMIME_write_CMS()\fR. -.SH "NOTES" -.IX Header "NOTES" -This function is effectively a version of the \fBPEM_write_bio_CMS()\fR supporting -streaming. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), -\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) -\&\fBCMS_decrypt\fR\|(3), -\&\fBPEM_write\fR\|(3), -\&\fBSMIME_write_CMS\fR\|(3), -\&\fBi2d_CMS_bio_stream\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBPEM_write_bio_CMS_stream()\fR function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 deleted file mode 100644 index ec4423998dda..000000000000 --- a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 +++ /dev/null @@ -1,179 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3" -.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. -.PP -It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. -.SH "NOTES" -.IX Header "NOTES" -This function is effectively a version of the \fBPEM_write_bio_PKCS7()\fR supporting -streaming. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), -\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) -\&\fBPKCS7_decrypt\fR\|(3), -\&\fBSMIME_write_PKCS7\fR\|(3), -\&\fBi2d_PKCS7_bio_stream\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBPEM_write_bio_PKCS7_stream()\fR function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3 deleted file mode 100644 index 6bb17b22ac78..000000000000 --- a/secure/lib/libcrypto/man/PKCS12_create.3 +++ /dev/null @@ -1,217 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PKCS12_CREATE 3" -.TH PKCS12_CREATE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PKCS12_create \- create a PKCS#12 structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, -\& X509 *cert, STACK_OF(X509) *ca, -\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBPKCS12_create()\fR creates a PKCS#12 structure. -.PP -\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for -the supplied certificate and key. \fBpkey\fR is the private key to include in -the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR -is an optional set of certificates to also include in the structure. -.PP -\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used -for the key and certificate respectively. The modes -\&\s-1GCM, CCM, XTS,\s0 and \s-1OCB\s0 are unsupported. \fBiter\fR is the encryption algorithm -iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use. -\&\fBkeytype\fR is the type of key. -.SH "NOTES" -.IX Header "NOTES" -The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR -can all be set to zero and sensible defaults will be used. -.PP -These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 -encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 -(currently 2048) and a \s-1MAC\s0 iteration count of 1. -.PP -The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with -old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility -is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0 -.PP -\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension -that is only currently interpreted by \s-1MSIE.\s0 If set to zero the flag is omitted, -if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR -it can be used for signing and encryption. This option was useful for old -export grade software which could use signing only keys of arbitrary size but -had restrictions on the permissible sizes of keys which could be used for -encryption. -.PP -If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be -used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the -\&\s-1PKCS12\s0 structure. -.PP -Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or -certificate is required. In previous versions both had to be present or -a fatal error is returned. -.PP -\&\fBnid_key\fR or \fBnid_cert\fR can be set to \-1 indicating that no encryption -should be used. -.PP -\&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. -.PP -\&\fBPKCS12_create()\fR makes assumptions regarding the encoding of the given pass -phrase. -See \fBpassphrase\-encoding\fR\|(7) for more information. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_PKCS12\fR\|(3), -\&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PKCS12_newpass.3 b/secure/lib/libcrypto/man/PKCS12_newpass.3 deleted file mode 100644 index ee2f83dab2e1..000000000000 --- a/secure/lib/libcrypto/man/PKCS12_newpass.3 +++ /dev/null @@ -1,246 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PKCS12_NEWPASS 3" -.TH PKCS12_NEWPASS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PKCS12_newpass \- change the password of a PKCS12 structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBPKCS12_newpass()\fR changes the password of a \s-1PKCS12\s0 structure. -.PP -\&\fBp12\fR is a pointer to a \s-1PKCS12\s0 structure. \fBoldpass\fR is the existing password -and \fBnewpass\fR is the new password. -.SH "NOTES" -.IX Header "NOTES" -Each of \fBoldpass\fR and \fBnewpass\fR is independently interpreted as a string in -the \s-1UTF\-8\s0 encoding. If it is not valid \s-1UTF\-8,\s0 it is assumed to be \s-1ISO8859\-1\s0 -instead. -.PP -In particular, this means that passwords in the locale character set -(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before -use. This may include passwords from local text files, or input from -the terminal or command line. Refer to the documentation of -\&\fBUI_OpenSSL\fR\|(3), for example. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can -retrieve the most recent error from \fBPKCS12_newpass()\fR with \fBERR_get_error()\fR. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -This example loads a PKCS#12 file, changes its password and writes out -the result to a new file. -.PP -.Vb 5 -\& #include -\& #include -\& #include -\& #include -\& #include -\& -\& int main(int argc, char **argv) -\& { -\& FILE *fp; -\& PKCS12 *p12; -\& -\& if (argc != 5) { -\& fprintf(stderr, "Usage: pkread p12file password newpass opfile\en"); -\& return 1; -\& } -\& if ((fp = fopen(argv[1], "rb")) == NULL) { -\& fprintf(stderr, "Error opening file %s\en", argv[1]); -\& return 1; -\& } -\& p12 = d2i_PKCS12_fp(fp, NULL); -\& fclose(fp); -\& if (p12 == NULL) { -\& fprintf(stderr, "Error reading PKCS#12 file\en"); -\& ERR_print_errors_fp(stderr); -\& return 1; -\& } -\& if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { -\& fprintf(stderr, "Error changing password\en"); -\& ERR_print_errors_fp(stderr); -\& PKCS12_free(p12); -\& return 1; -\& } -\& if ((fp = fopen(argv[4], "wb")) == NULL) { -\& fprintf(stderr, "Error opening file %s\en", argv[4]); -\& PKCS12_free(p12); -\& return 1; -\& } -\& i2d_PKCS12_fp(fp, p12); -\& PKCS12_free(p12); -\& fclose(fp); -\& return 0; -\& } -.Ve -.SH "NOTES" -.IX Header "NOTES" -If the PKCS#12 structure does not have a password, then you must use the empty -string "" for \fBoldpass\fR. Using \s-1NULL\s0 for \fBoldpass\fR will result in a -\&\fBPKCS12_newpass()\fR failure. -.PP -If the wrong password is used for \fBoldpass\fR then the function will fail, -with a \s-1MAC\s0 verification error. In rare cases the \s-1PKCS12\s0 structure does not -contain a \s-1MAC:\s0 in this case it will usually fail with a decryption padding -error. -.SH "BUGS" -.IX Header "BUGS" -The password format is a \s-1NULL\s0 terminated \s-1ASCII\s0 string which is converted to -Unicode form internally. As a result some passwords cannot be supplied to -this function. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBPKCS12_create\fR\|(3), \fBERR_get_error\fR\|(3), -\&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 deleted file mode 100644 index b4859dffd6fd..000000000000 --- a/secure/lib/libcrypto/man/PKCS12_parse.3 +++ /dev/null @@ -1,203 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PKCS12_PARSE 3" -.TH PKCS12_PARSE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PKCS12_parse \- parse a PKCS#12 structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, -\& STACK_OF(X509) **ca); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. -.PP -\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. -If successful the private key will be written to \fB*pkey\fR, the corresponding -certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. -.SH "NOTES" -.IX Header "NOTES" -The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> in -which case additional certificates will be discarded. \fB*ca\fR can also be a -valid \s-1STACK\s0 in which case additional certificates are appended to \fB*ca\fR. If -\&\fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. -.PP -The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each -certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the -\&\fBX509\fR structure. -.PP -The parameter \fBpass\fR is interpreted as a string in the \s-1UTF\-8\s0 encoding. If it -is not valid \s-1UTF\-8,\s0 then it is assumed to be \s-1ISO8859\-1\s0 instead. -.PP -In particular, this means that passwords in the locale character set -(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before -use. This may include passwords from local text files, or input from -the terminal or command line. Refer to the documentation of -\&\fBUI_OpenSSL\fR\|(3), for example. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPKCS12_parse()\fR returns 1 for success and zero if an error occurred. -.PP -The error can be obtained from \fBERR_get_error\fR\|(3) -.SH "BUGS" -.IX Header "BUGS" -Only a single private key and corresponding certificate is returned by this -function. More complex PKCS#12 files with multiple private keys will only -return the first match. -.PP -Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in -certificates. Other attributes are discarded. -.PP -Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_PKCS12\fR\|(3), -\&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 b/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 deleted file mode 100644 index 6dad8bbcb7ea..000000000000 --- a/secure/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 +++ /dev/null @@ -1,208 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PKCS5_PBKDF2_HMAC 3" -.TH PKCS5_PBKDF2_HMAC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 \- password based derivation routines with salt and iteration count -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, -\& const unsigned char *salt, int saltlen, int iter, -\& const EVP_MD *digest, -\& int keylen, unsigned char *out); -\& -\& int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, -\& const unsigned char *salt, int saltlen, int iter, -\& int keylen, unsigned char *out); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count -as specified in \s-1RFC 2898.\s0 -.PP -\&\fBpass\fR is the password used in the derivation of length \fBpasslen\fR. \fBpass\fR -is an optional parameter and can be \s-1NULL.\s0 If \fBpasslen\fR is \-1, then the -function will calculate the length of \fBpass\fR using \fBstrlen()\fR. -.PP -\&\fBsalt\fR is the salt used in the derivation of length \fBsaltlen\fR. If the -\&\fBsalt\fR is \s-1NULL,\s0 then \fBsaltlen\fR must be 0. The function will not -attempt to calculate the length of the \fBsalt\fR because it is not assumed to -be \s-1NULL\s0 terminated. -.PP -\&\fBiter\fR is the iteration count and its value should be greater than or -equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any -\&\fBiter\fR less than 1 is treated as a single iteration. -.PP -\&\fBdigest\fR is the message digest function used in the derivation. Values include -any of the EVP_* message digests. \s-1\fBPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls -\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR with \fBEVP_sha1()\fR. -.PP -The derived key will be written to \fBout\fR. The size of the \fBout\fR buffer -is specified via \fBkeylen\fR. -.SH "NOTES" -.IX Header "NOTES" -A typical application of this function is to derive keying material for an -encryption algorithm from a password in the \fBpass\fR, a salt in \fBsalt\fR, -and an iteration count. -.PP -Increasing the \fBiter\fR parameter slows down the algorithm which makes it -harder for an attacker to perform a brute force attack using a large number -of candidate passwords. -.PP -These functions make no assumption regarding the given password. -It will simply be treated as a byte sequence. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fBPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), -\&\fBEVP_BytesToKey\fR\|(3), -\&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 deleted file mode 100644 index fe851a464d0c..000000000000 --- a/secure/lib/libcrypto/man/PKCS7_decrypt.3 +++ /dev/null @@ -1,187 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PKCS7_DECRYPT 3" -.TH PKCS7_DECRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData -structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the -recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and -\&\fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" -Although the recipients certificate is not needed to decrypt the data it is needed -to locate the appropriate (of possible several) recipients in the PKCS#7 structure. -.PP -The following flags can be passed in the \fBflags\fR parameter. -.PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted -from the content. If the content is not of type \fBtext/plain\fR then an error is -returned. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. -The error can be obtained from \fBERR_get_error\fR\|(3) -.SH "BUGS" -.IX Header "BUGS" -\&\fBPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would -be better if it could look up the correct key and certificate from a database. -.PP -The lack of single pass processing and need to hold all data in memory as -mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBPKCS7_encrypt\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 deleted file mode 100644 index 32925ae972bd..000000000000 --- a/secure/lib/libcrypto/man/PKCS7_encrypt.3 +++ /dev/null @@ -1,218 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PKCS7_ENCRYPT 3" -.TH PKCS7_ENCRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PKCS7_encrypt \- create a PKCS#7 envelopedData structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, -\& int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR -is a list of recipient certificates. \fBin\fR is the content to be encrypted. -\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" -Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient -certificates supplied to this function must all contain \s-1RSA\s0 public keys, though -they do not have to be signed using the \s-1RSA\s0 algorithm. -.PP -\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use -because most clients will support it. -.PP -Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 -bit \s-1RC2.\s0 These can be used by passing \fBEVP_rc2_40_cbc()\fR and \fBEVP_rc2_64_cbc()\fR -respectively. -.PP -The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of -its parameters. -.PP -Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME -envelopedData containing an S/MIME signed message. This can be readily produced -by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to -\&\fBPKCS7_encrypt()\fR. -.PP -The following flags can be passed in the \fBflags\fR parameter. -.PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are -prepended to the data. -.PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as -required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation -occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then -\&\fB\s-1PKCS7_TEXT\s0\fR is ignored. -.PP -If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output -suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. -.SH "NOTES" -.IX Header "NOTES" -If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR -complete and outputting its contents via a function that does not -properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable -results. -.PP -Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, -\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization -can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fBBIO_new_PKCS7()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. -The error can be obtained from \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBPKCS7_decrypt\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 deleted file mode 100644 index 68ff3757dc52..000000000000 --- a/secure/lib/libcrypto/man/PKCS7_sign.3 +++ /dev/null @@ -1,252 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PKCS7_SIGN 3" -.TH PKCS7_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PKCS7_sign \- create a PKCS#7 signedData structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, -\& BIO *data, int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is -the certificate to sign with, \fBpkey\fR is the corresponding private key. -\&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7 -structure (for example any intermediate CAs in the chain). -.PP -The data to be signed is read from \s-1BIO\s0 \fBdata\fR. -.PP -\&\fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" -Any of the following flags (ored together) can be passed in the \fBflags\fR -parameter. -.PP -Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If -the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended -to the data. -.PP -If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the -\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the -\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the -signers certificate can be obtained by other means: for example a previously -signed message. -.PP -The data being signed is included in the \s-1PKCS7\s0 structure, unless -\&\fB\s-1PKCS7_DETACHED\s0\fR is set in which case it is omitted. This is used for \s-1PKCS7\s0 -detached signatures which are used in S/MIME plaintext signed messages for -example. -.PP -Normally the supplied content is translated into \s-1MIME\s0 canonical format (as -required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation -occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. -.PP -The signedData structure includes several PKCS#7 authenticatedAttributes -including the signing time, the PKCS#7 content type and the supported list of -ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no -authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just -the SMIMECapabilities are omitted. -.PP -If present the SMIMECapabilities attribute indicates support for the following -algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of -these algorithms is disabled then it will not be included. -.PP -If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is -just initialized ready to perform the signing operation. The signing is however -\&\fBnot\fR performed and the data to be signed is not read from the \fBdata\fR -parameter. Signing is deferred until after the data has been written. In this -way data can be signed in a single pass. -.PP -If the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output to -which additional signers and capabilities can be added before finalization. -.SH "NOTES" -.IX Header "NOTES" -If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR -complete and outputting its contents via a function that does not properly -finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. -.PP -Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, -\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization -can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using -\&\fBBIO_new_PKCS7()\fR. -.PP -If a signer is specified it will use the default digest for the signing -algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. -.PP -The \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be -\&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added -using the function \fBPKCS7_sign_add_signer()\fR. \fBPKCS7_final()\fR must also be -called to finalize the structure if streaming is not enabled. Alternative -signing digests can also be specified using this method. -.PP -If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only -PKCS#7 structure is output. -.PP -In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters must -\&\fB\s-1NOT\s0\fR be \s-1NULL.\s0 -.SH "BUGS" -.IX Header "BUGS" -Some advanced attributes such as counter signatures are not supported. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error -occurred. The error can be obtained from \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBPKCS7_verify\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fB\s-1PKCS7_PARTIAL\s0\fR flag, and the ability for \fBcerts\fR, \fBsigncert\fR, -and \fBpkey\fR parameters to be \fB\s-1NULL\s0\fR were added in OpenSSL 1.0.0. -.PP -The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 deleted file mode 100644 index 0383e9379c4a..000000000000 --- a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 +++ /dev/null @@ -1,224 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PKCS7_SIGN_ADD_SIGNER 3" -.TH PKCS7_SIGN_ADD_SIGNER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, -\& EVP_PKEY *pkey, const EVP_MD *md, int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private -key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure -\&\fBp7\fR. -.PP -The \s-1PKCS7\s0 structure should be obtained from an initial call to \fBPKCS7_sign()\fR -with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0 -signed data structure. -.PP -If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public -key algorithm will be used. -.PP -Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure -is not complete and must be finalized either by streaming (if applicable) or -a call to \fBPKCS7_final()\fR. -.SH "NOTES" -.IX Header "NOTES" -The main purpose of this function is to provide finer control over a PKCS#7 -signed data structure where the simpler \fBPKCS7_sign()\fR function defaults are -not appropriate. For example if multiple signers or non default digest -algorithms are needed. -.PP -Any of the following flags (ored together) can be passed in the \fBflags\fR -parameter. -.PP -If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content -digest value from the \s-1PKCS7\s0 structure: to add a signer to an existing structure. -An error occurs if a matching digest value cannot be found to copy. The -returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is set. -.PP -If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the -\&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes -can be added. In this case an explicit call to \fBPKCS7_SIGNER_INFO_sign()\fR is -needed to finalize it. -.PP -If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the -\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the -\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the -signers certificate can be obtained by other means: for example a previously -signed message. -.PP -The signedData structure includes several PKCS#7 authenticatedAttributes -including the signing time, the PKCS#7 content type and the supported list of -ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no -authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just -the SMIMECapabilities are omitted. -.PP -If present the SMIMECapabilities attribute indicates support for the following -algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of -these algorithms is disabled then it will not be included. -.PP -\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 -structure just added, this can be used to set additional attributes -before it is finalized. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 -structure just added or \s-1NULL\s0 if an error occurs. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), -\&\fBPKCS7_final\fR\|(3), -.SH "HISTORY" -.IX Header "HISTORY" -The \fBPPKCS7_sign_add_signer()\fR function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 deleted file mode 100644 index f4e703cabf27..000000000000 --- a/secure/lib/libcrypto/man/PKCS7_verify.3 +++ /dev/null @@ -1,258 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "PKCS7_VERIFY 3" -.TH PKCS7_VERIFY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, -\& BIO *indata, BIO *out, int flags); -\& -\& STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 -structure to verify. \fBcerts\fR is a set of certificates in which to search for -the signer's certificate. \fBstore\fR is a trusted certificate store (used for -chain verification). \fBindata\fR is the signed data if the content is not -present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR -if it is not \s-1NULL.\s0 -.PP -\&\fBflags\fR is an optional set of flags, which can be used to modify the verify -operation. -.PP -\&\fBPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does -\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR -and \fBflags\fR parameters have the same meanings as in \fBPKCS7_verify()\fR. -.SH "VERIFY PROCESS" -.IX Header "VERIFY PROCESS" -Normally the verify process proceeds as follows. -.PP -Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must -be signedData. There must be at least one signature on the data and if -the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. If the content is -not detached and \fBindata\fR is not \fB\s-1NULL\s0\fR, then the structure has both -embedded and external content. To treat this as an error, use the flag -\&\fB\s-1PKCS7_NO_DUAL_CONTENT\s0\fR. -The default behavior allows this, for compatibility with older -versions of OpenSSL. -.PP -An attempt is made to locate all the signer's certificates, first looking in -the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates -contained in the \fBp7\fR structure itself. If any signer's certificates cannot be -located the operation fails. -.PP -Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and -the supplied trusted certificate store. Any internal certificates in the message -are used as untrusted CAs. If any chain verify fails an error code is returned. -.PP -Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and -the signature's checked. -.PP -If all signature's verify correctly then the function is successful. -.PP -Any of the following flags (ored together) can be passed in the \fBflags\fR parameter -to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is -meaningful to \fBPKCS7_get0_signers()\fR. -.PP -If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not -searched when locating the signer's certificate. This means that all the signers -certificates must be in the \fBcerts\fR parameter. -.PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted -from the content. If the content is not of type \fBtext/plain\fR then an error is -returned. -.PP -If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. -.PP -If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are -not used as untrusted CAs. This means that the whole verify chain (apart from -the signer's certificate) must be contained in the trusted store. -.PP -If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. -.SH "NOTES" -.IX Header "NOTES" -One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by -a small number of certificates. The acceptable certificates would be passed -in the \fBcerts\fR parameter. In this case if the signer is not one of the -certificates supplied in \fBcerts\fR then the verify will fail because the -signer cannot be found. -.PP -Care should be taken when modifying the default verify behaviour, for example -setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification -and any signed message will be considered valid. This combination is however -useful if one merely wishes to write the content to \fBout\fR and its validity -is not considered important. -.PP -Chain verification should arguably be performed using the signing time rather -than the current time. However since the signing time is supplied by the -signer it cannot be trusted without additional evidence (such as a trusted -timestamp). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBPKCS7_verify()\fR returns one for a successful verification and zero -if an error occurs. -.PP -\&\fBPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. -.PP -The error can be obtained from \fBERR_get_error\fR\|(3) -.SH "BUGS" -.IX Header "BUGS" -The trusted certificate store is not searched for the signers certificate, -this is primarily due to the inadequacies of the current \fBX509_STORE\fR -functionality. -.PP -The lack of single pass processing and need to hold all data in memory as -mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RAND_DRBG_generate.3 b/secure/lib/libcrypto/man/RAND_DRBG_generate.3 deleted file mode 100644 index 5fe6de926940..000000000000 --- a/secure/lib/libcrypto/man/RAND_DRBG_generate.3 +++ /dev/null @@ -1,214 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_DRBG_GENERATE 3" -.TH RAND_DRBG_GENERATE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_DRBG_generate, RAND_DRBG_bytes \&\- generate random bytes using the given drbg instance -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RAND_DRBG_generate(RAND_DRBG *drbg, -\& unsigned char *out, size_t outlen, -\& int prediction_resistance, -\& const unsigned char *adin, size_t adinlen); -\& -\& int RAND_DRBG_bytes(RAND_DRBG *drbg, -\& unsigned char *out, size_t outlen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRAND_DRBG_generate()\fR generates \fBoutlen\fR random bytes using the given -\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. -.PP -Before generating the output, the \s-1DRBG\s0 instance checks whether the maximum -number of generate requests (\fIreseed interval\fR) or the maximum timespan -(\fIreseed time interval\fR) since its last seeding have been reached. -If this is the case, the \s-1DRBG\s0 reseeds automatically. -Additionally, an immediate reseeding can be requested by setting the -\&\fBprediction_resistance\fR flag to 1. See \s-1NOTES\s0 section for more details. -.PP -The caller can optionally provide additional data to be used for reseeding -by passing a pointer \fBadin\fR to a buffer of length \fBadinlen\fR. -This additional data is mixed into the internal state of the random -generator but does not contribute to the entropy count. -The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and -\&\fBadinlen\fR to 0; -.PP -\&\fBRAND_DRBG_bytes()\fR generates \fBoutlen\fR random bytes using the given -\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. -This function is a wrapper around the \fBRAND_DRBG_generate()\fR call, -which collects some additional data from low entropy sources -(e.g., a high resolution timer) and calls -RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_DRBG_generate()\fR and \fBRAND_DRBG_bytes()\fR return 1 on success, -and 0 on failure. -.SH "NOTES" -.IX Header "NOTES" -The \fIreseed interval\fR and \fIreseed time interval\fR of the \fBdrbg\fR are set to -reasonable default values, which in general do not have to be adjusted. -If necessary, they can be changed using \fBRAND_DRBG_set_reseed_interval\fR\|(3) -and \fBRAND_DRBG_set_reseed_time_interval\fR\|(3), respectively. -.PP -A request for prediction resistance can only be satisfied by pulling fresh -entropy from one of the approved entropy sources listed in section 5.5.2 of -[\s-1NIST SP 800\-90C\s0]. -Since the default \s-1DRBG\s0 implementation does not have access to such an approved -entropy source, a request for prediction resistance will always fail. -In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRAND_bytes\fR\|(3), -\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), -\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 b/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 deleted file mode 100644 index 06ce85135219..000000000000 --- a/secure/lib/libcrypto/man/RAND_DRBG_get0_master.3 +++ /dev/null @@ -1,204 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_DRBG_GET0_MASTER 3" -.TH RAND_DRBG_GET0_MASTER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_DRBG_get0_master, RAND_DRBG_get0_public, RAND_DRBG_get0_private \&\- get access to the global RAND_DRBG instances -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& RAND_DRBG *RAND_DRBG_get0_master(void); -\& RAND_DRBG *RAND_DRBG_get0_public(void); -\& RAND_DRBG *RAND_DRBG_get0_private(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The default \s-1RAND API\s0 implementation (\fBRAND_OpenSSL()\fR) utilizes three -shared \s-1DRBG\s0 instances which are accessed via the \s-1RAND API:\s0 -.PP -The and \s-1DRBG\s0 are thread-local instances, which are used -by \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR, respectively. -The \s-1DRBG\s0 is a global instance, which is not intended to be used -directly, but is used internally to reseed the other two instances. -.PP -These functions here provide access to the shared \s-1DRBG\s0 instances. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_DRBG_get0_master()\fR returns a pointer to the \s-1DRBG\s0 instance. -.PP -\&\fBRAND_DRBG_get0_public()\fR returns a pointer to the \s-1DRBG\s0 instance. -.PP -\&\fBRAND_DRBG_get0_private()\fR returns a pointer to the \s-1DRBG\s0 instance. -.SH "NOTES" -.IX Header "NOTES" -It is not thread-safe to access the \s-1DRBG\s0 instance. -The and \s-1DRBG\s0 instance can be accessed safely, because -they are thread-local. Note however, that changes to these two instances -apply only to the current thread. -.PP -For that reason it is recommended not to change the settings of these -three instances directly. -Instead, an application should change the default settings for new \s-1DRBG\s0 instances -at initialization time, before creating additional threads. -.PP -During initialization, it is possible to change the reseed interval -and reseed time interval. -It is also possible to exchange the reseeding callbacks entirely. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRAND_DRBG_set_callbacks\fR\|(3), -\&\fBRAND_DRBG_set_reseed_defaults\fR\|(3), -\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), -\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), -\&\fBRAND_DRBG_set_callbacks\fR\|(3), -\&\fBRAND_DRBG_generate\fR\|(3), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RAND_DRBG_new.3 b/secure/lib/libcrypto/man/RAND_DRBG_new.3 deleted file mode 100644 index 592206cfd92a..000000000000 --- a/secure/lib/libcrypto/man/RAND_DRBG_new.3 +++ /dev/null @@ -1,247 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_DRBG_NEW 3" -.TH RAND_DRBG_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_DRBG_new, RAND_DRBG_secure_new, RAND_DRBG_set, RAND_DRBG_set_defaults, RAND_DRBG_instantiate, RAND_DRBG_uninstantiate, RAND_DRBG_free \&\- initialize and cleanup a RAND_DRBG instance -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& -\& RAND_DRBG *RAND_DRBG_new(int type, -\& unsigned int flags, -\& RAND_DRBG *parent); -\& -\& RAND_DRBG *RAND_DRBG_secure_new(int type, -\& unsigned int flags, -\& RAND_DRBG *parent); -\& -\& int RAND_DRBG_set(RAND_DRBG *drbg, -\& int type, unsigned int flags); -\& -\& int RAND_DRBG_set_defaults(int type, unsigned int flags); -\& -\& int RAND_DRBG_instantiate(RAND_DRBG *drbg, -\& const unsigned char *pers, size_t perslen); -\& -\& int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); -\& -\& void RAND_DRBG_free(RAND_DRBG *drbg); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR -create a new \s-1DRBG\s0 instance of the given \fBtype\fR, allocated from the heap resp. -the secure heap -(using \fBOPENSSL_zalloc()\fR resp. \fBOPENSSL_secure_zalloc()\fR). -.PP -\&\fBRAND_DRBG_set()\fR initializes the \fBdrbg\fR with the given \fBtype\fR and \fBflags\fR. -.PP -\&\fBRAND_DRBG_set_defaults()\fR sets the default \fBtype\fR and \fBflags\fR for new \s-1DRBG\s0 -instances. -.PP -Currently, all \s-1DRBG\s0 types are based on AES-CTR, so \fBtype\fR can be one of the -following values: NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr. -Before the \s-1DRBG\s0 can be used to generate random bits, it is necessary to set -its type and to instantiate it. -.PP -The optional \fBflags\fR argument specifies a set of bit flags which can be -joined using the | operator. Currently, the only flag is -\&\s-1RAND_DRBG_FLAG_CTR_NO_DF,\s0 which disables the use of a the derivation function -ctr_df. For an explanation, see [\s-1NIST SP 800\-90A\s0 Rev. 1]. -.PP -If a \fBparent\fR instance is specified then this will be used instead of -the default entropy source for reseeding the \fBdrbg\fR. It is said that the -\&\fBdrbg\fR is \fIchained\fR to its \fBparent\fR. -For more information, see the \s-1NOTES\s0 section. -.PP -\&\fBRAND_DRBG_instantiate()\fR -seeds the \fBdrbg\fR instance using random input from trusted entropy sources. -Optionally, a personalization string \fBpers\fR of length \fBperslen\fR can be -specified. -To omit the personalization string, set \fBpers\fR=NULL and \fBperslen\fR=0; -.PP -\&\fBRAND_DRBG_uninstantiate()\fR -clears the internal state of the \fBdrbg\fR and puts it back in the -uninstantiated state. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR return a pointer to a \s-1DRBG\s0 -instance allocated on the heap, resp. secure heap. -.PP -\&\fBRAND_DRBG_set()\fR, -\&\fBRAND_DRBG_instantiate()\fR, and -\&\fBRAND_DRBG_uninstantiate()\fR -return 1 on success, and 0 on failure. -.PP -\&\fBRAND_DRBG_free()\fR does not return a value. -.SH "NOTES" -.IX Header "NOTES" -The \s-1DRBG\s0 design supports \fIchaining\fR, which means that a \s-1DRBG\s0 instance can -use another \fBparent\fR \s-1DRBG\s0 instance instead of the default entropy source -to obtain fresh random input for reseeding, provided that \fBparent\fR \s-1DRBG\s0 -instance was properly instantiated, either from a trusted entropy source, -or from yet another parent \s-1DRBG\s0 instance. -For a detailed description of the reseeding process, see \s-1\fBRAND_DRBG\s0\fR\|(7). -.PP -The default \s-1DRBG\s0 type and flags are applied only during creation of a \s-1DRBG\s0 -instance. -To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances -(, resp. and ), it is necessary to call -\&\fBRAND_DRBG_set_defaults()\fR before creating any thread and before calling any -cryptographic routines that obtain random data directly or indirectly. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBOPENSSL_zalloc\fR\|(3), -\&\fBOPENSSL_secure_zalloc\fR\|(3), -\&\fBRAND_DRBG_generate\fR\|(3), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 b/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 deleted file mode 100644 index 06925afeb218..000000000000 --- a/secure/lib/libcrypto/man/RAND_DRBG_reseed.3 +++ /dev/null @@ -1,239 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_DRBG_RESEED 3" -.TH RAND_DRBG_RESEED 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_DRBG_reseed, RAND_DRBG_set_reseed_interval, RAND_DRBG_set_reseed_time_interval, RAND_DRBG_set_reseed_defaults \&\- reseed a RAND_DRBG instance -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RAND_DRBG_reseed(RAND_DRBG *drbg, -\& const unsigned char *adin, size_t adinlen, -\& int prediction_resistance); -\& -\& int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, -\& unsigned int interval); -\& -\& int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, -\& time_t interval); -\& -\& int RAND_DRBG_set_reseed_defaults( -\& unsigned int master_reseed_interval, -\& unsigned int slave_reseed_interval, -\& time_t master_reseed_time_interval, -\& time_t slave_reseed_time_interval -\& ); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRAND_DRBG_reseed()\fR -reseeds the given \fBdrbg\fR, obtaining entropy input from its entropy source -and mixing in the specified additional data provided in the buffer \fBadin\fR -of length \fBadinlen\fR. -The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and \fBadinlen\fR -to 0. -An immediate reseeding from a live entropy source can be requested by setting -the \fBprediction_resistance\fR flag to 1. -This feature is not implemented yet, so reseeding with prediction resistance -requested will always fail. -.PP -\&\fBRAND_DRBG_set_reseed_interval()\fR -sets the reseed interval of the \fBdrbg\fR, which is the maximum allowed number -of generate requests between consecutive reseedings. -If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the -number of generate requests since its last seeding exceeds the given reseed -interval. -If \fBinterval\fR == 0, then this feature is disabled. -.PP -\&\fBRAND_DRBG_set_reseed_time_interval()\fR -sets the reseed time interval of the \fBdrbg\fR, which is the maximum allowed -number of seconds between consecutive reseedings. -If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the -elapsed time since its last reseeding exceeds the given reseed time interval. -If \fBinterval\fR == 0, then this feature is disabled. -.PP -\&\fBRAND_DRBG_set_reseed_defaults()\fR sets the default values for the reseed interval -(\fBmaster_reseed_interval\fR and \fBslave_reseed_interval\fR) -and the reseed time interval -(\fBmaster_reseed_time_interval\fR and \fBslave_reseed_tme_interval\fR) -of \s-1DRBG\s0 instances. -The default values are set independently for master \s-1DRBG\s0 instances (which don't -have a parent) and slave \s-1DRBG\s0 instances (which are chained to a parent \s-1DRBG\s0). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_DRBG_reseed()\fR, -\&\fBRAND_DRBG_set_reseed_interval()\fR, and -\&\fBRAND_DRBG_set_reseed_time_interval()\fR, -return 1 on success, 0 on failure. -.SH "NOTES" -.IX Header "NOTES" -The default OpenSSL random generator is already set up for automatic reseeding, -so in general it is not necessary to reseed it explicitly, or to modify -its reseeding thresholds. -.PP -Normally, the entropy input for seeding a \s-1DRBG\s0 is either obtained from a -trusted os entropy source or from a parent \s-1DRBG\s0 instance, which was seeded -(directly or indirectly) from a trusted os entropy source. -In exceptional cases it is possible to replace the reseeding mechanism entirely -by providing application defined callbacks using \fBRAND_DRBG_set_callbacks()\fR. -.PP -The reseeding default values are applied only during creation of a \s-1DRBG\s0 instance. -To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances -(, resp. and ), it is necessary to call -\&\fBRAND_DRBG_set_reseed_defaults()\fR before creating any thread and before calling any - cryptographic routines that obtain random data directly or indirectly. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRAND_DRBG_generate\fR\|(3), -\&\fBRAND_DRBG_bytes\fR\|(3), -\&\fBRAND_DRBG_set_callbacks\fR\|(3). -\&\s-1\fBRAND_DRBG\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 b/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 deleted file mode 100644 index 49a765968ceb..000000000000 --- a/secure/lib/libcrypto/man/RAND_DRBG_set_callbacks.3 +++ /dev/null @@ -1,268 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_DRBG_SET_CALLBACKS 3" -.TH RAND_DRBG_SET_CALLBACKS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_DRBG_set_callbacks, RAND_DRBG_get_entropy_fn, RAND_DRBG_cleanup_entropy_fn, RAND_DRBG_get_nonce_fn, RAND_DRBG_cleanup_nonce_fn \&\- set callbacks for reseeding -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& -\& int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, -\& RAND_DRBG_get_entropy_fn get_entropy, -\& RAND_DRBG_cleanup_entropy_fn cleanup_entropy, -\& RAND_DRBG_get_nonce_fn get_nonce, -\& RAND_DRBG_cleanup_nonce_fn cleanup_nonce); -.Ve -.SS "Callback Functions" -.IX Subsection "Callback Functions" -.Vb 6 -\& typedef size_t (*RAND_DRBG_get_entropy_fn)( -\& RAND_DRBG *drbg, -\& unsigned char **pout, -\& int entropy, -\& size_t min_len, size_t max_len, -\& int prediction_resistance); -\& -\& typedef void (*RAND_DRBG_cleanup_entropy_fn)( -\& RAND_DRBG *drbg, -\& unsigned char *out, size_t outlen); -\& -\& typedef size_t (*RAND_DRBG_get_nonce_fn)( -\& RAND_DRBG *drbg, -\& unsigned char **pout, -\& int entropy, -\& size_t min_len, size_t max_len); -\& -\& typedef void (*RAND_DRBG_cleanup_nonce_fn)( -\& RAND_DRBG *drbg, -\& unsigned char *out, size_t outlen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRAND_DRBG_set_callbacks()\fR sets the callbacks for obtaining fresh entropy and -the nonce when reseeding the given \fBdrbg\fR. -The callback functions are implemented and provided by the caller. -Their parameter lists need to match the function prototypes above. -.PP -Setting the callbacks is allowed only if the \s-1DRBG\s0 has not been initialized yet. -Otherwise, the operation will fail. -To change the settings for one of the three shared DRBGs it is necessary to call -\&\fBRAND_DRBG_uninstantiate()\fR first. -.PP -The \fBget_entropy\fR() callback is called by the \fBdrbg\fR when it requests fresh -random input. -It is expected that the callback allocates and fills a random buffer of size -\&\fBmin_len\fR <= size <= \fBmax_len\fR (in bytes) which contains at least \fBentropy\fR -bits of randomness. -The \fBprediction_resistance\fR flag indicates whether the reseeding was -triggered by a prediction resistance request. -.PP -The buffer's address is to be returned in *\fBpout\fR and the number of collected -randomness bytes as return value. -.PP -If the callback fails to acquire at least \fBentropy\fR bits of randomness, -it must indicate an error by returning a buffer length of 0. -.PP -If \fBprediction_resistance\fR was requested and the random source of the \s-1DRBG\s0 -does not satisfy the conditions requested by [\s-1NIST SP 800\-90C\s0], then -it must also indicate an error by returning a buffer length of 0. -See \s-1NOTES\s0 section for more details. -.PP -The \fBcleanup_entropy\fR() callback is called from the \fBdrbg\fR to to clear and -free the buffer allocated previously by \fBget_entropy()\fR. -The values \fBout\fR and \fBoutlen\fR are the random buffer's address and length, -as returned by the \fBget_entropy()\fR callback. -.PP -The \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks are used to obtain a nonce -and free it again. A nonce is only required for instantiation (not for reseeding) -and only in the case where the \s-1DRBG\s0 uses a derivation function. -The callbacks are analogous to \fBget_entropy()\fR and \fBcleanup_entropy()\fR, -except for the missing prediction_resistance flag. -.PP -If the derivation function is disabled, then no nonce is used for instantiation, -and the \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks can be omitted by -setting them to \s-1NULL.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_DRBG_set_callbacks()\fR return 1 on success, and 0 on failure -.SH "NOTES" -.IX Header "NOTES" -It is important that \fBcleanup_entropy\fR() and \fBcleanup_nonce\fR() clear the buffer -contents safely before freeing it, in order not to leave sensitive information -about the \s-1DRBG\s0's state in memory. -.PP -A request for prediction resistance can only be satisfied by pulling fresh -entropy from one of the approved entropy sources listed in section 5.5.2 of -[\s-1NIST SP 800\-90C\s0]. -Since the default implementation of the get_entropy callback does not have access -to such an approved entropy source, a request for prediction resistance will -always fail. -In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 -.PP -The derivation function is disabled during initialization by calling the -\&\fBRAND_DRBG_set()\fR function with the \s-1RAND_DRBG_FLAG_CTR_NO_DF\s0 flag. -For more information on the derivation function and when it can be omitted, -see [\s-1NIST SP 800\-90A\s0 Rev. 1]. Roughly speaking it can be omitted if the random -source has \*(L"full entropy\*(R", i.e., contains 8 bits of entropy per byte. -.PP -Even if a nonce is required, the \fBget_nonce\fR() and \fBcleanup_nonce\fR() -callbacks can be omitted by setting them to \s-1NULL.\s0 -In this case the \s-1DRBG\s0 will automatically request an extra amount of entropy -(using the \fBget_entropy\fR() and \fBcleanup_entropy\fR() callbacks) which it will -utilize for the nonce, following the recommendations of [\s-1NIST SP 800\-90A\s0 Rev. 1], -section 8.6.7. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRAND_DRBG_new\fR\|(3), -\&\fBRAND_DRBG_reseed\fR\|(3), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 b/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 deleted file mode 100644 index cd94b4a2af1b..000000000000 --- a/secure/lib/libcrypto/man/RAND_DRBG_set_ex_data.3 +++ /dev/null @@ -1,193 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_DRBG_SET_EX_DATA 3" -.TH RAND_DRBG_SET_EX_DATA 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index \&\- store and retrieve extra data from the DRBG instance -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *data); -\& -\& void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); -\& -\& int RAND_DRBG_get_ex_new_index(long argl, void *argp, -\& CRYPTO_EX_new *new_func, -\& CRYPTO_EX_dup *dup_func, -\& CRYPTO_EX_free *free_func); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRAND_DRBG_set_ex_data()\fR enables an application to store arbitrary application -specific data \fBdata\fR in a \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The index \fBidx\fR should -be a value previously returned from a call to \fBRAND_DRBG_get_ex_new_index()\fR. -.PP -\&\fBRAND_DRBG_get_ex_data()\fR retrieves application specific data previously stored -in an \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The \fBidx\fR value should be the same as that -used when originally storing the data. -.PP -For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and -\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and -\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_DRBG_set_ex_data()\fR returns 1 for success or 0 for failure. -.PP -\&\fBRAND_DRBG_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on -failure. \s-1NULL\s0 may also be a valid value. -.SH "NOTES" -.IX Header "NOTES" -RAND_DRBG_get_ex_new_index(...) is implemented as a macro and equivalent to -CRYPTO_get_ex_new_index(\s-1CRYPTO_EX_INDEX_DRBG,...\s0). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBCRYPTO_get_ex_data\fR\|(3), -\&\fBCRYPTO_set_ex_data\fR\|(3), -\&\fBCRYPTO_get_ex_new_index\fR\|(3), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 deleted file mode 100644 index d7d2cd0a6436..000000000000 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ /dev/null @@ -1,235 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_ADD 3" -.TH RAND_ADD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, RAND_keep_random_devices_open \&\- add randomness to the PRNG or get its status -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RAND_status(void); -\& int RAND_poll(); -\& -\& void RAND_add(const void *buf, int num, double randomness); -\& void RAND_seed(const void *buf, int num); -\& -\& void RAND_keep_random_devices_open(int keep); -.Ve -.PP -Deprecated: -.PP -.Vb 4 -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); -\& void RAND_screen(void); -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions can be used to seed the random generator and to check its -seeded state. -In general, manual (re\-)seeding of the default OpenSSL random generator -(\fBRAND_OpenSSL\fR\|(3)) is not necessary (but allowed), since it does (re\-)seed -itself automatically using trusted system entropy sources. -This holds unless the default \s-1RAND_METHOD\s0 has been replaced or OpenSSL was -built with automatic reseeding disabled, see \s-1\fBRAND\s0\fR\|(7) for more details. -.PP -\&\fBRAND_status()\fR indicates whether or not the random generator has been sufficiently -seeded. If not, functions such as \fBRAND_bytes\fR\|(3) will fail. -.PP -\&\fBRAND_poll()\fR uses the system's capabilities to seed the random generator using -random input obtained from polling various trusted entropy sources. -The default choice of the entropy source can be modified at build time, -see \s-1\fBRAND\s0\fR\|(7) for more details. -.PP -\&\fBRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the internal state -of the random generator. -This function will not normally be needed, as mentioned above. -The \fBrandomness\fR argument is an estimate of how much randomness is -contained in -\&\fBbuf\fR, in bytes, and should be a number between zero and \fBnum\fR. -Details about sources of randomness and how to estimate their randomness -can be found in the literature; for example [\s-1NIST SP 800\-90B\s0]. -The content of \fBbuf\fR cannot be recovered from subsequent random generator output. -Applications that intend to save and restore random state in an external file -should consider using \fBRAND_load_file\fR\|(3) instead. -.PP -\&\fBRAND_seed()\fR is equivalent to \fBRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR. -.PP -\&\fBRAND_keep_random_devices_open()\fR is used to control file descriptor -usage by the random seed sources. Some seed sources maintain open file -descriptors by default, which allows such sources to operate in a -\&\fBchroot\fR\|(2) jail without the associated device nodes being available. When -the \fBkeep\fR argument is zero, this call disables the retention of file -descriptors. Conversely, a non-zero argument enables the retention of -file descriptors. This function is usually called during initialization -and it takes effect immediately. -.PP -\&\fBRAND_event()\fR and \fBRAND_screen()\fR are equivalent to \fBRAND_poll()\fR and exist -for compatibility reasons only. See \s-1HISTORY\s0 section below. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_status()\fR returns 1 if the random generator has been seeded -with enough data, 0 otherwise. -.PP -\&\fBRAND_poll()\fR returns 1 if it generated seed data, 0 otherwise. -.PP -\&\fBRAND_event()\fR returns \fBRAND_status()\fR. -.PP -The other functions do not return values. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRAND_bytes\fR\|(3), -\&\fBRAND_egd\fR\|(3), -\&\fBRAND_load_file\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBRAND_event()\fR and \fBRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should -not be used. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 deleted file mode 100644 index a90138882f5d..000000000000 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ /dev/null @@ -1,203 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_BYTES 3" -.TH RAND_BYTES 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes \- generate random data -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RAND_bytes(unsigned char *buf, int num); -\& int RAND_priv_bytes(unsigned char *buf, int num); -.Ve -.PP -Deprecated: -.PP -.Vb 3 -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& int RAND_pseudo_bytes(unsigned char *buf, int num); -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes -into \fBbuf\fR. -.PP -\&\fBRAND_priv_bytes()\fR has the same semantics as \fBRAND_bytes()\fR. It is intended to -be used for generating values that should remain private. If using the -default \s-1RAND_METHOD,\s0 this function uses a separate \*(L"private\*(R" \s-1PRNG\s0 -instance so that a compromise of the \*(L"public\*(R" \s-1PRNG\s0 instance will not -affect the secrecy of these private values, as described in \s-1\fBRAND\s0\fR\|(7) -and \s-1\fBRAND_DRBG\s0\fR\|(7). -.SH "NOTES" -.IX Header "NOTES" -Always check the error return value of \fBRAND_bytes()\fR and -\&\fBRAND_priv_bytes()\fR and do not take randomness for granted: an error occurs -if the \s-1CSPRNG\s0 has not been seeded with enough randomness to ensure an -unpredictable byte sequence. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR -return 1 on success, \-1 if not supported by the current -\&\s-1RAND\s0 method, or 0 on other failure. The error code can be -obtained by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRAND_add\fR\|(3), -\&\fBRAND_bytes\fR\|(3), -\&\fBRAND_priv_bytes\fR\|(3), -\&\fBERR_get_error\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7), -\&\s-1\fBRAND_DRBG\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -.IP "\(bu" 2 -\&\fBRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fBRAND_bytes()\fR instead. -.IP "\(bu" 2 -The \fBRAND_priv_bytes()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 deleted file mode 100644 index 8a4c7f7d035f..000000000000 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ /dev/null @@ -1,175 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_CLEANUP 3" -.TH RAND_CLEANUP 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_cleanup \- erase the PRNG state -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void RAND_cleanup(void) -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Prior to OpenSSL 1.1.0, \fBRAND_cleanup()\fR released all resources used by -the \s-1PRNG.\s0 As of version 1.1.0, it does nothing and should not be called, -since no explicit initialisation or de-initialisation is necessary. See -\&\fBOPENSSL_init_crypto\fR\|(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_cleanup()\fR returns no value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBRAND_cleanup()\fR was deprecated in OpenSSL 1.1.0; do not use it. -See \fBOPENSSL_init_crypto\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 deleted file mode 100644 index 17cc7cee6732..000000000000 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ /dev/null @@ -1,193 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_EGD 3" -.TH RAND_EGD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes \- query entropy gathering daemon -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RAND_egd_bytes(const char *path, int num); -\& int RAND_egd(const char *path); -\& -\& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -On older platforms without a good source of randomness such as \f(CW\*(C`/dev/urandom\*(C'\fR, -it is possible to query an Entropy Gathering Daemon (\s-1EGD\s0) over a local -socket to obtain randomness and seed the OpenSSL \s-1RNG.\s0 -The protocol used is defined by the EGDs available at - or . -.PP -\&\fBRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the -specified socket \fBpath\fR, and passes the data it receives into \fBRAND_add()\fR. -\&\fBRAND_egd()\fR is equivalent to \fBRAND_egd_bytes()\fR with \fBnum\fR set to 255. -.PP -\&\fBRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at -the specified socket \fBpath\fR, where \fBnum\fR must be less than 256. -If \fBbuf\fR is \fB\s-1NULL\s0\fR, it is equivalent to \fBRAND_egd_bytes()\fR. -If \fBbuf\fR is not \fB\s-1NULL\s0\fR, then the data is copied to the buffer and -\&\fBRAND_add()\fR is not called. -.PP -OpenSSL can be configured at build time to try to use the \s-1EGD\s0 for seeding -automatically. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_egd()\fR and \fBRAND_egd_bytes()\fR return the number of bytes read from the -daemon on success, or \-1 if the connection failed or the daemon did not -return enough data to fully seed the \s-1PRNG.\s0 -.PP -\&\fBRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on -success, or \-1 if the connection failed. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRAND_add\fR\|(3), -\&\fBRAND_bytes\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 deleted file mode 100644 index 07bf78761f4a..000000000000 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ /dev/null @@ -1,218 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_LOAD_FILE 3" -.TH RAND_LOAD_FILE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RAND_load_file(const char *filename, long max_bytes); -\& -\& int RAND_write_file(const char *filename); -\& -\& const char *RAND_file_name(char *buf, size_t num); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and -adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is non-negative, -up to \fBmax_bytes\fR are read; -if \fBmax_bytes\fR is \-1, the complete file is read. -Do not load the same file multiple times unless its contents have -been updated by \fBRAND_write_file()\fR between reads. -Also, note that \fBfilename\fR should be adequately protected so that an -attacker cannot replace or examine the contents. -If \fBfilename\fR is not a regular file, then user is considered to be -responsible for any side effects, e.g. non-anticipated blocking or -capture of controlling terminal. -.PP -\&\fBRAND_write_file()\fR writes a number of random bytes (currently 128) to -file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling -\&\fBRAND_load_file()\fR in a later session. -.PP -\&\fBRAND_file_name()\fR generates a default path for the random seed -file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the -filename. -.PP -On all systems, if the environment variable \fB\s-1RANDFILE\s0\fR is set, its -value will be used as the seed file name. -Otherwise, the file is called \f(CW\*(C`.rnd\*(C'\fR, found in platform dependent locations: -.IP "On Windows (in order of preference)" 4 -.IX Item "On Windows (in order of preference)" -.Vb 1 -\& %HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\e -.Ve -.IP "On \s-1VMS\s0" 4 -.IX Item "On VMS" -.Vb 1 -\& SYS$LOGIN: -.Ve -.IP "On all other systems" 4 -.IX Item "On all other systems" -.Vb 1 -\& $HOME -.Ve -.PP -If \f(CW$HOME\fR (on non-Windows and non-VMS system) is not set either, or -\&\fBnum\fR is too small for the path name, an error occurs. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_load_file()\fR returns the number of bytes read or \-1 on error. -.PP -\&\fBRAND_write_file()\fR returns the number of bytes written, or \-1 if the -bytes written were generated without appropriate seeding. -.PP -\&\fBRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on -error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRAND_add\fR\|(3), -\&\fBRAND_bytes\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 deleted file mode 100644 index e9c414f8e7da..000000000000 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ /dev/null @@ -1,203 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RAND_SET_RAND_METHOD 3" -.TH RAND_SET_RAND_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL \- select RAND method -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& RAND_METHOD *RAND_OpenSSL(void); -\& -\& int RAND_set_rand_method(const RAND_METHOD *meth); -\& -\& const RAND_METHOD *RAND_get_rand_method(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number -generation. -.PP -\&\fBRAND_OpenSSL()\fR returns the default \fB\s-1RAND_METHOD\s0\fR implementation by OpenSSL. -This implementation ensures that the \s-1PRNG\s0 state is unique for each thread. -.PP -If an \fB\s-1ENGINE\s0\fR is loaded that provides the \s-1RAND API,\s0 however, it will -be used instead of the method returned by \fBRAND_OpenSSL()\fR. -.PP -\&\fBRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. If an -\&\s-1ENGINE\s0 was providing the method, it will be released first. -.PP -\&\fBRAND_get_rand_method()\fR returns a pointer to the current \fB\s-1RAND_METHOD\s0\fR. -.SH "THE RAND_METHOD STRUCTURE" -.IX Header "THE RAND_METHOD STRUCTURE" -.Vb 8 -\& typedef struct rand_meth_st { -\& void (*seed)(const void *buf, int num); -\& int (*bytes)(unsigned char *buf, int num); -\& void (*cleanup)(void); -\& void (*add)(const void *buf, int num, int randomness); -\& int (*pseudorand)(unsigned char *buf, int num); -\& int (*status)(void); -\& } RAND_METHOD; -.Ve -.PP -The fields point to functions that are used by, in order, -\&\fBRAND_seed()\fR, \fBRAND_bytes()\fR, internal \s-1RAND\s0 cleanup, \fBRAND_add()\fR, \fBRAND_pseudo_rand()\fR -and \fBRAND_status()\fR. -Each pointer may be \s-1NULL\s0 if the function is not implemented. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRAND_set_rand_method()\fR returns 1 on success and 0 on failue. -\&\fBRAND_get_rand_method()\fR and \fBRAND_OpenSSL()\fR return pointers to the respective -methods. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRAND_bytes\fR\|(3), -\&\fBENGINE_by_id\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RC4_set_key.3 b/secure/lib/libcrypto/man/RC4_set_key.3 deleted file mode 100644 index e2ed19a87ec6..000000000000 --- a/secure/lib/libcrypto/man/RC4_set_key.3 +++ /dev/null @@ -1,197 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RC4_SET_KEY 3" -.TH RC4_SET_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RC4_set_key, RC4 \- RC4 encryption -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -\& -\& void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, -\& unsigned char *outdata); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This library implements the Alleged \s-1RC4\s0 cipher, which is described for -example in \fIApplied Cryptography\fR. It is believed to be compatible -with RC4[\s-1TM\s0], a proprietary cipher of \s-1RSA\s0 Security Inc. -.PP -\&\s-1RC4\s0 is a stream cipher with variable key length. Typically, 128 bit -(16 byte) keys are used for strong encryption, but shorter insecure -key sizes have been widely used due to export restrictions. -.PP -\&\s-1RC4\s0 consists of a key setup phase and the actual encryption or -decryption phase. -.PP -\&\fBRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long -key at \fBdata\fR. -.PP -\&\s-1\fBRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using -\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fBRC4\s0()\fR calls with -the same \fBkey\fR yield a continuous key stream. -.PP -Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random -key stream to produce the output), decryption uses the same function -calls as encryption. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRC4_set_key()\fR and \s-1\fBRC4\s0()\fR do not return values. -.SH "NOTE" -.IX Header "NOTE" -Applications should use the higher level functions -\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these -functions directly. -.PP -It is difficult to securely use stream ciphers. For example, do not perform -multiple encryptions using the same key stream. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_EncryptInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RIPEMD160_Init.3 b/secure/lib/libcrypto/man/RIPEMD160_Init.3 deleted file mode 100644 index 1de93985960b..000000000000 --- a/secure/lib/libcrypto/man/RIPEMD160_Init.3 +++ /dev/null @@ -1,200 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RIPEMD160_INIT 3" -.TH RIPEMD160_INIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash function -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, -\& unsigned char *md); -\& -\& int RIPEMD160_Init(RIPEMD160_CTX *c); -\& int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); -\& int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a -160 bit output. -.PP -\&\s-1\fBRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR -bytes at \fBd\fR and places it in \fBmd\fR (which must have space for -\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest -is placed in a static array. -.PP -The following functions may be used if the message is not completely -stored in memory: -.PP -\&\fBRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. -.PP -\&\fBRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to -be hashed (\fBlen\fR bytes at \fBdata\fR). -.PP -\&\fBRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have -space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases -the \fB\s-1RIPEMD160_CTX\s0\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\s-1\fBRIPEMD160\s0()\fR returns a pointer to the hash value. -.PP -\&\fBRIPEMD160_Init()\fR, \fBRIPEMD160_Update()\fR and \fBRIPEMD160_Final()\fR return 1 for -success, 0 otherwise. -.SH "NOTE" -.IX Header "NOTE" -Applications should use the higher level functions -\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling these -functions directly. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 deleted file mode 100644 index eb950af7ce6b..000000000000 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ /dev/null @@ -1,176 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_BLINDING_ON 3" -.TH RSA_BLINDING_ON 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attacks -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); -\& -\& void RSA_blinding_off(RSA *rsa); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1RSA\s0 is vulnerable to timing attacks. In a setup where attackers can -measure the time of \s-1RSA\s0 decryption or signature operations, blinding -must be used to protect the \s-1RSA\s0 operation from that attack. -.PP -\&\fBRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a -random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and -initialized \fB\s-1BN_CTX\s0\fR. -.PP -\&\fBRSA_blinding_off()\fR turns blinding off and frees the memory used for -the blinding factor. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. -.PP -\&\fBRSA_blinding_off()\fR returns no value. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 deleted file mode 100644 index 1044c5dcc190..000000000000 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ /dev/null @@ -1,213 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_CHECK_KEY 3" -.TH RSA_CHECK_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_check_key_ex, RSA_check_key \- validate private RSA keys -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb); -\& -\& int RSA_check_key(RSA *rsa); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys. -It checks that \fBp\fR and \fBq\fR are -in fact prime, and that \fBn = p*q\fR. -.PP -It does not work on \s-1RSA\s0 public keys that have only the modulus -and public exponent elements populated. -It also checks that \fBd*e = 1 mod (p\-1*q\-1)\fR, -and that \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are set correctly or are \fB\s-1NULL\s0\fR. -It performs integrity checks on all -the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private -key data too. -Therefore, it cannot be used with any arbitrary \s-1RSA\s0 key object, -even if it is otherwise fit for regular \s-1RSA\s0 operation. -.PP -The \fBcb\fR parameter is a callback that will be invoked in the same -manner as \fBBN_is_prime_ex\fR\|(3). -.PP -\&\fBRSA_check_key()\fR is equivalent to \fBRSA_check_key_ex()\fR with a \s-1NULL\s0 \fBcb\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRSA_check_key_ex()\fR and \fBRSA_check_key()\fR -return 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise. -They return \-1 if an error occurs while checking the key. -.PP -If the key is invalid or an error occurred, the reason code can be -obtained using \fBERR_get_error\fR\|(3). -.SH "NOTES" -.IX Header "NOTES" -Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work -transparently with any underlying \s-1ENGINE\s0 implementation because it uses the -key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can -override the way key data is stored and handled, and can even provide -support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR -key data at all! If the \s-1ENGINE\s0 in question is only being used for -acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data -is complete and untouched, but this can't be assumed in the general case. -.SH "BUGS" -.IX Header "BUGS" -A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need -to be considered. Right now \fBRSA_check_key()\fR simply uses the \s-1RSA\s0 structure -elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and -completely violating encapsulation and object-orientation in the process). -The best fix will probably be to introduce a \*(L"\fBcheck_key()\fR\*(R" handler to the -\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also -provide their own verifiers. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBBN_is_prime_ex\fR\|(3), -\&\fBERR_get_error\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 deleted file mode 100644 index 5abf9b196a70..000000000000 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ /dev/null @@ -1,233 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_GENERATE_KEY 3" -.TH RSA_GENERATE_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_generate_key_ex, RSA_generate_key, RSA_generate_multi_prime_key \- generate RSA key pair -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -\& int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); -.Ve -.PP -Deprecated: -.PP -.Vb 4 -\& #if OPENSSL_API_COMPAT < 0x00908000L -\& RSA *RSA_generate_key(int bits, unsigned long e, -\& void (*callback)(int, int, void *), void *cb_arg); -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the -\&\fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The pseudo-random number generator must -be seeded prior to calling \fBRSA_generate_key_ex()\fR. -.PP -\&\fBRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores -it in the \fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The number of primes is given by -the \fBprimes\fR parameter. The random number generator must be seeded when -calling \fBRSA_generate_multi_prime_key()\fR. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -.PP -The modulus size will be of length \fBbits\fR, the number of primes to form the -modulus will be \fBprimes\fR, and the public exponent will be \fBe\fR. Key sizes -with \fBnum\fR < 1024 should be considered insecure. The exponent is an odd -number, typically 3, 17 or 65537. -.PP -In order to maintain adequate security level, the maximum number of permitted -\&\fBprimes\fR depends on modulus bit length: -.PP -.Vb 3 -\& <1024 | >=1024 | >=4096 | >=8192 -\& \-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\- -\& 2 | 3 | 4 | 5 -.Ve -.PP -A callback function may be used to provide feedback about the -progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it -will be called as follows using the \fBBN_GENCB_call()\fR function -described on the \fBBN_generate_prime\fR\|(3) page. -.PP -\&\fBRSA_generate_key()\fR is similar to \fBRSA_generate_key_ex()\fR but -expects an old-style callback function; see -\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. -.IP "\(bu" 2 -While a random prime number is generated, it is called as -described in \fBBN_generate_prime\fR\|(3). -.IP "\(bu" 2 -When the n\-th randomly generated prime is rejected as not -suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called. -.IP "\(bu" 2 -When a random p has been found with p\-1 relatively prime to \fBe\fR, -it is called as \fBBN_GENCB_call(cb, 3, 0)\fR. -.PP -The process is then repeated for prime q and other primes (if any) -with \fBBN_GENCB_call(cb, 3, i)\fR where \fBi\fR indicates the i\-th prime. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error. -\&\fBRSA_generate_key_ex()\fR returns 1 on success or 0 on error. -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.PP -\&\fBRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or -\&\fB\s-1NULL\s0\fR if the key generation fails. -.SH "BUGS" -.IX Header "BUGS" -\&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBBN_generate_prime\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use -\&\fBRSA_generate_key_ex()\fR instead. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_get0_key.3 b/secure/lib/libcrypto/man/RSA_get0_key.3 deleted file mode 100644 index 036edf25a138..000000000000 --- a/secure/lib/libcrypto/man/RSA_get0_key.3 +++ /dev/null @@ -1,298 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_GET0_KEY 3" -.TH RSA_GET0_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_clear_flags, RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, RSA_set0_multi_prime_params, RSA_get_version \&\- Routines for getting and setting data in an RSA object -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); -\& int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); -\& int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); -\& void RSA_get0_key(const RSA *r, -\& const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); -\& void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); -\& void RSA_get0_crt_params(const RSA *r, -\& const BIGNUM **dmp1, const BIGNUM **dmq1, -\& const BIGNUM **iqmp); -\& const BIGNUM *RSA_get0_n(const RSA *d); -\& const BIGNUM *RSA_get0_e(const RSA *d); -\& const BIGNUM *RSA_get0_d(const RSA *d); -\& const BIGNUM *RSA_get0_p(const RSA *d); -\& const BIGNUM *RSA_get0_q(const RSA *d); -\& const BIGNUM *RSA_get0_dmp1(const RSA *r); -\& const BIGNUM *RSA_get0_dmq1(const RSA *r); -\& const BIGNUM *RSA_get0_iqmp(const RSA *r); -\& void RSA_clear_flags(RSA *r, int flags); -\& int RSA_test_flags(const RSA *r, int flags); -\& void RSA_set_flags(RSA *r, int flags); -\& ENGINE *RSA_get0_engine(RSA *r); -\& int RSA_get_multi_prime_extra_count(const RSA *r); -\& int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); -\& int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], -\& const BIGNUM *coeffs[]); -\& int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], -\& BIGNUM *coeffs[], int pnum); -\& int RSA_get_version(RSA *r); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -An \s-1RSA\s0 object contains the components for the public and private key, -\&\fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR. \fBn\fR is -the modulus common to both public and private key, \fBe\fR is the public -exponent and \fBd\fR is the private exponent. \fBp\fR, \fBq\fR, \fBdmp1\fR, -\&\fBdmq1\fR and \fBiqmp\fR are the factors for the second representation of a -private key (see PKCS#1 section 3 Key Types), where \fBp\fR and \fBq\fR are -the first and second factor of \fBn\fR and \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR -are the exponents and coefficient for \s-1CRT\s0 calculations. -.PP -For multi-prime \s-1RSA\s0 (defined in \s-1RFC 8017\s0), there are also one or more -\&'triplet' in an \s-1RSA\s0 object. A triplet contains three members, \fBr\fR, \fBd\fR -and \fBt\fR. \fBr\fR is the additional prime besides \fBp\fR and \fBq\fR. \fBd\fR and -\&\fBt\fR are the exponent and coefficient for \s-1CRT\s0 calculations. -.PP -The \fBn\fR, \fBe\fR and \fBd\fR parameters can be obtained by calling -\&\fBRSA_get0_key()\fR. If they have not been set yet, then \fB*n\fR, \fB*e\fR and -\&\fB*d\fR will be set to \s-1NULL.\s0 Otherwise, they are set to pointers to -their respective values. These point directly to the internal -representations of the values and therefore should not be freed -by the caller. -.PP -The \fBn\fR, \fBe\fR and \fBd\fR parameter values can be set by calling -\&\fBRSA_set0_key()\fR and passing the new values for \fBn\fR, \fBe\fR and \fBd\fR as -parameters to the function. The values \fBn\fR and \fBe\fR must be non-NULL -the first time this function is called on a given \s-1RSA\s0 object. The -value \fBd\fR may be \s-1NULL.\s0 On subsequent calls any of these values may be -\&\s-1NULL\s0 which means the corresponding \s-1RSA\s0 field is left untouched. -Calling this function transfers the memory management of the values to -the \s-1RSA\s0 object, and therefore the values that have been passed in -should not be freed by the caller after this function has been called. -.PP -In a similar fashion, the \fBp\fR and \fBq\fR parameters can be obtained and -set with \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR, and the \fBdmp1\fR, -\&\fBdmq1\fR and \fBiqmp\fR parameters can be obtained and set with -\&\fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. -.PP -For \fBRSA_get0_key()\fR, \fBRSA_get0_factors()\fR, and \fBRSA_get0_crt_params()\fR, -\&\s-1NULL\s0 value \s-1BIGNUM\s0 ** output parameters are permitted. The functions -ignore \s-1NULL\s0 parameters but return values for other, non-NULL, parameters. -.PP -For multi-prime \s-1RSA,\s0 \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR -can be used to obtain other primes and related \s-1CRT\s0 parameters. The -return values are stored in an array of \fB\s-1BIGNUM\s0 *\fR. \fBRSA_set0_multi_prime_params()\fR -sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) -into an \s-1RSA\s0 object. -.PP -Any of the values \fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR, and \fBiqmp\fR can also be -retrieved separately by the corresponding function -\&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, -\&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR, respectively. -.PP -\&\fBRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1RSA\s0 -object. Multiple flags can be passed in one go (bitwise ORed together). -Any flags that are already set are left set. \fBRSA_test_flags()\fR tests to -see whether the flags passed in the \fBflags\fR parameter are currently -set in the \s-1RSA\s0 object. Multiple flags can be tested in one go. All -flags that are currently set are returned, or zero if none of the -flags are set. \fBRSA_clear_flags()\fR clears the specified flags within the -\&\s-1RSA\s0 object. -.PP -\&\fBRSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for -this \s-1RSA\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. -.PP -\&\fBRSA_get_version()\fR returns the version of an \s-1RSA\s0 object \fBr\fR. -.SH "NOTES" -.IX Header "NOTES" -Values retrieved with \fBRSA_get0_key()\fR are owned by the \s-1RSA\s0 object used -in the call and may therefore \fInot\fR be passed to \fBRSA_set0_key()\fR. If -needed, duplicate the received value using \fBBN_dup()\fR and pass the -duplicate. The same applies to \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR -as well as \fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. -.PP -The caller should obtain the size by calling \fBRSA_get_multi_prime_extra_count()\fR -in advance and allocate sufficient buffer to store the return values before -calling \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR. -.PP -\&\fBRSA_set0_multi_prime_params()\fR always clears the original multi-prime -triplets in \s-1RSA\s0 object \fBr\fR and assign the new set of triplets into it. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRSA_set0_key()\fR, \fBRSA_set0_factors()\fR, \fBRSA_set0_crt_params()\fR and -\&\fBRSA_set0_multi_prime_params()\fR return 1 on success or 0 on failure. -.PP -\&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, -\&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR -return the respective value. -.PP -\&\fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_crt_params()\fR return -1 on success or 0 on failure. -.PP -\&\fBRSA_get_multi_prime_extra_count()\fR returns two less than the number of primes -in use, which is 0 for traditional \s-1RSA\s0 and the number of extra primes for -multi-prime \s-1RSA.\s0 -.PP -\&\fBRSA_get_version()\fR returns \fB\s-1RSA_ASN1_VERSION_MULTI\s0\fR for multi-prime \s-1RSA\s0 and -\&\fB\s-1RSA_ASN1_VERSION_DEFAULT\s0\fR for normal two-prime \s-1RSA,\s0 as defined in \s-1RFC 8017.\s0 -.PP -\&\fBRSA_test_flags()\fR returns the current state of the flags in the \s-1RSA\s0 object. -.PP -\&\fBRSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1RSA\s0 object or \s-1NULL\s0 if no -\&\s-1ENGINE\s0 has been set. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRSA_new\fR\|(3), \fBRSA_size\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The -\&\fBRSA_get_multi_prime_extra_count()\fR, \fBRSA_get0_multi_prime_factors()\fR, -\&\fBRSA_get0_multi_prime_crt_params()\fR, \fBRSA_set0_multi_prime_params()\fR, -and \fBRSA_get_version()\fR functions were added in OpenSSL 1.1.1. -.PP -Other functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_meth_new.3 b/secure/lib/libcrypto/man/RSA_meth_new.3 deleted file mode 100644 index 78f324356590..000000000000 --- a/secure/lib/libcrypto/man/RSA_meth_new.3 +++ /dev/null @@ -1,382 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_METH_NEW 3" -.TH RSA_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, RSA_meth_get_pub_enc, RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen \&\- Routines to build up RSA methods -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& RSA_METHOD *RSA_meth_new(const char *name, int flags); -\& void RSA_meth_free(RSA_METHOD *meth); -\& -\& RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); -\& -\& const char *RSA_meth_get0_name(const RSA_METHOD *meth); -\& int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); -\& -\& int RSA_meth_get_flags(const RSA_METHOD *meth); -\& int RSA_meth_set_flags(RSA_METHOD *meth, int flags); -\& -\& void *RSA_meth_get0_app_data(const RSA_METHOD *meth); -\& int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); -\& -\& int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, -\& unsigned char *to, RSA *rsa, int padding); -\& int RSA_meth_set_pub_enc(RSA_METHOD *rsa, -\& int (*pub_enc)(int flen, const unsigned char *from, -\& unsigned char *to, RSA *rsa, -\& int padding)); -\& -\& int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) -\& (int flen, const unsigned char *from, -\& unsigned char *to, RSA *rsa, int padding); -\& int RSA_meth_set_pub_dec(RSA_METHOD *rsa, -\& int (*pub_dec)(int flen, const unsigned char *from, -\& unsigned char *to, RSA *rsa, -\& int padding)); -\& -\& int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, -\& unsigned char *to, RSA *rsa, -\& int padding); -\& int RSA_meth_set_priv_enc(RSA_METHOD *rsa, -\& int (*priv_enc)(int flen, const unsigned char *from, -\& unsigned char *to, RSA *rsa, int padding)); -\& -\& int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from, -\& unsigned char *to, RSA *rsa, -\& int padding); -\& int RSA_meth_set_priv_dec(RSA_METHOD *rsa, -\& int (*priv_dec)(int flen, const unsigned char *from, -\& unsigned char *to, RSA *rsa, int padding)); -\& -\& /* Can be null */ -\& int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i, -\& RSA *rsa, BN_CTX *ctx); -\& int RSA_meth_set_mod_exp(RSA_METHOD *rsa, -\& int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, -\& BN_CTX *ctx)); -\& -\& /* Can be null */ -\& int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a, -\& const BIGNUM *p, const BIGNUM *m, -\& BN_CTX *ctx, BN_MONT_CTX *m_ctx); -\& int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, -\& int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, -\& const BIGNUM *p, const BIGNUM *m, -\& BN_CTX *ctx, BN_MONT_CTX *m_ctx)); -\& -\& /* called at new */ -\& int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa); -\& int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa)); -\& -\& /* called at free */ -\& int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); -\& int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa)); -\& -\& int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m, -\& unsigned int m_length, -\& unsigned char *sigret, -\& unsigned int *siglen, const RSA *rsa); -\& int RSA_meth_set_sign(RSA_METHOD *rsa, -\& int (*sign)(int type, const unsigned char *m, -\& unsigned int m_length, unsigned char *sigret, -\& unsigned int *siglen, const RSA *rsa)); -\& -\& int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m, -\& unsigned int m_length, -\& const unsigned char *sigbuf, -\& unsigned int siglen, const RSA *rsa); -\& int RSA_meth_set_verify(RSA_METHOD *rsa, -\& int (*verify)(int dtype, const unsigned char *m, -\& unsigned int m_length, -\& const unsigned char *sigbuf, -\& unsigned int siglen, const RSA *rsa)); -\& -\& int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e, -\& BN_GENCB *cb); -\& int RSA_meth_set_keygen(RSA_METHOD *rsa, -\& int (*keygen)(RSA *rsa, int bits, BIGNUM *e, -\& BN_GENCB *cb)); -\& -\& int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, -\& int primes, BIGNUM *e, -\& BN_GENCB *cb); -\& -\& int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, -\& int (*keygen) (RSA *rsa, int bits, -\& int primes, BIGNUM *e, -\& BN_GENCB *cb)); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1RSA_METHOD\s0\fR type is a structure used for the provision of custom -\&\s-1RSA\s0 implementations. It provides a set of functions used by OpenSSL -for the implementation of the various \s-1RSA\s0 capabilities. See the rsa -page for more information. -.PP -\&\fBRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be -given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a -\&\s-1NULL\s0 terminated string, which will be duplicated and stored in the -\&\fB\s-1RSA_METHOD\s0\fR object. It is the callers responsibility to free the -original string. The flags will be used during the construction of a -new \fB\s-1RSA\s0\fR object based on this \fB\s-1RSA_METHOD\s0\fR. Any new \fB\s-1RSA\s0\fR object -will have those flags set by default. -.PP -\&\fBRSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1RSA_METHOD\s0\fR object -passed as a parameter. This might be useful for creating a new -\&\fB\s-1RSA_METHOD\s0\fR based on an existing one, but with some differences. -.PP -\&\fBRSA_meth_free()\fR destroys an \fB\s-1RSA_METHOD\s0\fR structure and frees up any -memory associated with it. -.PP -\&\fBRSA_meth_get0_name()\fR will return a pointer to the name of this -\&\s-1RSA_METHOD.\s0 This is a pointer to the internal name string and so -should not be freed by the caller. \fBRSA_meth_set1_name()\fR sets the name -of the \s-1RSA_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is -stored in the \s-1RSA_METHOD\s0 structure, so the caller remains responsible -for freeing the memory associated with the name. -.PP -\&\fBRSA_meth_get_flags()\fR returns the current value of the flags associated -with this \s-1RSA_METHOD.\s0 \fBRSA_meth_set_flags()\fR provides the ability to set -these flags. -.PP -The functions \fBRSA_meth_get0_app_data()\fR and \fBRSA_meth_set0_app_data()\fR -provide the ability to associate implementation specific data with the -\&\s-1RSA_METHOD.\s0 It is the application's responsibility to free this data -before the \s-1RSA_METHOD\s0 is freed via a call to \fBRSA_meth_free()\fR. -.PP -\&\fBRSA_meth_get_sign()\fR and \fBRSA_meth_set_sign()\fR get and set the function -used for creating an \s-1RSA\s0 signature respectively. This function will be -called in response to the application calling \fBRSA_sign()\fR. The -parameters for the function have the same meaning as for \fBRSA_sign()\fR. -.PP -\&\fBRSA_meth_get_verify()\fR and \fBRSA_meth_set_verify()\fR get and set the -function used for verifying an \s-1RSA\s0 signature respectively. This -function will be called in response to the application calling -\&\fBRSA_verify()\fR. The parameters for the function have the same meaning as -for \fBRSA_verify()\fR. -.PP -\&\fBRSA_meth_get_mod_exp()\fR and \fBRSA_meth_set_mod_exp()\fR get and set the -function used for \s-1CRT\s0 computations. -.PP -\&\fBRSA_meth_get_bn_mod_exp()\fR and \fBRSA_meth_set_bn_mod_exp()\fR get and set -the function used for \s-1CRT\s0 computations, specifically the following -value: -.PP -.Vb 1 -\& r = a ^ p mod m -.Ve -.PP -Both the \fBmod_exp()\fR and \fBbn_mod_exp()\fR functions are called by the -default OpenSSL method during encryption, decryption, signing and -verification. -.PP -\&\fBRSA_meth_get_init()\fR and \fBRSA_meth_set_init()\fR get and set the function -used for creating a new \s-1RSA\s0 instance respectively. This function will -be called in response to the application calling \fBRSA_new()\fR (if the -current default \s-1RSA_METHOD\s0 is this one) or \fBRSA_new_method()\fR. The -\&\fBRSA_new()\fR and \fBRSA_new_method()\fR functions will allocate the memory for -the new \s-1RSA\s0 object, and a pointer to this newly allocated structure -will be passed as a parameter to the function. This function may be -\&\s-1NULL.\s0 -.PP -\&\fBRSA_meth_get_finish()\fR and \fBRSA_meth_set_finish()\fR get and set the -function used for destroying an instance of an \s-1RSA\s0 object respectively. -This function will be called in response to the application calling -\&\fBRSA_free()\fR. A pointer to the \s-1RSA\s0 to be destroyed is passed as a -parameter. The destroy function should be used for \s-1RSA\s0 implementation -specific clean up. The memory for the \s-1RSA\s0 itself should not be freed -by this function. This function may be \s-1NULL.\s0 -.PP -\&\fBRSA_meth_get_keygen()\fR and \fBRSA_meth_set_keygen()\fR get and set the -function used for generating a new \s-1RSA\s0 key pair respectively. This -function will be called in response to the application calling -\&\fBRSA_generate_key_ex()\fR. The parameter for the function has the same -meaning as for \fBRSA_generate_key_ex()\fR. -.PP -\&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR get -and set the function used for generating a new multi-prime \s-1RSA\s0 key pair -respectively. This function will be called in response to the application calling -\&\fBRSA_generate_multi_prime_key()\fR. The parameter for the function has the same -meaning as for \fBRSA_generate_multi_prime_key()\fR. -.PP -\&\fBRSA_meth_get_pub_enc()\fR, \fBRSA_meth_set_pub_enc()\fR, -\&\fBRSA_meth_get_pub_dec()\fR, \fBRSA_meth_set_pub_dec()\fR, -\&\fBRSA_meth_get_priv_enc()\fR, \fBRSA_meth_set_priv_enc()\fR, -\&\fBRSA_meth_get_priv_dec()\fR, \fBRSA_meth_set_priv_dec()\fR get and set the -functions used for public and private key encryption and decryption. -These functions will be called in response to the application calling -\&\fBRSA_public_encrypt()\fR, \fBRSA_private_decrypt()\fR, \fBRSA_private_encrypt()\fR and -\&\fBRSA_public_decrypt()\fR and take the same parameters as those. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRSA_meth_new()\fR and \fBRSA_meth_dup()\fR return the newly allocated -\&\s-1RSA_METHOD\s0 object or \s-1NULL\s0 on failure. -.PP -\&\fBRSA_meth_get0_name()\fR and \fBRSA_meth_get_flags()\fR return the name and -flags associated with the \s-1RSA_METHOD\s0 respectively. -.PP -All other RSA_meth_get_*() functions return the appropriate function -pointer that has been set in the \s-1RSA_METHOD,\s0 or \s-1NULL\s0 if no such -pointer has yet been set. -.PP -RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on -success or 0 on failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRSA_new\fR\|(3), \fBRSA_generate_key_ex\fR\|(3), \fBRSA_sign\fR\|(3), -\&\fBRSA_set_method\fR\|(3), \fBRSA_size\fR\|(3), \fBRSA_get0_key\fR\|(3), -\&\fBRSA_generate_multi_prime_key\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR were -added in OpenSSL 1.1.1. -.PP -Other functions described here were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 deleted file mode 100644 index fe37bcc9d2fe..000000000000 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ /dev/null @@ -1,179 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_NEW 3" -.TH RSA_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_new, RSA_free \- allocate and free RSA objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& RSA *RSA_new(void); -\& -\& void RSA_free(RSA *rsa); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to -calling RSA_new_method(\s-1NULL\s0). -.PP -\&\fBRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is -erased before the memory is returned to the system. -If \fBrsa\fR is \s-1NULL\s0 nothing is done. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -If the allocation fails, \fBRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns -a pointer to the newly allocated structure. -.PP -\&\fBRSA_free()\fR returns no value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), -\&\fBRSA_generate_key\fR\|(3), -\&\fBRSA_new_method\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 deleted file mode 100644 index 419fe86f0445..000000000000 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ /dev/null @@ -1,276 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3" -.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption padding -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, -\& const unsigned char *f, int fl); -\& -\& int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, -\& const unsigned char *f, int fl, int rsa_len); -\& -\& int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, -\& const unsigned char *f, int fl); -\& -\& int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, -\& const unsigned char *f, int fl, int rsa_len); -\& -\& int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, -\& const unsigned char *f, int fl, -\& const unsigned char *p, int pl); -\& -\& int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, -\& const unsigned char *f, int fl, int rsa_len, -\& const unsigned char *p, int pl); -\& -\& int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, -\& const unsigned char *f, int fl, -\& const unsigned char *p, int pl, -\& const EVP_MD *md, const EVP_MD *mgf1md); -\& -\& int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, -\& const unsigned char *f, int fl, int rsa_len, -\& const unsigned char *p, int pl, -\& const EVP_MD *md, const EVP_MD *mgf1md); -\& -\& int RSA_padding_add_SSLv23(unsigned char *to, int tlen, -\& const unsigned char *f, int fl); -\& -\& int RSA_padding_check_SSLv23(unsigned char *to, int tlen, -\& const unsigned char *f, int fl, int rsa_len); -\& -\& int RSA_padding_add_none(unsigned char *to, int tlen, -\& const unsigned char *f, int fl); -\& -\& int RSA_padding_check_none(unsigned char *to, int tlen, -\& const unsigned char *f, int fl, int rsa_len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, -decrypt, sign and verify functions. Normally they should not be called -from application programs. -.PP -However, they can also be called directly to implement padding for other -asymmetric ciphers. \fBRSA_padding_add_PKCS1_OAEP()\fR and -\&\fBRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined -with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding -parameter. -.PP -\&\fBRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into -\&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR -does not meet the size requirements of the encoding method. -.PP -The following encoding methods are implemented: -.IP "PKCS1_type_1" 4 -.IX Item "PKCS1_type_1" -\&\s-1PKCS\s0 #1 v2.0 EMSA\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 1); used for signatures -.IP "PKCS1_type_2" 4 -.IX Item "PKCS1_type_2" -\&\s-1PKCS\s0 #1 v2.0 EME\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 2) -.IP "\s-1PKCS1_OAEP\s0" 4 -.IX Item "PKCS1_OAEP" -\&\s-1PKCS\s0 #1 v2.0 EME-OAEP -.IP "SSLv23" 4 -.IX Item "SSLv23" -\&\s-1PKCS\s0 #1 EME\-PKCS1\-v1_5 with SSL-specific modification -.IP "none" 4 -.IX Item "none" -simply copy the data -.PP -The random number generator must be seeded prior to calling -\&\fBRSA_padding_add_xxx()\fR. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -.PP -\&\fBRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain -a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective -encoding method and stores the recovered data of at most \fBtlen\fR bytes -(for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR) -at \fBto\fR. -.PP -For \fBRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter -of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0. -.PP -For \fBRSA_padding_xxx_OAEP_mgf1()\fR, \fBmd\fR points to the md hash, -if \fBmd\fR is \fB\s-1NULL\s0\fR that means md=sha1, and \fBmgf1md\fR points to -the mgf1 hash, if \fBmgf1md\fR is \fB\s-1NULL\s0\fR that means mgf1md=md. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The \fBRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. -The \fBRSA_padding_check_xxx()\fR functions return the length of the -recovered data, \-1 on error. Error codes can be obtained by calling -\&\fBERR_get_error\fR\|(3). -.SH "WARNINGS" -.IX Header "WARNINGS" -The result of \fBRSA_padding_check_PKCS1_type_2()\fR is a very sensitive -information which can potentially be used to mount a Bleichenbacher -padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1 -v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. If that is not -possible, the result of \fBRSA_padding_check_PKCS1_type_2()\fR should be -checked in constant time if it matches the expected length of the -plaintext and additionally some application specific consistency -checks on the plaintext need to be performed in constant time. -If the plaintext is rejected it must be kept secret which of the -checks caused the application to reject the message. -Do not remove the zero-padding from the decrypted raw \s-1RSA\s0 data -which was computed by \fBRSA_private_decrypt()\fR with \fB\s-1RSA_NO_PADDING\s0\fR, -as this would create a small timing side channel which could be -used to mount a Bleichenbacher attack against any padding mode -including \s-1PKCS1_OAEP.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRSA_public_encrypt\fR\|(3), -\&\fBRSA_private_decrypt\fR\|(3), -\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 deleted file mode 100644 index cd740a5a73cd..000000000000 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_PRINT 3" -.TH RSA_PRINT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_print, RSA_print_fp, DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RSA_print(BIO *bp, RSA *x, int offset); -\& int RSA_print_fp(FILE *fp, RSA *x, int offset); -\& -\& #include -\& -\& int DSAparams_print(BIO *bp, DSA *x); -\& int DSAparams_print_fp(FILE *fp, DSA *x); -\& int DSA_print(BIO *bp, DSA *x, int offset); -\& int DSA_print_fp(FILE *fp, DSA *x, int offset); -\& -\& #include -\& -\& int DHparams_print(BIO *bp, DH *x); -\& int DHparams_print_fp(FILE *fp, DH *x); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A human-readable hexadecimal output of the components of the \s-1RSA\s0 -key, \s-1DSA\s0 parameters or key or \s-1DH\s0 parameters is printed to \fBbp\fR or \fBfp\fR. -.PP -The output lines are indented by \fBoffset\fR spaces. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return 1 on success, 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBBN_bn2bin\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 deleted file mode 100644 index 9fb76a68059a..000000000000 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ /dev/null @@ -1,200 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_PRIVATE_ENCRYPT 3" -.TH RSA_PRIVATE_ENCRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_private_encrypt, RSA_public_decrypt \- low level signature operations -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RSA_private_encrypt(int flen, unsigned char *from, -\& unsigned char *to, RSA *rsa, int padding); -\& -\& int RSA_public_decrypt(int flen, unsigned char *from, -\& unsigned char *to, RSA *rsa, int padding); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions handle \s-1RSA\s0 signatures at a low level. -.PP -\&\fBRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a -message digest with an algorithm identifier) using the private key -\&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to -\&\fBRSA_size(rsa)\fR bytes of memory. -.PP -\&\fBpadding\fR denotes one of the following modes: -.IP "\s-1RSA_PKCS1_PADDING\s0" 4 -.IX Item "RSA_PKCS1_PADDING" -\&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the -\&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or -verifying \s-1PKCS\s0 #1 signatures, \fBRSA_sign\fR\|(3) and \fBRSA_verify\fR\|(3) should be -used. -.IP "\s-1RSA_NO_PADDING\s0" 4 -.IX Item "RSA_NO_PADDING" -Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement -cryptographically sound padding modes in the application code. -Signing user data directly with \s-1RSA\s0 is insecure. -.PP -\&\fBRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR -bytes long signature at \fBfrom\fR using the signer's public key -\&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the -message digest (which is smaller than \fBRSA_size(rsa) \- -11\fR). \fBpadding\fR is the padding mode that was used to sign the data. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRSA_private_encrypt()\fR returns the size of the signature (i.e., -RSA_size(rsa)). \fBRSA_public_decrypt()\fR returns the size of the -recovered message digest. -.PP -On error, \-1 is returned; the error codes can be -obtained by \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), -\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 deleted file mode 100644 index a58a81bea289..000000000000 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ /dev/null @@ -1,231 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_PUBLIC_ENCRYPT 3" -.TH RSA_PUBLIC_ENCRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RSA_public_encrypt(int flen, const unsigned char *from, -\& unsigned char *to, RSA *rsa, int padding); -\& -\& int RSA_private_decrypt(int flen, const unsigned char *from, -\& unsigned char *to, RSA *rsa, int padding); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a -session key) using the public key \fBrsa\fR and stores the ciphertext in -\&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory. -.PP -\&\fBpadding\fR denotes one of the following modes: -.IP "\s-1RSA_PKCS1_PADDING\s0" 4 -.IX Item "RSA_PKCS1_PADDING" -\&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode. -However, it is highly recommended to use \s-1RSA_PKCS1_OAEP_PADDING\s0 in -new applications. \s-1SEE WARNING BELOW.\s0 -.IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4 -.IX Item "RSA_PKCS1_OAEP_PADDING" -EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1, MGF1\s0 and an empty -encoding parameter. This mode is recommended for all new applications. -.IP "\s-1RSA_SSLV23_PADDING\s0" 4 -.IX Item "RSA_SSLV23_PADDING" -\&\s-1PKCS\s0 #1 v1.5 padding with an SSL-specific modification that denotes -that the server is \s-1SSL3\s0 capable. -.IP "\s-1RSA_NO_PADDING\s0" 4 -.IX Item "RSA_NO_PADDING" -Raw \s-1RSA\s0 encryption. This mode should \fIonly\fR be used to implement -cryptographically sound padding modes in the application code. -Encrypting user data directly with \s-1RSA\s0 is insecure. -.PP -\&\fBflen\fR must not be more than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 -based padding modes, not more than RSA_size(\fBrsa\fR) \- 42 for -\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0 -When a padding mode other than \s-1RSA_NO_PADDING\s0 is in use, then -\&\fBRSA_public_encrypt()\fR will include some random bytes into the ciphertext -and therefore the ciphertext will be different each time, even if the -plaintext and the public key are exactly identical. -The returned ciphertext in \fBto\fR will always be zero padded to exactly -RSA_size(\fBrsa\fR) bytes. -\&\fBto\fR and \fBfrom\fR may overlap. -.PP -\&\fBRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the -private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBflen\fR should -be equal to RSA_size(\fBrsa\fR) but may be smaller, when leading zero -bytes are in the ciphertext. Those are not important and may be removed, -but \fBRSA_public_encrypt()\fR does not do that. \fBto\fR must point -to a memory section large enough to hold the maximal possible decrypted -data (which is equal to RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING,\s0 -RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 based padding modes and -RSA_size(\fBrsa\fR) \- 42 for \s-1RSA_PKCS1_OAEP_PADDING\s0). -\&\fBpadding\fR is the padding mode that was used to encrypt the data. -\&\fBto\fR and \fBfrom\fR may overlap. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRSA_public_encrypt()\fR returns the size of the encrypted data (i.e., -RSA_size(\fBrsa\fR)). \fBRSA_private_decrypt()\fR returns the size of the -recovered plaintext. A return value of 0 is not an error and -means only that the plaintext was empty. -.PP -On error, \-1 is returned; the error codes can be -obtained by \fBERR_get_error\fR\|(3). -.SH "WARNINGS" -.IX Header "WARNINGS" -Decryption failures in the \s-1RSA_PKCS1_PADDING\s0 mode leak information -which can potentially be used to mount a Bleichenbacher padding oracle -attack. This is an inherent weakness in the \s-1PKCS\s0 #1 v1.5 padding -design. Prefer \s-1RSA_PKCS1_OAEP_PADDING.\s0 -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1SSL, PKCS\s0 #1 v2.0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), -\&\fBRSA_size\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 deleted file mode 100644 index 5a87cc5e1610..000000000000 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ /dev/null @@ -1,315 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_SET_METHOD 3" -.TH RSA_SET_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_set_default_method, RSA_get_default_method, RSA_set_method, RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, RSA_new_method \- select RSA method -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void RSA_set_default_method(const RSA_METHOD *meth); -\& -\& RSA_METHOD *RSA_get_default_method(void); -\& -\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); -\& -\& RSA_METHOD *RSA_get_method(const RSA *rsa); -\& -\& RSA_METHOD *RSA_PKCS1_OpenSSL(void); -\& -\& int RSA_flags(const RSA *rsa); -\& -\& RSA *RSA_new_method(ENGINE *engine); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 -operations. By modifying the method, alternative implementations such as -hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for -important information about how these \s-1RSA API\s0 functions are affected by the -use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. -.PP -Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, -as returned by \fBRSA_PKCS1_OpenSSL()\fR. -.PP -\&\fBRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 -structures created later. -\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has -been set as a default for \s-1RSA,\s0 so this function is no longer recommended. -This function is not thread-safe and should not be called at the same time -as other OpenSSL functions. -.PP -\&\fBRSA_get_default_method()\fR returns a pointer to the current default -\&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on -whether the \s-1ENGINE API\s0 is being used, so this function is no longer -recommended. -.PP -\&\fBRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key -\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the -previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will -be released during the change. It is possible to have \s-1RSA\s0 keys that only -work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module -that supports embedded hardware-protected keys), and in such cases -attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected -results. -.PP -\&\fBRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. -This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if -it is, the return value can only be guaranteed to be valid as long as the -\&\s-1RSA\s0 key itself is valid and does not have its implementation changed by -\&\fBRSA_set_method()\fR. -.PP -\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current -\&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section. -.PP -\&\fBRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that -\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the -default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, -the \s-1RSA_METHOD\s0 controlled by \fBRSA_set_default_method()\fR is used. -.PP -\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. -.PP -\&\fBRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that -\&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, -the default method is used. -.SH "THE RSA_METHOD STRUCTURE" -.IX Header "THE RSA_METHOD STRUCTURE" -.Vb 4 -\& typedef struct rsa_meth_st -\& { -\& /* name of the implementation */ -\& const char *name; -\& -\& /* encrypt */ -\& int (*rsa_pub_enc)(int flen, unsigned char *from, -\& unsigned char *to, RSA *rsa, int padding); -\& -\& /* verify arbitrary data */ -\& int (*rsa_pub_dec)(int flen, unsigned char *from, -\& unsigned char *to, RSA *rsa, int padding); -\& -\& /* sign arbitrary data */ -\& int (*rsa_priv_enc)(int flen, unsigned char *from, -\& unsigned char *to, RSA *rsa, int padding); -\& -\& /* decrypt */ -\& int (*rsa_priv_dec)(int flen, unsigned char *from, -\& unsigned char *to, RSA *rsa, int padding); -\& -\& /* compute r0 = r0 ^ I mod rsa\->n (May be NULL for some implementations) */ -\& int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); -\& -\& /* compute r = a ^ p mod m (May be NULL for some implementations) */ -\& int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, -\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -\& -\& /* called at RSA_new */ -\& int (*init)(RSA *rsa); -\& -\& /* called at RSA_free */ -\& int (*finish)(RSA *rsa); -\& -\& /* -\& * RSA_FLAG_EXT_PKEY \- rsa_mod_exp is called for private key -\& * operations, even if p,q,dmp1,dmq1,iqmp -\& * are NULL -\& * RSA_METHOD_FLAG_NO_CHECK \- don\*(Aqt check pub/private match -\& */ -\& int flags; -\& -\& char *app_data; /* ?? */ -\& -\& int (*rsa_sign)(int type, -\& const unsigned char *m, unsigned int m_length, -\& unsigned char *sigret, unsigned int *siglen, const RSA *rsa); -\& int (*rsa_verify)(int dtype, -\& const unsigned char *m, unsigned int m_length, -\& const unsigned char *sigbuf, unsigned int siglen, -\& const RSA *rsa); -\& /* keygen. If NULL builtin RSA key generation will be used */ -\& int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); -\& -\& } RSA_METHOD; -.Ve -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRSA_PKCS1_OpenSSL()\fR, \fBRSA_PKCS1_null_method()\fR, \fBRSA_get_default_method()\fR -and \fBRSA_get_method()\fR return pointers to the respective RSA_METHODs. -.PP -\&\fBRSA_set_default_method()\fR returns no value. -.PP -\&\fBRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation -that was replaced. However, this return value should probably be ignored -because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated -at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a -result of the \fBRSA_set_method()\fR function releasing its handle to the -\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR -declaration in a future release. -.PP -\&\fBRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained -by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise -it returns a pointer to the newly allocated structure. -.SH "BUGS" -.IX Header "BUGS" -The behaviour of \fBRSA_flags()\fR is a mis-feature that is left as-is for now -to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the -encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key -itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key -(which is what this function returns). If the flags element of an \s-1RSA\s0 key -is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not -be reflected in the return value of the \fBRSA_flags()\fR function \- in effect -\&\fBRSA_flags()\fR behaves more like an \fBRSA_default_flags()\fR function (which does -not currently exist). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBRSA_new\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBRSA_null_method()\fR, which was a partial attempt to avoid patent issues, -was replaced to always return \s-1NULL\s0 in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 deleted file mode 100644 index edb5431df973..000000000000 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ /dev/null @@ -1,196 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_SIGN 3" -.TH RSA_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_sign, RSA_verify \- RSA signatures -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RSA_sign(int type, const unsigned char *m, unsigned int m_len, -\& unsigned char *sigret, unsigned int *siglen, RSA *rsa); -\& -\& int RSA_verify(int type, const unsigned char *m, unsigned int m_len, -\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the -private key \fBrsa\fR using RSASSA\-PKCS1\-v1_5 as specified in \s-1RFC 3447.\s0 It -stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. -\&\fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory. -Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the -key that can be used. -See \fBRSA_private_encrypt\fR\|(3) for lower-level -operations. -.PP -\&\fBtype\fR denotes the message digest algorithm that was used to generate -\&\fBm\fR. -If \fBtype\fR is \fBNID_md5_sha1\fR, -an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding -and no algorithm identifier) is created. -.PP -\&\fBRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR -matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes -the message digest algorithm that was used to generate the signature. -\&\fBrsa\fR is the signer's public key. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRSA_sign()\fR returns 1 on success. -\&\fBRSA_verify()\fR returns 1 on successful verification. -.PP -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1SSL, PKCS\s0 #1 v2.0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), -\&\fBRSA_private_encrypt\fR\|(3), -\&\fBRSA_public_decrypt\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 deleted file mode 100644 index e4c5e8b12e66..000000000000 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ /dev/null @@ -1,198 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_SIGN_ASN1_OCTET_STRING 3" -.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, -\& unsigned int m_len, unsigned char *sigret, -\& unsigned int *siglen, RSA *rsa); -\& -\& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, -\& unsigned int m_len, unsigned char *sigbuf, -\& unsigned int siglen, RSA *rsa); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size -\&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1 -padding. It stores the signature in \fBsigret\fR and the signature size -in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of -memory. -.PP -\&\fBdummy\fR is ignored. -.PP -The random number generator must be seeded when calling -\&\fBRSA_sign_ASN1_OCTET_STRING()\fR. -If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to -external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. -.PP -\&\fBRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR -of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string -\&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's -public key. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise. -\&\fBRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0 -otherwise. -.PP -The error codes can be obtained by \fBERR_get_error\fR\|(3). -.SH "BUGS" -.IX Header "BUGS" -These functions serve no recognizable purpose. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), -\&\fBRAND_bytes\fR\|(3), \fBRSA_sign\fR\|(3), -\&\fBRSA_verify\fR\|(3), -\&\s-1\fBRAND\s0\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 deleted file mode 100644 index 023b799d556b..000000000000 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "RSA_SIZE 3" -.TH RSA_SIZE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -RSA_size, RSA_bits, RSA_security_bits \- get RSA modulus size or security bits -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int RSA_size(const RSA *rsa); -\& -\& int RSA_bits(const RSA *rsa); -\& -\& int RSA_security_bits(const RSA *rsa) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to -determine how much memory must be allocated for an \s-1RSA\s0 encrypted -value. -.PP -\&\fBRSA_bits()\fR returns the number of significant bits. -.PP -\&\fBrsa\fR and \fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR. -.PP -\&\fBRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR -key. See \fBBN_security_bits\fR\|(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBRSA_size()\fR returns the size of modulus in bytes. -.PP -\&\fBDSA_bits()\fR returns the number of bits in the key. -.PP -\&\fBRSA_security_bits()\fR returns the number of security bits. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBBN_num_bits\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBRSA_bits()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SCT_new.3 b/secure/lib/libcrypto/man/SCT_new.3 deleted file mode 100644 index 268e489a840c..000000000000 --- a/secure/lib/libcrypto/man/SCT_new.3 +++ /dev/null @@ -1,306 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SCT_NEW 3" -.TH SCT_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, SCT_get_version, SCT_set_version, SCT_get_log_entry_type, SCT_set_log_entry_type, SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, SCT_get_timestamp, SCT_set_timestamp, SCT_get_signature_nid, SCT_set_signature_nid, SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, SCT_get_source, SCT_set_source \&\- A Certificate Transparency Signed Certificate Timestamp -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef enum { -\& CT_LOG_ENTRY_TYPE_NOT_SET = \-1, -\& CT_LOG_ENTRY_TYPE_X509 = 0, -\& CT_LOG_ENTRY_TYPE_PRECERT = 1 -\& } ct_log_entry_type_t; -\& -\& typedef enum { -\& SCT_VERSION_NOT_SET = \-1, -\& SCT_VERSION_V1 = 0 -\& } sct_version_t; -\& -\& typedef enum { -\& SCT_SOURCE_UNKNOWN, -\& SCT_SOURCE_TLS_EXTENSION, -\& SCT_SOURCE_X509V3_EXTENSION, -\& SCT_SOURCE_OCSP_STAPLED_RESPONSE -\& } sct_source_t; -\& -\& SCT *SCT_new(void); -\& SCT *SCT_new_from_base64(unsigned char version, -\& const char *logid_base64, -\& ct_log_entry_type_t entry_type, -\& uint64_t timestamp, -\& const char *extensions_base64, -\& const char *signature_base64); -\& -\& void SCT_free(SCT *sct); -\& void SCT_LIST_free(STACK_OF(SCT) *a); -\& -\& sct_version_t SCT_get_version(const SCT *sct); -\& int SCT_set_version(SCT *sct, sct_version_t version); -\& -\& ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); -\& int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); -\& -\& size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); -\& int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); -\& int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len); -\& -\& uint64_t SCT_get_timestamp(const SCT *sct); -\& void SCT_set_timestamp(SCT *sct, uint64_t timestamp); -\& -\& int SCT_get_signature_nid(const SCT *sct); -\& int SCT_set_signature_nid(SCT *sct, int nid); -\& -\& size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); -\& void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); -\& int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len); -\& -\& size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); -\& void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); -\& int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len); -\& -\& sct_source_t SCT_get_source(const SCT *sct); -\& int SCT_set_source(SCT *sct, sct_source_t source); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Signed Certificate Timestamps (SCTs) are defined by \s-1RFC 6962,\s0 Section 3.2. -They constitute a promise by a Certificate Transparency (\s-1CT\s0) log to publicly -record a certificate. By cryptographically verifying that a log did indeed issue -an \s-1SCT,\s0 some confidence can be gained that the certificate is publicly known. -.PP -An internal representation of an \s-1SCT\s0 can be created in one of two ways. -The first option is to create a blank \s-1SCT,\s0 using \fBSCT_new()\fR, and then populate -it using: -.IP "\(bu" 2 -\&\fBSCT_set_version()\fR to set the \s-1SCT\s0 version. -.Sp -Only \s-1SCT_VERSION_V1\s0 is currently supported. -.IP "\(bu" 2 -\&\fBSCT_set_log_entry_type()\fR to set the type of certificate the \s-1SCT\s0 was issued for: -.Sp -\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. -\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. -.IP "\(bu" 2 -\&\fBSCT_set0_log_id()\fR or \fBSCT_set1_log_id()\fR to set the LogID of the \s-1CT\s0 log that the \s-1SCT\s0 came from. -.Sp -The former takes ownership, whereas the latter makes a copy. -See \s-1RFC 6962,\s0 Section 3.2 for the definition of LogID. -.IP "\(bu" 2 -\&\fBSCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (epoch time in milliseconds). -.IP "\(bu" 2 -\&\fBSCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature. -.IP "\(bu" 2 -\&\fBSCT_set0_signature()\fR or \fBSCT_set1_signature()\fR to set the raw signature value. -.Sp -The former takes ownership, whereas the latter makes a copy. -.IP "\(bu" 2 -\&\fBSCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide \s-1SCT\s0 extensions. -.Sp -The former takes ownership, whereas the latter makes a copy. -.PP -Alternatively, the \s-1SCT\s0 can be pre-populated from the following data using -\&\fBSCT_new_from_base64()\fR: -.IP "\(bu" 2 -The \s-1SCT\s0 version (only \s-1SCT_VERSION_V1\s0 is currently supported). -.IP "\(bu" 2 -The LogID (see \s-1RFC 6962,\s0 Section 3.2), base64 encoded. -.IP "\(bu" 2 -The type of certificate the \s-1SCT\s0 was issued for: -\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. -\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. -.IP "\(bu" 2 -The time that the \s-1SCT\s0 was issued (epoch time in milliseconds). -.IP "\(bu" 2 -The \s-1SCT\s0 extensions, base64 encoded. -.IP "\(bu" 2 -The \s-1SCT\s0 signature, base64 encoded. -.PP -\&\fBSCT_set_source()\fR can be used to record where the \s-1SCT\s0 was found -(\s-1TLS\s0 extension, X.509 certificate extension or \s-1OCSP\s0 response). This is not -required for verifying the \s-1SCT.\s0 -.SH "NOTES" -.IX Header "NOTES" -Some of the setters return int, instead of void. These will all return 1 on -success, 0 on failure. They will not make changes on failure. -.PP -All of the setters will reset the validation status of the \s-1SCT\s0 to -\&\s-1SCT_VALIDATION_STATUS_NOT_SET\s0 (see \fBSCT_validate\fR\|(3)). -.PP -\&\fBSCT_set_source()\fR will call \fBSCT_set_log_entry_type()\fR if the type of -certificate the \s-1SCT\s0 was issued for can be inferred from where the \s-1SCT\s0 was found. -For example, an \s-1SCT\s0 found in an X.509 extension must have been issued for a pre\- -certificate. -.PP -\&\fBSCT_set_source()\fR will not refuse unknown values. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSCT_set_version()\fR returns 1 if the specified version is supported, 0 otherwise. -.PP -\&\fBSCT_set_log_entry_type()\fR returns 1 if the specified log entry type is supported, 0 otherwise. -.PP -\&\fBSCT_set0_log_id()\fR and \fBSCT_set1_log_id\fR return 1 if the specified LogID is a -valid \s-1SHA\-256\s0 hash, 0 otherwise. Additionally, \fBSCT_set1_log_id\fR returns 0 if -malloc fails. -.PP -\&\fBSCT_set_signature_nid\fR returns 1 if the specified \s-1NID\s0 is supported, 0 otherwise. -.PP -\&\fBSCT_set1_extensions\fR and \fBSCT_set1_signature\fR return 1 if the supplied buffer -is copied successfully, 0 otherwise (i.e. if malloc fails). -.PP -\&\fBSCT_set_source\fR returns 1 on success, 0 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBct\fR\|(7), -\&\fBSCT_validate\fR\|(3), -\&\fBOBJ_nid2obj\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SCT_print.3 b/secure/lib/libcrypto/man/SCT_print.3 deleted file mode 100644 index 9fba55dcd2ca..000000000000 --- a/secure/lib/libcrypto/man/SCT_print.3 +++ /dev/null @@ -1,187 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SCT_PRINT 3" -.TH SCT_PRINT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SCT_print, SCT_LIST_print, SCT_validation_status_string \- Prints Signed Certificate Timestamps in a human\-readable way -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); -\& void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, -\& const char *separator, const CTLOG_STORE *logs); -\& const char *SCT_validation_status_string(const SCT *sct); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a bio in -a human-readable format. \fBSCT_LIST_print()\fR prints an entire list of SCTs in a -similar way. A separator can be specified to delimit each \s-1SCT\s0 in the output. -.PP -The output can be indented by a specified number of spaces. If a \fB\s-1CTLOG_STORE\s0\fR -is provided, it will be used to print the description of the \s-1CT\s0 log that issued -each \s-1SCT\s0 (if that log is in the \s-1CTLOG_STORE\s0). Alternatively, \s-1NULL\s0 can be passed -as the \s-1CTLOG_STORE\s0 parameter to disable this feature. -.PP -\&\fBSCT_validation_status_string()\fR will return the validation status of an \s-1SCT\s0 as -a human-readable string. Call \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR -beforehand in order to set the validation status of an \s-1SCT\s0 first. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSCT_validation_status_string()\fR returns a null-terminated string representing -the validation status of an \fB\s-1SCT\s0\fR object. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBct\fR\|(7), -\&\fBbio\fR\|(7), -\&\fBCTLOG_STORE_new\fR\|(3), -\&\fBSCT_validate\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SCT_validate.3 b/secure/lib/libcrypto/man/SCT_validate.3 deleted file mode 100644 index 44c760832342..000000000000 --- a/secure/lib/libcrypto/man/SCT_validate.3 +++ /dev/null @@ -1,223 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SCT_VALIDATE 3" -.TH SCT_VALIDATE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SCT_validate, SCT_LIST_validate, SCT_get_validation_status \- checks Signed Certificate Timestamps (SCTs) are valid -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef enum { -\& SCT_VALIDATION_STATUS_NOT_SET, -\& SCT_VALIDATION_STATUS_UNKNOWN_LOG, -\& SCT_VALIDATION_STATUS_VALID, -\& SCT_VALIDATION_STATUS_INVALID, -\& SCT_VALIDATION_STATUS_UNVERIFIED, -\& SCT_VALIDATION_STATUS_UNKNOWN_VERSION -\& } sct_validation_status_t; -\& -\& int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); -\& int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx); -\& sct_validation_status_t SCT_get_validation_status(const SCT *sct); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSCT_validate()\fR will check that an \s-1SCT\s0 is valid and verify its signature. -\&\fBSCT_LIST_validate()\fR performs the same checks on an entire stack of SCTs. -The result of the validation checks can be obtained by passing the \s-1SCT\s0 to -\&\fBSCT_get_validation_status()\fR. -.PP -A \s-1CT_POLICY_EVAL_CTX\s0 must be provided that specifies: -.IP "\(bu" 2 -The certificate the \s-1SCT\s0 was issued for. -.Sp -Failure to provide the certificate will result in the validation status being -\&\s-1SCT_VALIDATION_STATUS_UNVERIFIED.\s0 -.IP "\(bu" 2 -The issuer of that certificate. -.Sp -This is only required if the \s-1SCT\s0 was issued for a pre-certificate -(see \s-1RFC 6962\s0). If it is required but not provided, the validation status will -be \s-1SCT_VALIDATION_STATUS_UNVERIFIED.\s0 -.IP "\(bu" 2 -A \s-1CTLOG_STORE\s0 that contains the \s-1CT\s0 log that issued this \s-1SCT.\s0 -.Sp -If the \s-1SCT\s0 was issued by a log that is not in this \s-1CTLOG_STORE,\s0 the validation -status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_LOG.\s0 -.PP -If the \s-1SCT\s0 is of an unsupported version (only v1 is currently supported), the -validation status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_VERSION.\s0 -.PP -If the \s-1SCT\s0's signature is incorrect, its timestamp is in the future (relative to -the time in \s-1CT_POLICY_EVAL_CTX\s0), or if it is otherwise invalid, the validation -status will be \s-1SCT_VALIDATION_STATUS_INVALID.\s0 -.PP -If all checks pass, the validation status will be \s-1SCT_VALIDATION_STATUS_VALID.\s0 -.SH "NOTES" -.IX Header "NOTES" -A return value of 0 from \fBSCT_LIST_validate()\fR should not be interpreted as a -failure. At a minimum, only one valid \s-1SCT\s0 may provide sufficient confidence -that a certificate has been publicly logged. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSCT_validate()\fR returns a negative integer if an internal error occurs, 0 if the -\&\s-1SCT\s0 fails validation, or 1 if the \s-1SCT\s0 passes validation. -.PP -\&\fBSCT_LIST_validate()\fR returns a negative integer if an internal error occurs, 0 -if any of SCTs fails validation, or 1 if they all pass validation. -.PP -\&\fBSCT_get_validation_status()\fR returns the validation status of the \s-1SCT.\s0 -If \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR have not been passed that \s-1SCT,\s0 the -returned value will be \s-1SCT_VALIDATION_STATUS_NOT_SET.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBct\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SHA256_Init.3 b/secure/lib/libcrypto/man/SHA256_Init.3 deleted file mode 100644 index 8e07cce30a80..000000000000 --- a/secure/lib/libcrypto/man/SHA256_Init.3 +++ /dev/null @@ -1,236 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SHA256_INIT 3" -.TH SHA256_INIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, SHA512_Final \- Secure Hash Algorithm -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SHA1_Init(SHA_CTX *c); -\& int SHA1_Update(SHA_CTX *c, const void *data, size_t len); -\& int SHA1_Final(unsigned char *md, SHA_CTX *c); -\& unsigned char *SHA1(const unsigned char *d, size_t n, -\& unsigned char *md); -\& -\& int SHA224_Init(SHA256_CTX *c); -\& int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); -\& int SHA224_Final(unsigned char *md, SHA256_CTX *c); -\& unsigned char *SHA224(const unsigned char *d, size_t n, -\& unsigned char *md); -\& -\& int SHA256_Init(SHA256_CTX *c); -\& int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); -\& int SHA256_Final(unsigned char *md, SHA256_CTX *c); -\& unsigned char *SHA256(const unsigned char *d, size_t n, -\& unsigned char *md); -\& -\& int SHA384_Init(SHA512_CTX *c); -\& int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); -\& int SHA384_Final(unsigned char *md, SHA512_CTX *c); -\& unsigned char *SHA384(const unsigned char *d, size_t n, -\& unsigned char *md); -\& -\& int SHA512_Init(SHA512_CTX *c); -\& int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); -\& int SHA512_Final(unsigned char *md, SHA512_CTX *c); -\& unsigned char *SHA512(const unsigned char *d, size_t n, -\& unsigned char *md); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Applications should use the higher level functions -\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash -functions directly. -.PP -\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a -160 bit output. -.PP -\&\s-1\fBSHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR -bytes at \fBd\fR and places it in \fBmd\fR (which must have space for -\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest -is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thread safe\fR. -.PP -The following functions may be used if the message is not completely -stored in memory: -.PP -\&\fBSHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. -.PP -\&\fBSHA1_Update()\fR can be called repeatedly with chunks of the message to -be hashed (\fBlen\fR bytes at \fBdata\fR). -.PP -\&\fBSHA1_Final()\fR places the message digest in \fBmd\fR, which must have space -for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR. -.PP -The \s-1SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 families of functions operate in the -same way as for the \s-1SHA1\s0 functions. Note that \s-1SHA224\s0 and \s-1SHA256\s0 use a -\&\fB\s-1SHA256_CTX\s0\fR object instead of \fB\s-1SHA_CTX\s0\fR. \s-1SHA384\s0 and \s-1SHA512\s0 use \fB\s-1SHA512_CTX\s0\fR. -The buffer \fBmd\fR must have space for the output from the \s-1SHA\s0 variant being used -(defined by \s-1SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH\s0 and -\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fBSHA1\s0()\fR function above, the -\&\s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR functions are not thread safe if -\&\fBmd\fR is \s-1NULL.\s0 -.PP -The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be -used only when backward compatibility is required. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR return a pointer to the hash -value. -.PP -\&\fBSHA1_Init()\fR, \fBSHA1_Update()\fR and \fBSHA1_Final()\fR and equivalent \s-1SHA224, SHA256, -SHA384\s0 and \s-1SHA512\s0 functions return 1 for success, 0 otherwise. -.SH "CONFORMING TO" -.IX Header "CONFORMING TO" -\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-4\s0 (Secure Hash -Standard), -\&\s-1ANSI X9.30\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_DigestInit\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3 deleted file mode 100644 index 3dc53482cd07..000000000000 --- a/secure/lib/libcrypto/man/SMIME_read_CMS.3 +++ /dev/null @@ -1,207 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SMIME_READ_CMS 3" -.TH SMIME_READ_CMS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SMIME_read_CMS \- parse S/MIME message -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSMIME_read_CMS()\fR parses a message in S/MIME format. -.PP -\&\fBin\fR is a \s-1BIO\s0 to read the message from. -.PP -If cleartext signing is used then the content is saved in a memory bio which is -written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL.\s0 -.PP -The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an -error occurred. -.SH "NOTES" -.IX Header "NOTES" -If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can -then be passed to \fBCMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. -.PP -Otherwise the type of the returned structure can be determined -using \fBCMS_get0_type()\fR. -.PP -To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be -initialized to \s-1NULL.\s0 For example: -.PP -.Vb 2 -\& BIO *cont = NULL; -\& CMS_ContentInfo *cms; -\& -\& cms = SMIME_read_CMS(in, &cont); -.Ve -.SH "BUGS" -.IX Header "BUGS" -The \s-1MIME\s0 parser used by \fBSMIME_read_CMS()\fR is somewhat primitive. While it will -handle most S/MIME messages more complex compound formats may not work. -.PP -The parser assumes that the CMS_ContentInfo structure is always base64 encoded -and will not handle the case where it is in binary format or uses quoted -printable format. -.PP -The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message -which can be processed due to memory restraints: a streaming single pass option -should be available. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR -if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_type\fR\|(3), -\&\fBSMIME_read_CMS\fR\|(3), \fBCMS_sign\fR\|(3), -\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3), -\&\fBCMS_decrypt\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 deleted file mode 100644 index ded4ed00e699..000000000000 --- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 +++ /dev/null @@ -1,210 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SMIME_READ_PKCS7 3" -.TH SMIME_READ_PKCS7 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SMIME_read_PKCS7 \- parse S/MIME message -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSMIME_read_PKCS7()\fR parses a message in S/MIME format. -.PP -\&\fBin\fR is a \s-1BIO\s0 to read the message from. -.PP -If cleartext signing is used then the content is saved in -a memory bio which is written to \fB*bcont\fR, otherwise -\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR. -.PP -The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an -error occurred. -.SH "NOTES" -.IX Header "NOTES" -If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text -signed. \fB*bcont\fR can then be passed to \fBPKCS7_verify()\fR with -the \fB\s-1PKCS7_DETACHED\s0\fR flag set. -.PP -Otherwise the type of the returned structure can be determined -using \fBPKCS7_type_is_enveloped()\fR, etc. -.PP -To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR -\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: -.PP -.Vb 2 -\& BIO *cont = NULL; -\& PKCS7 *p7; -\& -\& p7 = SMIME_read_PKCS7(in, &cont); -.Ve -.SH "BUGS" -.IX Header "BUGS" -The \s-1MIME\s0 parser used by \fBSMIME_read_PKCS7()\fR is somewhat primitive. -While it will handle most S/MIME messages more complex compound -formats may not work. -.PP -The parser assumes that the \s-1PKCS7\s0 structure is always base64 -encoded and will not handle the case where it is in binary format -or uses quoted printable format. -.PP -The use of a memory \s-1BIO\s0 to hold the signed content limits the size -of message which can be processed due to memory restraints: a -streaming single pass option should be available. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR -if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), -\&\fBSMIME_read_PKCS7\fR\|(3), \fBPKCS7_sign\fR\|(3), -\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) -\&\fBPKCS7_decrypt\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3 deleted file mode 100644 index 2a93267c4d92..000000000000 --- a/secure/lib/libcrypto/man/SMIME_write_CMS.3 +++ /dev/null @@ -1,199 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SMIME_WRITE_CMS 3" -.TH SMIME_WRITE_CMS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SMIME_write_CMS \- convert CMS structure to S/MIME format -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 -structure to produce an S/MIME message. -.PP -\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate -\&\fBCMS_ContentInfo\fR structure. If streaming is enabled then the content must be -supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" -The following flags can be passed in the \fBflags\fR parameter. -.PP -If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only -makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fBCMS_sign()\fR is -called. -.PP -If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to -the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set. -.PP -If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only -be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo -creation function. -.PP -If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must -be read twice: once to compute the signature in \fBCMS_sign()\fR and once to output -the S/MIME message. -.PP -If streaming is performed the content is output in \s-1BER\s0 format using indefinite -length constructed encoding except in the case of signed data with detached -content where the content is absent and \s-1DER\s0 format is used. -.SH "BUGS" -.IX Header "BUGS" -\&\fBSMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an -option to disable this. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSMIME_write_CMS()\fR returns 1 for success or 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), -\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) -\&\fBCMS_decrypt\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 deleted file mode 100644 index 0d88ddd007b5..000000000000 --- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ /dev/null @@ -1,200 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SMIME_WRITE_PKCS7 3" -.TH SMIME_WRITE_PKCS7 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 -structure to produce an S/MIME message. -.PP -\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR -structure. If streaming is enabled then the content must be supplied in the -\&\fBdata\fR argument. \fBflags\fR is an optional set of flags. -.SH "NOTES" -.IX Header "NOTES" -The following flags can be passed in the \fBflags\fR parameter. -.PP -If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, -this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR -is also set when \fBPKCS7_sign()\fR is also called. -.PP -If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR -are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR -is also set. -.PP -If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should -only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to -\&\fBPKCS7_sign()\fR or \fBPKCS7_encrypt()\fR. -.PP -If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then -the data must be read twice: once to compute the signature in \fBPKCS7_sign()\fR -and once to output the S/MIME message. -.PP -If streaming is performed the content is output in \s-1BER\s0 format using indefinite -length constructed encoding except in the case of signed data with detached -content where the content is absent and \s-1DER\s0 format is used. -.SH "BUGS" -.IX Header "BUGS" -\&\fBSMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there -should be an option to disable this. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), -\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) -\&\fBPKCS7_decrypt\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 b/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 deleted file mode 100644 index e82e668e4df8..000000000000 --- a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 +++ /dev/null @@ -1,325 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CIPHER_GET_NAME 3" -.TH SSL_CIPHER_GET_NAME 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description, SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_handshake_digest, SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, SSL_CIPHER_get_id, SSL_CIPHER_get_protocol_id \&\- get SSL_CIPHER properties -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); -\& const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); -\& const char *OPENSSL_cipher_name(const char *stdname); -\& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); -\& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); -\& char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); -\& int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); -\& int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); -\& const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); -\& int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); -\& int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); -\& int SSL_CIPHER_is_aead(const SSL_CIPHER *c); -\& const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); -\& uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); -\& uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the -\&\fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". -.PP -\&\fBSSL_CIPHER_standard_name()\fR returns a pointer to the standard \s-1RFC\s0 name of -\&\fBcipher\fR. If the \fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". If the \fBcipher\fR -has no standard name, it returns \fB\s-1NULL\s0\fR. If \fBcipher\fR was defined in both -SSLv3 and \s-1TLS,\s0 it returns the \s-1TLS\s0 name. -.PP -\&\fBOPENSSL_cipher_name()\fR returns a pointer to the OpenSSL name of \fBstdname\fR. -If the \fBstdname\fR is \s-1NULL,\s0 or \fBstdname\fR has no corresponding OpenSSL name, -it returns \*(L"(\s-1NONE\s0)\*(R". Where both exist, \fBstdname\fR should be the \s-1TLS\s0 name rather -than the SSLv3 name. -.PP -\&\fBSSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. -If \fBcipher\fR is \s-1NULL, 0\s0 is returned. -.PP -\&\fBSSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol -version that first defined the cipher. It returns \*(L"(\s-1NONE\s0)\*(R" if \fBcipher\fR is \s-1NULL.\s0 -.PP -\&\fBSSL_CIPHER_get_cipher_nid()\fR returns the cipher \s-1NID\s0 corresponding to \fBc\fR. -If there is no cipher (e.g. for cipher suites with no encryption) then -\&\fBNID_undef\fR is returned. -.PP -\&\fBSSL_CIPHER_get_digest_nid()\fR returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0 -used by \fBc\fR during record encryption/decryption. If there is no digest (e.g. -for \s-1AEAD\s0 cipher suites) then \fBNID_undef\fR is returned. -.PP -\&\fBSSL_CIPHER_get_handshake_digest()\fR returns an \s-1EVP_MD\s0 for the digest used during -the \s-1SSL/TLS\s0 handshake when using the \s-1SSL_CIPHER\s0 \fBc\fR. Note that this may be -different to the digest used to calculate the \s-1MAC\s0 for encrypted records. -.PP -\&\fBSSL_CIPHER_get_kx_nid()\fR returns the key exchange \s-1NID\s0 corresponding to the method -used by \fBc\fR. If there is no key exchange, then \fBNID_undef\fR is returned. -If any appropriate key exchange algorithm can be used (as in the case of \s-1TLS 1.3\s0 -cipher suites) \fBNID_kx_any\fR is returned. Examples (not comprehensive): -.PP -.Vb 4 -\& NID_kx_rsa -\& NID_kx_ecdhe -\& NID_kx_dhe -\& NID_kx_psk -.Ve -.PP -\&\fBSSL_CIPHER_get_auth_nid()\fR returns the authentication \s-1NID\s0 corresponding to the method -used by \fBc\fR. If there is no authentication, then \fBNID_undef\fR is returned. -If any appropriate authentication algorithm can be used (as in the case of -\&\s-1TLS 1.3\s0 cipher suites) \fBNID_auth_any\fR is returned. Examples (not comprehensive): -.PP -.Vb 3 -\& NID_auth_rsa -\& NID_auth_ecdsa -\& NID_auth_psk -.Ve -.PP -\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or -ChaCha20/Poly1305), and 0 if it is not \s-1AEAD.\s0 -.PP -\&\fBSSL_CIPHER_find()\fR returns a \fB\s-1SSL_CIPHER\s0\fR structure which has the cipher \s-1ID\s0 stored -in \fBptr\fR. The \fBptr\fR parameter is a two element array of \fBchar\fR, which stores the -two-byte \s-1TLS\s0 cipher \s-1ID\s0 (as allocated by \s-1IANA\s0) in network byte order. This parameter -is usually retrieved from a \s-1TLS\s0 packet by using functions like -\&\fBSSL_client_hello_get0_ciphers\fR\|(3). \fBSSL_CIPHER_find()\fR returns \s-1NULL\s0 if an -error occurs or the indicated cipher is not found. -.PP -\&\fBSSL_CIPHER_get_id()\fR returns the OpenSSL-specific \s-1ID\s0 of the given cipher \fBc\fR. That \s-1ID\s0 is -not the same as the IANA-specific \s-1ID.\s0 -.PP -\&\fBSSL_CIPHER_get_protocol_id()\fR returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given -cipher \fBc\fR. -.PP -\&\fBSSL_CIPHER_description()\fR returns a textual description of the cipher used -into the buffer \fBbuf\fR of length \fBlen\fR provided. If \fBbuf\fR is provided, it -must be at least 128 bytes, otherwise a buffer will be allocated using -\&\fBOPENSSL_malloc()\fR. If the provided buffer is too small, or the allocation fails, -\&\fB\s-1NULL\s0\fR is returned. -.PP -The string returned by \fBSSL_CIPHER_description()\fR consists of several fields -separated by whitespace: -.IP "" 4 -.IX Item "" -Textual representation of the cipher name. -.IP "" 4 -.IX Item "" -The minimum protocol version that the ciphersuite supports, such as \fBTLSv1.2\fR. -Note that this is not always the same as the protocol version in which the -ciphersuite was first defined because some ciphersuites are backwards compatible -with earlier protocol versions. -.IP "Kx=" 4 -.IX Item "Kx=" -Key exchange method such as \fB\s-1RSA\s0\fR, \fB\s-1ECDHE\s0\fR, etc. -.IP "Au=" 4 -.IX Item "Au=" -Authentication method such as \fB\s-1RSA\s0\fR, \fBNone\fR, etc.. None is the -representation of anonymous ciphers. -.IP "Enc=" 4 -.IX Item "Enc=" -Encryption method, with number of secret bits, such as \fB\s-1AESGCM\s0(128)\fR. -.IP "Mac=" 4 -.IX Item "Mac=" -Message digest, such as \fB\s-1SHA256\s0\fR. -.PP -Some examples for the output of \fBSSL_CIPHER_description()\fR: -.PP -.Vb 2 -\& ECDHE\-RSA\-AES256\-GCM\-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD -\& RSA\-PSK\-AES256\-CBC\-SHA384 TLSv1.0 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 -.Ve -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CIPHER_get_name()\fR, \fBSSL_CIPHER_standard_name()\fR, \fBOPENSSL_cipher_name()\fR, -\&\fBSSL_CIPHER_get_version()\fR and \fBSSL_CIPHER_description()\fR return the corresponding -value in a null-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R" -if the cipher is not found. -.PP -\&\fBSSL_CIPHER_get_bits()\fR returns a positive integer representing the number of -secret bits or 0 if an error occurred. -.PP -\&\fBSSL_CIPHER_get_cipher_nid()\fR, \fBSSL_CIPHER_get_digest_nid()\fR, -\&\fBSSL_CIPHER_get_kx_nid()\fR and \fBSSL_CIPHER_get_auth_nid()\fR return the \s-1NID\s0 value or -\&\fBNID_undef\fR if an error occurred. -.PP -\&\fBSSL_CIPHER_get_handshake_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 -if an error occurred. -.PP -\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise. -.PP -\&\fBSSL_CIPHER_find()\fR returns a valid \fB\s-1SSL_CIPHER\s0\fR structure or \s-1NULL\s0 if an error -occurred. -.PP -\&\fBSSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL-specific \s-1ID.\s0 -.PP -\&\fBSSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the \s-1TLS\s0 -protocol-specific \s-1ID.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_get_current_cipher\fR\|(3), -\&\fBSSL_get_ciphers\fR\|(3), \fBciphers\fR\|(1) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_CIPHER_get_version()\fR function was updated to always return the -correct protocol string in OpenSSL 1.1.0. -.PP -The \fBSSL_CIPHER_description()\fR function was changed to return \fB\s-1NULL\s0\fR on error, -rather than a fixed string, in OpenSSL 1.1.0. -.PP -The \fBSSL_CIPHER_get_handshake_digest()\fR function was added in OpenSSL 1.1.1. -.PP -The \fBSSL_CIPHER_standard_name()\fR function was globally available in OpenSSL 1.1.1. - Before OpenSSL 1.1.1, tracing (\fBenable-ssl-trace\fR argument to Configure) was -required to enable this function. -.PP -The \fBOPENSSL_cipher_name()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 b/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 deleted file mode 100644 index 5a2b59079f24..000000000000 --- a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 +++ /dev/null @@ -1,229 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3" -.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods \&\- handle SSL/TLS integrated compression methods -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); -\& STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); -\& const char *SSL_COMP_get0_name(const SSL_COMP *comp); -\& int SSL_COMP_get_id(const SSL_COMP *comp); -.Ve -.PP -Deprecated: -.PP -.Vb 3 -\& #if OPENSSL_API_COMPAT < 0x10100000L -\& void SSL_COMP_free_compression_methods(void) -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with -the identifier \fBid\fR to the list of available compression methods. This -list is globally maintained for all \s-1SSL\s0 operations within this application. -It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. -.PP -\&\fBSSL_COMP_get_compression_methods()\fR returns a stack of all of the available -compression methods or \s-1NULL\s0 on error. -.PP -\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method \fBcomp\fR. -.PP -\&\fBSSL_COMP_get_id()\fR returns the id of the compression method \fBcomp\fR. -.PP -\&\fBSSL_COMP_free_compression_methods()\fR releases any resources acquired to -maintain the internal table of compression methods. -.SH "NOTES" -.IX Header "NOTES" -The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods -into the communication. The \s-1TLS RFC\s0 does however not specify compression -methods or their corresponding identifiers, so there is currently no compatible -way to integrate compression with unknown peers. It is therefore currently not -recommended to integrate compression into applications. Applications for -non-public use may agree on certain compression methods. Using different -compression methods with the same identifier will lead to connection failure. -.PP -An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) -will unconditionally send the list of all compression methods enabled with -\&\fBSSL_COMP_add_compression_method()\fR to the server during the handshake. -Unlike the mechanisms to set a cipher list, there is no method available to -restrict the list of compression method on a per connection basis. -.PP -An OpenSSL server will match the identifiers listed by a client against -its own compression methods and will unconditionally activate compression -when a matching identifier is found. There is no way to restrict the list -of compression methods supported on a per connection basis. -.PP -If enabled during compilation, the OpenSSL library will have the -\&\fBCOMP_zlib()\fR compression method available. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_COMP_add_compression_method()\fR may return the following values: -.IP "0" 4 -The operation succeeded. -.IP "1" 4 -.IX Item "1" -The operation failed. Check the error queue to find out the reason. -.PP -\&\fBSSL_COMP_get_compression_methods()\fR returns the stack of compressions methods or -\&\s-1NULL\s0 on error. -.PP -\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method or \s-1NULL\s0 on error. -.PP -\&\fBSSL_COMP_get_id()\fR returns the name of the compression method or \-1 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_COMP_free_compression_methods()\fR function was deprecated in OpenSSL 1.1.0. -The \fBSSL_COMP_get0_name()\fR and \fBSSL_comp_get_id()\fR functions were added in OpenSSL 1.1.0d. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 deleted file mode 100644 index fb4b99400d35..000000000000 --- a/secure/lib/libcrypto/man/SSL_CONF_CTX_new.3 +++ /dev/null @@ -1,181 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CONF_CTX_NEW 3" -.TH SSL_CONF_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& SSL_CONF_CTX *SSL_CONF_CTX_new(void); -\& void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBSSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR -structure for use with the \s-1SSL_CONF\s0 functions. -.PP -The function \fBSSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. -If \fBcctx\fR is \s-1NULL\s0 nothing is done. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure -or \fB\s-1NULL\s0\fR if an error occurs. -.PP -\&\fBSSL_CONF_CTX_free()\fR does not return a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CONF_CTX_set_flags\fR\|(3), -\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fBSSL_CONF_cmd\fR\|(3), -\&\fBSSL_CONF_cmd_argv\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 deleted file mode 100644 index df9298ca6750..000000000000 --- a/secure/lib/libcrypto/man/SSL_CONF_CTX_set1_prefix.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CONF_CTX_SET1_PREFIX 3" -.TH SSL_CONF_CTX_SET1_PREFIX 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBSSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR -to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value. -.SH "NOTES" -.IX Header "NOTES" -Command prefixes alter the commands recognised by subsequent \fBSSL_CONF_cmd()\fR -calls. For example for files, if the prefix \*(L"\s-1SSL\*(R"\s0 is set then command names -such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R" -and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then -\&\*(L"\-\-ssl\-no_tls1_2\*(R" is recognised instead of \*(L"\-no_tls1_2\*(R". -.PP -If the \fB\s-1SSL_CONF_FLAG_CMDLINE\s0\fR flag is set then prefix checks are case -sensitive and \*(L"\-\*(R" is the default. In the unlikely even an application -explicitly wants to set no prefix it must be explicitly set to "". -.PP -If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case -insensitive and no prefix is the default. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CONF_CTX_new\fR\|(3), -\&\fBSSL_CONF_CTX_set_flags\fR\|(3), -\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fBSSL_CONF_cmd\fR\|(3), -\&\fBSSL_CONF_cmd_argv\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 deleted file mode 100644 index 07db6d80339a..000000000000 --- a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_flags.3 +++ /dev/null @@ -1,205 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CONF_CTX_SET_FLAGS 3" -.TH SSL_CONF_CTX_SET_FLAGS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set or clear SSL configuration context flags -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); -\& unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBSSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. -.PP -The function \fBSSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. -.SH "NOTES" -.IX Header "NOTES" -The flags set affect how subsequent calls to \fBSSL_CONF_cmd()\fR or -\&\fBSSL_CONF_argv()\fR behave. -.PP -Currently the following \fBflags\fR values are recognised: -.IP "\s-1SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE\s0" 4 -.IX Item "SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE" -recognise options intended for command line or configuration file use. At -least one of these flags must be set. -.IP "\s-1SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER\s0" 4 -.IX Item "SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER" -recognise options intended for use in \s-1SSL/TLS\s0 clients or servers. One or -both of these flags must be set. -.IP "\s-1SSL_CONF_FLAG_CERTIFICATE\s0" 4 -.IX Item "SSL_CONF_FLAG_CERTIFICATE" -recognise certificate and private key options. -.IP "\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0" 4 -.IX Item "SSL_CONF_FLAG_REQUIRE_PRIVATE" -If this option is set then if a private key is not specified for a certificate -it will attempt to load a private key from the certificate file when -\&\fBSSL_CONF_CTX_finish()\fR is called. If a key cannot be loaded from the certificate -file an error occurs. -.IP "\s-1SSL_CONF_FLAG_SHOW_ERRORS\s0" 4 -.IX Item "SSL_CONF_FLAG_SHOW_ERRORS" -indicate errors relating to unrecognised options or missing arguments in -the error queue. If this option isn't set such errors are only reflected -in the return values of \fBSSL_CONF_set_cmd()\fR or \fBSSL_CONF_set_argv()\fR -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CONF_CTX_set_flags()\fR and \fBSSL_CONF_CTX_clear_flags()\fR returns the new flags -value after setting or clearing flags. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CONF_CTX_new\fR\|(3), -\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fBSSL_CONF_cmd\fR\|(3), -\&\fBSSL_CONF_cmd_argv\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 b/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 deleted file mode 100644 index c35de3599c94..000000000000 --- a/secure/lib/libcrypto/man/SSL_CONF_CTX_set_ssl_ctx.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CONF_CTX_SET_SSL_CTX 3" -.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); -\& void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the -\&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with -\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to -\&\fBctx\fR. -.PP -\&\fBSSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the -\&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with -\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to -\&\fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case only -syntax checking of commands is performed, where possible. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR and \fBSSL_CTX_set_ssl()\fR do not return a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CONF_CTX_new\fR\|(3), -\&\fBSSL_CONF_CTX_set_flags\fR\|(3), -\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fBSSL_CONF_cmd\fR\|(3), -\&\fBSSL_CONF_cmd_argv\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CONF_cmd.3 b/secure/lib/libcrypto/man/SSL_CONF_cmd.3 deleted file mode 100644 index 928984d31b7c..000000000000 --- a/secure/lib/libcrypto/man/SSL_CONF_cmd.3 +++ /dev/null @@ -1,777 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CONF_CMD 3" -.TH SSL_CONF_CMD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CONF_cmd_value_type, SSL_CONF_cmd \- send configuration command -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); -\& int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBSSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with -optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application -configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common -framework for command line options or configuration files. -.PP -\&\fBSSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to. -.SH "SUPPORTED COMMAND LINE COMMANDS" -.IX Header "SUPPORTED COMMAND LINE COMMANDS" -Currently supported \fBcmd\fR names for command lines (i.e. when the -flag \fB\s-1SSL_CONF_CMDLINE\s0\fR is set) are listed below. Note: all \fBcmd\fR names -are case sensitive. Unless otherwise stated commands can be used by -both clients and servers and the \fBvalue\fR parameter is not used. The default -prefix for command line commands is \fB\-\fR and that is reflected below. -.IP "\fB\-sigalgs\fR" 4 -.IX Item "-sigalgs" -This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. -For clients this -value is used directly for the supported signature algorithms extension. For -servers it is used to determine which signature algorithms to support. -.Sp -The \fBvalue\fR argument should be a colon separated list of signature algorithms -in order of decreasing preference of the form \fBalgorithm+hash\fR or -\&\fBsignature_scheme\fR. \fBalgorithm\fR -is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm -\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. -Note: algorithm and hash names are case sensitive. -\&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, -specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, -or \fBrsa_pss_pss_sha256\fR. -.Sp -If this option is not set then all signature algorithms supported by the -OpenSSL library are permissible. -.Sp -Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by -using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR -identifiers) are ignored in TLSv1.3 and will not be negotiated. -.IP "\fB\-client_sigalgs\fR" 4 -.IX Item "-client_sigalgs" -This sets the supported signature algorithms associated with client -authentication for TLSv1.2 and TLSv1.3. -For servers the value is used in the -\&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. -For clients it is -used to determine which signature algorithm to use with the client certificate. -If a server does not request a certificate this option has no effect. -.Sp -The syntax of \fBvalue\fR is identical to \fB\-sigalgs\fR. If not set then -the value set for \fB\-sigalgs\fR will be used instead. -.IP "\fB\-groups\fR" 4 -.IX Item "-groups" -This sets the supported groups. For clients, the groups are -sent using the supported groups extension. For servers, it is used -to determine which group to use. This setting affects groups used for -signatures (in TLSv1.2 and earlier) and key exchange. The first group listed -will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 -\&\fBClientHello\fR. -.Sp -The \fBvalue\fR argument is a colon separated list of groups. The group can be -either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where -applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g \fBprime256v1\fR). Group -names are case sensitive. The list should be in order of preference with the -most preferred group first. -.IP "\fB\-curves\fR" 4 -.IX Item "-curves" -This is a synonym for the \*(L"\-groups\*(R" command. -.IP "\fB\-named_curve\fR" 4 -.IX Item "-named_curve" -This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used by -servers -.Sp -The \fBvalue\fR argument is a curve name or the special value \fBauto\fR which -picks an appropriate curve based on client and server preferences. The curve -can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name -(e.g \fBprime256v1\fR). Curve names are case sensitive. -.IP "\fB\-cipher\fR" 4 -.IX Item "-cipher" -Sets the TLSv1.2 and below ciphersuite list to \fBvalue\fR. This list will be -combined with any configured TLSv1.3 ciphersuites. Note: syntax checking -of \fBvalue\fR is currently not performed unless a \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR structure is -associated with \fBcctx\fR. -.IP "\fB\-ciphersuites\fR" 4 -.IX Item "-ciphersuites" -Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon -(\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This -list will be combined any configured TLSv1.2 and below ciphersuites. -See \fBciphers\fR\|(1) for more information. -.IP "\fB\-cert\fR" 4 -.IX Item "-cert" -Attempts to use the file \fBvalue\fR as the certificate for the appropriate -context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR -structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR -structure is set. This option is only supported if certificate operations -are permitted. -.IP "\fB\-key\fR" 4 -.IX Item "-key" -Attempts to use the file \fBvalue\fR as the private key for the appropriate -context. This option is only supported if certificate operations -are permitted. Note: if no \fB\-key\fR option is set then a private key is -not loaded unless the flag \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. -.IP "\fB\-dhparam\fR" 4 -.IX Item "-dhparam" -Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for -the appropriate context. This option is only supported if certificate -operations are permitted. -.IP "\fB\-record_padding\fR" 4 -.IX Item "-record_padding" -Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in -length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the -\&\fBvalue\fR must be >1 or <=16384. -.IP "\fB\-no_renegotiation\fR" 4 -.IX Item "-no_renegotiation" -Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting -\&\fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. -.IP "\fB\-min_protocol\fR, \fB\-max_protocol\fR" 4 -.IX Item "-min_protocol, -max_protocol" -Sets the minimum and maximum supported protocol. -Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, -\&\fBTLSv1.1\fR, \fBTLSv1.2\fR, \fBTLSv1.3\fR for \s-1TLS\s0 and \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS,\s0 -and \fBNone\fR for no limit. -If either bound is not specified then only the other bound applies, -if specified. -To restrict the supported protocol versions use these commands rather -than the deprecated alternative commands below. -.IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 -.IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" -Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by -setting the corresponding options \fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, -\&\fBSSL_OP_NO_TLSv1_1\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR -respectively. These options are deprecated, instead use \fB\-min_protocol\fR and -\&\fB\-max_protocol\fR. -.IP "\fB\-bugs\fR" 4 -.IX Item "-bugs" -Various bug workarounds are set, same as setting \fB\s-1SSL_OP_ALL\s0\fR. -.IP "\fB\-comp\fR" 4 -.IX Item "-comp" -Enables support for \s-1SSL/TLS\s0 compression, same as clearing -\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. -This command was introduced in OpenSSL 1.1.0. -As of OpenSSL 1.1.0, compression is off by default. -.IP "\fB\-no_comp\fR" 4 -.IX Item "-no_comp" -Disables support for \s-1SSL/TLS\s0 compression, same as setting -\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. -As of OpenSSL 1.1.0, compression is off by default. -.IP "\fB\-no_ticket\fR" 4 -.IX Item "-no_ticket" -Disables support for session tickets, same as setting \fB\s-1SSL_OP_NO_TICKET\s0\fR. -.IP "\fB\-serverpref\fR" 4 -.IX Item "-serverpref" -Use server and not client preference order when determining which cipher suite, -signature algorithm or elliptic curve to use for an incoming connection. -Equivalent to \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. -.IP "\fB\-prioritize_chacha\fR" 4 -.IX Item "-prioritize_chacha" -Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of -its preference list. This usually indicates a client without \s-1AES\s0 hardware -acceleration (e.g. mobile) is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. -Only used by servers. Requires \fB\-serverpref\fR. -.IP "\fB\-no_resumption_on_reneg\fR" 4 -.IX Item "-no_resumption_on_reneg" -set \s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0 flag. Only used by servers. -.IP "\fB\-legacyrenegotiation\fR" 4 -.IX Item "-legacyrenegotiation" -permits the use of unsafe legacy renegotiation. Equivalent to setting -\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. -.IP "\fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR" 4 -.IX Item "-legacy_server_connect, -no_legacy_server_connect" -permits or prohibits the use of unsafe legacy renegotiation for OpenSSL -clients only. Equivalent to setting or clearing \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. -Set by default. -.IP "\fB\-allow_no_dhe_kex\fR" 4 -.IX Item "-allow_no_dhe_kex" -In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means -that there will be no forward secrecy for the resumed session. -.IP "\fB\-strict\fR" 4 -.IX Item "-strict" -enables strict mode protocol handling. Equivalent to setting -\&\fB\s-1SSL_CERT_FLAG_TLS_STRICT\s0\fR. -.IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 -.IX Item "-anti_replay, -no_anti_replay" -Switches replay protection, on or off respectively. With replay protection on, -OpenSSL will automatically detect if a session ticket has been used more than -once, TLSv1.3 has been negotiated, and early data is enabled on the server. A -full handshake is forced if a session ticket is used a second or subsequent -time. Anti-Replay is on by default unless overridden by a configuration file and -is only used by servers. Anti-replay measures are required for compliance with -the TLSv1.3 specification. Some applications may be able to mitigate the replay -risks in other ways and in such cases the built-in OpenSSL functionality is not -required. Switching off anti-replay is equivalent to \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. -.SH "SUPPORTED CONFIGURATION FILE COMMANDS" -.IX Header "SUPPORTED CONFIGURATION FILE COMMANDS" -Currently supported \fBcmd\fR names for configuration files (i.e. when the -flag \fB\s-1SSL_CONF_FLAG_FILE\s0\fR is set) are listed below. All configuration file -\&\fBcmd\fR names are case insensitive so \fBsignaturealgorithms\fR is recognised -as well as \fBSignatureAlgorithms\fR. Unless otherwise stated the \fBvalue\fR names -are also case insensitive. -.PP -Note: the command prefix (if set) alters the recognised \fBcmd\fR values. -.IP "\fBCipherString\fR" 4 -.IX Item "CipherString" -Sets the ciphersuite list for TLSv1.2 and below to \fBvalue\fR. This list will be -combined with any configured TLSv1.3 ciphersuites. Note: syntax -checking of \fBvalue\fR is currently not performed unless an \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR -structure is associated with \fBcctx\fR. -.IP "\fBCiphersuites\fR" 4 -.IX Item "Ciphersuites" -Sets the available ciphersuites for TLSv1.3 to \fBvalue\fR. This is a simple colon -(\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This -list will be combined any configured TLSv1.2 and below ciphersuites. -See \fBciphers\fR\|(1) for more information. -.IP "\fBCertificate\fR" 4 -.IX Item "Certificate" -Attempts to use the file \fBvalue\fR as the certificate for the appropriate -context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR -structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR -structure is set. This option is only supported if certificate operations -are permitted. -.IP "\fBPrivateKey\fR" 4 -.IX Item "PrivateKey" -Attempts to use the file \fBvalue\fR as the private key for the appropriate -context. This option is only supported if certificate operations -are permitted. Note: if no \fBPrivateKey\fR option is set then a private key is -not loaded unless the \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. -.IP "\fBChainCAFile\fR, \fBChainCAPath\fR, \fBVerifyCAFile\fR, \fBVerifyCAPath\fR" 4 -.IX Item "ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath" -These options indicate a file or directory used for building certificate -chains or verifying certificate chains. These options are only supported -if certificate operations are permitted. -.IP "\fBRequestCAFile\fR" 4 -.IX Item "RequestCAFile" -This option indicates a file containing a set of certificates in \s-1PEM\s0 form. -The subject names of the certificates are sent to the peer in the -\&\fBcertificate_authorities\fR extension for \s-1TLS 1.3\s0 (in ClientHello or -CertificateRequest) or in a certificate request for previous versions or -\&\s-1TLS.\s0 -.IP "\fBServerInfoFile\fR" 4 -.IX Item "ServerInfoFile" -Attempts to use the file \fBvalue\fR in the \*(L"serverinfo\*(R" extension using the -function SSL_CTX_use_serverinfo_file. -.IP "\fBDHParameters\fR" 4 -.IX Item "DHParameters" -Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for -the appropriate context. This option is only supported if certificate -operations are permitted. -.IP "\fBRecordPadding\fR" 4 -.IX Item "RecordPadding" -Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in -length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the -\&\fBvalue\fR must be >1 or <=16384. -.IP "\fBSignatureAlgorithms\fR" 4 -.IX Item "SignatureAlgorithms" -This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. -For clients this -value is used directly for the supported signature algorithms extension. For -servers it is used to determine which signature algorithms to support. -.Sp -The \fBvalue\fR argument should be a colon separated list of signature algorithms -in order of decreasing preference of the form \fBalgorithm+hash\fR or -\&\fBsignature_scheme\fR. \fBalgorithm\fR -is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm -\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. -Note: algorithm and hash names are case sensitive. -\&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, -specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, -or \fBrsa_pss_pss_sha256\fR. -.Sp -If this option is not set then all signature algorithms supported by the -OpenSSL library are permissible. -.Sp -Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by -using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR -identifiers) are ignored in TLSv1.3 and will not be negotiated. -.IP "\fBClientSignatureAlgorithms\fR" 4 -.IX Item "ClientSignatureAlgorithms" -This sets the supported signature algorithms associated with client -authentication for TLSv1.2 and TLSv1.3. -For servers the value is used in the -\&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. -For clients it is -used to determine which signature algorithm to use with the client certificate. -If a server does not request a certificate this option has no effect. -.Sp -The syntax of \fBvalue\fR is identical to \fBSignatureAlgorithms\fR. If not set then -the value set for \fBSignatureAlgorithms\fR will be used instead. -.IP "\fBGroups\fR" 4 -.IX Item "Groups" -This sets the supported groups. For clients, the groups are -sent using the supported groups extension. For servers, it is used -to determine which group to use. This setting affects groups used for -signatures (in TLSv1.2 and earlier) and key exchange. The first group listed -will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 -\&\fBClientHello\fR. -.Sp -The \fBvalue\fR argument is a colon separated list of groups. The group can be -either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where -applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g \fBprime256v1\fR). Group -names are case sensitive. The list should be in order of preference with the -most preferred group first. -.IP "\fBCurves\fR" 4 -.IX Item "Curves" -This is a synonym for the \*(L"Groups\*(R" command. -.IP "\fBMinProtocol\fR" 4 -.IX Item "MinProtocol" -This sets the minimum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. -.Sp -Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, -\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. -The value \fBNone\fR will disable the limit. -.IP "\fBMaxProtocol\fR" 4 -.IX Item "MaxProtocol" -This sets the maximum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. -.Sp -Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, -\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. -The value \fBNone\fR will disable the limit. -.IP "\fBProtocol\fR" 4 -.IX Item "Protocol" -This can be used to enable or disable certain versions of the \s-1SSL, -TLS\s0 or \s-1DTLS\s0 protocol. -.Sp -The \fBvalue\fR argument is a comma separated list of supported protocols -to enable or disable. -If a protocol is preceded by \fB\-\fR that version is disabled. -.Sp -All protocol versions are enabled by default. -You need to disable at least one protocol version for this setting have any -effect. -Only enabling some protocol versions does not disable the other protocol -versions. -.Sp -Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, -\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. -The special value \fB\s-1ALL\s0\fR refers to all supported versions. -.Sp -This can't enable protocols that are disabled using \fBMinProtocol\fR -or \fBMaxProtocol\fR, but can disable protocols that are still allowed -by them. -.Sp -The \fBProtocol\fR command is fragile and deprecated; do not use it. -Use \fBMinProtocol\fR and \fBMaxProtocol\fR instead. -If you do use \fBProtocol\fR, make sure that the resulting range of enabled -protocols has no \*(L"holes\*(R", e.g. if \s-1TLS 1.0\s0 and \s-1TLS 1.2\s0 are both enabled, make -sure to also leave \s-1TLS 1.1\s0 enabled. -.IP "\fBOptions\fR" 4 -.IX Item "Options" -The \fBvalue\fR argument is a comma separated list of various flags to set. -If a flag string is preceded \fB\-\fR it is disabled. -See the \fBSSL_CTX_set_options\fR\|(3) function for more details of -individual options. -.Sp -Each option is listed below. Where an operation is enabled by default -the \fB\-flag\fR syntax is needed to disable it. -.Sp -\&\fBSessionTicket\fR: session ticket support, enabled by default. Inverse of -\&\fB\s-1SSL_OP_NO_TICKET\s0\fR: that is \fB\-SessionTicket\fR is the same as setting -\&\fB\s-1SSL_OP_NO_TICKET\s0\fR. -.Sp -\&\fBCompression\fR: \s-1SSL/TLS\s0 compression support, enabled by default. Inverse -of \fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. -.Sp -\&\fBEmptyFragments\fR: use empty fragments as a countermeasure against a -\&\s-1SSL 3.0/TLS 1.0\s0 protocol vulnerability affecting \s-1CBC\s0 ciphers. It -is set by default. Inverse of \fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR. -.Sp -\&\fBBugs\fR: enable various bug workarounds. Same as \fB\s-1SSL_OP_ALL\s0\fR. -.Sp -\&\fBDHSingle\fR: enable single use \s-1DH\s0 keys, set by default. Inverse of -\&\fB\s-1SSL_OP_DH_SINGLE\s0\fR. Only used by servers. -.Sp -\&\fBECDHSingle\fR: enable single use \s-1ECDH\s0 keys, set by default. Inverse of -\&\fB\s-1SSL_OP_ECDH_SINGLE\s0\fR. Only used by servers. -.Sp -\&\fBServerPreference\fR: use server and not client preference order when -determining which cipher suite, signature algorithm or elliptic curve -to use for an incoming connection. Equivalent to -\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. -.Sp -\&\fBPrioritizeChaCha\fR: prioritizes ChaCha ciphers when the client has a -ChaCha20 cipher at the top of its preference list. This usually indicates -a mobile client is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. -Only used by servers. -.Sp -\&\fBNoResumptionOnRenegotiation\fR: set -\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR flag. Only used by servers. -.Sp -\&\fBNoRenegotiation\fR: disables all attempts at renegotiation in TLSv1.2 and -earlier, same as setting \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. -.Sp -\&\fBUnsafeLegacyRenegotiation\fR: permits the use of unsafe legacy renegotiation. -Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. -.Sp -\&\fBUnsafeLegacyServerConnect\fR: permits the use of unsafe legacy renegotiation -for OpenSSL clients only. Equivalent to \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. -Set by default. -.Sp -\&\fBEncryptThenMac\fR: use encrypt-then-mac extension, enabled by -default. Inverse of \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR: that is, -\&\fB\-EncryptThenMac\fR is the same as setting \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR. -.Sp -\&\fBAllowNoDHEKEX\fR: In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on -resumption. This means that there will be no forward secrecy for the resumed -session. Equivalent to \fB\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0\fR. -.Sp -\&\fBMiddleboxCompat\fR: If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent -in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that -middleboxes that do not understand TLSv1.3 will not drop the connection. This -option is set by default. A future version of OpenSSL may not set this by -default. Equivalent to \fB\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0\fR. -.Sp -\&\fBAntiReplay\fR: If set then OpenSSL will automatically detect if a session ticket -has been used more than once, TLSv1.3 has been negotiated, and early data is -enabled on the server. A full handshake is forced if a session ticket is used a -second or subsequent time. This option is set by default and is only used by -servers. Anti-replay measures are required to comply with the TLSv1.3 -specification. Some applications may be able to mitigate the replay risks in -other ways and in such cases the built-in OpenSSL functionality is not required. -Disabling anti-replay is equivalent to setting \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. -.IP "\fBVerifyMode\fR" 4 -.IX Item "VerifyMode" -The \fBvalue\fR argument is a comma separated list of flags to set. -.Sp -\&\fBPeer\fR enables peer verification: for clients only. -.Sp -\&\fBRequest\fR requests but does not require a certificate from the client. -Servers only. -.Sp -\&\fBRequire\fR requests and requires a certificate from the client: an error -occurs if the client does not present a certificate. Servers only. -.Sp -\&\fBOnce\fR requests a certificate from a client only on the initial connection: -not when renegotiating. Servers only. -.Sp -\&\fBRequestPostHandshake\fR configures the connection to support requests but does -not require a certificate from the client post-handshake. A certificate will -not be requested during the initial handshake. The server application must -provide a mechanism to request a certificate post-handshake. Servers only. -TLSv1.3 only. -.Sp -\&\fBRequiresPostHandshake\fR configures the connection to support requests and -requires a certificate from the client post-handshake: an error occurs if the -client does not present a certificate. A certificate will not be requested -during the initial handshake. The server application must provide a mechanism -to request a certificate post-handshake. Servers only. TLSv1.3 only. -.IP "\fBClientCAFile\fR, \fBClientCAPath\fR" 4 -.IX Item "ClientCAFile, ClientCAPath" -A file or directory of certificates in \s-1PEM\s0 format whose names are used as the -set of acceptable names for client CAs. Servers only. This option is only -supported if certificate operations are permitted. -.SH "SUPPORTED COMMAND TYPES" -.IX Header "SUPPORTED COMMAND TYPES" -The function \fBSSL_CONF_cmd_value_type()\fR currently returns one of the following -types: -.IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4 -.IX Item "SSL_CONF_TYPE_UNKNOWN" -The \fBcmd\fR string is unrecognised, this return value can be use to flag -syntax errors. -.IP "\fB\s-1SSL_CONF_TYPE_STRING\s0\fR" 4 -.IX Item "SSL_CONF_TYPE_STRING" -The value is a string without any specific structure. -.IP "\fB\s-1SSL_CONF_TYPE_FILE\s0\fR" 4 -.IX Item "SSL_CONF_TYPE_FILE" -The value is a file name. -.IP "\fB\s-1SSL_CONF_TYPE_DIR\s0\fR" 4 -.IX Item "SSL_CONF_TYPE_DIR" -The value is a directory name. -.IP "\fB\s-1SSL_CONF_TYPE_NONE\s0\fR" 4 -.IX Item "SSL_CONF_TYPE_NONE" -The value string is not used e.g. a command line option which doesn't take an -argument. -.SH "NOTES" -.IX Header "NOTES" -The order of operations is significant. This can be used to set either defaults -or values which cannot be overridden. For example if an application calls: -.PP -.Vb 2 -\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); -\& SSL_CONF_cmd(ctx, userparam, uservalue); -.Ve -.PP -it will disable SSLv3 support by default but the user can override it. If -however the call sequence is: -.PP -.Vb 2 -\& SSL_CONF_cmd(ctx, userparam, uservalue); -\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); -.Ve -.PP -SSLv3 is \fBalways\fR disabled and attempt to override this by the user are -ignored. -.PP -By checking the return code of \fBSSL_CONF_cmd()\fR it is possible to query if a -given \fBcmd\fR is recognised, this is useful if \fBSSL_CONF_cmd()\fR values are -mixed with additional application specific operations. -.PP -For example an application might call \fBSSL_CONF_cmd()\fR and if it returns -\&\-2 (unrecognised command) continue with processing of application specific -commands. -.PP -Applications can also use \fBSSL_CONF_cmd()\fR to process command lines though the -utility function \fBSSL_CONF_cmd_argv()\fR is normally used instead. One way -to do this is to set the prefix to an appropriate value using -\&\fBSSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the -following argument to \fBvalue\fR (which may be \s-1NULL\s0). -.PP -In this case if the return value is positive then it is used to skip that -number of arguments as they have been processed by \fBSSL_CONF_cmd()\fR. If \-2 is -returned then \fBcmd\fR is not recognised and application specific arguments -can be checked instead. If \-3 is returned a required argument is missing -and an error is indicated. If 0 is returned some other error occurred and -this can be reported back to the user. -.PP -The function \fBSSL_CONF_cmd_value_type()\fR can be used by applications to -check for the existence of a command or to perform additional syntax -checking or translation of the command value. For example if the return -value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative -pathname to an absolute pathname. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is -\&\fB\s-1NOT\s0\fR used and 2 if both \fBcmd\fR and \fBvalue\fR are used. In other words it -returns the number of arguments processed. This is useful when processing -command lines. -.PP -A return value of \-2 means \fBcmd\fR is not recognised. -.PP -A return value of \-3 means \fBcmd\fR is recognised and the command requires a -value but \fBvalue\fR is \s-1NULL.\s0 -.PP -A return code of 0 indicates that both \fBcmd\fR and \fBvalue\fR are valid but an -error occurred attempting to perform the operation: for example due to an -error in the syntax of \fBvalue\fR in this case the error queue may provide -additional information. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Set supported signature algorithms: -.PP -.Vb 1 -\& SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256"); -.Ve -.PP -There are various ways to select the supported protocols. -.PP -This set the minimum protocol version to TLSv1, and so disables SSLv3. -This is the recommended way to disable protocols. -.PP -.Vb 1 -\& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1"); -.Ve -.PP -The following also disables SSLv3: -.PP -.Vb 1 -\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); -.Ve -.PP -The following will first enable all protocols, and then disable -SSLv3. -If no protocol versions were disabled before this has the same effect as -\&\*(L"\-SSLv3\*(R", but if some versions were disables this will re-enable them before -disabling SSLv3. -.PP -.Vb 1 -\& SSL_CONF_cmd(ctx, "Protocol", "ALL,\-SSLv3"); -.Ve -.PP -Only enable TLSv1.2: -.PP -.Vb 2 -\& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2"); -\& SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2"); -.Ve -.PP -This also only enables TLSv1.2: -.PP -.Vb 1 -\& SSL_CONF_cmd(ctx, "Protocol", "\-ALL,TLSv1.2"); -.Ve -.PP -Disable \s-1TLS\s0 session tickets: -.PP -.Vb 1 -\& SSL_CONF_cmd(ctx, "Options", "\-SessionTicket"); -.Ve -.PP -Enable compression: -.PP -.Vb 1 -\& SSL_CONF_cmd(ctx, "Options", "Compression"); -.Ve -.PP -Set supported curves to P\-256, P\-384: -.PP -.Vb 1 -\& SSL_CONF_cmd(ctx, "Curves", "P\-256:P\-384"); -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CONF_CTX_new\fR\|(3), -\&\fBSSL_CONF_CTX_set_flags\fR\|(3), -\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fBSSL_CONF_cmd_argv\fR\|(3), -\&\fBSSL_CTX_set_options\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_CONF_cmd()\fR function was added in OpenSSL 1.0.2. -.PP -The \fB\s-1SSL_OP_NO_SSL2\s0\fR option doesn't have effect since 1.1.0, but the macro -is retained for backwards compatibility. -.PP -The \fB\s-1SSL_CONF_TYPE_NONE\s0\fR was added in OpenSSL 1.1.0. In earlier versions of -OpenSSL passing a command which didn't take an argument would return -\&\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR. -.PP -\&\fBMinProtocol\fR and \fBMaxProtocol\fR where added in OpenSSL 1.1.0. -.PP -\&\fBAllowNoDHEKEX\fR and \fBPrioritizeChaCha\fR were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2012\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 b/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 deleted file mode 100644 index 8df0077f8f7c..000000000000 --- a/secure/lib/libcrypto/man/SSL_CONF_cmd_argv.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CONF_CMD_ARGV 3" -.TH SSL_CONF_CMD_ARGV 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CONF_cmd_argv \- SSL configuration command line processing -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBSSL_CONF_cmd_argv()\fR processes at most two command line -arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR -are updated to reflect the number of command options processed. The \fBpargc\fR -argument can be set to \fB\s-1NULL\s0\fR if it is not used. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 -or a negative error code. -.PP -If \-2 is returned then an argument for a command is missing. -.PP -If \-1 is returned the command is recognised but couldn't be processed due -to an error: for example a syntax error in the argument. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CONF_CTX_new\fR\|(3), -\&\fBSSL_CONF_CTX_set_flags\fR\|(3), -\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), -\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), -\&\fBSSL_CONF_cmd\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 deleted file mode 100644 index 824827113bd4..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 +++ /dev/null @@ -1,282 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_ADD1_CHAIN_CERT 3" -.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, SSL_build_cert_chain, SSL_CTX_select_current_cert, SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert \- extra chain certificate processing -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); -\& int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); -\& int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); -\& int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); -\& int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); -\& int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); -\& -\& int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk); -\& int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk); -\& int SSL_add0_chain_cert(SSL *ssl, X509 *x509); -\& int SSL_add1_chain_cert(SSL *ssl, X509 *x509); -\& int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk); -\& int SSL_clear_chain_certs(SSL *ssl); -\& -\& int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags); -\& int SSL_build_cert_chain(SSL *ssl, flags); -\& -\& int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509); -\& int SSL_select_current_cert(SSL *ssl, X509 *x509); -\& int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op); -\& int SSL_set_current_cert(SSL *ssl, long op); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set0_chain()\fR and \fBSSL_CTX_set1_chain()\fR set the certificate chain -associated with the current certificate of \fBctx\fR to \fBsk\fR. -.PP -\&\fBSSL_CTX_add0_chain_cert()\fR and \fBSSL_CTX_add1_chain_cert()\fR append the single -certificate \fBx509\fR to the chain associated with the current certificate of -\&\fBctx\fR. -.PP -\&\fBSSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current -certificate of \fBctx\fR. -.PP -\&\fBSSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the -current certificate of \fBctx\fR. (This is implemented by calling -\&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). -.PP -\&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally -this uses the chain store or the verify store if the chain store is not set. -If the function is successful the built chain will replace any existing chain. -The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use -existing chain certificates as untrusted CAs, \fB\s-1SSL_BUILD_CHAIN_FLAG_NO_ROOT\s0\fR -to omit the root \s-1CA\s0 from the built chain, \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to -use all existing chain certificates only to build the chain (effectively -sanity checking and rearranging them if necessary), the flag -\&\fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR ignores any errors during verification: -if flag \fB\s-1SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR\s0\fR is also set verification errors -are cleared from the error queue. -.PP -Each of these functions operates on the \fIcurrent\fR end entity -(i.e. server or client) certificate. This is the last certificate loaded or -selected on the corresponding \fBctx\fR structure. -.PP -\&\fBSSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity -certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a -function such as \fBSSL_CTX_use_certificate()\fR. -.PP -\&\fBSSL_set0_chain()\fR, \fBSSL_set1_chain()\fR, \fBSSL_add0_chain_cert()\fR, -\&\fBSSL_add1_chain_cert()\fR, \fBSSL_get0_chain_certs()\fR, \fBSSL_clear_chain_certs()\fR, -\&\fBSSL_build_cert_chain()\fR, \fBSSL_select_current_cert()\fR and \fBSSL_set_current_cert()\fR -are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. -.PP -\&\fBSSL_CTX_set_current_cert()\fR changes the current certificate to a value based -on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use -the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid -certificate after the current certificate. These two operations can be -used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure. -.PP -\&\fBSSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. -If \fBssl\fR is a server and has sent a certificate to a connected client -this option sets that certificate to the current certificate and returns 1. -If the negotiated cipher suite is anonymous (and thus no certificate will -be sent) 2 is returned and the current certificate is unchanged. If \fBssl\fR -is not a server or a certificate has not been sent 0 is returned and -the current certificate is unchanged. -.PP -All these functions are implemented as macros. Those containing a \fB1\fR -increment the reference count of the supplied certificate or chain so it must -be freed at some point after the operation. Those containing a \fB0\fR do -not increment reference counts and the supplied certificate or chain -\&\fB\s-1MUST NOT\s0\fR be freed after the operation. -.SH "NOTES" -.IX Header "NOTES" -The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 -structures when \fBSSL_new()\fR is called. \s-1SSL\s0 structures will not be affected -by any chains subsequently changed in the parent \s-1SSL_CTX.\s0 -.PP -One chain can be set for each key type supported by a server. So, for example, -an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains. -.PP -The functions \fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR can -be used to check application configuration and to ensure any necessary -subordinate CAs are sent in the correct order. Misconfigured applications -sending incorrect certificate chains often cause problems with peers. -.PP -For example an application can add any set of certificates using -\&\fBSSL_CTX_use_certificate_chain_file()\fR then call \fBSSL_CTX_build_cert_chain()\fR -with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them. -.PP -Applications can issue non fatal warnings when checking chains by setting -the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return -value. -.PP -Calling \fBSSL_CTX_build_cert_chain()\fR or \fBSSL_build_cert_chain()\fR is more -efficient than the automatic chain building as it is only performed once. -Automatic chain building is performed on each new session. -.PP -If any certificates are added using these functions no certificates added -using \fBSSL_CTX_add_extra_chain_cert()\fR will be used. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if -no server certificate is used because the cipher suites is anonymous and 0 -for failure. -.PP -\&\fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR return 1 for success -and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and -a verification error occurs then 2 is returned. -.PP -All other functions return 1 for success and 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 deleted file mode 100644 index 3466d37a64b3..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 +++ /dev/null @@ -1,209 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3" -.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs \- add or clear extra chain certificates -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); -\& long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain -certificates associated with \fBctx\fR. Several certificates can be added one -after another. -.PP -\&\fBSSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates -associated with \fBctx\fR. -.PP -These functions are implemented as macros. -.SH "NOTES" -.IX Header "NOTES" -When sending a certificate chain, extra chain certificates are sent in order -following the end entity certificate. -.PP -If no chain is specified, the library will try to complete the chain from the -available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see -\&\fBSSL_CTX_load_verify_locations\fR\|(3). -.PP -The \fBx509\fR certificate provided to \fBSSL_CTX_add_extra_chain_cert()\fR will be -freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application -\&\fBshould not\fR free the \fBx509\fR object. -.SH "RESTRICTIONS" -.IX Header "RESTRICTIONS" -Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 -structure. Different chains for different certificates (for example if both -\&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 -structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this -function. For more flexibility functions such as \fBSSL_add1_chain_cert()\fR should -be used instead. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_add_extra_chain_cert()\fR and \fBSSL_CTX_clear_extra_chain_certs()\fR return -1 on success and 0 for failure. Check out the error stack to find out the -reason for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_use_certificate\fR\|(3), -\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), -\&\fBSSL_CTX_load_verify_locations\fR\|(3) -\&\fBSSL_CTX_set0_chain\fR\|(3) -\&\fBSSL_CTX_set1_chain\fR\|(3) -\&\fBSSL_CTX_add0_chain_cert\fR\|(3) -\&\fBSSL_CTX_add1_chain_cert\fR\|(3) -\&\fBSSL_set0_chain\fR\|(3) -\&\fBSSL_set1_chain\fR\|(3) -\&\fBSSL_add0_chain_cert\fR\|(3) -\&\fBSSL_add1_chain_cert\fR\|(3) -\&\fBSSL_CTX_build_cert_chain\fR\|(3) -\&\fBSSL_build_cert_chain\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 b/secure/lib/libcrypto/man/SSL_CTX_add_session.3 deleted file mode 100644 index 961d612c4895..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 +++ /dev/null @@ -1,200 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_ADD_SESSION 3" -.TH SSL_CTX_ADD_SESSION 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_add_session, SSL_CTX_remove_session \- manipulate session cache -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); -\& -\& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The -reference count for session \fBc\fR is incremented by 1. If a session with -the same session id already exists, the old session is removed by calling -\&\fBSSL_SESSION_free\fR\|(3). -.PP -\&\fBSSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR and -marks it as non-resumable. \fBSSL_SESSION_free\fR\|(3) is called once for \fBc\fR. -.SH "NOTES" -.IX Header "NOTES" -When adding a new session to the internal session cache, it is examined -whether a session with the same session id already exists. In this case -it is assumed that both sessions are identical. If the same session is -stored in a different \s-1SSL_SESSION\s0 object, The old session is -removed and replaced by the new session. If the session is actually -identical (the \s-1SSL_SESSION\s0 object is identical), \fBSSL_CTX_add_session()\fR -is a no-op, and the return value is 0. -.PP -If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 -flag then the internal cache will not be populated automatically by new -sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal -cache will be searched automatically for session-resume requests (the -latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the -application can use \fBSSL_CTX_add_session()\fR directly to have full control -over the sessions that can be resumed if desired. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following values are returned by all functions: -.IP "0" 4 -The operation failed. In case of the add operation, it was tried to add -the same (identical) session twice. In case of the remove operation, the -session was not found in the cache. -.IP "1" 4 -.IX Item "1" -The operation succeeded. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), -\&\fBSSL_SESSION_free\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_config.3 b/secure/lib/libcrypto/man/SSL_CTX_config.3 deleted file mode 100644 index b66d54e99729..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_config.3 +++ /dev/null @@ -1,224 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_CONFIG 3" -.TH SSL_CTX_CONFIG 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_config, SSL_config \- configure SSL_CTX or SSL structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_config(SSL_CTX *ctx, const char *name); -\& int SSL_config(SSL *s, const char *name); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The functions \fBSSL_CTX_config()\fR and \fBSSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or -\&\fB\s-1SSL\s0\fR structure using the configuration \fBname\fR. -.SH "NOTES" -.IX Header "NOTES" -By calling \fBSSL_CTX_config()\fR or \fBSSL_config()\fR an application can perform many -complex tasks based on the contents of the configuration file: greatly -simplifying application configuration code. A degree of future proofing -can also be achieved: an application can support configuration features -in newer versions of OpenSSL automatically. -.PP -A configuration file must have been previously loaded, for example using -\&\fBCONF_modules_load_file()\fR. See \fBconfig\fR\|(5) for details of the configuration -file syntax. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_config()\fR and \fBSSL_config()\fR return 1 for success or 0 if an error -occurred. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -If the file \*(L"config.cnf\*(R" contains the following: -.PP -.Vb 1 -\& testapp = test_sect -\& -\& [test_sect] -\& # list of configuration modules -\& -\& ssl_conf = ssl_sect -\& -\& [ssl_sect] -\& server = server_section -\& -\& [server_section] -\& RSA.Certificate = server\-rsa.pem -\& ECDSA.Certificate = server\-ecdsa.pem -\& Ciphers = ALL:!RC4 -.Ve -.PP -An application could call: -.PP -.Vb 4 -\& if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { -\& fprintf(stderr, "Error processing config file\en"); -\& goto err; -\& } -\& -\& ctx = SSL_CTX_new(TLS_server_method()); -\& -\& if (SSL_CTX_config(ctx, "server") == 0) { -\& fprintf(stderr, "Error configuring server.\en"); -\& goto err; -\& } -.Ve -.PP -In this example two certificates and the cipher list are configured without -the need for any additional application code. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBconfig\fR\|(5), -\&\fBSSL_CONF_cmd\fR\|(3), -\&\fBCONF_modules_load_file\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_CTX_config()\fR and \fBSSL_config()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 b/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 deleted file mode 100644 index be101b014709..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 +++ /dev/null @@ -1,175 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_CTRL 3" -.TH SSL_CTX_CTRL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for SSL_CTX and SSL objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); -\& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); -\& -\& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); -\& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The SSL_*\fB_ctrl()\fR family of functions is used to manipulate settings of -the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments -\&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never -be called directly. All functionalities needed are made available via -other functions or macros. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The return values of the SSL*\fB_ctrl()\fR functions depend on the command -supplied via the \fBcmd\fR parameter. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 b/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 deleted file mode 100644 index 230333d55cd9..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_dane_enable.3 +++ /dev/null @@ -1,508 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_DANE_ENABLE 3" -.TH SSL_CTX_DANE_ENABLE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, SSL_dane_set_flags, SSL_dane_clear_flags \&\- enable DANE TLS authentication of the remote TLS server in the local TLS client -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_dane_enable(SSL_CTX *ctx); -\& int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, -\& uint8_t mtype, uint8_t ord); -\& int SSL_dane_enable(SSL *s, const char *basedomain); -\& int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, -\& uint8_t mtype, unsigned const char *data, size_t dlen); -\& int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); -\& int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, -\& uint8_t *mtype, unsigned const char **data, -\& size_t *dlen); -\& unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); -\& unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); -\& unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); -\& unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions implement support for \s-1DANE TLSA\s0 (\s-1RFC6698\s0 and \s-1RFC7671\s0) -peer authentication. -.PP -\&\fBSSL_CTX_dane_enable()\fR must be called first to initialize the shared state -required for \s-1DANE\s0 support. -Individual connections associated with the context can then enable -per-connection \s-1DANE\s0 support as appropriate. -\&\s-1DANE\s0 authentication is implemented in the \fBX509_verify_cert\fR\|(3) function, and -applications that override \fBX509_verify_cert\fR\|(3) via -\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3) are responsible to authenticate the peer -chain in whatever manner they see fit. -.PP -\&\fBSSL_CTX_dane_mtype_set()\fR may then be called zero or more times to adjust the -supported digest algorithms. -This must be done before any \s-1SSL\s0 handles are created for the context. -.PP -The \fBmtype\fR argument specifies a \s-1DANE TLSA\s0 matching type and the \fBmd\fR -argument specifies the associated digest algorithm handle. -The \fBord\fR argument specifies a strength ordinal. -Algorithms with a larger strength ordinal are considered more secure. -Strength ordinals are used to implement \s-1RFC7671\s0 digest algorithm agility. -Specifying a \fB\s-1NULL\s0\fR digest algorithm for a matching type disables -support for that matching type. -Matching type \fBFull\fR\|(0) cannot be modified or disabled. -.PP -By default, matching type \f(CW\*(C`SHA2\-256(1)\*(C'\fR (see \s-1RFC7218\s0 for definitions -of the \s-1DANE TLSA\s0 parameter acronyms) is mapped to \f(CW\*(C`EVP_sha256()\*(C'\fR -with a strength ordinal of \f(CW1\fR and matching type \f(CW\*(C`SHA2\-512(2)\*(C'\fR -is mapped to \f(CW\*(C`EVP_sha512()\*(C'\fR with a strength ordinal of \f(CW2\fR. -.PP -\&\fBSSL_dane_enable()\fR must be called before the \s-1SSL\s0 handshake is initiated with -\&\fBSSL_connect\fR\|(3) if (and only if) you want to enable \s-1DANE\s0 for that connection. -(The connection must be associated with a DANE-enabled \s-1SSL\s0 context). -The \fBbasedomain\fR argument specifies the \s-1RFC7671 TLSA\s0 base domain, -which will be the primary peer reference identifier for certificate -name checks. -Additional server names can be specified via \fBSSL_add1_host\fR\|(3). -The \fBbasedomain\fR is used as the default \s-1SNI\s0 hint if none has yet been -specified via \fBSSL_set_tlsext_host_name\fR\|(3). -.PP -\&\fBSSL_dane_tlsa_add()\fR may then be called one or more times, to load each of the -\&\s-1TLSA\s0 records that apply to the remote \s-1TLS\s0 peer. -(This too must be done prior to the beginning of the \s-1SSL\s0 handshake). -The arguments specify the fields of the \s-1TLSA\s0 record. -The \fBdata\fR field is provided in binary (wire \s-1RDATA\s0) form, not the hexadecimal -\&\s-1ASCII\s0 presentation form, with an explicit length passed via \fBdlen\fR. -The library takes a copy of the \fBdata\fR buffer contents and the caller may -free the original \fBdata\fR buffer when convenient. -A return value of 0 indicates that \*(L"unusable\*(R" \s-1TLSA\s0 records (with invalid or -unsupported parameters) were provided. -A negative return value indicates an internal error in processing the record. -.PP -The caller is expected to check the return value of each \fBSSL_dane_tlsa_add()\fR -call and take appropriate action if none are usable or an internal error -is encountered in processing some records. -.PP -If no \s-1TLSA\s0 records are added successfully, \s-1DANE\s0 authentication is not enabled, -and authentication will be based on any configured traditional trust-anchors; -authentication success in this case does not mean that the peer was -DANE-authenticated. -.PP -\&\fBSSL_get0_dane_authority()\fR can be used to get more detailed information about -the matched \s-1DANE\s0 trust-anchor after successful connection completion. -The return value is negative if \s-1DANE\s0 verification failed (or was not enabled), -0 if an \s-1EE TLSA\s0 record directly matched the leaf certificate, or a positive -number indicating the depth at which a \s-1TA\s0 record matched an issuer certificate. -The complete verified chain can be retrieved via \fBSSL_get0_verified_chain\fR\|(3). -The return value is an index into this verified chain, rather than the list of -certificates sent by the peer as returned by \fBSSL_get_peer_cert_chain\fR\|(3). -.PP -If the \fBmcert\fR argument is not \fB\s-1NULL\s0\fR and a \s-1TLSA\s0 record matched a chain -certificate, a pointer to the matching certificate is returned via \fBmcert\fR. -The returned address is a short-term internal reference to the certificate and -must not be freed by the application. -Applications that want to retain access to the certificate can call -\&\fBX509_up_ref\fR\|(3) to obtain a long-term reference which must then be freed via -\&\fBX509_free\fR\|(3) once no longer needed. -.PP -If no \s-1TLSA\s0 records directly matched any elements of the certificate chain, but -a \s-1\fBDANE\-TA\s0\fR\|(2) \s-1\fBSPKI\s0\fR\|(1) \fBFull\fR\|(0) record provided the public key that signed an -element of the chain, then that key is returned via \fBmspki\fR argument (if not -\&\s-1NULL\s0). -In this case the return value is the depth of the top-most element of the -validated certificate chain. -As with \fBmcert\fR this is a short-term internal reference, and -\&\fBEVP_PKEY_up_ref\fR\|(3) and \fBEVP_PKEY_free\fR\|(3) can be used to acquire and -release long-term references respectively. -.PP -\&\fBSSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the \s-1TLSA\s0 record that -matched the peer certificate chain. -The return value indicates the match depth or failure to match just as with -\&\fBSSL_get0_dane_authority()\fR. -When the return value is non-negative, the storage pointed to by the \fBusage\fR, -\&\fBselector\fR, \fBmtype\fR and \fBdata\fR parameters is updated to the corresponding -\&\s-1TLSA\s0 record fields. -The \fBdata\fR field is in binary wire form, and is therefore not NUL-terminated, -its length is returned via the \fBdlen\fR parameter. -If any of these parameters is \s-1NULL,\s0 the corresponding field is not returned. -The \fBdata\fR parameter is set to a short-term internal-copy of the associated -data field and must not be freed by the application. -Applications that need long-term access to this field need to copy the content. -.PP -\&\fBSSL_CTX_dane_set_flags()\fR and \fBSSL_dane_set_flags()\fR can be used to enable -optional \s-1DANE\s0 verification features. -\&\fBSSL_CTX_dane_clear_flags()\fR and \fBSSL_dane_clear_flags()\fR can be used to disable -the same features. -The \fBflags\fR argument is a bitmask of the features to enable or disable. -The \fBflags\fR set for an \fB\s-1SSL_CTX\s0\fR context are copied to each \fB\s-1SSL\s0\fR handle -associated with that context at the time the handle is created. -Subsequent changes in the context's \fBflags\fR have no effect on the \fBflags\fR set -for the handle. -.PP -At present, the only available option is \fB\s-1DANE_FLAG_NO_DANE_EE_NAMECHECKS\s0\fR -which can be used to disable server name checks when authenticating via -\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. -For some applications, primarily web browsers, it is not safe to disable name -checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can -convince a client that a connection to a victim server is instead a secure -connection to the malicious server. -The malicious server may then be able to violate cross-origin scripting -restrictions. -Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for -\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe -to do so. -In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 -records already make it possible for a remote domain to redirect client -connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients -do not execute scripts downloaded from remote servers. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The functions \fBSSL_CTX_dane_enable()\fR, \fBSSL_CTX_dane_mtype_set()\fR, -\&\fBSSL_dane_enable()\fR and \fBSSL_dane_tlsa_add()\fR return a positive value on success. -Negative return values indicate resource problems (out of memory, etc.) in the -\&\s-1SSL\s0 library, while a return value of \fB0\fR indicates incorrect usage or invalid -input, such as an unsupported \s-1TLSA\s0 record certificate usage, selector or -matching type. -Invalid input also includes malformed data, either a digest length that does -not match the digest algorithm, or a \f(CWFull(0)\fR (binary \s-1ASN.1 DER\s0 form) -certificate or a public key that fails to parse. -.PP -The functions \fBSSL_get0_dane_authority()\fR and \fBSSL_get0_dane_tlsa()\fR return a -negative value when \s-1DANE\s0 authentication failed or was not enabled, a -non-negative value indicates the chain depth at which the \s-1TLSA\s0 record matched a -chain certificate, or the depth of the top-most certificate, when the \s-1TLSA\s0 -record is a full public key that is its signer. -.PP -The functions \fBSSL_CTX_dane_set_flags()\fR, \fBSSL_CTX_dane_clear_flags()\fR, -\&\fBSSL_dane_set_flags()\fR and \fBSSL_dane_clear_flags()\fR return the \fBflags\fR in effect -before they were called. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R", and has -DNSSEC-validated \s-1TLSA\s0 records. -The calls below will perform \s-1DANE\s0 authentication and arrange to match either -the \s-1MX\s0 hostname or the destination domain name in the \s-1SMTP\s0 server certificate. -Wildcards are supported, but must match the entire label. -The actual name matched in the certificate (which might be a wildcard) is -retrieved, and must be copied by the application if it is to be retained beyond -the lifetime of the \s-1SSL\s0 connection. -.PP -.Vb 7 -\& SSL_CTX *ctx; -\& SSL *ssl; -\& int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL; -\& int num_usable = 0; -\& const char *nexthop_domain = "example.com"; -\& const char *dane_tlsa_domain = "smtp.example.com"; -\& uint8_t usage, selector, mtype; -\& -\& if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) -\& /* error */ -\& if (SSL_CTX_dane_enable(ctx) <= 0) -\& /* error */ -\& if ((ssl = SSL_new(ctx)) == NULL) -\& /* error */ -\& if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0) -\& /* error */ -\& -\& /* -\& * For many applications it is safe to skip DANE\-EE(3) namechecks. Do not -\& * disable the checks unless "unknown key share" attacks pose no risk for -\& * your application. -\& */ -\& SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); -\& -\& if (!SSL_add1_host(ssl, nexthop_domain)) -\& /* error */ -\& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); -\& -\& for (... each TLSA record ...) { -\& unsigned char *data; -\& size_t len; -\& int ret; -\& -\& /* set usage, selector, mtype, data, len */ -\& -\& /* -\& * Opportunistic DANE TLS clients support only DANE\-TA(2) or DANE\-EE(3). -\& * They treat all other certificate usages, and in particular PKIX\-TA(0) -\& * and PKIX\-EE(1), as unusable. -\& */ -\& switch (usage) { -\& default: -\& case 0: /* PKIX\-TA(0) */ -\& case 1: /* PKIX\-EE(1) */ -\& continue; -\& case 2: /* DANE\-TA(2) */ -\& case 3: /* DANE\-EE(3) */ -\& break; -\& } -\& -\& ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); -\& /* free data as appropriate */ -\& -\& if (ret < 0) -\& /* handle SSL library internal error */ -\& else if (ret == 0) -\& /* handle unusable TLSA record */ -\& else -\& ++num_usable; -\& } -\& -\& /* -\& * At this point, the verification mode is still the default SSL_VERIFY_NONE. -\& * Opportunistic DANE clients use unauthenticated TLS when all TLSA records -\& * are unusable, so continue the handshake even if authentication fails. -\& */ -\& if (num_usable == 0) { -\& /* Log all records unusable? */ -\& -\& /* Optionally set verify_cb to a suitable non\-NULL callback. */ -\& SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb); -\& } else { -\& /* At least one usable record. We expect to verify the peer */ -\& -\& /* Optionally set verify_cb to a suitable non\-NULL callback. */ -\& -\& /* -\& * Below we elect to fail the handshake when peer verification fails. -\& * Alternatively, use the permissive SSL_VERIFY_NONE verification mode, -\& * complete the handshake, check the verification status, and if not -\& * verified disconnect gracefully at the application layer, especially if -\& * application protocol supports informing the server that authentication -\& * failed. -\& */ -\& SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb); -\& } -\& -\& /* -\& * Load any saved session for resumption, making sure that the previous -\& * session applied the same security and authentication requirements that -\& * would be expected of a fresh connection. -\& */ -\& -\& /* Perform SSL_connect() handshake and handle errors here */ -\& -\& if (SSL_session_reused(ssl)) { -\& if (SSL_get_verify_result(ssl) == X509_V_OK) { -\& /* -\& * Resumed session was originally verified, this connection is -\& * authenticated. -\& */ -\& } else { -\& /* -\& * Resumed session was not originally verified, this connection is not -\& * authenticated. -\& */ -\& } -\& } else if (SSL_get_verify_result(ssl) == X509_V_OK) { -\& const char *peername = SSL_get0_peername(ssl); -\& EVP_PKEY *mspki = NULL; -\& -\& int depth = SSL_get0_dane_authority(ssl, NULL, &mspki); -\& if (depth >= 0) { -\& (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL); -\& printf("DANE TLSA %d %d %d %s at depth %d\en", usage, selector, mtype, -\& (mspki != NULL) ? "TA public key verified certificate" : -\& depth ? "matched TA certificate" : "matched EE certificate", -\& depth); -\& } -\& if (peername != NULL) { -\& /* Name checks were in scope and matched the peername */ -\& printf("Verified peername: %s\en", peername); -\& } -\& } else { -\& /* -\& * Not authenticated, presumably all TLSA rrs unusable, but possibly a -\& * callback suppressed connection termination despite the presence of -\& * usable TLSA RRs none of which matched. Do whatever is appropriate for -\& * fresh unauthenticated connections. -\& */ -\& } -.Ve -.SH "NOTES" -.IX Header "NOTES" -It is expected that the majority of clients employing \s-1DANE TLS\s0 will be doing -\&\*(L"opportunistic \s-1DANE TLS\*(R"\s0 in the sense of \s-1RFC7672\s0 and \s-1RFC7435.\s0 -That is, they will use \s-1DANE\s0 authentication when DNSSEC-validated \s-1TLSA\s0 records -are published for a given peer, and otherwise will use unauthenticated \s-1TLS\s0 or -even cleartext. -.PP -Such applications should generally treat any \s-1TLSA\s0 records published by the peer -with usages \s-1\fBPKIX\-TA\s0\fR\|(0) and \s-1\fBPKIX\-EE\s0\fR\|(1) as \*(L"unusable\*(R", and should not include -them among the \s-1TLSA\s0 records used to authenticate peer connections. -In addition, some \s-1TLSA\s0 records with supported usages may be \*(L"unusable\*(R" as a -result of invalid or unsupported parameters. -.PP -When a peer has \s-1TLSA\s0 records, but none are \*(L"usable\*(R", an opportunistic -application must avoid cleartext, but cannot authenticate the peer, -and so should generally proceed with an unauthenticated connection. -Opportunistic applications need to note the return value of each -call to \fBSSL_dane_tlsa_add()\fR, and if all return 0 (due to invalid -or unsupported parameters) disable peer authentication by calling -\&\fBSSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_new\fR\|(3), -\&\fBSSL_add1_host\fR\|(3), -\&\fBSSL_set_hostflags\fR\|(3), -\&\fBSSL_set_tlsext_host_name\fR\|(3), -\&\fBSSL_set_verify\fR\|(3), -\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), -\&\fBSSL_get0_verified_chain\fR\|(3), -\&\fBSSL_get_peer_cert_chain\fR\|(3), -\&\fBSSL_get_verify_result\fR\|(3), -\&\fBSSL_connect\fR\|(3), -\&\fBSSL_get0_peername\fR\|(3), -\&\fBX509_verify_cert\fR\|(3), -\&\fBX509_up_ref\fR\|(3), -\&\fBX509_free\fR\|(3), -\&\fBEVP_get_digestbyname\fR\|(3), -\&\fBEVP_PKEY_up_ref\fR\|(3), -\&\fBEVP_PKEY_free\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 deleted file mode 100644 index 93c857189752..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_FLUSH_SESSIONS 3" -.TH SSL_CTX_FLUSH_SESSIONS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_flush_sessions \- remove expired sessions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_flush_sessions()\fR causes a run through the session cache of -\&\fBctx\fR to remove sessions expired at time \fBtm\fR. -.SH "NOTES" -.IX Header "NOTES" -If enabled, the internal session cache will collect all sessions established -up to the specified maximum number (see \fBSSL_CTX_sess_set_cache_size()\fR). -As sessions will not be reused ones they are expired, they should be -removed from the cache to save resources. This can either be done -automatically whenever 255 new sessions were established (see -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) -or manually by calling \fBSSL_CTX_flush_sessions()\fR. -.PP -The parameter \fBtm\fR specifies the time which should be used for the -expiration test, in most cases the actual time given by \fBtime\fR\|(0) -will be used. -.PP -\&\fBSSL_CTX_flush_sessions()\fR will only check sessions stored in the internal -cache. When a session is found and removed, the remove_session_cb is however -called to synchronize with the external cache (see -\&\fBSSL_CTX_sess_set_get_cb\fR\|(3)). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_flush_sessions()\fR does not return a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), -\&\fBSSL_CTX_set_timeout\fR\|(3), -\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_free.3 b/secure/lib/libcrypto/man/SSL_CTX_free.3 deleted file mode 100644 index a9ede4208d0a..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_free.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_FREE 3" -.TH SSL_CTX_FREE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_free \- free an allocated SSL_CTX object -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_free(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the -\&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the reference count has reached 0. -.PP -It also calls the \fBfree()\fRing procedures for indirectly affected items, if -applicable: the session cache, the list of ciphers, the list of Client CAs, -the certificates and keys. -.PP -If \fBctx\fR is \s-1NULL\s0 nothing is done. -.SH "WARNINGS" -.IX Header "WARNINGS" -If a session-remove callback is set (\fBSSL_CTX_sess_set_remove_cb()\fR), this -callback will be called for each session being freed from \fBctx\fR's -session cache. This implies, that all corresponding sessions from an -external session cache are removed as well. If this is not desired, the user -should explicitly unset the callback by calling -SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fBSSL_CTX_free()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_free()\fR does not provide diagnostic information. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CTX_new\fR\|(3), \fBssl\fR\|(7), -\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 b/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 deleted file mode 100644 index 0075c6a566b7..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_get0_param.3 +++ /dev/null @@ -1,194 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_GET0_PARAM 3" -.TH SSL_CTX_GET0_PARAM 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param \- get and set verification parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) -\& X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) -\& int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) -\& int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR retrieve an internal pointer to -the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned -pointer must not be freed by the calling application. -.PP -\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR set the verification parameters -to \fBvpm\fR for \fBctx\fR or \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure -using \fBSSL_CTX_get0_param()\fR or \fBSSL_get0_param()\fR and an application modifies -them to suit its needs: for example to add a hostname check. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR return a pointer to an -\&\fBX509_VERIFY_PARAM\fR structure. -.PP -\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR return 1 for success and 0 -for failure. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: -.PP -.Vb 2 -\& X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); -\& X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 deleted file mode 100644 index 14b776021b9c..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 +++ /dev/null @@ -1,191 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_GET_VERIFY_MODE 3" -.TH SSL_CTX_GET_VERIFY_MODE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); -\& int SSL_get_verify_mode(const SSL *ssl); -\& int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); -\& int SSL_get_verify_depth(const SSL *ssl); -\& int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); -\& int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_get_verify_mode()\fR returns the verification mode currently set in -\&\fBctx\fR. -.PP -\&\fBSSL_get_verify_mode()\fR returns the verification mode currently set in -\&\fBssl\fR. -.PP -\&\fBSSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set -in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the -default value will be used. -.PP -\&\fBSSL_get_verify_depth()\fR returns the verification depth limit currently set -in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the -default value will be used. -.PP -\&\fBSSL_CTX_get_verify_callback()\fR returns a function pointer to the verification -callback currently set in \fBctx\fR. If no callback was explicitly set, the -\&\s-1NULL\s0 pointer is returned and the default callback will be used. -.PP -\&\fBSSL_get_verify_callback()\fR returns a function pointer to the verification -callback currently set in \fBssl\fR. If no callback was explicitly set, the -\&\s-1NULL\s0 pointer is returned and the default callback will be used. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -See \s-1DESCRIPTION\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 b/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 deleted file mode 100644 index bc89d874942f..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_has_client_custom_ext.3 +++ /dev/null @@ -1,168 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3" -.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_has_client_custom_ext \- check whether a handler exists for a particular client extension type -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_has_client_custom_ext()\fR checks whether a handler has been set for a -client extension of type \fBext_type\fR using \fBSSL_CTX_add_client_custom_ext()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Returns 1 if a handler has been set, 0 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_add_client_custom_ext\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 deleted file mode 100644 index 47c67cc2f572..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 +++ /dev/null @@ -1,287 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3" -.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_load_verify_locations, SSL_CTX_set_default_verify_paths, SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file \- set default locations for trusted CA certificates -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, -\& const char *CApath); -\& -\& int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); -\& -\& int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); -\& -\& int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at -which \s-1CA\s0 certificates for verification purposes are located. The certificates -available via \fBCAfile\fR and \fBCApath\fR are trusted. -.PP -\&\fBSSL_CTX_set_default_verify_paths()\fR specifies that the default locations from -which \s-1CA\s0 certificates are loaded should be used. There is one default directory -and one default file. The default \s-1CA\s0 certificates directory is called \*(L"certs\*(R" in -the default OpenSSL directory. Alternatively the \s-1SSL_CERT_DIR\s0 environment -variable can be defined to override this location. The default \s-1CA\s0 certificates -file is called \*(L"cert.pem\*(R" in the default OpenSSL directory. Alternatively the -\&\s-1SSL_CERT_FILE\s0 environment variable can be defined to override this location. -.PP -\&\fBSSL_CTX_set_default_verify_dir()\fR is similar to -\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default directory is -used. -.PP -\&\fBSSL_CTX_set_default_verify_file()\fR is similar to -\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default file is -used. -.SH "NOTES" -.IX Header "NOTES" -If \fBCAfile\fR is not \s-1NULL,\s0 it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 -format. The file can contain several \s-1CA\s0 certificates identified by -.PP -.Vb 3 -\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- -\& ... (CA certificate in base64 encoding) ... -\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- -.Ve -.PP -sequences. Before, between, and after the certificates text is allowed -which can be used e.g. for descriptions of the certificates. -.PP -The \fBCAfile\fR is processed on execution of the \fBSSL_CTX_load_verify_locations()\fR -function. -.PP -If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates -in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are -looked up by the \s-1CA\s0 subject name hash value, which must hence be available. -If more than one \s-1CA\s0 certificate with the same name hash value exist, the -extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search -is performed in the ordering of the extension number, regardless of other -properties of the certificates. -Use the \fBc_rehash\fR utility to create the necessary links. -.PP -The certificates in \fBCApath\fR are only looked up when required, e.g. when -building the certificate chain or when actually performing the verification -of a peer certificate. -.PP -When looking up \s-1CA\s0 certificates, the OpenSSL library will first search the -certificates in \fBCAfile\fR, then those in \fBCApath\fR. Certificate matching -is done based on the subject name, the key identifier (if present), and the -serial number as taken from the certificate to be verified. If these data -do not match, the next certificate will be tried. If a first certificate -matching the parameters is found, the verification process will be performed; -no other certificates for the same parameters will be searched in case of -failure. -.PP -In server mode, when requesting a client certificate, the server must send -the list of CAs of which it will accept client certificates. This list -is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must -explicitly be set using the -\&\fBSSL_CTX_set_client_CA_list\fR\|(3) -family of functions. -.PP -When building its own certificate chain, an OpenSSL client/server will -try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the -certificate chain was not explicitly specified (see -\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), -\&\fBSSL_CTX_use_certificate\fR\|(3). -.SH "WARNINGS" -.IX Header "WARNINGS" -If several \s-1CA\s0 certificates matching the name, key identifier, and serial -number condition are available, only the first one will be examined. This -may lead to unexpected results if the same \s-1CA\s0 certificate is available -with different expiration dates. If a \*(L"certificate expired\*(R" verification -error occurs, no other certificate will be searched. Make sure to not -have expired certificates mixed with valid ones. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -For SSL_CTX_load_verify_locations the following return values can occur: -.IP "0" 4 -The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the -processing at one of the locations specified failed. Check the error -stack to find out the reason. -.IP "1" 4 -.IX Item "1" -The operation succeeded. -.PP -\&\fBSSL_CTX_set_default_verify_paths()\fR, \fBSSL_CTX_set_default_verify_dir()\fR and -\&\fBSSL_CTX_set_default_verify_file()\fR all return 1 on success or 0 on failure. A -missing default location is still treated as a success. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Generate a \s-1CA\s0 certificate file with descriptive text from the \s-1CA\s0 certificates -ca1.pem ca2.pem ca3.pem: -.PP -.Vb 5 -\& #!/bin/sh -\& rm CAfile.pem -\& for i in ca1.pem ca2.pem ca3.pem ; do -\& openssl x509 \-in $i \-text >> CAfile.pem -\& done -.Ve -.PP -Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates -for use as \fBCApath\fR: -.PP -.Vb 2 -\& cd /some/where/certs -\& c_rehash . -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_set_client_CA_list\fR\|(3), -\&\fBSSL_get_client_CA_list\fR\|(3), -\&\fBSSL_CTX_use_certificate\fR\|(3), -\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), -\&\fBSSL_CTX_set_cert_store\fR\|(3), -\&\fBSSL_CTX_set_client_CA_list\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CTX_new.3 deleted file mode 100644 index 6126859c8104..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_new.3 +++ /dev/null @@ -1,326 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_NEW 3" -.TH SSL_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method \&\- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); -\& int SSL_CTX_up_ref(SSL_CTX *ctx); -\& -\& const SSL_METHOD *TLS_method(void); -\& const SSL_METHOD *TLS_server_method(void); -\& const SSL_METHOD *TLS_client_method(void); -\& -\& const SSL_METHOD *SSLv23_method(void); -\& const SSL_METHOD *SSLv23_server_method(void); -\& const SSL_METHOD *SSLv23_client_method(void); -\& -\& #ifndef OPENSSL_NO_SSL3_METHOD -\& const SSL_METHOD *SSLv3_method(void); -\& const SSL_METHOD *SSLv3_server_method(void); -\& const SSL_METHOD *SSLv3_client_method(void); -\& #endif -\& -\& #ifndef OPENSSL_NO_TLS1_METHOD -\& const SSL_METHOD *TLSv1_method(void); -\& const SSL_METHOD *TLSv1_server_method(void); -\& const SSL_METHOD *TLSv1_client_method(void); -\& #endif -\& -\& #ifndef OPENSSL_NO_TLS1_1_METHOD -\& const SSL_METHOD *TLSv1_1_method(void); -\& const SSL_METHOD *TLSv1_1_server_method(void); -\& const SSL_METHOD *TLSv1_1_client_method(void); -\& #endif -\& -\& #ifndef OPENSSL_NO_TLS1_2_METHOD -\& const SSL_METHOD *TLSv1_2_method(void); -\& const SSL_METHOD *TLSv1_2_server_method(void); -\& const SSL_METHOD *TLSv1_2_client_method(void); -\& #endif -\& -\& const SSL_METHOD *DTLS_method(void); -\& const SSL_METHOD *DTLS_server_method(void); -\& const SSL_METHOD *DTLS_client_method(void); -\& -\& #ifndef OPENSSL_NO_DTLS1_METHOD -\& const SSL_METHOD *DTLSv1_method(void); -\& const SSL_METHOD *DTLSv1_server_method(void); -\& const SSL_METHOD *DTLSv1_client_method(void); -\& #endif -\& -\& #ifndef OPENSSL_NO_DTLS1_2_METHOD -\& const SSL_METHOD *DTLSv1_2_method(void); -\& const SSL_METHOD *DTLSv1_2_server_method(void); -\& const SSL_METHOD *DTLSv1_2_client_method(void); -\& #endif -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to -establish \s-1TLS/SSL\s0 or \s-1DTLS\s0 enabled connections. An \fB\s-1SSL_CTX\s0\fR object is -reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the first time increments -the reference count. Freeing it (using SSL_CTX_free) decrements it. When the -reference count drops to zero, any memory or resources allocated to the -\&\fB\s-1SSL_CTX\s0\fR object are freed. \fBSSL_CTX_up_ref()\fR increments the reference count for -an existing \fB\s-1SSL_CTX\s0\fR structure. -.SH "NOTES" -.IX Header "NOTES" -The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. -The methods exist in a generic type (for client and server use), a server only -type, and a client only type. -\&\fBmethod\fR can be of the following types: -.IP "\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR" 4 -.IX Item "TLS_method(), TLS_server_method(), TLS_client_method()" -These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods. -The actual protocol version used will be negotiated to the highest version -mutually supported by the client and the server. -The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. -Applications should use these methods, and avoid the version-specific -methods described below, which are deprecated. -.IP "\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR, \fBSSLv23_client_method()\fR" 4 -.IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()" -These functions do not exist anymore, they have been renamed to -\&\fBTLS_method()\fR, \fBTLS_server_method()\fR and \fBTLS_client_method()\fR respectively. -Currently, the old function calls are renamed to the corresponding new -ones by preprocessor macros, to ensure that existing code which uses the -old function names still compiles. However, using the old function names -is deprecated and new code should call the new functions instead. -.IP "\fBTLSv1_2_method()\fR, \fBTLSv1_2_server_method()\fR, \fBTLSv1_2_client_method()\fR" 4 -.IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()" -A \s-1TLS/SSL\s0 connection established with these methods will only understand the -TLSv1.2 protocol. These methods are deprecated. -.IP "\fBTLSv1_1_method()\fR, \fBTLSv1_1_server_method()\fR, \fBTLSv1_1_client_method()\fR" 4 -.IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()" -A \s-1TLS/SSL\s0 connection established with these methods will only understand the -TLSv1.1 protocol. These methods are deprecated. -.IP "\fBTLSv1_method()\fR, \fBTLSv1_server_method()\fR, \fBTLSv1_client_method()\fR" 4 -.IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()" -A \s-1TLS/SSL\s0 connection established with these methods will only understand the -TLSv1 protocol. These methods are deprecated. -.IP "\fBSSLv3_method()\fR, \fBSSLv3_server_method()\fR, \fBSSLv3_client_method()\fR" 4 -.IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()" -A \s-1TLS/SSL\s0 connection established with these methods will only understand the -SSLv3 protocol. -The SSLv3 protocol is deprecated and should not be used. -.IP "\fBDTLS_method()\fR, \fBDTLS_server_method()\fR, \fBDTLS_client_method()\fR" 4 -.IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()" -These are the version-flexible \s-1DTLS\s0 methods. -Currently supported protocols are \s-1DTLS 1.0\s0 and \s-1DTLS 1.2.\s0 -.IP "\fBDTLSv1_2_method()\fR, \fBDTLSv1_2_server_method()\fR, \fBDTLSv1_2_client_method()\fR" 4 -.IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()" -These are the version-specific methods for DTLSv1.2. -These methods are deprecated. -.IP "\fBDTLSv1_method()\fR, \fBDTLSv1_server_method()\fR, \fBDTLSv1_client_method()\fR" 4 -.IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()" -These are the version-specific methods for DTLSv1. -These methods are deprecated. -.PP -\&\fBSSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the -callbacks, the keys and certificates and the options to their default values. -.PP -\&\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR, \fBDTLS_method()\fR, -\&\fBDTLS_server_method()\fR and \fBDTLS_client_method()\fR are the \fIversion-flexible\fR -methods. -All other methods only support one specific protocol version. -Use the \fIversion-flexible\fR methods instead of the version specific methods. -.PP -If you want to limit the supported protocols for the version flexible -methods you can use \fBSSL_CTX_set_min_proto_version\fR\|(3), -\&\fBSSL_set_min_proto_version\fR\|(3), \fBSSL_CTX_set_max_proto_version\fR\|(3) and -\&\fBSSL_set_max_proto_version\fR\|(3) functions. -Using these functions it is possible to choose e.g. \fBTLS_server_method()\fR -and be able to negotiate with all possible clients, but to only -allow newer protocols like \s-1TLS 1.0, TLS 1.1, TLS 1.2\s0 or \s-1TLS 1.3.\s0 -.PP -The list of protocols available can also be limited using the -\&\fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR, -\&\fBSSL_OP_NO_TLSv1_3\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR -options of the -\&\fBSSL_CTX_set_options\fR\|(3) or \fBSSL_set_options\fR\|(3) functions, but this approach -is not recommended. Clients should avoid creating \*(L"holes\*(R" in the set of -protocols they support. When disabling a protocol, make sure that you also -disable either all previous or all subsequent protocol versions. -In clients, when a protocol version is disabled without disabling \fIall\fR -previous protocol versions, the effect is to also disable all subsequent -protocol versions. -.PP -The SSLv3 protocol is deprecated and should generally not be used. -Applications should typically use \fBSSL_CTX_set_min_proto_version\fR\|(3) to set -the minimum protocol to at least \fB\s-1TLS1_VERSION\s0\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "\s-1NULL\s0" 4 -.IX Item "NULL" -The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to find out -the reason. -.IP "Pointer to an \s-1SSL_CTX\s0 object" 4 -.IX Item "Pointer to an SSL_CTX object" -The return value points to an allocated \s-1SSL_CTX\s0 object. -.Sp -\&\fBSSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), \fBSSL_accept\fR\|(3), -\&\fBSSL_CTX_set_min_proto_version\fR\|(3), \fBssl\fR\|(7), \fBSSL_set_connect_state\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -Support for SSLv2 and the corresponding \fBSSLv2_method()\fR, -\&\fBSSLv2_server_method()\fR and \fBSSLv2_client_method()\fR functions where -removed in OpenSSL 1.1.0. -.PP -\&\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR and \fBSSLv23_client_method()\fR -were deprecated and the preferred \fBTLS_method()\fR, \fBTLS_server_method()\fR -and \fBTLS_client_method()\fR functions were added in OpenSSL 1.1.0. -.PP -All version-specific methods were deprecated in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 deleted file mode 100644 index be8aa4da19a2..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 +++ /dev/null @@ -1,217 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SESS_NUMBER 3" -.TH SSL_CTX_SESS_NUMBER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_sess_number(SSL_CTX *ctx); -\& long SSL_CTX_sess_connect(SSL_CTX *ctx); -\& long SSL_CTX_sess_connect_good(SSL_CTX *ctx); -\& long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx); -\& long SSL_CTX_sess_accept(SSL_CTX *ctx); -\& long SSL_CTX_sess_accept_good(SSL_CTX *ctx); -\& long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx); -\& long SSL_CTX_sess_hits(SSL_CTX *ctx); -\& long SSL_CTX_sess_cb_hits(SSL_CTX *ctx); -\& long SSL_CTX_sess_misses(SSL_CTX *ctx); -\& long SSL_CTX_sess_timeouts(SSL_CTX *ctx); -\& long SSL_CTX_sess_cache_full(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_sess_number()\fR returns the current number of sessions in the internal -session cache. -.PP -\&\fBSSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in -client mode. -.PP -\&\fBSSL_CTX_sess_connect_good()\fR returns the number of successfully established -\&\s-1SSL/TLS\s0 sessions in client mode. -.PP -\&\fBSSL_CTX_sess_connect_renegotiate()\fR returns the number of started renegotiations -in client mode. -.PP -\&\fBSSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in -server mode. -.PP -\&\fBSSL_CTX_sess_accept_good()\fR returns the number of successfully established -\&\s-1SSL/TLS\s0 sessions in server mode. -.PP -\&\fBSSL_CTX_sess_accept_renegotiate()\fR returns the number of started renegotiations -in server mode. -.PP -\&\fBSSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. -In client mode a session set with \fBSSL_set_session\fR\|(3) -successfully reused is counted as a hit. In server mode a session successfully -retrieved from internal or external cache is counted as a hit. -.PP -\&\fBSSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions -from the external session cache in server mode. -.PP -\&\fBSSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients -that were not found in the internal session cache in server mode. -.PP -\&\fBSSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients -and either found in the internal or external session cache in server mode, - but that were invalid due to timeout. These sessions are not included in -the \fBSSL_CTX_sess_hits()\fR count. -.PP -\&\fBSSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed -because the maximum session cache size was exceeded. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The functions return the values indicated in the \s-1DESCRIPTION\s0 section. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) -\&\fBSSL_CTX_sess_set_cache_size\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 deleted file mode 100644 index 54da3301e959..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 +++ /dev/null @@ -1,193 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3" -.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); -\& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache -of context \fBctx\fR to \fBt\fR. -This value is a hint and not an absolute; see the notes below. -.PP -\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. -.SH "NOTES" -.IX Header "NOTES" -The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0 -currently 1024*20, so that up to 20000 sessions can be held. This size -can be modified using the \fBSSL_CTX_sess_set_cache_size()\fR call. A special -case is the size 0, which is used for unlimited size. -.PP -If adding the session makes the cache exceed its size, then unused -sessions are dropped from the end of the cache. -Cache space may also be reclaimed by calling -\&\fBSSL_CTX_flush_sessions\fR\|(3) to remove -expired sessions. -.PP -If the size of the session cache is reduced and more sessions are already -in the session cache, old session will be removed at the next time a -session shall be added. This removal is not synchronized with the -expiration of sessions. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_sess_set_cache_size()\fR returns the previously valid size. -.PP -\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid size. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), -\&\fBSSL_CTX_sess_number\fR\|(3), -\&\fBSSL_CTX_flush_sessions\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 deleted file mode 100644 index 6e612b67cbfa..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 +++ /dev/null @@ -1,245 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SESS_SET_GET_CB 3" -.TH SSL_CTX_SESS_SET_GET_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, -\& int (*new_session_cb)(SSL *, SSL_SESSION *)); -\& void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, -\& void (*remove_session_cb)(SSL_CTX *ctx, -\& SSL_SESSION *)); -\& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, -\& SSL_SESSION (*get_session_cb)(SSL *, -\& const unsigned char *, -\& int, int *)); -\& -\& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, -\& SSL_SESSION *sess); -\& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, -\& SSL_SESSION *sess); -\& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, -\& const unsigned char *data, -\& int len, int *copy); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically -called whenever a new session was negotiated. -.PP -\&\fBSSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is -automatically called whenever a session is removed by the \s-1SSL\s0 engine, -because it is considered faulty or the session has become obsolete because -of exceeding the timeout value. -.PP -\&\fBSSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, -whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session -could not be found in the internal session cache (see -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)). -(\s-1SSL/TLS\s0 server only.) -.PP -\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR, and -\&\fBSSL_CTX_sess_get_get_cb()\fR retrieve the function pointers set by the -corresponding set callback functions. If a callback function has not been -set, the \s-1NULL\s0 pointer is returned. -.SH "NOTES" -.IX Header "NOTES" -In order to allow external session caching, synchronization with the internal -session cache is realized via callback functions. Inside these callback -functions, session can be saved to disk or put into a database using the -\&\fBd2i_SSL_SESSION\fR\|(3) interface. -.PP -The \fBnew_session_cb()\fR is called, whenever a new session has been negotiated -and session caching is enabled (see -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)). -The \fBnew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session -\&\fBsess\fR. If the callback returns \fB0\fR, the session will be immediately -removed again. Note that in TLSv1.3, sessions are established after the main -handshake has completed. The server decides when to send the client the session -information and this may occur some time after the end of the handshake (or not -at all). This means that applications should expect the \fBnew_session_cb()\fR -function to be invoked during the handshake (for <= TLSv1.2) or after the -handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to -be established with a single connection. In these case the \fBnew_session_cb()\fR -function will be invoked multiple times. -.PP -In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for -resumption once. One way of enforcing that is for applications to call -\&\fBSSL_CTX_remove_session\fR\|(3) after a session has been used. -.PP -The \fBremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session -from the internal cache. This happens when the session is removed because -it is expired or when a connection was not shutdown cleanly. It also happens -for all sessions in the internal session cache when -\&\fBSSL_CTX_free\fR\|(3) is called. The \fBremove_session_cb()\fR is passed -the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback. -.PP -The \fBget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id -proposed by the client. The \fBget_session_cb()\fR is always called, also when -session caching was disabled. The \fBget_session_cb()\fR is passed the -\&\fBssl\fR connection, the session id of length \fBlength\fR at the memory location -\&\fBdata\fR. With the parameter \fBcopy\fR the callback can require the -\&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object, -Normally the reference count is not incremented and therefore the -session must not be explicitly freed with -\&\fBSSL_SESSION_free\fR\|(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR and \fBSSL_CTX_sess_get_get_cb()\fR -return different callback function pointers respectively. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBd2i_SSL_SESSION\fR\|(3), -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), -\&\fBSSL_CTX_flush_sessions\fR\|(3), -\&\fBSSL_SESSION_free\fR\|(3), -\&\fBSSL_CTX_free\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_sessions.3 deleted file mode 100644 index d20de0f09b21..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 +++ /dev/null @@ -1,178 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SESSIONS 3" -.TH SSL_CTX_SESSIONS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_sessions \- access internal session cache -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the -internal session cache for \fBctx\fR. -.SH "NOTES" -.IX Header "NOTES" -The sessions in the internal session cache are kept in an -\&\s-1\fBLHASH\s0\fR\|(3) type database. It is possible to directly -access this database e.g. for searching. In parallel, the sessions -form a linked list which is maintained separately from the -\&\s-1\fBLHASH\s0\fR\|(3) operations, so that the database must not be -modified directly but by using the -\&\fBSSL_CTX_add_session\fR\|(3) family of functions. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash of \fB\s-1SSL_SESSION\s0\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \s-1\fBLHASH\s0\fR\|(3), -\&\fBSSL_CTX_add_session\fR\|(3), -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 deleted file mode 100644 index f123d0a00359..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 +++ /dev/null @@ -1,307 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET0_CA_LIST 3" -.TH SSL_CTX_SET0_CA_LIST 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_get_client_CA_list, SSL_CTX_get_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA, SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list, SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list, SSL_get0_peer_CA_list \&\- get or set CA list -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); -\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); -\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); -\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); -\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); -\& int SSL_add_client_CA(SSL *ssl, X509 *cacert); -\& -\& void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); -\& void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); -\& const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); -\& const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); -\& int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); -\& int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); -\& -\& const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The functions described here set and manage the list of \s-1CA\s0 names that are sent -between two communicating peers. -.PP -For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the -server to the client when requesting a client certificate. So any list of \s-1CA\s0 -names set is never sent from client to server and the list of \s-1CA\s0 names retrieved -by \fBSSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. -.PP -For \s-1TLS 1.3\s0 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR -extension and may be sent by a client (in the ClientHello message) or by -a server (when requesting a certificate). -.PP -In most cases it is not necessary to set \s-1CA\s0 names on the client side. The list -of \s-1CA\s0 names that are acceptable to the client will be sent in plaintext to the -server. This has privacy implications and may also have performance implications -if the list is large. This optional capability was introduced as part of TLSv1.3 -and therefore setting \s-1CA\s0 names on the client side will have no impact if that -protocol version has been disabled. Most servers do not need this and so this -should be avoided unless required. -.PP -The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the -server side. -.PP -\&\fBSSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when -requesting a client certificate for \fBctx\fR. Ownership of \fBlist\fR is transferred -to \fBctx\fR and it should not be freed by the caller. -.PP -\&\fBSSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when -requesting a client certificate for the chosen \fBssl\fR, overriding the -setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred -to \fBs\fR and it should not be freed by the caller. -.PP -\&\fBSSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for -\&\fBctx\fR using \fBSSL_CTX_set_client_CA_list()\fR. The returned list should not be freed -by the caller. -.PP -\&\fBSSL_get_client_CA_list()\fR returns the list of client CAs explicitly -set for \fBssl\fR using \fBSSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with -\&\fBSSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, -SSL_get_client_CA_list returns the list of client CAs sent from the server, if -any. The returned list should not be freed by the caller. -.PP -\&\fBSSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the -list of CAs sent to the client when requesting a client certificate for -\&\fBctx\fR. -.PP -\&\fBSSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the -list of CAs sent to the client when requesting a client certificate for -the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. -.PP -\&\fBSSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer -has sent. This can be called on either the server or the client side. The -returned list should not be freed by the caller. -.PP -The \*(L"generic \s-1CA\s0 list\*(R" functions below are very similar to the \*(L"client \s-1CA\s0 -list\*(R" functions except that they have an effect on both the server and client -sides. The lists of \s-1CA\s0 names managed are separate \- so you cannot (for example) -set \s-1CA\s0 names using the \*(L"client \s-1CA\s0 list\*(R" functions and then get them using the -\&\*(L"generic \s-1CA\s0 list\*(R" functions. Where a mix of the two types of functions has been -used on the server side then the \*(L"client \s-1CA\s0 list\*(R" functions take precedence. -Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions should be used in -preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on -the client side. -.PP -\&\fBSSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to -\&\fBname_list\fR. Ownership of \fBname_list\fR is transferred to \fBctx\fR and -it should not be freed by the caller. -.PP -\&\fBSSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR -overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership of -\&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller. -.PP -\&\fBSSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for -\&\fBctx\fR. The returned list should not be freed by the caller. -.PP -\&\fBSSL_get0_CA_list()\fR retrieves any previously set list of CAs set for -\&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The -returned list should not be freed by the caller. -.PP -\&\fBSSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the -list of CAs sent to peer for \fBctx\fR. -.PP -\&\fBSSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the -list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent -\&\fB\s-1SSL_CTX\s0\fR. -.SH "NOTES" -.IX Header "NOTES" -When a \s-1TLS/SSL\s0 server requests a client certificate (see -\&\fB\fBSSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept -certificates, to the client. -.PP -This list must explicitly be set using \fBSSL_CTX_set_client_CA_list()\fR or -\&\fBSSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fBSSL_set_client_CA_list()\fR or -\&\fBSSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified -overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR -only contains the names, not the complete certificates); use -\&\fBSSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. -.PP -If the list of acceptable CAs is compiled in a file, the -\&\fBSSL_load_client_CA_file\fR\|(3) function can be used to help to import the -necessary data. -.PP -\&\fBSSL_CTX_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR, \fBSSL_add_client_CA()\fR and -\&\fBSSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no -list was specified before using \fBSSL_CTX_set_client_CA_list()\fR, -\&\fBSSL_CTX_set0_CA_list()\fR, \fBSSL_set_client_CA_list()\fR or \fBSSL_set0_CA_list()\fR, a -new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, -\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, \fBSSL_CTX_set0_CA_list()\fR -and \fBSSL_set0_CA_list()\fR do not return a value. -.PP -\&\fBSSL_CTX_get_client_CA_list()\fR, \fBSSL_get_client_CA_list()\fR, \fBSSL_CTX_get0_CA_list()\fR -and \fBSSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are -set. -.PP -\&\fBSSL_CTX_add_client_CA()\fR,\fBSSL_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR and -\&\fBSSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. -.PP -\&\fBSSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or -\&\fB\s-1NULL\s0\fR or an empty stack if no list was sent. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: -.PP -.Vb 1 -\& SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_load_client_CA_file\fR\|(3), -\&\fBSSL_CTX_load_verify_locations\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 b/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 deleted file mode 100644 index 7999810c736d..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set1_curves.3 +++ /dev/null @@ -1,238 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET1_CURVES 3" -.TH SSL_CTX_SET1_CURVES 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve \&\- EC supported curve functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen); -\& int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list); -\& -\& int SSL_set1_groups(SSL *ssl, int *glist, int glistlen); -\& int SSL_set1_groups_list(SSL *ssl, char *list); -\& -\& int SSL_get1_groups(SSL *ssl, int *groups); -\& int SSL_get_shared_group(SSL *s, int n); -\& -\& int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); -\& int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); -\& -\& int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); -\& int SSL_set1_curves_list(SSL *ssl, char *list); -\& -\& int SSL_get1_curves(SSL *ssl, int *curves); -\& int SSL_get_shared_curve(SSL *s, int n); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -For all of the functions below that set the supported groups there must be at -least one group in the list. -.PP -\&\fBSSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR -groups in the array \fBglist\fR. The array consist of all NIDs of groups in -preference order. For a \s-1TLS\s0 client the groups are used directly in the -supported groups extension. For a \s-1TLS\s0 server the groups are used to -determine the set of shared groups. -.PP -\&\fBSSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to -string \fBlist\fR. The string is a colon separated list of group NIDs or -names, for example \*(L"P\-521:P\-384:P\-256\*(R". -.PP -\&\fBSSL_set1_groups()\fR and \fBSSL_set1_groups_list()\fR are similar except they set -supported groups for the \s-1SSL\s0 structure \fBssl\fR. -.PP -\&\fBSSL_get1_groups()\fR returns the set of supported groups sent by a client -in the supported groups extension. It returns the total number of -supported groups. The \fBgroups\fR parameter can be \fB\s-1NULL\s0\fR to simply -return the number of groups for memory allocation purposes. The -\&\fBgroups\fR array is in the form of a set of group NIDs in preference -order. It can return zero if the client did not send a supported groups -extension. -.PP -\&\fBSSL_get_shared_group()\fR returns shared group \fBn\fR for a server-side -\&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is -returned, which may be zero. Other than for diagnostic purposes, -most applications will only be interested in the first shared group -so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range, -NID_undef is returned. -.PP -All these functions are implemented as macros. -.PP -The curve functions are synonyms for the equivalently named group functions and -are identical in every respect. They exist because, prior to \s-1TLS1.3,\s0 there was -only the concept of supported curves. In \s-1TLS1.3\s0 this was renamed to supported -groups, and extended to include Diffie Hellman groups. The group functions -should be used in preference. -.SH "NOTES" -.IX Header "NOTES" -If an application wishes to make use of several of these functions for -configuration purposes either on a command line or in a file it should -consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set1_groups()\fR, \fBSSL_CTX_set1_groups_list()\fR, \fBSSL_set1_groups()\fR and -\&\fBSSL_set1_groups_list()\fR, return 1 for success and 0 for failure. -.PP -\&\fBSSL_get1_groups()\fR returns the number of groups, which may be zero. -.PP -\&\fBSSL_get_shared_group()\fR returns the \s-1NID\s0 of shared group \fBn\fR or NID_undef if there -is no shared group \fBn\fR; or the total number of shared groups if \fBn\fR -is \-1. -.PP -When called on a client \fBssl\fR, \fBSSL_get_shared_group()\fR has no meaning and -returns \-1. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The curve functions were added in OpenSSL 1.0.2. The equivalent group -functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 b/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 deleted file mode 100644 index 9dd61cd9bc97..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set1_sigalgs.3 +++ /dev/null @@ -1,249 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET1_SIGALGS 3" -.TH SSL_CTX_SET1_SIGALGS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, SSL_set1_client_sigalgs_list \- set supported signature algorithms -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); -\& long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen); -\& long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); -\& long SSL_set1_sigalgs_list(SSL *ssl, const char *str); -\& -\& long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); -\& long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen); -\& long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str); -\& long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set1_sigalgs()\fR and \fBSSL_set1_sigalgs()\fR set the supported signature -algorithms for \fBctx\fR or \fBssl\fR. The array \fBslist\fR of length \fBslistlen\fR -must consist of pairs of NIDs corresponding to digest and public key -algorithms. -.PP -\&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR set the supported -signature algorithms for \fBctx\fR or \fBssl\fR. The \fBstr\fR parameter -must be a null terminated string consisting of a colon separated list of -elements, where each element is either a combination of a public key -algorithm and a digest separated by \fB+\fR, or a \s-1TLS 1\s0.3\-style named -SignatureScheme such as rsa_pss_pss_sha256. -.PP -\&\fBSSL_CTX_set1_client_sigalgs()\fR, \fBSSL_set1_client_sigalgs()\fR, -\&\fBSSL_CTX_set1_client_sigalgs_list()\fR and \fBSSL_set1_client_sigalgs_list()\fR set -signature algorithms related to client authentication, otherwise they are -identical to \fBSSL_CTX_set1_sigalgs()\fR, \fBSSL_set1_sigalgs()\fR, -\&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR. -.PP -All these functions are implemented as macros. The signature algorithm -parameter (integer array or string) is not freed: the application should -free it, if necessary. -.SH "NOTES" -.IX Header "NOTES" -If an application wishes to allow the setting of signature algorithms -as one of many user configurable options it should consider using the more -flexible \s-1SSL_CONF API\s0 instead. -.PP -The signature algorithms set by a client are used directly in the supported -signature algorithm in the client hello message. -.PP -The supported signature algorithms set by a server are not sent to the -client but are used to determine the set of shared signature algorithms -and (if server preferences are set with \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0) -their order. -.PP -The client authentication signature algorithms set by a server are sent -in a certificate request message if client authentication is enabled, -otherwise they are unused. -.PP -Similarly client authentication signature algorithms set by a client are -used to determined the set of client authentication shared signature -algorithms. -.PP -Signature algorithms will neither be advertised nor used if the security level -prohibits them (for example \s-1SHA1\s0 if the security level is 4 or more). -.PP -Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and -NID_sha512 digest NIDs are supported and the public key algorithm NIDs -\&\s-1EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA\s0 and \s-1EVP_PKEY_EC.\s0 -.PP -The short or long name values for digests can be used in a string (for -example \*(L"\s-1MD5\*(R", \*(L"SHA1\*(R", \*(L"SHA224\*(R", \*(L"SHA256\*(R", \*(L"SHA384\*(R", \*(L"SHA512\*(R"\s0) and -the public key algorithm strings \*(L"\s-1RSA\*(R",\s0 \*(L"RSA-PSS\*(R", \*(L"\s-1DSA\*(R"\s0 or \*(L"\s-1ECDSA\*(R".\s0 -.PP -The \s-1TLS 1.3\s0 signature scheme names (such as \*(L"rsa_pss_pss_sha256\*(R") can also -be used with the \fB_list\fR forms of the \s-1API.\s0 -.PP -The use of \s-1MD5\s0 as a digest is strongly discouraged due to security weaknesses. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All these functions return 1 for success and 0 for failure. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 -using an array: -.PP -.Vb 1 -\& const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA}; -\& -\& SSL_CTX_set1_sigalgs(ctx, slist, 4); -.Ve -.PP -Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 -using a string: -.PP -.Vb 1 -\& SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256"); -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_get_shared_sigalgs\fR\|(3), -\&\fBSSL_CONF_CTX_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 b/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 deleted file mode 100644 index ecae59de70f0..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set1_verify_cert_store.3 +++ /dev/null @@ -1,226 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3" -.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, SSL_set0_chain_cert_store, SSL_set1_chain_cert_store \- set certificate verification or chain store -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); -\& int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); -\& int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); -\& int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); -\& -\& int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); -\& int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); -\& int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); -\& int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set0_verify_cert_store()\fR and \fBSSL_CTX_set1_verify_cert_store()\fR -set the certificate store used for certificate verification to \fBst\fR. -.PP -\&\fBSSL_CTX_set0_chain_cert_store()\fR and \fBSSL_CTX_set1_chain_cert_store()\fR -set the certificate store used for certificate chain building to \fBst\fR. -.PP -\&\fBSSL_set0_verify_cert_store()\fR, \fBSSL_set1_verify_cert_store()\fR, -\&\fBSSL_set0_chain_cert_store()\fR and \fBSSL_set1_chain_cert_store()\fR are similar -except they apply to \s-1SSL\s0 structure \fBssl\fR. -.PP -All these functions are implemented as macros. Those containing a \fB1\fR -increment the reference count of the supplied store so it must -be freed at some point after the operation. Those containing a \fB0\fR do -not increment reference counts and the supplied store \fB\s-1MUST NOT\s0\fR be freed -after the operation. -.SH "NOTES" -.IX Header "NOTES" -The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 -structures when \fBSSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be -affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value. -.PP -The verification store is used to verify the certificate chain sent by the -peer: that is an \s-1SSL/TLS\s0 client will use the verification store to verify -the server's certificate chain and a \s-1SSL/TLS\s0 server will use it to verify -any client certificate chain. -.PP -The chain store is used to build the certificate chain. -.PP -If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is -configured already (for example using the functions such as -\&\fBSSL_CTX_add1_chain_cert\fR\|(3) or -\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)) then -automatic chain building is disabled. -.PP -If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building -is disabled. -.PP -If the chain or the verification store is not set then the store associated -with the parent \s-1SSL_CTX\s0 is used instead to retain compatibility with previous -versions of OpenSSL. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All these functions return 1 for success and 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) -\&\fBSSL_CTX_set0_chain\fR\|(3) -\&\fBSSL_CTX_set1_chain\fR\|(3) -\&\fBSSL_CTX_add0_chain_cert\fR\|(3) -\&\fBSSL_CTX_add1_chain_cert\fR\|(3) -\&\fBSSL_set0_chain\fR\|(3) -\&\fBSSL_set1_chain\fR\|(3) -\&\fBSSL_add0_chain_cert\fR\|(3) -\&\fBSSL_add1_chain_cert\fR\|(3) -\&\fBSSL_CTX_build_cert_chain\fR\|(3) -\&\fBSSL_build_cert_chain\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 deleted file mode 100644 index 6bfbd20db37d..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_alpn_select_cb.3 +++ /dev/null @@ -1,314 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3" -.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated \&\- handle application layer protocol negotiation (ALPN) -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, -\& unsigned int protos_len); -\& int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, -\& unsigned int protos_len); -\& void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, -\& int (*cb) (SSL *ssl, -\& const unsigned char **out, -\& unsigned char *outlen, -\& const unsigned char *in, -\& unsigned int inlen, -\& void *arg), void *arg); -\& void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, -\& unsigned int *len); -\& -\& void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, -\& int (*cb)(SSL *ssl, -\& const unsigned char **out, -\& unsigned int *outlen, -\& void *arg), -\& void *arg); -\& void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, -\& int (*cb)(SSL *s, -\& unsigned char **out, -\& unsigned char *outlen, -\& const unsigned char *in, -\& unsigned int inlen, -\& void *arg), -\& void *arg); -\& int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, -\& const unsigned char *server, -\& unsigned int server_len, -\& const unsigned char *client, -\& unsigned int client_len) -\& void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, -\& unsigned *len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR are used by the client to -set the list of protocols available to be negotiated. The \fBprotos\fR must be in -protocol-list format, described below. The length of \fBprotos\fR is specified in -\&\fBprotos_len\fR. -.PP -\&\fBSSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a -server to select which protocol to use for the incoming connection. When \fBcb\fR -is \s-1NULL, ALPN\s0 is not used. The \fBarg\fR value is a pointer which is passed to -the application callback. -.PP -\&\fBcb\fR is the application defined callback. The \fBin\fR, \fBinlen\fR parameters are a -vector in protocol-list format. The value of the \fBout\fR, \fBoutlen\fR vector -should be set to the value of a single protocol selected from the \fBin\fR, -\&\fBinlen\fR vector. The \fBout\fR buffer may point directly into \fBin\fR, or to a -buffer that outlives the handshake. The \fBarg\fR parameter is the pointer set via -\&\fBSSL_CTX_set_alpn_select_cb()\fR. -.PP -\&\fBSSL_select_next_proto()\fR is a helper function used to select protocols. It -implements the standard protocol selection. It is expected that this function -is called from the application callback \fBcb\fR. The protocol data in \fBserver\fR, -\&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol-list format -described below. The first item in the \fBserver\fR, \fBserver_len\fR list that -matches an item in the \fBclient\fR, \fBclient_len\fR list is selected, and returned -in \fBout\fR, \fBoutlen\fR. The \fBout\fR value will point into either \fBserver\fR or -\&\fBclient\fR, so it should be copied immediately. If no match is found, the first -item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR. This -function can also be used in the \s-1NPN\s0 callback. -.PP -\&\fBSSL_CTX_set_next_proto_select_cb()\fR sets a callback \fBcb\fR that is called when a -client needs to select a protocol from the server's provided list, and a -user-defined pointer argument \fBarg\fR which will be passed to this callback. -For the callback itself, \fBout\fR -must be set to point to the selected protocol (which may be within \fBin\fR). -The length of the protocol name must be written into \fBoutlen\fR. The -server's advertised protocols are provided in \fBin\fR and \fBinlen\fR. The -callback can assume that \fBin\fR is syntactically valid. The client must -select a protocol. It is fatal to the connection if this callback returns -a value other than \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR. The \fBarg\fR parameter is the pointer -set via \fBSSL_CTX_set_next_proto_select_cb()\fR. -.PP -\&\fBSSL_CTX_set_next_protos_advertised_cb()\fR sets a callback \fBcb\fR that is called -when a \s-1TLS\s0 server needs a list of supported protocols for Next Protocol -Negotiation. The returned list must be in protocol-list format, described -below. The list is -returned by setting \fBout\fR to point to it and \fBoutlen\fR to its length. This -memory will not be modified, but the \fB\s-1SSL\s0\fR does keep a -reference to it. The callback should return \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it -wishes to advertise. Otherwise, no such extension will be included in the -ServerHello. -.PP -\&\fBSSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR -with length \fBlen\fR. It is not NUL-terminated. \fBdata\fR is set to \s-1NULL\s0 and \fBlen\fR -is set to 0 if no protocol has been selected. \fBdata\fR must not be freed. -.PP -\&\fBSSL_get0_next_proto_negotiated()\fR sets \fBdata\fR and \fBlen\fR to point to the -client's requested protocol for this connection. If the client did not -request any protocol or \s-1NPN\s0 is not enabled, then \fBdata\fR is set to \s-1NULL\s0 and -\&\fBlen\fR to 0. Note that -the client can request any protocol it chooses. The value returned from -this function need not be a member of the list of supported protocols -provided by the callback. -.SH "NOTES" -.IX Header "NOTES" -The protocol-lists must be in wire-format, which is defined as a vector of -non-empty, 8\-bit length-prefixed, byte strings. The length-prefix byte is not -included in the length. Each string is limited to 255 bytes. A byte-string -length of 0 is invalid. A truncated byte-string is invalid. The length of the -vector is not in the vector itself, but in a separate variable. -.PP -Example: -.PP -.Vb 5 -\& unsigned char vector[] = { -\& 6, \*(Aqs\*(Aq, \*(Aqp\*(Aq, \*(Aqd\*(Aq, \*(Aqy\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, -\& 8, \*(Aqh\*(Aq, \*(Aqt\*(Aq, \*(Aqt\*(Aq, \*(Aqp\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, \*(Aq.\*(Aq, \*(Aq1\*(Aq -\& }; -\& unsigned int length = sizeof(vector); -.Ve -.PP -The \s-1ALPN\s0 callback is executed after the servername callback; as that servername -callback may update the \s-1SSL_CTX,\s0 and subsequently, the \s-1ALPN\s0 callback. -.PP -If there is no \s-1ALPN\s0 proposed in the ClientHello, the \s-1ALPN\s0 callback is not -invoked. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR return 0 on success, and -non\-0 on failure. \s-1WARNING:\s0 these functions reverse the return value convention. -.PP -\&\fBSSL_select_next_proto()\fR returns one of the following: -.IP "\s-1OPENSSL_NPN_NEGOTIATED\s0" 4 -.IX Item "OPENSSL_NPN_NEGOTIATED" -A match was found and is returned in \fBout\fR, \fBoutlen\fR. -.IP "\s-1OPENSSL_NPN_NO_OVERLAP\s0" 4 -.IX Item "OPENSSL_NPN_NO_OVERLAP" -No match was found. The first item in \fBclient\fR, \fBclient_len\fR is returned in -\&\fBout\fR, \fBoutlen\fR. -.PP -The \s-1ALPN\s0 select callback \fBcb\fR, must return one of the following: -.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 -.IX Item "SSL_TLSEXT_ERR_OK" -\&\s-1ALPN\s0 protocol selected. -.IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 -.IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" -There was no overlap between the client's supplied list and the server -configuration. -.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 -.IX Item "SSL_TLSEXT_ERR_NOACK" -\&\s-1ALPN\s0 protocol not selected, e.g., because no \s-1ALPN\s0 protocols are configured for -this connection. -.PP -The callback set using \fBSSL_CTX_set_next_proto_select_cb()\fR should return -\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if successful. Any other value is fatal to the connection. -.PP -The callback set using \fBSSL_CTX_set_next_protos_advertised_cb()\fR should return -\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it wishes to advertise. Otherwise, no such extension -will be included in the ServerHello. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), -\&\fBSSL_CTX_set_tlsext_servername_arg\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 deleted file mode 100644 index b2cee6af31bb..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_cb.3 +++ /dev/null @@ -1,213 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_CERT_CB 3" -.TH SSL_CTX_SET_CERT_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), -\& void *arg); -\& void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); -\& -\& int (*cert_cb)(SSL *ssl, void *arg); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR sets the \fBcert_cb()\fR callback, -\&\fBarg\fR value is pointer which is passed to the application callback. -.PP -When \fBcert_cb()\fR is \s-1NULL,\s0 no callback function is used. -.PP -\&\fBcert_cb()\fR is the application defined callback. It is called before a -certificate will be used by a client or server. The callback can then inspect -the passed \fBssl\fR structure and set or clear any appropriate certificates. If -the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have -been set. A zero is returned on error which will abort the handshake with a -fatal internal error alert. A negative return value will suspend the handshake -and the handshake function will return immediately. -\&\fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to -indicate, that the handshake was suspended. The next call to the handshake -function will again lead to the call of \fBcert_cb()\fR. It is the job of the -\&\fBcert_cb()\fR to store information about the state of the last call, -if required to continue. -.SH "NOTES" -.IX Header "NOTES" -An application will typically call \fBSSL_use_certificate()\fR and -\&\fBSSL_use_PrivateKey()\fR to set the end entity certificate and private key. -It can add intermediate and optionally the root \s-1CA\s0 certificates using -\&\fBSSL_add1_chain_cert()\fR. -.PP -It might also call \fBSSL_certs_clear()\fR to delete any certificates associated -with the \fB\s-1SSL\s0\fR object. -.PP -The certificate callback functionality supersedes the (largely broken) -functionality provided by the old client certificate callback interface. -It is \fBalways\fR called even is a certificate is already set so the callback -can modify or delete the existing certificate. -.PP -A more advanced callback might examine the handshake parameters and set -whatever chain is appropriate. For example a legacy client supporting only -TLSv1.0 might receive a certificate chain signed using \s-1SHA1\s0 whereas a -TLSv1.2 or later client which advertises support for \s-1SHA256\s0 could receive a -chain using \s-1SHA256.\s0 -.PP -Normal server sanity checks are performed on any certificates set -by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not -support it will \fBnot\fR be used. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR do not return values. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_use_certificate\fR\|(3), -\&\fBSSL_add1_chain_cert\fR\|(3), -\&\fBSSL_get_client_CA_list\fR\|(3), -\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 deleted file mode 100644 index 50afa6b0a815..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 +++ /dev/null @@ -1,219 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_CERT_STORE 3" -.TH SSL_CTX_SET_CERT_STORE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); -\& void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); -\& X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage -of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently -set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. -.PP -\&\fBSSL_CTX_set1_cert_store()\fR sets/replaces the certificate verification storage -of \fBctx\fR to/with \fBstore\fR. The \fBstore\fR's reference count is incremented. -If another X509_STORE object is currently set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. -.PP -\&\fBSSL_CTX_get_cert_store()\fR returns a pointer to the current certificate -verification storage. -.SH "NOTES" -.IX Header "NOTES" -In order to verify the certificates presented by the peer, trusted \s-1CA\s0 -certificates must be accessed. These \s-1CA\s0 certificates are made available -via lookup methods, handled inside the X509_STORE. From the X509_STORE -the X509_STORE_CTX used when verifying certificates is created. -.PP -Typically the trusted certificate store is handled indirectly via using -\&\fBSSL_CTX_load_verify_locations\fR\|(3). -Using the \fBSSL_CTX_set_cert_store()\fR and \fBSSL_CTX_get_cert_store()\fR functions -it is possible to manipulate the X509_STORE object beyond the -\&\fBSSL_CTX_load_verify_locations\fR\|(3) -call. -.PP -Currently no detailed documentation on how to use the X509_STORE -object is available. Not all members of the X509_STORE are used when -the verification takes place. So will e.g. the \fBverify_callback()\fR be -overridden with the \fBverify_callback()\fR set via the -\&\fBSSL_CTX_set_verify\fR\|(3) family of functions. -This document must therefore be updated when documentation about the -X509_STORE object and its handling becomes available. -.PP -\&\fBSSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR's reference -count, so it should not be used to assign an X509_STORE that is owned -by another \s-1SSL_CTX.\s0 -.PP -To share X509_STOREs between two SSL_CTXs, use \fBSSL_CTX_get_cert_store()\fR -to get the X509_STORE from the first \s-1SSL_CTX,\s0 and then use -\&\fBSSL_CTX_set1_cert_store()\fR to assign to the second \s-1SSL_CTX\s0 and -increment the reference count of the X509_STORE. -.SH "RESTRICTIONS" -.IX Header "RESTRICTIONS" -The X509_STORE structure used by an \s-1SSL_CTX\s0 is used for verifying peer -certificates and building certificate chains, it is also shared by -every child \s-1SSL\s0 structure. Applications wanting finer control can use -functions such as \fBSSL_CTX_set1_verify_cert_store()\fR instead. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_cert_store()\fR does not return diagnostic output. -.PP -\&\fBSSL_CTX_set1_cert_store()\fR does not return diagnostic output. -.PP -\&\fBSSL_CTX_get_cert_store()\fR returns the current setting. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_load_verify_locations\fR\|(3), -\&\fBSSL_CTX_set_verify\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 deleted file mode 100644 index 79339b0eb09b..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 +++ /dev/null @@ -1,209 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3" -.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, -\& int (*callback)(X509_STORE_CTX *, void *), -\& void *arg); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for -\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at -the time when \fBSSL_new\fR\|(3) is called. -.SH "NOTES" -.IX Header "NOTES" -Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification -function is called. If the application does not explicitly specify a -verification callback function, the built-in verification function is used. -If a verification callback \fIcallback\fR is specified via -\&\fBSSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called -instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored. -.PP -When the verification must be performed, \fIcallback\fR will be called with -the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The -argument \fIarg\fR is specified by the application when setting \fIcallback\fR. -.PP -\&\fIcallback\fR should return 1 to indicate verification success and 0 to -indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR -returns 0, the handshake will fail. As the verification procedure may -allow the connection to continue in the case of failure (by always -returning 1) the verification result must be set in any case using the -\&\fBerror\fR member of \fIx509_store_ctx\fR so that the calling application -will be informed about the detailed result of the verification procedure! -.PP -Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR -function set using \fBSSL_CTX_set_verify\fR\|(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_cert_verify_callback()\fR does not return a value. -.SH "WARNINGS" -.IX Header "WARNINGS" -Do not mix the verification callback described in this function with the -\&\fBverify_callback\fR function called during the verification process. The -latter is set using the \fBSSL_CTX_set_verify\fR\|(3) -family of functions. -.PP -Providing a complete verification procedure including certificate purpose -settings etc is a complex task. The built-in procedure is quite powerful -and in most cases it should be sufficient to modify its behaviour using -the \fBverify_callback\fR function. -.SH "BUGS" -.IX Header "BUGS" -\&\fBSSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3), -\&\fBSSL_get_verify_result\fR\|(3), -\&\fBSSL_CTX_load_verify_locations\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 deleted file mode 100644 index 8d43da2e06fb..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 +++ /dev/null @@ -1,237 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_CIPHER_LIST 3" -.TH SSL_CTX_SET_CIPHER_LIST 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_ciphersuites \&\- choose list of available SSL_CIPHERs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); -\& int SSL_set_cipher_list(SSL *ssl, const char *str); -\& -\& int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); -\& int SSL_set_ciphersuites(SSL *s, const char *str); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below) -for \fBctx\fR using the control string \fBstr\fR. The format of the string is described -in \fBciphers\fR\|(1). The list of ciphers is inherited by all -\&\fBssl\fR objects created from \fBctx\fR. This function does not impact TLSv1.3 -ciphersuites. Use \fBSSL_CTX_set_ciphersuites()\fR to configure those. -.PP -\&\fBSSL_set_cipher_list()\fR sets the list of ciphers (TLSv1.2 and below) only for -\&\fBssl\fR. -.PP -\&\fBSSL_CTX_set_ciphersuites()\fR is used to configure the available TLSv1.3 -ciphersuites for \fBctx\fR. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 -ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are: -.IP "\s-1TLS_AES_128_GCM_SHA256\s0" 4 -.IX Item "TLS_AES_128_GCM_SHA256" -.PD 0 -.IP "\s-1TLS_AES_256_GCM_SHA384\s0" 4 -.IX Item "TLS_AES_256_GCM_SHA384" -.IP "\s-1TLS_CHACHA20_POLY1305_SHA256\s0" 4 -.IX Item "TLS_CHACHA20_POLY1305_SHA256" -.IP "\s-1TLS_AES_128_CCM_SHA256\s0" 4 -.IX Item "TLS_AES_128_CCM_SHA256" -.IP "\s-1TLS_AES_128_CCM_8_SHA256\s0" 4 -.IX Item "TLS_AES_128_CCM_8_SHA256" -.PD -.PP -An empty list is permissible. The default value for the this setting is: -.PP -\&\*(L"\s-1TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\*(R"\s0 -.PP -\&\fBSSL_set_ciphersuites()\fR is the same as \fBSSL_CTX_set_ciphersuites()\fR except it -configures the ciphersuites for \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -The control string \fBstr\fR for \fBSSL_CTX_set_cipher_list()\fR and -\&\fBSSL_set_cipher_list()\fR should be universally usable and not depend -on details of the library configuration (ciphers compiled in). Thus no -syntax checking takes place. Items that are not recognized, because the -corresponding ciphers are not compiled in or because they are mistyped, -are simply ignored. Failure is only flagged if no ciphers could be collected -at all. -.PP -It should be noted, that inclusion of a cipher to be used into the list is -a necessary condition. On the client side, the inclusion into the list is -also sufficient unless the security level excludes it. On the server side, -additional restrictions apply. All ciphers have additional requirements. -\&\s-1ADH\s0 ciphers don't need a certificate, but DH-parameters must have been set. -All other ciphers need a corresponding certificate and key. -.PP -A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. -\&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters -(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). -.PP -A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. -\&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters -(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). -.PP -When these conditions are not met for any cipher in the list (e.g. a -client only supports export \s-1RSA\s0 ciphers with an asymmetric key length -of 512 bits and the server is not configured to use temporary \s-1RSA\s0 -keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated -and the handshake will fail. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_cipher_list()\fR and \fBSSL_set_cipher_list()\fR return 1 if any cipher -could be selected and 0 on complete failure. -.PP -\&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR return 1 if the requested -ciphersuite list was configured, and 0 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_get_ciphers\fR\|(3), -\&\fBSSL_CTX_use_certificate\fR\|(3), -\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), -\&\fBciphers\fR\|(1) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 deleted file mode 100644 index a91cc5e9af9d..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 +++ /dev/null @@ -1,241 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3" -.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, -\& int (*client_cert_cb)(SSL *ssl, X509 **x509, -\& EVP_PKEY **pkey)); -\& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, -\& EVP_PKEY **pkey); -\& int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_client_cert_cb()\fR sets the \fBclient_cert_cb()\fR callback, that is -called when a client certificate is requested by a server and no certificate -was yet set for the \s-1SSL\s0 object. -.PP -When \fBclient_cert_cb()\fR is \s-1NULL,\s0 no callback function is used. -.PP -\&\fBSSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback -function. -.PP -\&\fBclient_cert_cb()\fR is the application defined callback. If it wants to -set a certificate, a certificate/private key combination must be set -using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The -certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. -If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate -will be sent. A negative return value will suspend the handshake and the -handshake function will return immediately. \fBSSL_get_error\fR\|(3) -will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was -suspended. The next call to the handshake function will again lead to the call -of \fBclient_cert_cb()\fR. It is the job of the \fBclient_cert_cb()\fR to store information -about the state of the last call, if required to continue. -.SH "NOTES" -.IX Header "NOTES" -During a handshake (or renegotiation) a server may request a certificate -from the client. A client certificate must only be sent, when the server -did send the request. -.PP -When a certificate was set using the -\&\fBSSL_CTX_use_certificate\fR\|(3) family of functions, -it will be sent to the server. The \s-1TLS\s0 standard requires that only a -certificate is sent, if it matches the list of acceptable CAs sent by the -server. This constraint is violated by the default behavior of the OpenSSL -library. Using the callback function it is possible to implement a proper -selection routine or to allow a user interaction to choose the certificate to -be sent. -.PP -If a callback function is defined and no certificate was yet defined for the -\&\s-1SSL\s0 object, the callback function will be called. -If the callback function returns a certificate, the OpenSSL library -will try to load the private key and certificate data into the \s-1SSL\s0 -object using the \fBSSL_use_certificate()\fR and \fBSSL_use_private_key()\fR functions. -Thus it will permanently install the certificate and key for this \s-1SSL\s0 -object. It will not be reset by calling \fBSSL_clear\fR\|(3). -If the callback returns no certificate, the OpenSSL library will not send -a certificate. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_get_client_cert_cb()\fR returns function pointer of \fBclient_cert_cb()\fR or -\&\s-1NULL\s0 if the callback is not set. -.SH "BUGS" -.IX Header "BUGS" -The \fBclient_cert_cb()\fR cannot return a complete certificate chain, it can -only return one client certificate. If the chain only has a length of 2, -the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and -thus a standard conforming answer can be sent to the server. For a -longer chain, the client must send the complete chain (with the option -to leave out the root \s-1CA\s0 certificate). This can only be accomplished by -either adding the intermediate \s-1CA\s0 certificates into the trusted -certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add -\&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding -the chain certificates using the -\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) -function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that -therefore probably can only apply for one client certificate, making -the concept of the callback function (to allow the choice from several -certificates) questionable. -.PP -Once the \s-1SSL\s0 object has been used in conjunction with the callback function, -the certificate will be set for the \s-1SSL\s0 object and will not be cleared -even when \fBSSL_clear\fR\|(3) is being called. It is therefore -mandatory to destroy the \s-1SSL\s0 object using \fBSSL_free\fR\|(3) -and create a new one to return to the previous state. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_CTX_use_certificate\fR\|(3), -\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), -\&\fBSSL_get_client_CA_list\fR\|(3), -\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 deleted file mode 100644 index 1a2b18a81c7c..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_hello_cb.3 +++ /dev/null @@ -1,262 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3" -.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext \- callback functions for early server\-side ClientHello processing -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 10 -\& typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg); -\& void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f, -\& void *arg); -\& int SSL_client_hello_isv2(SSL *s); -\& unsigned int SSL_client_hello_get0_legacy_version(SSL *s); -\& size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); -\& size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); -\& size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); -\& size_t SSL_client_hello_get0_compression_methods(SSL *s, -\& const unsigned char **out); -\& int SSL_client_hello_get1_extensions_present(SSL *s, int **out, -\& size_t *outlen); -\& int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out, -\& size_t *outlen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically -called during the early stages of ClientHello processing on the server. -The argument supplied when setting the callback is passed back to the -callback at runtime. A callback that returns failure (0) will cause the -connection to terminate, and callbacks returning failure should indicate -what alert value is to be sent in the \fBal\fR parameter. A callback may -also return a negative value to suspend the handshake, and the handshake -function will return immediately. \fBSSL_get_error\fR\|(3) will return -\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 to indicate that the handshake was suspended. -It is the job of the ClientHello callback to store information about the state -of the last call if needed to continue. On the next call into the handshake -function, the ClientHello callback will be called again, and, if it returns -success, normal handshake processing will continue from that point. -.PP -\&\fBSSL_client_hello_isv2()\fR indicates whether the ClientHello was carried in a -SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial -differences from the normal SSLv3 format, including using three bytes per -cipher suite, and not allowing extensions. Additionally, the SSLv2 format -\&'challenge' field is exposed via \fBSSL_client_hello_get0_random()\fR, padded to -\&\s-1SSL3_RANDOM_SIZE\s0 bytes with zeros if needed. For SSLv2 format ClientHellos, -\&\fBSSL_client_hello_get0_compression_methods()\fR returns a dummy list that only includes -the null compression method, since the SSLv2 format does not include a -mechanism by which to negotiate compression. -.PP -\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, -\&\fBSSL_client_hello_get0_ciphers()\fR, and -\&\fBSSL_client_hello_get0_compression_methods()\fR provide access to the corresponding -ClientHello fields, returning the field length and optionally setting an out -pointer to the octets of that field. -.PP -Similarly, \fBSSL_client_hello_get0_ext()\fR provides access to individual extensions -from the ClientHello on a per-extension basis. For the provided wire -protocol extension type value, the extension value and length are returned -in the output parameters (if present). -.PP -\&\fBSSL_client_hello_get1_extensions_present()\fR can be used prior to -\&\fBSSL_client_hello_get0_ext()\fR, to determine which extensions are present in the -ClientHello before querying for them. The \fBout\fR and \fBoutlen\fR parameters are -both required, and on success the caller must release the storage allocated for -\&\fB*out\fR using \fBOPENSSL_free()\fR. The contents of \fB*out\fR is an array of integers -holding the numerical value of the \s-1TLS\s0 extension types in the order they appear -in the ClientHello. \fB*outlen\fR contains the number of elements in the array. -In situations when the ClientHello has no extensions, the function will return -success with \fB*out\fR set to \s-1NULL\s0 and \fB*outlen\fR set to 0. -.SH "NOTES" -.IX Header "NOTES" -The ClientHello callback provides a vast window of possibilities for application -code to affect the \s-1TLS\s0 handshake. A primary use of the callback is to -allow the server to examine the server name indication extension provided -by the client in order to select an appropriate certificate to present, -and make other configuration adjustments relevant to that server name -and its configuration. Such configuration changes can include swapping out -the associated \s-1SSL_CTX\s0 pointer, modifying the server's list of permitted \s-1TLS\s0 -versions, changing the server's cipher list in response to the client's -cipher list, etc. -.PP -It is also recommended that applications utilize a ClientHello callback and -not use a servername callback, in order to avoid unexpected behavior that -occurs due to the relative order of processing between things like session -resumption and the historical servername callback. -.PP -The SSL_client_hello_* family of functions may only be called from code executing -within a ClientHello callback. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The application's supplied ClientHello callback returns -\&\s-1SSL_CLIENT_HELLO_SUCCESS\s0 on success, \s-1SSL_CLIENT_HELLO_ERROR\s0 on failure, and -\&\s-1SSL_CLIENT_HELLO_RETRY\s0 to suspend processing. -.PP -\&\fBSSL_client_hello_isv2()\fR returns 1 for SSLv2\-format ClientHellos and 0 otherwise. -.PP -\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, -\&\fBSSL_client_hello_get0_ciphers()\fR, and -\&\fBSSL_client_hello_get0_compression_methods()\fR return the length of the -corresponding ClientHello fields. If zero is returned, the output pointer -should not be assumed to be valid. -.PP -\&\fBSSL_client_hello_get0_ext()\fR returns 1 if the extension of type 'type' is present, and -0 otherwise. -.PP -\&\fBSSL_client_hello_get1_extensions_present()\fR returns 1 on success and 0 on failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), -SSL_bytes_to_cipher_list -.SH "HISTORY" -.IX Header "HISTORY" -The \s-1SSL\s0 ClientHello callback, \fBSSL_client_hello_isv2()\fR, -\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, -\&\fBSSL_client_hello_get0_ciphers()\fR, \fBSSL_client_hello_get0_compression_methods()\fR, -\&\fBSSL_client_hello_get0_ext()\fR, and \fBSSL_client_hello_get1_extensions_present()\fR -were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 deleted file mode 100644 index e0fdf43e2cd3..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 +++ /dev/null @@ -1,271 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3" -.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -ssl_ct_validation_cb, SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, SSL_ct_is_enabled, SSL_CTX_ct_is_enabled \- control Certificate Transparency policy -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, -\& const STACK_OF(SCT) *scts, void *arg); -\& -\& int SSL_enable_ct(SSL *s, int validation_mode); -\& int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); -\& int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, -\& void *arg); -\& int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, -\& ssl_ct_validation_cb callback, -\& void *arg); -\& void SSL_disable_ct(SSL *s); -\& void SSL_CTX_disable_ct(SSL_CTX *ctx); -\& int SSL_ct_is_enabled(const SSL *s); -\& int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_enable_ct()\fR and \fBSSL_CTX_enable_ct()\fR enable the processing of signed -certificate timestamps (SCTs) either for a given \s-1SSL\s0 connection or for all -connections that share the given \s-1SSL\s0 context, respectively. -This is accomplished by setting a built-in \s-1CT\s0 validation callback. -The behaviour of the callback is determined by the \fBvalidation_mode\fR argument, -which can be either of \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR or -\&\fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR as described below. -.PP -If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR, then in a full -\&\s-1TLS\s0 handshake with the verification mode set to \fB\s-1SSL_VERIFY_PEER\s0\fR, if the peer -presents no valid SCTs the handshake will be aborted. -If the verification mode is \fB\s-1SSL_VERIFY_NONE\s0\fR, the handshake will continue -despite lack of valid SCTs. -However, in that case if the verification status before the built-in callback -was \fBX509_V_OK\fR it will be set to \fBX509_V_ERR_NO_VALID_SCTS\fR after the -callback. -Applications can call \fBSSL_get_verify_result\fR\|(3) to check the status at -handshake completion, even after session resumption since the verification -status is part of the saved session state. -See \fBSSL_set_verify\fR\|(3), <\fBSSL_get_verify_result\fR\|(3)>, \fBSSL_session_reused\fR\|(3). -.PP -If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR, then the -handshake continues, and the verification status is not modified, regardless of -the validation status of any SCTs. -The application can still inspect the validation status of the SCTs at -handshake completion. -Note that with session resumption there will not be any SCTs presented during -the handshake. -Therefore, in applications that delay \s-1SCT\s0 policy enforcement until after -handshake completion, such delayed \s-1SCT\s0 checks should only be performed when the -session is not resumed. -.PP -\&\fBSSL_set_ct_validation_callback()\fR and \fBSSL_CTX_set_ct_validation_callback()\fR -register a custom callback that may implement a different policy than either of -the above. -This callback can examine the peer's SCTs and determine whether they are -sufficient to allow the connection to continue. -The \s-1TLS\s0 handshake is aborted if the verification mode is not \fB\s-1SSL_VERIFY_NONE\s0\fR -and the callback returns a non-positive result. -.PP -An arbitrary callback context argument, \fBarg\fR, can be passed in when setting -the callback. -This will be passed to the callback whenever it is invoked. -Ownership of this context remains with the caller. -.PP -If no callback is set, SCTs will not be requested and Certificate Transparency -validation will not occur. -.PP -No callback will be invoked when the peer presents no certificate, e.g. by -employing an anonymous (aNULL) cipher suite. -In that case the handshake continues as it would had no callback been -requested. -Callbacks are also not invoked when the peer certificate chain is invalid or -validated via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509 -\&\s-1PKI,\s0 or no X.509 \s-1PKI\s0 at all, respectively. -Clients that require SCTs are expected to not have enabled any aNULL ciphers -nor to have specified server verification via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 -records. -.PP -\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether -enabled via the built-in or the custom callbacks, by setting a \s-1NULL\s0 callback. -These may be implemented as macros. -.PP -\&\fBSSL_ct_is_enabled()\fR and \fBSSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is -enabled via either \fBSSL_enable_ct()\fR or a non-null custom callback, and 0 -otherwise. -.SH "NOTES" -.IX Header "NOTES" -When \s-1SCT\s0 processing is enabled, \s-1OCSP\s0 stapling will be enabled. This is because -one possible source of SCTs is the \s-1OCSP\s0 response from a server. -.PP -The time returned by \fBSSL_SESSION_get_time()\fR will be used to evaluate whether any -presented SCTs have timestamps that are in the future (and therefore invalid). -.SH "RESTRICTIONS" -.IX Header "RESTRICTIONS" -Certificate Transparency validation cannot be enabled and so a callback cannot -be set if a custom client extension handler has been registered to handle \s-1SCT\s0 -extensions (\fBTLSEXT_TYPE_signed_certificate_timestamp\fR). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_enable_ct()\fR, \fBSSL_CTX_enable_ct()\fR, \fBSSL_CTX_set_ct_validation_callback()\fR and -\&\fBSSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully -set. -They return 0 if an error occurs, e.g. a custom client extension handler has -been setup to handle SCTs. -.PP -\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR do not return a result. -.PP -\&\fBSSL_CTX_ct_is_enabled()\fR and \fBSSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0 -validation callback is set, or 0 if no callback (or equivalently a \s-1NULL\s0 -callback) is set. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -<\fBSSL_get_verify_result\fR\|(3)>, -\&\fBSSL_session_reused\fR\|(3), -\&\fBSSL_set_verify\fR\|(3), -\&\fBSSL_CTX_set_verify\fR\|(3), -\&\fBSSL_SESSION_get_time\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 deleted file mode 100644 index 3bdd74ecebc0..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ctlog_list_file.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3" -.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file \- load a Certificate Transparency log list from a file -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); -\& int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_default_ctlog_list_file()\fR loads a list of Certificate Transparency -(\s-1CT\s0) logs from the default file location, \*(L"ct_log_list.cnf\*(R", found in the -directory where OpenSSL is installed. -.PP -\&\fBSSL_CTX_set_ctlog_list_file()\fR loads a list of \s-1CT\s0 logs from a specific path. -See \fBCTLOG_STORE_new\fR\|(3) for the file format. -.SH "NOTES" -.IX Header "NOTES" -These functions will not clear the existing \s-1CT\s0 log list \- it will be appended -to. To replace the existing list, use SSL_CTX_set0_ctlog_store first. -.PP -If an error occurs whilst parsing a particular log entry in the file, that log -entry will be skipped. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_default_ctlog_list_file()\fR and \fBSSL_CTX_set_ctlog_list_file()\fR -return 1 if the log list is successfully loaded, and 0 if an error occurs. In -the case of an error, the log list may have been partially loaded. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3), -\&\fBCTLOG_STORE_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 deleted file mode 100644 index 3485cdb6edc1..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 +++ /dev/null @@ -1,240 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3" -.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata \- set or get passwd callback for encrypted PEM file handling -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); -\& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); -\& pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); -\& void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); -\& -\& void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); -\& void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); -\& pem_password_cb *SSL_get_default_passwd_cb(SSL *s); -\& void *SSL_get_default_passwd_cb_userdata(SSL *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_default_passwd_cb()\fR sets the default password callback called -when loading/storing a \s-1PEM\s0 certificate with encryption. -.PP -\&\fBSSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to userdata, \fBu\fR, -which will be provided to the password callback on invocation. -.PP -\&\fBSSL_CTX_get_default_passwd_cb()\fR returns a function pointer to the password -callback currently set in \fBctx\fR. If no callback was explicitly set, the -\&\s-1NULL\s0 pointer is returned. -.PP -\&\fBSSL_CTX_get_default_passwd_cb_userdata()\fR returns a pointer to the userdata -currently set in \fBctx\fR. If no userdata was explicitly set, the \s-1NULL\s0 pointer -is returned. -.PP -\&\fBSSL_set_default_passwd_cb()\fR, \fBSSL_set_default_passwd_cb_userdata()\fR, -\&\fBSSL_get_default_passwd_cb()\fR and \fBSSL_get_default_passwd_cb_userdata()\fR perform -the same function as their \s-1SSL_CTX\s0 counterparts, but using an \s-1SSL\s0 object. -.PP -The password callback, which must be provided by the application, hands back the -password to be used during decryption. -On invocation a pointer to userdata -is provided. The function must store the password into the provided buffer -\&\fBbuf\fR which is of size \fBsize\fR. The actual length of the password must -be returned to the calling function. \fBrwflag\fR indicates whether the -callback is used for reading/decryption (rwflag=0) or writing/encryption -(rwflag=1). -For more details, see \fBpem_password_cb\fR\|(3). -.SH "NOTES" -.IX Header "NOTES" -When loading or storing private keys, a password might be supplied to -protect the private key. The way this password can be supplied may depend -on the application. If only one private key is handled, it can be practical -to have the callback handle the password dialog interactively. If several -keys have to be handled, it can be practical to ask for the password once, -then keep it in memory and use it several times. In the last case, the -password could be stored into the userdata storage and the -callback only returns the password already stored. -.PP -When asking for the password interactively, the callback can use -\&\fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1). -In this case the password dialog may ask for the same password twice -for comparison in order to catch typos, that would make decryption -impossible. -.PP -Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is -however not usual, as certificate information is considered public. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions do not provide diagnostic information. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -The following example returns the password provided as userdata to the -calling function. The password is considered to be a '\e0' terminated -string. If the password does not fit into the buffer, the password is -truncated. -.PP -.Vb 6 -\& int my_cb(char *buf, int size, int rwflag, void *u) -\& { -\& strncpy(buf, (char *)u, size); -\& buf[size \- 1] = \*(Aq\e0\*(Aq; -\& return strlen(buf); -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_use_certificate\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBSSL_CTX_get_default_passwd_cb()\fR, \fBSSL_CTX_get_default_passwd_cb_userdata()\fR, -\&\fBSSL_set_default_passwd_cb()\fR and \fBSSL_set_default_passwd_cb_userdata()\fR were -added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 deleted file mode 100644 index 5985e6665802..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ex_data.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_EX_DATA 3" -.TH SSL_CTX_SET_EX_DATA 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_get_ex_data, SSL_CTX_set_ex_data, SSL_get_ex_data, SSL_set_ex_data \&\- Store and retrieve extra data from the SSL_CTX, SSL or SSL_SESSION -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx); -\& -\& int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg); -\& -\& void *SSL_get_ex_data(const SSL *s, int idx); -\& -\& int SSL_set_ex_data(SSL *s, int idx, void *arg); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -SSL*\fB_set_ex_data()\fR functions can be used to store arbitrary user data into the -\&\fB\s-1SSL_CTX\s0\fR, or \fB\s-1SSL\s0\fR object. The user must supply a unique index -which they can subsequently use to retrieve the data using SSL*\fB_get_ex_data()\fR. -.PP -For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and -\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and -\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The SSL*\fB_set_ex_data()\fR functions return 1 if the item is successfully stored -and 0 if it is not. -The SSL*\fB_get_ex_data()\fR functions return the ex_data pointer if successful, -otherwise \s-1NULL.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBCRYPTO_get_ex_data\fR\|(3), \fBCRYPTO_set_ex_data\fR\|(3), -\&\fBCRYPTO_get_ex_new_index\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 deleted file mode 100644 index f8396c00f5cb..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_generate_session_id.3 +++ /dev/null @@ -1,267 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3" -.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id, GEN_SESSION_CB \&\- manipulate generation of SSL session IDs (server only) -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id, -\& unsigned int *id_len); -\& -\& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); -\& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); -\& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, -\& unsigned int id_len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_generate_session_id()\fR sets the callback function for generating -new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. -.PP -\&\fBSSL_set_generate_session_id()\fR sets the callback function for generating -new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. -.PP -\&\fBSSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR -(of length \fBid_len\fR) is already contained in the internal session cache -of the parent context of \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -When a new session is established between client and server, the server -generates a session id. The session id is an arbitrary sequence of bytes. -The length of the session id is between 1 and 32 bytes. The session id is not -security critical but must be unique for the server. Additionally, the session id is -transmitted in the clear when reusing the session so it must not contain -sensitive information. -.PP -Without a callback being set, an OpenSSL server will generate a unique -session id from pseudo random numbers of the maximum possible length. -Using the callback function, the session id can be changed to contain -additional information like e.g. a host id in order to improve load balancing -or external caching techniques. -.PP -The callback function receives a pointer to the memory location to put -\&\fBid\fR into and a pointer to the maximum allowed length \fBid_len\fR. The -buffer at location \fBid\fR is only guaranteed to have the size \fBid_len\fR. -The callback is only allowed to generate a shorter id and reduce \fBid_len\fR; -the callback \fBmust never\fR increase \fBid_len\fR or write to the location -\&\fBid\fR exceeding the given limit. -.PP -The location \fBid\fR is filled with 0x00 before the callback is called, so the -callback may only fill part of the possible length and leave \fBid_len\fR -untouched while maintaining reproducibility. -.PP -Since the sessions must be distinguished, session ids must be unique. -Without the callback a random number is used, so that the probability -of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). -In order to assure the uniqueness of the generated session id, the callback must call -\&\fBSSL_has_matching_session_id()\fR and generate another id if a conflict occurs. -If an id conflict is not resolved, the handshake will fail. -If the application codes e.g. a unique host id, a unique process number, and -a unique sequence number into the session id, uniqueness could easily be -achieved without randomness added (it should however be taken care that -no confidential information is leaked this way). If the application can not -guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and -fill in the bytes not used to code special information with random data -to avoid collisions. -.PP -\&\fBSSL_has_matching_session_id()\fR will only query the internal session cache, -not the external one. Since the session id is generated before the -handshake is completed, it is not immediately added to the cache. If -another thread is using the same internal session cache, a race condition -can occur in that another thread generates the same session id. -Collisions can also occur when using an external session cache, since -the external cache is not tested with \fBSSL_has_matching_session_id()\fR -and the same race condition applies. -.PP -The callback must return 0 if it cannot generate a session id for whatever -reason and return 1 on success. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_generate_session_id()\fR and \fBSSL_set_generate_session_id()\fR -always return 1. -.PP -\&\fBSSL_has_matching_session_id()\fR returns 1 if another session with the -same id is already in the cache. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -The callback function listed will generate a session id with the -server id given, and will fill the rest with pseudo random bytes: -.PP -.Vb 1 -\& const char session_id_prefix = "www\-18"; -\& -\& #define MAX_SESSION_ID_ATTEMPTS 10 -\& static int generate_session_id(SSL *ssl, unsigned char *id, -\& unsigned int *id_len) -\& { -\& unsigned int count = 0; -\& -\& do { -\& RAND_pseudo_bytes(id, *id_len); -\& /* -\& * Prefix the session_id with the required prefix. NB: If our -\& * prefix is too long, clip it \- but there will be worse effects -\& * anyway, eg. the server could only possibly create 1 session -\& * ID (ie. the prefix!) so all future session negotiations will -\& * fail due to conflicts. -\& */ -\& memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? -\& strlen(session_id_prefix) : *id_len); -\& } while (SSL_has_matching_session_id(ssl, id, *id_len) -\& && ++count < MAX_SESSION_ID_ATTEMPTS); -\& if (count >= MAX_SESSION_ID_ATTEMPTS) -\& return 0; -\& return 1; -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_get_version\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 deleted file mode 100644 index e435ea52e379..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 +++ /dev/null @@ -1,285 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_INFO_CALLBACK 3" -.TH SSL_CTX_SET_INFO_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \&\- handle information callback for SSL connections -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); -\& void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); -\& -\& void SSL_set_info_callback(SSL *ssl, void (*callback)()); -\& void (*SSL_get_info_callback(const SSL *ssl))(); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to -obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection -setup and use. The setting for \fBctx\fR is overridden from the setting for -a specific \s-1SSL\s0 object, if specified. -When \fBcallback\fR is \s-1NULL,\s0 no callback function is used. -.PP -\&\fBSSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to -obtain state information for \fBssl\fR during connection setup and use. -When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for -\&\fBctx\fR is used. -.PP -\&\fBSSL_CTX_get_info_callback()\fR returns a pointer to the currently set information -callback function for \fBctx\fR. -.PP -\&\fBSSL_get_info_callback()\fR returns a pointer to the currently set information -callback function for \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -When setting up a connection and during use, it is possible to obtain state -information from the \s-1SSL/TLS\s0 engine. When set, an information callback function -is called whenever a significant event occurs such as: the state changes, -an alert appears, or an error occurs. -.PP -The callback function is called as \fBcallback(\s-1SSL\s0 *ssl, int where, int ret)\fR. -The \fBwhere\fR argument specifies information about where (in which context) -the callback function was called. If \fBret\fR is 0, an error condition occurred. -If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert -information. -.PP -\&\fBwhere\fR is a bitmask made up of the following bits: -.IP "\s-1SSL_CB_LOOP\s0" 4 -.IX Item "SSL_CB_LOOP" -Callback has been called to indicate state change or some other significant -state machine event. This may mean that the callback gets invoked more than once -per state in some situations. -.IP "\s-1SSL_CB_EXIT\s0" 4 -.IX Item "SSL_CB_EXIT" -Callback has been called to indicate exit of a handshake function. This will -happen after the end of a handshake, but may happen at other times too such as -on error or when \s-1IO\s0 might otherwise block and non-blocking is being used. -.IP "\s-1SSL_CB_READ\s0" 4 -.IX Item "SSL_CB_READ" -Callback has been called during read operation. -.IP "\s-1SSL_CB_WRITE\s0" 4 -.IX Item "SSL_CB_WRITE" -Callback has been called during write operation. -.IP "\s-1SSL_CB_ALERT\s0" 4 -.IX Item "SSL_CB_ALERT" -Callback has been called due to an alert being sent or received. -.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 -.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" -.PD 0 -.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 -.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" -.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 -.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" -.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 -.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" -.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 -.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" -.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 -.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" -.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 -.IX Item "SSL_CB_HANDSHAKE_START" -.PD -Callback has been called because a new handshake is started. It also occurs when -resuming a handshake following a pause to handle early data. -.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0" 4 -.IX Item "SSL_CB_HANDSHAKE_DONE" -Callback has been called because a handshake is finished. It also occurs if the -handshake is paused to allow the exchange of early data. -.PP -The current state information can be obtained using the -\&\fBSSL_state_string\fR\|(3) family of functions. -.PP -The \fBret\fR information can be evaluated using the -\&\fBSSL_alert_type_string\fR\|(3) family of functions. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_set_info_callback()\fR does not provide diagnostic information. -.PP -\&\fBSSL_get_info_callback()\fR returns the current setting. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -The following example callback function prints state strings, information -about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0 -.PP -.Vb 4 -\& void apps_ssl_info_callback(SSL *s, int where, int ret) -\& { -\& const char *str; -\& int w = where & ~SSL_ST_MASK; -\& -\& if (w & SSL_ST_CONNECT) -\& str = "SSL_connect"; -\& else if (w & SSL_ST_ACCEPT) -\& str = "SSL_accept"; -\& else -\& str = "undefined"; -\& -\& if (where & SSL_CB_LOOP) { -\& BIO_printf(bio_err, "%s:%s\en", str, SSL_state_string_long(s)); -\& } else if (where & SSL_CB_ALERT) { -\& str = (where & SSL_CB_READ) ? "read" : "write"; -\& BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str, -\& SSL_alert_type_string_long(ret), -\& SSL_alert_desc_string_long(ret)); -\& } else if (where & SSL_CB_EXIT) { -\& if (ret == 0) { -\& BIO_printf(bio_err, "%s:failed in %s\en", -\& str, SSL_state_string_long(s)); -\& } else if (ret < 0) { -\& BIO_printf(bio_err, "%s:error in %s\en", -\& str, SSL_state_string_long(s)); -\& } -\& } -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_state_string\fR\|(3), -\&\fBSSL_alert_type_string\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 deleted file mode 100644 index 1b8b17e2f61e..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_keylog_callback.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3" -.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, SSL_CTX_keylog_cb_func \- logging TLS key material -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); -\& -\& void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); -\& SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_keylog_callback()\fR sets the \s-1TLS\s0 key logging callback. This callback -is called whenever \s-1TLS\s0 key material is generated or received, in order to allow -applications to store this keying material for debugging purposes. -.PP -\&\fBSSL_CTX_get_keylog_callback()\fR retrieves the previously set \s-1TLS\s0 key logging -callback. If no callback has been set, this will return \s-1NULL.\s0 When there is no -key logging callback, or if SSL_CTX_set_keylog_callback is called with \s-1NULL\s0 as -the value of cb, no logging of key material will be done. -.PP -The key logging callback is called with two items: the \fBssl\fR object associated -with the connection, and \fBline\fR, a string containing the key material in the -format used by \s-1NSS\s0 for its \fB\s-1SSLKEYLOGFILE\s0\fR debugging output. To recreate that -file, the key logging callback should log \fBline\fR, followed by a newline. -\&\fBline\fR will always be a NULL-terminated string. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or -\&\s-1NULL\s0 if the callback is not set. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 deleted file mode 100644 index 60b97757e99c..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_max_cert_list.3 +++ /dev/null @@ -1,213 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_MAX_CERT_LIST 3" -.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list \- manipulate allowed size for the peer's certificate chain -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size); -\& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx); -\& -\& long SSL_set_max_cert_list(SSL *ssl, long size); -\& long SSL_get_max_cert_list(SSL *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's -certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be bytes. -The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time -\&\fBSSL_new\fR\|(3) is being called. -.PP -\&\fBSSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. -.PP -\&\fBSSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's -certificate chain for \fBssl\fR to be bytes. This setting stays valid -until a new value is set. -.PP -\&\fBSSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -During the handshake process, the peer may send a certificate chain. -The \s-1TLS/SSL\s0 standard does not give any maximum size of the certificate chain. -The OpenSSL library handles incoming data by a dynamically allocated buffer. -In order to prevent this buffer from growing without bounds due to data -received from a faulty or malicious peer, a maximum size for the certificate -chain is set. -.PP -The default value for the maximum certificate chain size is 100kB (30kB -on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate -chains (OpenSSL's default maximum chain length is 10, see -\&\fBSSL_CTX_set_verify\fR\|(3), and certificates -without special extensions have a typical size of 1\-2kB). -.PP -For special applications it can be necessary to extend the maximum certificate -chain size allowed to be sent by the peer, see e.g. the work on -\&\*(L"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\*(R" -and \*(L"\s-1TLS\s0 Delegation Protocol\*(R" at http://www.ietf.org/ and -http://www.globus.org/ . -.PP -Under normal conditions it should never be necessary to set a value smaller -than the default, as the buffer is handled dynamically and only uses the -memory actually required by the data sent by the peer. -.PP -If the maximum certificate chain size allowed is exceeded, the handshake will -fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_max_cert_list()\fR and \fBSSL_set_max_cert_list()\fR return the previously -set value. -.PP -\&\fBSSL_CTX_get_max_cert_list()\fR and \fBSSL_get_max_cert_list()\fR return the currently -set value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), -\&\fBSSL_CTX_set_verify\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 b/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 deleted file mode 100644 index 5efc3acf76dd..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_min_proto_version.3 +++ /dev/null @@ -1,199 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3" -.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version, SSL_get_min_proto_version, SSL_get_max_proto_version \- Get and set minimum and maximum supported protocol version -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); -\& int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); -\& int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); -\& int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); -\& -\& int SSL_set_min_proto_version(SSL *ssl, int version); -\& int SSL_set_max_proto_version(SSL *ssl, int version); -\& int SSL_get_min_proto_version(SSL *ssl); -\& int SSL_get_max_proto_version(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The functions get or set the minimum and maximum supported protocol versions -for the \fBctx\fR or \fBssl\fR. -This works in combination with the options set via -\&\fBSSL_CTX_set_options\fR\|(3) that also make it possible to disable -specific protocol versions. -Use these functions instead of disabling specific protocol versions. -.PP -Setting the minimum or maximum version to 0, will enable protocol -versions down to the lowest version, or up to the highest version -supported by the library, respectively. -.PP -Getters return 0 in case \fBctx\fR or \fBssl\fR have been configured to -automatically use the lowest or highest version supported by the library. -.PP -Currently supported versions are \fB\s-1SSL3_VERSION\s0\fR, \fB\s-1TLS1_VERSION\s0\fR, -\&\fB\s-1TLS1_1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR, \fB\s-1TLS1_3_VERSION\s0\fR for \s-1TLS\s0 and -\&\fB\s-1DTLS1_VERSION\s0\fR, \fB\s-1DTLS1_2_VERSION\s0\fR for \s-1DTLS.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These setter functions return 1 on success and 0 on failure. The getter -functions return the configured version or 0 for auto-configuration of -lowest or highest protocol, respectively. -.SH "NOTES" -.IX Header "NOTES" -All these functions are implemented using macros. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CONF_cmd\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The setter functions were added in OpenSSL 1.1.0. The getter functions -were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 deleted file mode 100644 index 0f0ceaeeaf25..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 +++ /dev/null @@ -1,266 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_MODE 3" -.TH SSL_CTX_SET_MODE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate SSL engine mode -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); -\& long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode); -\& long SSL_set_mode(SSL *ssl, long mode); -\& long SSL_clear_mode(SSL *ssl, long mode); -\& -\& long SSL_CTX_get_mode(SSL_CTX *ctx); -\& long SSL_get_mode(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR. -Options already set before are not cleared. -\&\fBSSL_CTX_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBctx\fR. -.PP -\&\fBSSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR. -Options already set before are not cleared. -\&\fBSSL_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBssl\fR. -.PP -\&\fBSSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. -.PP -\&\fBSSL_get_mode()\fR returns the mode set for \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -The following mode changes are available: -.IP "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 -.IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" -Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success -when just a single record has been written). This works in a similar way for -\&\fBSSL_write()\fR. When not set (the default), \fBSSL_write_ex()\fR or \fBSSL_write()\fR will only -report success once the complete chunk was written. Once \fBSSL_write_ex()\fR or -\&\fBSSL_write()\fR returns successful, \fBr\fR bytes have been written and the next call -to \fBSSL_write_ex()\fR or \fBSSL_write()\fR must only send the n\-r bytes left, imitating -the behaviour of \fBwrite()\fR. -.IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 -.IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" -Make it possible to retry \fBSSL_write_ex()\fR or \fBSSL_write()\fR with changed buffer -location (the buffer contents must stay the same). This is not the default to -avoid the misconception that non-blocking \fBSSL_write()\fR behaves like -non-blocking \fBwrite()\fR. -.IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 -.IX Item "SSL_MODE_AUTO_RETRY" -During normal operations, non-application data records might need to be sent or -received that the application is not aware of. -If a non-application data record was processed, -\&\fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) can return with a failure and indicate the -need to retry with \fB\s-1SSL_ERROR_WANT_READ\s0\fR. -If such a non-application data record was processed, the flag -\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR causes it to try to process the next record instead of -returning. -.Sp -In a non-blocking environment applications must be prepared to handle -incomplete read/write operations. -Setting \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR for a non-blocking \fB\s-1BIO\s0\fR will process -non-application data records until either no more data is available or -an application data record has been processed. -.Sp -In a blocking environment, applications are not always prepared to -deal with the functions returning intermediate reports such as retry -requests, and setting the \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR flag will cause the functions -to only return after successfully processing an application data record or a -failure. -.Sp -Turning off \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR can be useful with blocking \fB\s-1BIO\s0\fRs in case -they are used in combination with something like \fBselect()\fR or \fBpoll()\fR. -Otherwise the call to \fBSSL_read()\fR or \fBSSL_read_ex()\fR might hang when a -non-application record was sent and no application data was sent. -.IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4 -.IX Item "SSL_MODE_RELEASE_BUFFERS" -When we no longer need a read buffer or a write buffer for a given \s-1SSL,\s0 -then release the memory we were using to hold it. -Using this flag can -save around 34k per idle \s-1SSL\s0 connection. -This flag has no effect on \s-1SSL\s0 v2 connections, or on \s-1DTLS\s0 connections. -.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4 -.IX Item "SSL_MODE_SEND_FALLBACK_SCSV" -Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. -To be set only by applications that reconnect with a downgraded protocol -version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details. -.Sp -\&\s-1DO NOT ENABLE THIS\s0 if your application attempts a normal handshake. -Only use this in explicit fallback retries, following the guidance -in draft\-ietf\-tls\-downgrade\-scsv\-00. -.IP "\s-1SSL_MODE_ASYNC\s0" 4 -.IX Item "SSL_MODE_ASYNC" -Enable asynchronous processing. \s-1TLS I/O\s0 operations may indicate a retry with -\&\s-1SSL_ERROR_WANT_ASYNC\s0 with this mode set if an asynchronous capable engine is -used to perform cryptographic operations. See \fBSSL_get_error\fR\|(3). -.IP "\s-1SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG\s0" 4 -.IX Item "SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG" -Older versions of OpenSSL had a bug in the computation of the label length -used for computing the endpoint-pair shared secret. The bug was that the -terminating zero was included in the length of the label. Setting this option -enables this behaviour to allow interoperability with such broken -implementations. Please note that setting this option breaks interoperability -with correct implementations. This option only applies to \s-1DTLS\s0 over \s-1SCTP.\s0 -.PP -All modes are off by default except for \s-1SSL_MODE_AUTO_RETRY\s0 which is on by -default since 1.1.1. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bitmask -after adding \fBmode\fR. -.PP -\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bitmask. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or -\&\fBSSL_write\fR\|(3), \fBSSL_get_error\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\s-1SSL_MODE_ASYNC\s0 was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 deleted file mode 100644 index 1270177030a7..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_msg_callback.3 +++ /dev/null @@ -1,252 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_MSG_CALLBACK 3" -.TH SSL_CTX_SET_MSG_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_set_msg_callback_arg \&\- install callback for observing protocol messages -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, -\& void (*cb)(int write_p, int version, -\& int content_type, const void *buf, -\& size_t len, SSL *ssl, void *arg)); -\& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); -\& -\& void SSL_set_msg_callback(SSL *ssl, -\& void (*cb)(int write_p, int version, -\& int content_type, const void *buf, -\& size_t len, SSL *ssl, void *arg)); -\& void SSL_set_msg_callback_arg(SSL *ssl, void *arg); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_msg_callback()\fR or \fBSSL_set_msg_callback()\fR can be used to -define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 -protocol messages (such as handshake messages) that are received or -sent, as well as other events that occur during processing. -\&\fBSSL_CTX_set_msg_callback_arg()\fR and \fBSSL_set_msg_callback_arg()\fR -can be used to set argument \fIarg\fR to the callback function, which is -available for arbitrary application use. -.PP -\&\fBSSL_CTX_set_msg_callback()\fR and \fBSSL_CTX_set_msg_callback_arg()\fR specify -default settings that will be copied to new \fB\s-1SSL\s0\fR objects by -\&\fBSSL_new\fR\|(3). \fBSSL_set_msg_callback()\fR and -\&\fBSSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR -object. Using a \fB\s-1NULL\s0\fR pointer for \fIcb\fR disables the message callback. -.PP -When \fIcb\fR is called by the \s-1SSL/TLS\s0 library the function arguments have the -following meaning: -.IP "\fIwrite_p\fR" 4 -.IX Item "write_p" -This flag is \fB0\fR when a protocol message has been received and \fB1\fR -when a protocol message has been sent. -.IP "\fIversion\fR" 4 -.IX Item "version" -The protocol version according to which the protocol message is -interpreted by the library such as \fB\s-1TLS1_3_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR etc. -This is set to 0 for the \s-1SSL3_RT_HEADER\s0 pseudo content type (see \s-1NOTES\s0 below). -.IP "\fIcontent_type\fR" 4 -.IX Item "content_type" -This is one of the content type values defined in the protocol specification -(\fB\s-1SSL3_RT_CHANGE_CIPHER_SPEC\s0\fR, \fB\s-1SSL3_RT_ALERT\s0\fR, \fB\s-1SSL3_RT_HANDSHAKE\s0\fR; but never -\&\fB\s-1SSL3_RT_APPLICATION_DATA\s0\fR because the callback will only be called for protocol -messages). Alternatively it may be a \*(L"pseudo\*(R" content type. These pseudo -content types are used to signal some other event in the processing of data (see -\&\s-1NOTES\s0 below). -.IP "\fIbuf\fR, \fIlen\fR" 4 -.IX Item "buf, len" -\&\fIbuf\fR points to a buffer containing the protocol message or other data (in the -case of pseudo content types), which consists of \fIlen\fR bytes. The buffer is no -longer valid after the callback function has returned. -.IP "\fIssl\fR" 4 -.IX Item "ssl" -The \fB\s-1SSL\s0\fR object that received or sent the message. -.IP "\fIarg\fR" 4 -.IX Item "arg" -The user-defined argument optionally defined by -\&\fBSSL_CTX_set_msg_callback_arg()\fR or \fBSSL_set_msg_callback_arg()\fR. -.SH "NOTES" -.IX Header "NOTES" -Protocol messages are passed to the callback function after decryption -and fragment collection where applicable. (Thus record boundaries are -not visible.) -.PP -If processing a received protocol message results in an error, -the callback function may not be called. For example, the callback -function will never see messages that are considered too large to be -processed. -.PP -Due to automatic protocol version negotiation, \fIversion\fR is not -necessarily the protocol version used by the sender of the message: If -a \s-1TLS 1.0\s0 ClientHello message is received by an \s-1SSL 3\s0.0\-only server, -\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. -.PP -Pseudo content type values may be sent at various points during the processing -of data. The following pseudo content types are currently defined: -.IP "\fB\s-1SSL3_RT_HEADER\s0\fR" 4 -.IX Item "SSL3_RT_HEADER" -Used when a record is sent or received. The \fBbuf\fR contains the record header -bytes only. -.IP "\fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR" 4 -.IX Item "SSL3_RT_INNER_CONTENT_TYPE" -Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 -records the content type in the record header is always -\&\s-1SSL3_RT_APPLICATION_DATA.\s0 The real content type for the record is contained in -an \*(L"inner\*(R" content type. \fBbuf\fR contains the encoded \*(L"inner\*(R" content type byte. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_msg_callback()\fR, \fBSSL_CTX_set_msg_callback_arg()\fR, \fBSSL_set_msg_callback()\fR -and \fBSSL_set_msg_callback_arg()\fR do not return values. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 b/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 deleted file mode 100644 index 153474a35e2c..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_num_tickets.3 +++ /dev/null @@ -1,196 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_NUM_TICKETS 3" -.TH SSL_CTX_SET_NUM_TICKETS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets \&\- control the number of TLSv1.3 session tickets that are issued -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_set_num_tickets(SSL *s, size_t num_tickets); -\& size_t SSL_get_num_tickets(SSL *s); -\& int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); -\& size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR can be called for a server -application and set the number of TLSv1.3 session tickets that will be sent to -the client after a full handshake. Set the desired value (which could be 0) in -the \fBnum_tickets\fR argument. Typically these functions should be called before -the start of the handshake. -.PP -The default number of tickets is 2; the default number of tickets sent following -a resumption handshake is 1 but this cannot be changed using these functions. -The number of tickets following a resumption handshake can be reduced to 0 using -custom session ticket callbacks (see \fBSSL_CTX_set_session_ticket_cb\fR\|(3)). -.PP -Tickets are also issued on receipt of a post-handshake certificate from the -client following a request by the server using -\&\fBSSL_verify_client_post_handshake\fR\|(3). These new tickets will be associated -with the updated client identity (i.e. including their certificate and -verification status). The number of tickets issued will normally be the same as -was used for the initial handshake. If the initial handshake was a full -handshake then \fBSSL_set_num_tickets()\fR can be called again prior to calling -\&\fBSSL_verify_client_post_handshake()\fR to update the number of tickets that will be -sent. -.PP -\&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of -tickets set by a previous call to \fBSSL_CTX_set_num_tickets()\fR or -\&\fBSSL_set_num_tickets()\fR, or 2 if no such call has been made. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR return 1 on success or 0 on -failure. -.PP -\&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of tickets -that have been previously set. -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 b/secure/lib/libcrypto/man/SSL_CTX_set_options.3 deleted file mode 100644 index 305cad4f518e..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 +++ /dev/null @@ -1,471 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_OPTIONS 3" -.TH SSL_CTX_SET_OPTIONS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support \- manipulate SSL options -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_set_options(SSL_CTX *ctx, long options); -\& long SSL_set_options(SSL *ssl, long options); -\& -\& long SSL_CTX_clear_options(SSL_CTX *ctx, long options); -\& long SSL_clear_options(SSL *ssl, long options); -\& -\& long SSL_CTX_get_options(SSL_CTX *ctx); -\& long SSL_get_options(SSL *ssl); -\& -\& long SSL_get_secure_renegotiation_support(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. -Options already set before are not cleared! -.PP -\&\fBSSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. -Options already set before are not cleared! -.PP -\&\fBSSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR -to \fBctx\fR. -.PP -\&\fBSSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR. -.PP -\&\fBSSL_CTX_get_options()\fR returns the options set for \fBctx\fR. -.PP -\&\fBSSL_get_options()\fR returns the options set for \fBssl\fR. -.PP -\&\fBSSL_get_secure_renegotiation_support()\fR indicates whether the peer supports -secure renegotiation. -Note, this is implemented via a macro. -.SH "NOTES" -.IX Header "NOTES" -The behaviour of the \s-1SSL\s0 library can be changed by setting several options. -The options are coded as bitmasks and can be combined by a bitwise \fBor\fR -operation (|). -.PP -\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR affect the (external) -protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of -the \s-1API\s0 can be changed by using the similar -\&\fBSSL_CTX_set_mode\fR\|(3) and \fBSSL_set_mode()\fR functions. -.PP -During a handshake, the option settings of the \s-1SSL\s0 object are used. When -a new \s-1SSL\s0 object is created from a context using \fBSSL_new()\fR, the current -option setting is copied. Changes to \fBctx\fR do not affect already created -\&\s-1SSL\s0 objects. \fBSSL_clear()\fR does not affect the settings. -.PP -The following \fBbug workaround\fR options are available: -.IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 -.IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" -Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS X. -OS X 10.8..10.8.3\s0 has broken support for ECDHE-ECDSA ciphers. -.IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 -.IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" -Disables a countermeasure against a \s-1SSL 3.0/TLS 1.0\s0 protocol -vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some -broken \s-1SSL\s0 implementations. This option has no effect for connections -using other ciphers. -.IP "\s-1SSL_OP_TLSEXT_PADDING\s0" 4 -.IX Item "SSL_OP_TLSEXT_PADDING" -Adds a padding extension to ensure the ClientHello size is never between -256 and 511 bytes in length. This is needed as a workaround for some -implementations. -.IP "\s-1SSL_OP_ALL\s0" 4 -.IX Item "SSL_OP_ALL" -All of the above bug workarounds plus \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR as -mentioned below. -.PP -It is usually safe to use \fB\s-1SSL_OP_ALL\s0\fR to enable the bug workaround -options if compatibility with somewhat broken implementations is -desired. -.PP -The following \fBmodifying\fR options are available: -.IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 -.IX Item "SSL_OP_TLS_ROLLBACK_BUG" -Disable version rollback attack detection. -.Sp -During the client key exchange, the client must send the same information -about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some -clients violate this rule by adapting to the server's answer. (Example: -the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server -only understands up to SSLv3. In this case the client must still use the -same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect -to the server's answer and violate the version rollback protection.) -.IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 -.IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" -When choosing a cipher, use the server's preferences instead of the client -preferences. When not set, the \s-1SSL\s0 server will always follow the clients -preferences. When set, the \s-1SSL/TLS\s0 server will choose following its -own preferences. -.IP "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" 4 -.IX Item "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" -These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol -versions with \s-1TLS\s0 or the DTLSv1, DTLSv1.2 versions with \s-1DTLS,\s0 -respectively. -As of OpenSSL 1.1.0, these options are deprecated, use -\&\fBSSL_CTX_set_min_proto_version\fR\|(3) and -\&\fBSSL_CTX_set_max_proto_version\fR\|(3) instead. -.IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 -.IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" -When performing renegotiation as a server, always start a new session -(i.e., session resumption requests are only accepted in the initial -handshake). This option is not needed for clients. -.IP "\s-1SSL_OP_NO_COMPRESSION\s0" 4 -.IX Item "SSL_OP_NO_COMPRESSION" -Do not use compression even if it is supported. -.IP "\s-1SSL_OP_NO_QUERY_MTU\s0" 4 -.IX Item "SSL_OP_NO_QUERY_MTU" -Do not query the \s-1MTU.\s0 Only affects \s-1DTLS\s0 connections. -.IP "\s-1SSL_OP_COOKIE_EXCHANGE\s0" 4 -.IX Item "SSL_OP_COOKIE_EXCHANGE" -Turn on Cookie Exchange as described in \s-1RFC4347\s0 Section 4.2.1. Only affects -\&\s-1DTLS\s0 connections. -.IP "\s-1SSL_OP_NO_TICKET\s0" 4 -.IX Item "SSL_OP_NO_TICKET" -\&\s-1SSL/TLS\s0 supports two mechanisms for resuming sessions: session ids and stateless -session tickets. -.Sp -When using session ids a copy of the session information is -cached on the server and a unique id is sent to the client. When the client -wishes to resume it provides the unique id so that the server can retrieve the -session information from its cache. -.Sp -When using stateless session tickets the server uses a session ticket encryption -key to encrypt the session information. This encrypted data is sent to the -client as a \*(L"ticket\*(R". When the client wishes to resume it sends the encrypted -data back to the server. The server uses its key to decrypt the data and resume -the session. In this way the server can operate statelessly \- no session -information needs to be cached locally. -.Sp -The TLSv1.3 protocol only supports tickets and does not directly support session -ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful -and stateless. Stateless tickets work the same way as in TLSv1.2 and below. -Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. -The session information is cached on the server and the session id is wrapped up -in a ticket and sent back to the client. When the client wishes to resume, it -presents a ticket in the same way as for stateless tickets. The server can then -extract the session id from the ticket and retrieve the session information from -its cache. -.Sp -By default OpenSSL will use stateless tickets. The \s-1SSL_OP_NO_TICKET\s0 option will -cause stateless tickets to not be issued. In TLSv1.2 and below this means no -ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be -sent. This is a server-side option only. -.Sp -In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from -being sent by calling \fBSSL_CTX_set_num_tickets\fR\|(3) or -\&\fBSSL_set_num_tickets\fR\|(3). -.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 -.IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" -Allow legacy insecure renegotiation between OpenSSL and unpatched clients or -servers. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. -.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 -.IX Item "SSL_OP_LEGACY_SERVER_CONNECT" -Allow legacy insecure renegotiation between OpenSSL and unpatched servers -\&\fBonly\fR: this option is currently set by default. See the -\&\fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. -.IP "\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0" 4 -.IX Item "SSL_OP_NO_ENCRYPT_THEN_MAC" -Normally clients and servers will transparently attempt to negotiate the -\&\s-1RFC7366\s0 Encrypt-then-MAC option on \s-1TLS\s0 and \s-1DTLS\s0 connection. -.Sp -If this option is set, Encrypt-then-MAC is disabled. Clients will not -propose, and servers will not accept the extension. -.IP "\s-1SSL_OP_NO_RENEGOTIATION\s0" 4 -.IX Item "SSL_OP_NO_RENEGOTIATION" -Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest -messages, and ignore renegotiation requests via ClientHello. -.IP "\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0" 4 -.IX Item "SSL_OP_ALLOW_NO_DHE_KEX" -In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means -that there will be no forward secrecy for the resumed session. -.IP "\s-1SSL_OP_PRIORITIZE_CHACHA\s0" 4 -.IX Item "SSL_OP_PRIORITIZE_CHACHA" -When \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0 is set, temporarily reprioritize -ChaCha20\-Poly1305 ciphers to the top of the server cipher list if a -ChaCha20\-Poly1305 cipher is at the top of the client cipher list. This helps -those clients (e.g. mobile) use ChaCha20\-Poly1305 if that cipher is anywhere -in the server cipher list; but still allows other clients to use \s-1AES\s0 and other -ciphers. Requires \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. -.IP "\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0" 4 -.IX Item "SSL_OP_ENABLE_MIDDLEBOX_COMPAT" -If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent in TLSv1.3. This -has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that -do not understand TLSv1.3 will not drop the connection. Regardless of whether -this option is set or not \s-1CCS\s0 messages received from the peer will always be -ignored in TLSv1.3. This option is set by default. To switch it off use -\&\fBSSL_clear_options()\fR. A future version of OpenSSL may not set this by default. -.IP "\s-1SSL_OP_NO_ANTI_REPLAY\s0" 4 -.IX Item "SSL_OP_NO_ANTI_REPLAY" -By default, when a server is configured for early data (i.e., max_early_data > 0), -OpenSSL will switch on replay protection. See \fBSSL_read_early_data\fR\|(3) for a -description of the replay protection feature. Anti-replay measures are required -to comply with the TLSv1.3 specification. Some applications may be able to -mitigate the replay risks in other ways and in such cases the built in OpenSSL -functionality is not required. Those applications can turn this feature off by -setting this option. This is a server-side opton only. It is ignored by -clients. -.PP -The following options no longer have any effect but their identifiers are -retained for compatibility purposes: -.IP "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 -.IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" -.PD 0 -.IP "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 -.IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" -.IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 -.IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" -.IP "\s-1SSL_OP_TLS_D5_BUG\s0" 4 -.IX Item "SSL_OP_TLS_D5_BUG" -.IP "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 -.IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" -.IP "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 -.IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" -.IP "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 -.IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" -.IP "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 -.IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" -.IP "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 -.IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" -.IP "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 -.IX Item "SSL_OP_PKCS1_CHECK_1" -.IP "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 -.IX Item "SSL_OP_PKCS1_CHECK_2" -.IP "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 -.IX Item "SSL_OP_SINGLE_DH_USE" -.IP "\s-1SSL_OP_SINGLE_ECDH_USE\s0" 4 -.IX Item "SSL_OP_SINGLE_ECDH_USE" -.IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 -.IX Item "SSL_OP_EPHEMERAL_RSA" -.PD -.SH "SECURE RENEGOTIATION" -.IX Header "SECURE RENEGOTIATION" -OpenSSL always attempts to use secure renegotiation as -described in \s-1RFC5746.\s0 This counters the prefix attack described in -\&\s-1CVE\-2009\-3555\s0 and elsewhere. -.PP -This attack has far reaching consequences which application writers should be -aware of. In the description below an implementation supporting secure -renegotiation is referred to as \fIpatched\fR. A server not supporting secure -renegotiation is referred to as \fIunpatched\fR. -.PP -The following sections describe the operations permitted by OpenSSL's secure -renegotiation implementation. -.SS "Patched client and server" -.IX Subsection "Patched client and server" -Connections and renegotiation are always permitted by OpenSSL implementations. -.SS "Unpatched client and patched OpenSSL server" -.IX Subsection "Unpatched client and patched OpenSSL server" -The initial connection succeeds but client renegotiation is denied by the -server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal -\&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0. -.PP -If the patched OpenSSL server attempts to renegotiate a fatal -\&\fBhandshake_failure\fR alert is sent. This is because the server code may be -unaware of the unpatched nature of the client. -.PP -If the option \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then -renegotiation \fBalways\fR succeeds. -.SS "Patched OpenSSL client and unpatched server." -.IX Subsection "Patched OpenSSL client and unpatched server." -If the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR or -\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then initial connections -and renegotiation between patched OpenSSL clients and unpatched servers -succeeds. If neither option is set then initial connections to unpatched -servers will fail. -.PP -The option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR is currently set by default even -though it has security implications: otherwise it would be impossible to -connect to unpatched servers (i.e. all of them initially) and this is clearly -not acceptable. Renegotiation is permitted because this does not add any -additional security issues: during an attack clients do not see any -renegotiations anyway. -.PP -As more servers become patched the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR will -\&\fBnot\fR be set by default in a future version of OpenSSL. -.PP -OpenSSL client applications wishing to ensure they can connect to unpatched -servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR -.PP -OpenSSL client applications that want to ensure they can \fBnot\fR connect to -unpatched servers (and thus avoid any security issues) should always \fBclear\fR -\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fBSSL_CTX_clear_options()\fR or -\&\fBSSL_clear_options()\fR. -.PP -The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and -\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that -\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR enables initial connections and secure -renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while -\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR allows initial connections -and renegotiation between OpenSSL and unpatched clients or servers. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bitmask -after adding \fBoptions\fR. -.PP -\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bitmask -after clearing \fBoptions\fR. -.PP -\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bitmask. -.PP -\&\fBSSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports -secure renegotiation and 0 if it does not. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), -\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), -\&\fBSSL_CTX_set_min_proto_version\fR\|(3), -\&\fBdhparam\fR\|(1) -.SH "HISTORY" -.IX Header "HISTORY" -The attempt to always try to use secure renegotiation was added in -OpenSSL 0.9.8m. -.PP -The \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR options -were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 deleted file mode 100644 index 3caa1bbb92f5..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_psk_client_callback.3 +++ /dev/null @@ -1,292 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3" -.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_psk_client_cb_func, SSL_psk_use_session_cb_func, SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback, SSL_CTX_set_psk_use_session_callback, SSL_set_psk_use_session_callback \&\- set PSK client callback -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, -\& const unsigned char **id, -\& size_t *idlen, -\& SSL_SESSION **sess); -\& -\& -\& void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, -\& SSL_psk_use_session_cb_func cb); -\& void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); -\& -\& -\& typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, -\& const char *hint, -\& char *identity, -\& unsigned int max_identity_len, -\& unsigned char *psk, -\& unsigned int max_psk_len); -\& -\& void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); -\& void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A client application wishing to use TLSv1.3 PSKs should use either -\&\fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR as -appropriate. These functions cannot be used for TLSv1.2 and below PSKs. -.PP -The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR. -.PP -The first time the callback is called for a connection the \fBmd\fR parameter is -\&\s-1NULL.\s0 In some circumstances the callback will be called a second time. In that -case the server will have specified a ciphersuite to use already and the \s-1PSK\s0 -must be compatible with the digest for that ciphersuite. The digest will be -given in \fBmd\fR. The \s-1PSK\s0 returned by the callback is allowed to be different -between the first and second time it is called. -.PP -On successful completion the callback must store a pointer to an identifier for -the \s-1PSK\s0 in \fB*id\fR. The identifier length in bytes should be stored in \fB*idlen\fR. -The memory pointed to by \fB*id\fR remains owned by the application and should -be freed by it as required at any point after the handshake is complete. -.PP -Additionally the callback should store a pointer to an \s-1SSL_SESSION\s0 object in -\&\fB*sess\fR. This is used as the basis for the \s-1PSK,\s0 and should, at a minimum, have -the following fields set: -.IP "The master key" 4 -.IX Item "The master key" -This can be set via a call to \fBSSL_SESSION_set1_master_key\fR\|(3). -.IP "A ciphersuite" 4 -.IX Item "A ciphersuite" -Only the handshake digest associated with the ciphersuite is relevant for the -\&\s-1PSK\s0 (the server may go on to negotiate any ciphersuite which is compatible with -the digest). The application can use any TLSv1.3 ciphersuite. If \fBmd\fR is -not \s-1NULL\s0 the handshake digest for the ciphersuite should be the same. -The ciphersuite can be set via a call to <\fBSSL_SESSION_set_cipher\fR\|(3)>. The -handshake digest of an \s-1SSL_CIPHER\s0 object can be checked using -<\fBSSL_CIPHER_get_handshake_digest\fR\|(3)>. -.IP "The protocol version" 4 -.IX Item "The protocol version" -This can be set via a call to \fBSSL_SESSION_set_protocol_version\fR\|(3) and should -be \s-1TLS1_3_VERSION.\s0 -.PP -Additionally the maximum early data value should be set via a call to -\&\fBSSL_SESSION_set_max_early_data\fR\|(3) if the \s-1PSK\s0 will be used for sending early -data. -.PP -Alternatively an \s-1SSL_SESSION\s0 created from a previous non-PSK handshake may also -be used as the basis for a \s-1PSK.\s0 -.PP -Ownership of the \s-1SSL_SESSION\s0 object is passed to the OpenSSL library and so it -should not be freed by the application. -.PP -It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this -case no \s-1PSK\s0 will be sent to the server but the handshake will continue. To do -this the callback should return successfully and ensure that \fB*sess\fR is -\&\s-1NULL.\s0 The contents of \fB*id\fR and \fB*idlen\fR will be ignored. -.PP -A client application wishing to use \s-1PSK\s0 ciphersuites for TLSv1.2 and below must -provide a different callback function. This function will be called when the -client is sending the ClientKeyExchange message to the server. -.PP -The purpose of the callback function is to select the \s-1PSK\s0 identity and -the pre-shared key to use during the connection setup phase. -.PP -The callback is set using functions \fBSSL_CTX_set_psk_client_callback()\fR -or \fBSSL_set_psk_client_callback()\fR. The callback function is given the -connection in parameter \fBssl\fR, a \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint -sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of -length \fBmax_identity_len\fR bytes where the resulting -\&\fB\s-1NUL\s0\fR\-terminated identity is to be stored, and a buffer \fBpsk\fR of -length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to -be stored. -.PP -The callback for use in TLSv1.2 will also work in TLSv1.3 although it is -recommended to use \fBSSL_CTX_set_psk_use_session_callback()\fR -or \fBSSL_set_psk_use_session_callback()\fR for this purpose instead. If TLSv1.3 has -been negotiated then OpenSSL will first check to see if a callback has been set -via \fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR -and it will use that in preference. If no such callback is present then it will -check to see if a callback has been set via \fBSSL_CTX_set_psk_client_callback()\fR or -\&\fBSSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will -always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 for any returned -\&\s-1PSK.\s0 -.SH "NOTES" -.IX Header "NOTES" -Note that parameter \fBhint\fR given to the callback may be \fB\s-1NULL\s0\fR. -.PP -A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption -has occurred so that \fBSSL_session_reused\fR\|(3) will return true. -.PP -There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or -below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: -.PP -\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output -in both versions, only limited analysis has been done. Implementations can -ensure safety from cross-protocol related output by not reusing PSKs between -\&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Return values from the \fBSSL_psk_client_cb_func\fR callback are interpreted as -follows: -.PP -On success (callback found a \s-1PSK\s0 identity and a pre-shared key to use) -the length (> 0) of \fBpsk\fR in bytes is returned. -.PP -Otherwise or on errors the callback should return 0. In this case -the connection setup fails. -.PP -The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on -failure. In the event of failure the connection setup fails. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CTX_set_psk_find_session_callback\fR\|(3), -\&\fBSSL_set_psk_find_session_callback\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBSSL_CTX_set_psk_use_session_callback()\fR and \fBSSL_set_psk_use_session_callback()\fR -were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 deleted file mode 100644 index 8fd992798ca3..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 +++ /dev/null @@ -1,203 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3" -.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); -\& int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); -\& -\& void SSL_set_quiet_shutdown(SSL *ssl, int mode); -\& int SSL_get_quiet_shutdown(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be -\&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time -\&\fBSSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. -.PP -\&\fBSSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. -.PP -\&\fBSSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be -\&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with -\&\fBSSL_free\fR\|(3) or \fBSSL_set_quiet_shutdown()\fR is called again. -It is not changed when \fBSSL_clear\fR\|(3) is called. -\&\fBmode\fR may be 0 or 1. -.PP -\&\fBSSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -Normally when a \s-1SSL\s0 connection is finished, the parties must send out -close_notify alert messages using \fBSSL_shutdown\fR\|(3) -for a clean shutdown. -.PP -When setting the \*(L"quiet shutdown\*(R" flag to 1, \fBSSL_shutdown\fR\|(3) -will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. -(\fBSSL_shutdown\fR\|(3) then behaves like -\&\fBSSL_set_shutdown\fR\|(3) called with -SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) -The session is thus considered to be shutdown, but no close_notify alert -is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. -.PP -The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_quiet_shutdown()\fR and \fBSSL_set_quiet_shutdown()\fR do not return -diagnostic information. -.PP -\&\fBSSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current -setting. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), -\&\fBSSL_set_shutdown\fR\|(3), \fBSSL_new\fR\|(3), -\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 b/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 deleted file mode 100644 index 1607028aa487..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_read_ahead.3 +++ /dev/null @@ -1,202 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_READ_AHEAD 3" -.TH SSL_CTX_SET_READ_AHEAD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead, SSL_CTX_get_default_read_ahead \&\- manage whether to read as many input bytes as possible -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_set_read_ahead(SSL *s, int yes); -\& int SSL_get_read_ahead(const SSL *s); -\& -\& SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); -\& long SSL_CTX_get_read_ahead(SSL_CTX *ctx); -\& long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_read_ahead()\fR and \fBSSL_set_read_ahead()\fR set whether we should read as -many input bytes as possible (for non-blocking reads) or not. For example if -\&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from -the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes -into its buffer (providing that the buffer is large enough) if reading ahead is -on, or \fBx\fR bytes otherwise. -Setting the parameter \fByes\fR to 0 turns reading ahead is off, other values turn -it on. -\&\fBSSL_CTX_set_default_read_ahead()\fR is identical to \fBSSL_CTX_set_read_ahead()\fR. -.PP -\&\fBSSL_CTX_get_read_ahead()\fR and \fBSSL_get_read_ahead()\fR indicate whether reading -ahead has been set or not. -\&\fBSSL_CTX_get_default_read_ahead()\fR is identical to \fBSSL_CTX_get_read_ahead()\fR. -.SH "NOTES" -.IX Header "NOTES" -These functions have no impact when used with \s-1DTLS.\s0 The return values for -\&\fBSSL_CTX_get_read_head()\fR and \fBSSL_get_read_ahead()\fR are undefined for \s-1DTLS.\s0 Setting -\&\fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR function -(see \fBSSL_pending\fR\|(3)). -.PP -Since \fBSSL_read()\fR can return \fB\s-1SSL_ERROR_WANT_READ\s0\fR for non-application data -records, and \fBSSL_has_pending()\fR can't tell the difference between processed and -unprocessed data, it's recommended that if read ahead is turned on that -\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not turned off using \fBSSL_CTX_clear_mode()\fR. -That will prevent getting \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is still a complete -record available that hasn't been processed. -.PP -If the application wants to continue to use the underlying transport (e.g. \s-1TCP\s0 -connection) after the \s-1SSL\s0 connection is finished using \fBSSL_shutdown()\fR reading -ahead should be turned off. -Otherwise the \s-1SSL\s0 structure might read data that it shouldn't. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_get_read_ahead()\fR and \fBSSL_CTX_get_read_ahead()\fR return 0 if reading ahead is off, -and non zero otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_pending\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 deleted file mode 100644 index 35156c891bb6..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_record_padding_callback.3 +++ /dev/null @@ -1,219 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3" -.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_record_padding_callback, SSL_set_record_padding_callback, SSL_CTX_set_record_padding_callback_arg, SSL_set_record_padding_callback_arg, SSL_CTX_get_record_padding_callback_arg, SSL_get_record_padding_callback_arg, SSL_CTX_set_block_padding, SSL_set_block_padding \- install callback to specify TLS 1.3 record padding -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); -\& void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); -\& -\& void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); -\& void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); -\& -\& void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); -\& void *SSL_get_record_padding_callback_arg(const SSL *ssl); -\& -\& int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); -\& int SSL_set_block_padding(SSL *ssl, size_t block_size); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_record_padding_callback()\fR or \fBSSL_set_record_padding_callback()\fR -can be used to assign a callback function \fIcb\fR to specify the padding -for \s-1TLS 1.3\s0 records. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. -.PP -\&\fBSSL_CTX_set_record_padding_callback_arg()\fR and \fBSSL_set_record_padding_callback_arg()\fR -assign a value \fBarg\fR that is passed to the callback when it is invoked. The value -set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. -.PP -\&\fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR -retrieve the \fBarg\fR value that is passed to the callback. -.PP -\&\fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR pads the record to a multiple -of the \fBblock_size\fR. A \fBblock_size\fR of 0 or 1 disables block padding. The limit of -\&\fBblock_size\fR is \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 -.PP -The callback is invoked for every record before encryption. -The \fBtype\fR parameter is the \s-1TLS\s0 record type that is being processed; may be -one of \s-1SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE,\s0 or \s-1SSL3_RT_ALERT.\s0 -The \fBlen\fR parameter is the current plaintext length of the record before encryption. -The \fBarg\fR parameter is the value set via \fBSSL_CTX_set_record_padding_callback_arg()\fR -or \fBSSL_set_record_padding_callback_arg()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The \fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR -functions return the \fBarg\fR value assigned in the corresponding set functions. -.PP -The \fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR functions return 1 on success -or 0 if \fBblock_size\fR is too large. -.PP -The \fBcb\fR returns the number of padding bytes to add to the record. A return of 0 -indicates no padding will be added. A return value that causes the record to -exceed the maximum record size (\s-1SSL3_RT_MAX_PLAIN_LENGTH\s0) will pad out to the -maximum record size. -.SH "NOTES" -.IX Header "NOTES" -The default behavior is to add no padding to the record. -.PP -A user-supplied padding callback function will override the behavior set by -\&\fBSSL_set_block_padding()\fR or \fBSSL_CTX_set_block_padding()\fR. Setting the user-supplied -callback to \s-1NULL\s0 will restore the configured block padding behavior. -.PP -These functions only apply to \s-1TLS 1.3\s0 records being written. -.PP -Padding bytes are not added in constant-time. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The record padding \s-1API\s0 was added for \s-1TLS 1.3\s0 support in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 b/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 deleted file mode 100644 index 63202d7e4d59..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_security_level.3 +++ /dev/null @@ -1,309 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_SECURITY_LEVEL 3" -.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data \- SSL/TLS security framework -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); -\& void SSL_set_security_level(SSL *s, int level); -\& -\& int SSL_CTX_get_security_level(const SSL_CTX *ctx); -\& int SSL_get_security_level(const SSL *s); -\& -\& void SSL_CTX_set_security_callback(SSL_CTX *ctx, -\& int (*cb)(SSL *s, SSL_CTX *ctx, int op, -\& int bits, int nid, -\& void *other, void *ex)); -\& -\& void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op, -\& int bits, int nid, -\& void *other, void *ex)); -\& -\& int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, -\& int bits, int nid, void *other, -\& void *ex); -\& int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, -\& int bits, int nid, void *other, -\& void *ex); -\& -\& void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); -\& void SSL_set0_security_ex_data(SSL *s, void *ex); -\& -\& void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); -\& void *SSL_get0_security_ex_data(const SSL *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The functions \fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR set -the security level to \fBlevel\fR. If not set the library default security level -is used. -.PP -The functions \fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR -retrieve the current security level. -.PP -\&\fBSSL_CTX_set_security_callback()\fR, \fBSSL_set_security_callback()\fR, -\&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR get or set -the security callback associated with \fBctx\fR or \fBs\fR. If not set a default -security callback is used. The meaning of the parameters and the behaviour -of the default callbacks is described below. -.PP -\&\fBSSL_CTX_set0_security_ex_data()\fR, \fBSSL_set0_security_ex_data()\fR, -\&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR set the -extra data pointer passed to the \fBex\fR parameter of the callback. This -value is passed to the callback verbatim and can be set to any convenient -application specific value. -.SH "DEFAULT CALLBACK BEHAVIOUR" -.IX Header "DEFAULT CALLBACK BEHAVIOUR" -If an application doesn't set its own security callback the default -callback is used. It is intended to provide sane defaults. The meaning -of each level is described below. -.IP "\fBLevel 0\fR" 4 -.IX Item "Level 0" -Everything is permitted. This retains compatibility with previous versions of -OpenSSL. -.IP "\fBLevel 1\fR" 4 -.IX Item "Level 1" -The security level corresponds to a minimum of 80 bits of security. Any -parameters offering below 80 bits of security are excluded. As a result \s-1RSA, -DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits -are prohibited. All export cipher suites are prohibited since they all offer -less than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite -using \s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. -.IP "\fBLevel 2\fR" 4 -.IX Item "Level 2" -Security level set to 112 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys -shorter than 2048 bits and \s-1ECC\s0 keys shorter than 224 bits are prohibited. -In addition to the level 1 exclusions any cipher suite using \s-1RC4\s0 is also -prohibited. \s-1SSL\s0 version 3 is also not allowed. Compression is disabled. -.IP "\fBLevel 3\fR" 4 -.IX Item "Level 3" -Security level set to 128 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys -shorter than 3072 bits and \s-1ECC\s0 keys shorter than 256 bits are prohibited. -In addition to the level 2 exclusions cipher suites not offering forward -secrecy are prohibited. \s-1TLS\s0 versions below 1.1 are not permitted. Session -tickets are disabled. -.IP "\fBLevel 4\fR" 4 -.IX Item "Level 4" -Security level set to 192 bits of security. As a result \s-1RSA, DSA\s0 and -\&\s-1DH\s0 keys shorter than 7680 bits and \s-1ECC\s0 keys shorter than 384 bits are -prohibited. Cipher suites using \s-1SHA1\s0 for the \s-1MAC\s0 are prohibited. \s-1TLS\s0 -versions below 1.2 are not permitted. -.IP "\fBLevel 5\fR" 4 -.IX Item "Level 5" -Security level set to 256 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys -shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited. -.SH "APPLICATION DEFINED SECURITY CALLBACKS" -.IX Header "APPLICATION DEFINED SECURITY CALLBACKS" -\&\fIDocumentation to be provided.\fR -.SH "NOTES" -.IX Header "NOTES" -\&\fB\s-1WARNING\s0\fR at this time setting the security level higher than 1 for -general internet use is likely to cause \fBconsiderable\fR interoperability -issues and is not recommended. This is because the \fB\s-1SHA1\s0\fR algorithm -is very widely used in certificates and will be rejected at levels -higher than 1 because it only offers 80 bits of security. -.PP -The default security level can be configured when OpenSSL is compiled by -setting \fB\-DOPENSSL_TLS_SECURITY_LEVEL=level\fR. If not set then 1 is used. -.PP -The security framework disables or reject parameters inconsistent with the -set security level. In the past this was difficult as applications had to set -a number of distinct parameters (supported ciphers, supported curves supported -signature algorithms) to achieve this end and some cases (\s-1DH\s0 parameter size -for example) could not be checked at all. -.PP -By setting an appropriate security level much of this complexity can be -avoided. -.PP -The bits of security limits affect all relevant parameters including -cipher suite encryption algorithms, supported \s-1ECC\s0 curves, supported -signature algorithms, \s-1DH\s0 parameter sizes, certificate key sizes and -signature algorithms. This limit applies no matter what other custom -settings an application has set: so if the cipher suite is set to \fB\s-1ALL\s0\fR -then only cipher suites consistent with the security level are permissible. -.PP -See \s-1SP800\-57\s0 for how the security limits are related to individual -algorithms. -.PP -Some security levels require large key sizes for non-ECC public key -algorithms which can severely degrade performance. For example 256 bits -of security requires the use of \s-1RSA\s0 keys of at least 15360 bits in size. -.PP -Some restrictions can be gracefully handled: for example cipher suites -offering insufficient security are not sent by the client and will not -be selected by the server. Other restrictions such as the peer certificate -key size or the \s-1DH\s0 parameter size will abort the handshake with a fatal -alert. -.PP -Attempts to set certificates or parameters with insufficient security are -also blocked. For example trying to set a certificate using a 512 bit \s-1RSA\s0 -key using \fBSSL_CTX_use_certificate()\fR at level 1. Applications which do not -check the return values for errors will misbehave: for example it might -appear that a certificate is not set at all because it had been rejected. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR do not return values. -.PP -\&\fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR return a integer that -represents the security level with \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR, respectively. -.PP -\&\fBSSL_CTX_set_security_callback()\fR and \fBSSL_set_security_callback()\fR do not return -values. -.PP -\&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR return the pointer -to the security callback or \s-1NULL\s0 if the callback is not set. -.PP -\&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR return the extra -data pointer or \s-1NULL\s0 if the ex data is not set. -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 deleted file mode 100644 index 1b11b9a1859e..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 +++ /dev/null @@ -1,258 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3" -.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); -\& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_session_cache_mode()\fR enables/disables session caching -by setting the operational mode for \fBctx\fR to . -.PP -\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. -.SH "NOTES" -.IX Header "NOTES" -The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. -The sessions can be held in memory for each \fBctx\fR, if more than one -\&\s-1SSL_CTX\s0 object is being maintained, the sessions are unique for each \s-1SSL_CTX\s0 -object. -.PP -In order to reuse a session, a client must send the session's id to the -server. It can only send exactly one id. The server then either -agrees to reuse the session or it starts a full handshake (to create a new -session). -.PP -A server will look up the session in its internal session storage. If the -session is not found in internal storage or lookups for the internal storage -have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try -the external storage if available. -.PP -Since a client may try to reuse a session intended for use in a different -context, the session id context must be set by the server (see -\&\fBSSL_CTX_set_session_id_context\fR\|(3)). -.PP -The following session cache modes and modifiers are available: -.IP "\s-1SSL_SESS_CACHE_OFF\s0" 4 -.IX Item "SSL_SESS_CACHE_OFF" -No session caching for client or server takes place. -.IP "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 -.IX Item "SSL_SESS_CACHE_CLIENT" -Client sessions are added to the session cache. As there is no reliable way -for the OpenSSL library to know whether a session should be reused or which -session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not -have details about the connection), the application must select the session -to be reused by using the \fBSSL_set_session\fR\|(3) -function. This option is not activated by default. -.IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4 -.IX Item "SSL_SESS_CACHE_SERVER" -Server sessions are added to the session cache. When a client proposes a -session to be reused, the server looks for the corresponding session in (first) -the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), -then (second) in the external cache if available. If the session is found, the -server will try to reuse the session. This is the default. -.IP "\s-1SSL_SESS_CACHE_BOTH\s0" 4 -.IX Item "SSL_SESS_CACHE_BOTH" -Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. -.IP "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 -.IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" -Normally the session cache is checked for expired sessions every -255 connections using the -\&\fBSSL_CTX_flush_sessions\fR\|(3) function. Since -this may lead to a delay which cannot be controlled, the automatic -flushing may be disabled and -\&\fBSSL_CTX_flush_sessions\fR\|(3) can be called -explicitly by the application. -.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 -.IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" -By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not -automatically look up sessions in the internal cache, even if sessions are -automatically stored there. If external session caching callbacks are in use, -this flag guarantees that all lookups are directed to the external cache. -As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on -clients. -.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 -.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" -Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER,\s0 -sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. -Normally a new session is added to the internal cache as well as any external -session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will -prevent sessions being stored in the internal cache (though the application can -add them manually using \fBSSL_CTX_add_session\fR\|(3)). Note: -in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful -session lookups in the external cache (ie. for session-resume requests) would -normally be copied into the local cache before processing continues \- this flag -prevents these additions to the internal cache as well. -.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 -.IX Item "SSL_SESS_CACHE_NO_INTERNAL" -Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and -\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. -.PP -The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. -.PP -\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), -\&\fBSSL_session_reused\fR\|(3), -\&\fBSSL_CTX_add_session\fR\|(3), -\&\fBSSL_CTX_sess_number\fR\|(3), -\&\fBSSL_CTX_sess_set_cache_size\fR\|(3), -\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), -\&\fBSSL_CTX_set_session_id_context\fR\|(3), -\&\fBSSL_CTX_set_timeout\fR\|(3), -\&\fBSSL_CTX_flush_sessions\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 deleted file mode 100644 index aa394e133059..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 +++ /dev/null @@ -1,215 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3" -.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, -\& unsigned int sid_ctx_len); -\& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, -\& unsigned int sid_ctx_len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length -\&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. -.PP -\&\fBSSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length -\&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. -.SH "NOTES" -.IX Header "NOTES" -Sessions are generated within a certain context. When exporting/importing -sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible, -to re-import a session generated from another context (e.g. another -application), which might lead to malfunctions. Therefore each application -must set its own session id context \fBsid_ctx\fR which is used to distinguish -the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be -any kind of binary data with a given length, it is therefore possible -to use e.g. the name of the application and/or the hostname and/or service -name ... -.PP -The session id context becomes part of the session. The session id context -is set by the \s-1SSL/TLS\s0 server. The \fBSSL_CTX_set_session_id_context()\fR and -\&\fBSSL_set_session_id_context()\fR functions are therefore only useful on the -server side. -.PP -OpenSSL clients will check the session id context returned by the server -when reusing a session. -.PP -The maximum length of the \fBsid_ctx\fR is limited to -\&\fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. -.SH "WARNINGS" -.IX Header "WARNINGS" -If the session id context is not set on an \s-1SSL/TLS\s0 server and client -certificates are used, stored sessions -will not be reused but a fatal error will be flagged and the handshake -will fail. -.PP -If a server returns a different session id context to an OpenSSL client -when reusing a session, an error will be flagged and the handshake will -fail. OpenSSL servers will always return the correct session id context, -as an OpenSSL server checks the session id context itself before reusing -a session as described above. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_session_id_context()\fR and \fBSSL_set_session_id_context()\fR -return the following values: -.IP "0" 4 -The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded -the maximum allowed length of \fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. The error -is logged to the error stack. -.IP "1" 4 -.IX Item "1" -The operation succeeded. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 deleted file mode 100644 index d71e9c137534..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_ticket_cb.3 +++ /dev/null @@ -1,301 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3" -.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_session_ticket_cb, SSL_SESSION_get0_ticket_appdata, SSL_SESSION_set1_ticket_appdata, SSL_CTX_generate_session_ticket_fn, SSL_CTX_decrypt_session_ticket_fn \- manage session ticket application data -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); -\& typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, -\& const unsigned char *keyname, -\& size_t keyname_len, -\& SSL_TICKET_STATUS status, -\& void *arg); -\& int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, -\& SSL_CTX_generate_session_ticket_fn gen_cb, -\& SSL_CTX_decrypt_session_ticket_fn dec_cb, -\& void *arg); -\& int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); -\& int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_set_session_ticket_cb()\fR sets the application callbacks \fBgen_cb\fR -and \fBdec_cb\fR that are used by a server to set and get application data stored -with a session, and placed into a session ticket. Either callback function may -be set to \s-1NULL.\s0 The value of \fBarg\fR is passed to the callbacks. -.PP -\&\fBgen_cb\fR is the application defined callback invoked when a session ticket is -about to be created. The application can call \fBSSL_SESSION_set1_ticket_appdata()\fR -at this time to add application data to the session ticket. The value of \fBarg\fR -is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The \fBgen_cb\fR -callback is defined as type \fBSSL_CTX_generate_session_ticket_fn\fR. -.PP -\&\fBdec_cb\fR is the application defined callback invoked after session ticket -decryption has been attempted and any session ticket application data is -available. If ticket decryption was successful then the \fBss\fR argument contains -the session data. The \fBkeyname\fR and \fBkeyname_len\fR arguments identify the key -used to decrypt the session ticket. The \fBstatus\fR argument is the result of the -ticket decryption. See the \s-1NOTES\s0 section below for further details. The value -of \fBarg\fR is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The -\&\fBdec_cb\fR callback is defined as type \fBSSL_CTX_decrypt_session_ticket_fn\fR. -.PP -\&\fBSSL_SESSION_set1_ticket_appdata()\fR sets the application data specified by -\&\fBdata\fR and \fBlen\fR into \fBss\fR which is then placed into any generated session -tickets. It can be called at any time before a session ticket is created to -update the data placed into the session ticket. However, given that sessions -and tickets are created by the handshake, the \fBgen_cb\fR is provided to notify -the application that a session ticket is about to be generated. -.PP -\&\fBSSL_SESSION_get0_ticket_appdata()\fR assigns \fBdata\fR to the session ticket -application data and assigns \fBlen\fR to the length of the session ticket -application data from \fBss\fR. The application data can be set via -\&\fBSSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. \s-1NULL\s0 will be assigned -to \fBdata\fR and 0 will be assigned to \fBlen\fR if there is no session ticket -application data. \fBSSL_SESSION_get0_ticket_appdata()\fR can be called any time -after a session has been created. The \fBdec_cb\fR is provided to notify the -application that a session ticket has just been decrypted. -.SH "NOTES" -.IX Header "NOTES" -When the \fBdec_cb\fR callback is invoked, the \s-1SSL_SESSION\s0 \fBss\fR has not yet been -assigned to the \s-1SSL\s0 \fBs\fR. The \fBstatus\fR indicates the result of the ticket -decryption. The callback must check the \fBstatus\fR value before performing any -action, as it is called even if ticket decryption fails. -.PP -The \fBkeyname\fR and \fBkeyname_len\fR arguments to \fBdec_cb\fR may be used to identify -the key that was used to encrypt the session ticket. -.PP -The \fBstatus\fR argument can be any of these values: -.IP "\s-1SSL_TICKET_EMPTY\s0" 4 -.IX Item "SSL_TICKET_EMPTY" -Empty ticket present. No ticket data will be used and a new ticket should be -sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not -valid for a client to send an empty ticket. -.IP "\s-1SSL_TICKET_NO_DECRYPT\s0" 4 -.IX Item "SSL_TICKET_NO_DECRYPT" -The ticket couldn't be decrypted. No ticket data will be used and a new ticket -should be sent to the client. -.IP "\s-1SSL_TICKET_SUCCESS\s0" 4 -.IX Item "SSL_TICKET_SUCCESS" -A ticket was successfully decrypted, any session ticket application data should -be available. A new ticket should not be sent to the client. -.IP "\s-1SSL_TICKET_SUCCESS_RENEW\s0" 4 -.IX Item "SSL_TICKET_SUCCESS_RENEW" -Same as \fB\s-1SSL_TICKET_SUCCESS\s0\fR, but a new ticket should be sent to the client. -.PP -The return value can be any of these values: -.IP "\s-1SSL_TICKET_RETURN_ABORT\s0" 4 -.IX Item "SSL_TICKET_RETURN_ABORT" -The handshake should be aborted, either because of an error or because of some -policy. Note that in TLSv1.3 a client may send more than one ticket in a single -handshake. Therefore just because one ticket is unacceptable it does not mean -that all of them are. For this reason this option should be used with caution. -.IP "\s-1SSL_TICKET_RETURN_IGNORE\s0" 4 -.IX Item "SSL_TICKET_RETURN_IGNORE" -Do not use a ticket (if one was available). Do not send a renewed ticket to the -client. -.IP "\s-1SSL_TICKET_RETURN_IGNORE_RENEW\s0" 4 -.IX Item "SSL_TICKET_RETURN_IGNORE_RENEW" -Do not use a ticket (if one was available). Send a renewed ticket to the client. -.Sp -If the callback does not wish to change the default ticket behaviour then it -should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_EMPTY\s0\fR or -\&\fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR. -.IP "\s-1SSL_TICKET_RETURN_USE\s0" 4 -.IX Item "SSL_TICKET_RETURN_USE" -Use the ticket. Do not send a renewed ticket to the client. It is an error for -the callback to return this value if \fBstatus\fR has a value other than -\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. -.Sp -If the callback does not wish to change the default ticket behaviour then it -should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS\s0\fR. -.IP "\s-1SSL_TICKET_RETURN_USE_RENEW\s0" 4 -.IX Item "SSL_TICKET_RETURN_USE_RENEW" -Use the ticket. Send a renewed ticket to the client. It is an error for the -callback to return this value if \fBstatus\fR has a value other than -\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. -.Sp -If the callback does not wish to change the default ticket behaviour then it -should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. -.PP -If \fBstatus\fR has the value \fB\s-1SSL_TICKET_EMPTY\s0\fR or \fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR then -no session data will be available and the callback must not use the \fBss\fR -argument. If \fBstatus\fR has the value \fB\s-1SSL_TICKET_SUCCESS\s0\fR or -\&\fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR then the application can call -\&\fBSSL_SESSION_get0_ticket_appdata()\fR using the session provided in the \fBss\fR -argument to retrieve the application data. -.PP -When the \fBgen_cb\fR callback is invoked, the \fBSSL_get_session()\fR function can be -used to retrieve the \s-1SSL_SESSION\s0 for \fBSSL_SESSION_set1_ticket_appdata()\fR. -.PP -By default, in TLSv1.2 and below, a new session ticket is not issued on a -successful resumption and therefore \fBgen_cb\fR will not be called. In TLSv1.3 the -default behaviour is to always issue a new ticket on resumption. In both cases -this behaviour can be changed if a ticket key callback is in use (see -\&\fBSSL_CTX_set_tlsext_ticket_key_cb\fR\|(3)). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSL_SESSION_set1_ticket_appdata()\fR and -\&\fBSSL_SESSION_get0_ticket_appdata()\fR functions return 1 on success and 0 on -failure. -.PP -The \fBgen_cb\fR callback must return 1 to continue the connection. A return of 0 -will terminate the connection with an \s-1INTERNAL_ERROR\s0 alert. -.PP -The \fBdec_cb\fR callback must return a value as described in \s-1NOTES\s0 above. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_get_session\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSSL_SESSION_set1_ticket_appdata()\fR -and \fBSSL_SESSION_get_ticket_appdata()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 b/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 deleted file mode 100644 index b44ace46f325..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_split_send_fragment.3 +++ /dev/null @@ -1,303 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3" -.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, SSL_CTX_set_tlsext_max_fragment_length, SSL_set_tlsext_max_fragment_length, SSL_SESSION_get_max_fragment_length \- Control fragment size settings and pipelining operations -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long); -\& long SSL_set_max_send_fragment(SSL *ssl, long m); -\& -\& long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m); -\& long SSL_set_max_pipelines(SSL_CTX *ssl, long m); -\& -\& long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m); -\& long SSL_set_split_send_fragment(SSL *ssl, long m); -\& -\& void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); -\& void SSL_set_default_read_buffer_len(SSL *s, size_t len); -\& -\& int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); -\& int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); -\& uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Some engines are able to process multiple simultaneous crypto operations. This -capability could be utilised to parallelise the processing of a single -connection. For example a single write can be split into multiple records and -each one encrypted independently and in parallel. Note: this will only work in -\&\s-1TLS1.1+.\s0 There is no support in SSLv3, TLSv1.0 or \s-1DTLS\s0 (any version). This -capability is known as \*(L"pipelining\*(R" within OpenSSL. -.PP -In order to benefit from the pipelining capability. You need to have an engine -that provides ciphers that support this. The OpenSSL \*(L"dasync\*(R" engine provides -\&\s-1AES128\-SHA\s0 based ciphers that have this capability. However these are for -development and test purposes only. -.PP -\&\fBSSL_CTX_set_max_send_fragment()\fR and \fBSSL_set_max_send_fragment()\fR set the -\&\fBmax_send_fragment\fR parameter for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. This -value restricts the amount of plaintext bytes that will be sent in any one -\&\s-1SSL/TLS\s0 record. By default its value is \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0 (16384). These -functions will only accept a value in the range 512 \- \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 -.PP -\&\fBSSL_CTX_set_max_pipelines()\fR and \fBSSL_set_max_pipelines()\fR set the maximum number -of pipelines that will be used at any one time. This value applies to both -\&\*(L"read\*(R" pipelining and \*(L"write\*(R" pipelining. By default only one pipeline will be -used (i.e. normal non-parallel operation). The number of pipelines set must be -in the range 1 \- \s-1SSL_MAX_PIPELINES\s0 (32). Setting this to a value > 1 will also -automatically turn on \*(L"read_ahead\*(R" (see \fBSSL_CTX_set_read_ahead\fR\|(3)). This is -explained further below. OpenSSL will only every use more than one pipeline if -a cipher suite is negotiated that uses a pipeline capable cipher provided by an -engine. -.PP -Pipelining operates slightly differently for reading encrypted data compared to -writing encrypted data. \fBSSL_CTX_set_split_send_fragment()\fR and -\&\fBSSL_set_split_send_fragment()\fR define how data is split up into pipelines when -writing encrypted data. The number of pipelines used will be determined by the -amount of data provided to the \fBSSL_write_ex()\fR or \fBSSL_write()\fR call divided by -\&\fBsplit_send_fragment\fR. -.PP -For example if \fBsplit_send_fragment\fR is set to 2000 and \fBmax_pipelines\fR is 4 -then: -.PP -SSL_write/SSL_write_ex called with 0\-2000 bytes == 1 pipeline used -.PP -SSL_write/SSL_write_ex called with 2001\-4000 bytes == 2 pipelines used -.PP -SSL_write/SSL_write_ex called with 4001\-6000 bytes == 3 pipelines used -.PP -SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used -.PP -\&\fBsplit_send_fragment\fR must always be less than or equal to -\&\fBmax_send_fragment\fR. By default it is set to be equal to \fBmax_send_fragment\fR. -This will mean that the same number of records will always be created as would -have been created in the non-parallel case, although the data will be -apportioned differently. In the parallel case data will be spread equally -between the pipelines. -.PP -Read pipelining is controlled in a slightly different way than with write -pipelining. While reading we are constrained by the number of records that the -peer (and the network) can provide to us in one go. The more records we can get -in one go the more opportunity we have to parallelise the processing. As noted -above when setting \fBmax_pipelines\fR to a value greater than one, \fBread_ahead\fR -is automatically set. The \fBread_ahead\fR parameter causes OpenSSL to attempt to -read as much data into the read buffer as the network can provide and will fit -into the buffer. Without this set data is read into the read buffer one record -at a time. The more data that can be read, the more opportunity there is for -parallelising the processing at the cost of increased memory overhead per -connection. Setting \fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR -function (see \fBSSL_pending\fR\|(3)). -.PP -The \fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR -functions control the size of the read buffer that will be used. The \fBlen\fR -parameter sets the size of the buffer. The value will only be used if it is -greater than the default that would have been used anyway. The normal default -value depends on a number of factors but it will be at least -\&\s-1SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD\s0 (16704) bytes. -.PP -\&\fBSSL_CTX_set_tlsext_max_fragment_length()\fR sets the default maximum fragment -length negotiation mode via value \fBmode\fR to \fBctx\fR. -This setting affects only \s-1SSL\s0 instances created after this function is called. -It affects the client-side as only its side may initiate this extension use. -.PP -\&\fBSSL_set_tlsext_max_fragment_length()\fR sets the maximum fragment length -negotiation mode via value \fBmode\fR to \fBssl\fR. -This setting will be used during a handshake when extensions are exchanged -between client and server. -So it only affects \s-1SSL\s0 sessions created after this function is called. -It affects the client-side as only its side may initiate this extension use. -.PP -\&\fBSSL_SESSION_get_max_fragment_length()\fR gets the maximum fragment length -negotiated in \fBsession\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All non-void functions return 1 on success and 0 on failure. -.SH "NOTES" -.IX Header "NOTES" -The Maximum Fragment Length extension support is optional on the server side. -If the server does not support this extension then -\&\fBSSL_SESSION_get_max_fragment_length()\fR will return: -TLSEXT_max_fragment_length_DISABLED. -.PP -The following modes are available: -.IP "TLSEXT_max_fragment_length_DISABLED" 4 -.IX Item "TLSEXT_max_fragment_length_DISABLED" -Disables Maximum Fragment Length Negotiation (default). -.IP "TLSEXT_max_fragment_length_512" 4 -.IX Item "TLSEXT_max_fragment_length_512" -Sets Maximum Fragment Length to 512 bytes. -.IP "TLSEXT_max_fragment_length_1024" 4 -.IX Item "TLSEXT_max_fragment_length_1024" -Sets Maximum Fragment Length to 1024. -.IP "TLSEXT_max_fragment_length_2048" 4 -.IX Item "TLSEXT_max_fragment_length_2048" -Sets Maximum Fragment Length to 2048. -.IP "TLSEXT_max_fragment_length_4096" 4 -.IX Item "TLSEXT_max_fragment_length_4096" -Sets Maximum Fragment Length to 4096. -.PP -With the exception of \fBSSL_CTX_set_default_read_buffer_len()\fR -\&\fBSSL_set_default_read_buffer_len()\fR, \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, -\&\fBSSL_set_tlsext_max_fragment_length()\fR and \fBSSL_SESSION_get_max_fragment_length()\fR -all these functions are implemented using macros. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CTX_set_read_ahead\fR\|(3), \fBSSL_pending\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_CTX_set_max_pipelines()\fR, \fBSSL_set_max_pipelines()\fR, -\&\fBSSL_CTX_set_split_send_fragment()\fR, \fBSSL_set_split_send_fragment()\fR, -\&\fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR -functions were added in OpenSSL 1.1.0. -.PP -The \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, \fBSSL_set_tlsext_max_fragment_length()\fR -and \fBSSL_SESSION_get_max_fragment_length()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 deleted file mode 100644 index 44b993569654..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 +++ /dev/null @@ -1,193 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_SSL_VERSION 3" -.TH SSL_CTX_SET_SSL_VERSION 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method \&\- choose a new TLS/SSL method -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); -\& int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); -\& const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects -newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with -\&\fBSSL_new\fR\|(3) are not affected, except when -\&\fBSSL_clear\fR\|(3) is being called. -.PP -\&\fBSSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR -object. It may be reset, when \fBSSL_clear()\fR is called. -.PP -\&\fBSSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method -set in \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -The available \fBmethod\fR choices are described in -\&\fBSSL_CTX_new\fR\|(3). -.PP -When \fBSSL_clear\fR\|(3) is called and no session is connected to -an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently -set in the corresponding \s-1SSL_CTX\s0 object. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur for \fBSSL_CTX_set_ssl_version()\fR -and \fBSSL_set_ssl_method()\fR: -.IP "0" 4 -The new choice failed, check the error stack to find out the reason. -.IP "1" 4 -.IX Item "1" -The operation succeeded. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CTX_new\fR\|(3), \fBSSL_new\fR\|(3), -\&\fBSSL_clear\fR\|(3), \fBssl\fR\|(7), -\&\fBSSL_set_connect_state\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 deleted file mode 100644 index 24e74e8f4ee5..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_stateless_cookie_generate_cb.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3" -.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb \&\- Callback functions for stateless TLS1.3 cookies -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_stateless_cookie_generate_cb( -\& SSL_CTX *ctx, -\& int (*gen_stateless_cookie_cb) (SSL *ssl, -\& unsigned char *cookie, -\& size_t *cookie_len)); -\& void SSL_CTX_set_stateless_cookie_verify_cb( -\& SSL_CTX *ctx, -\& int (*verify_stateless_cookie_cb) (SSL *ssl, -\& const unsigned char *cookie, -\& size_t cookie_len)); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fBSSL_stateless\fR\|(3) -to generate the application-controlled portion of the cookie provided to clients -in the HelloRetryRequest transmitted as a response to a ClientHello with a -missing or invalid cookie. \fBgen_stateless_cookie_cb()\fR must write at most -\&\s-1SSL_COOKIE_LENGTH\s0 bytes into \fBcookie\fR, and must write the number of bytes -written to \fBcookie_len\fR. If a cookie cannot be generated, a zero return value -can be used to abort the handshake. -.PP -\&\fBSSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fBSSL_stateless\fR\|(3) to -determine whether the application-controlled portion of a ClientHello cookie is -valid. A nonzero return value from \fBapp_verify_cookie_cb()\fR communicates that the -cookie is valid. The integrity of the entire cookie, including the -application-controlled portion, is automatically verified by \s-1HMAC\s0 before -\&\fBverify_stateless_cookie_cb()\fR is called. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Neither function returns a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_stateless\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 b/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 deleted file mode 100644 index d570a55d44ef..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 +++ /dev/null @@ -1,199 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_TIMEOUT 3" -.TH SSL_CTX_SET_TIMEOUT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); -\& long SSL_CTX_get_timeout(SSL_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for -\&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. -.PP -\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. -.SH "NOTES" -.IX Header "NOTES" -Whenever a new session is created, it is assigned a maximum lifetime. This -lifetime is specified by storing the creation time of the session and the -timeout value valid at this time. If the actual time is later than creation -time plus timeout, the session is not reused. -.PP -Due to this realization, all sessions behave according to the timeout value -valid at the time of the session negotiation. Changes of the timeout value -do not affect already established sessions. -.PP -The expiration time of a single session can be modified using the -\&\fBSSL_SESSION_get_time\fR\|(3) family of functions. -.PP -Expired sessions are removed from the internal session cache, whenever -\&\fBSSL_CTX_flush_sessions\fR\|(3) is called, either -directly by the application or automatically (see -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) -.PP -The default value for session timeout is decided on a per protocol -basis, see \fBSSL_get_default_timeout\fR\|(3). -All currently supported protocols have the same default timeout value -of 300 seconds. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_timeout()\fR returns the previously set timeout value. -.PP -\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), -\&\fBSSL_SESSION_get_time\fR\|(3), -\&\fBSSL_CTX_flush_sessions\fR\|(3), -\&\fBSSL_get_default_timeout\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 deleted file mode 100644 index cd619b0f5a97..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_servername_callback.3 +++ /dev/null @@ -1,206 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3" -.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_get_servername_type, SSL_get_servername, SSL_set_tlsext_host_name \- handle server name indication (SNI) -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, -\& int (*cb)(SSL *, int *, void *)); -\& long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); -\& -\& const char *SSL_get_servername(const SSL *s, const int type); -\& int SSL_get_servername_type(const SSL *s); -\& -\& int SSL_set_tlsext_host_name(const SSL *s, const char *name); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The functionality provided by the servername callback is superseded by the -ClientHello callback, which can be set using \fBSSL_CTX_set_client_hello_cb()\fR. -The servername callback is retained for historical compatibility. -.PP -\&\fBSSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR -used by a server to perform any actions or configuration required based on -the servername extension received in the incoming connection. When \fBcb\fR -is \s-1NULL, SNI\s0 is not used. The \fBarg\fR value is a pointer which is passed to -the application callback. -.PP -\&\fBSSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be -passed into the callback for this \fB\s-1SSL_CTX\s0\fR. -.PP -\&\fBSSL_get_servername()\fR returns a servername extension value of the specified -type if provided in the Client Hello or \s-1NULL.\s0 -.PP -\&\fBSSL_get_servername_type()\fR returns the servername type or \-1 if no servername -is present. Currently the only supported type (defined in \s-1RFC3546\s0) is -\&\fBTLSEXT_NAMETYPE_host_name\fR. -.PP -\&\fBSSL_set_tlsext_host_name()\fR sets the server name indication ClientHello extension -to contain the value \fBname\fR. The type of server name indication extension is set -to \fBTLSEXT_NAMETYPE_host_name\fR (defined in \s-1RFC3546\s0). -.SH "NOTES" -.IX Header "NOTES" -Several callbacks are executed during ClientHello processing, including -the ClientHello, \s-1ALPN,\s0 and servername callbacks. The ClientHello callback is -executed first, then the servername callback, followed by the \s-1ALPN\s0 callback. -.PP -The \fBSSL_set_tlsext_host_name()\fR function should only be called on \s-1SSL\s0 objects -that will act as clients; otherwise the configured \fBname\fR will be ignored. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_tlsext_servername_callback()\fR and -\&\fBSSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success. -\&\fBSSL_set_tlsext_host_name()\fR returns 1 on success, 0 in case of error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_CTX_set_alpn_select_cb\fR\|(3), -\&\fBSSL_get0_alpn_selected\fR\|(3), \fBSSL_CTX_set_client_hello_cb\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 deleted file mode 100644 index 25053e2f88fe..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_status_cb.3 +++ /dev/null @@ -1,245 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3" -.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_tlsext_status_cb, SSL_CTX_get_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg, SSL_CTX_get_tlsext_status_arg, SSL_CTX_set_tlsext_status_type, SSL_CTX_get_tlsext_status_type, SSL_set_tlsext_status_type, SSL_get_tlsext_status_type, SSL_get_tlsext_status_ocsp_resp, SSL_set_tlsext_status_ocsp_resp \&\- OCSP Certificate Status Request functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *)); -\& long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *)); -\& -\& long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); -\& long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg); -\& -\& long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type); -\& long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx); -\& -\& long SSL_set_tlsext_status_type(SSL *s, int type); -\& long SSL_get_tlsext_status_type(SSL *s); -\& -\& long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp); -\& long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A client application may request that a server send back an \s-1OCSP\s0 status response -(also known as \s-1OCSP\s0 stapling). To do so the client should call the -\&\fBSSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any \s-1SSL\s0 -objects. Alternatively an application can call the \fBSSL_set_tlsext_status_type()\fR -function on an individual \s-1SSL\s0 object prior to the start of the handshake. -Currently the only supported type is \fBTLSEXT_STATUSTYPE_ocsp\fR. This value -should be passed in the \fBtype\fR argument. Calling -\&\fBSSL_CTX_get_tlsext_status_type()\fR will return the type \fBTLSEXT_STATUSTYPE_ocsp\fR -previously set via \fBSSL_CTX_set_tlsext_status_type()\fR or \-1 if not set. -.PP -The client should additionally provide a callback function to decide what to do -with the returned \s-1OCSP\s0 response by calling \fBSSL_CTX_set_tlsext_status_cb()\fR. The -callback function should determine whether the returned \s-1OCSP\s0 response is -acceptable or not. The callback will be passed as an argument the value -previously set via a call to \fBSSL_CTX_set_tlsext_status_arg()\fR. Note that the -callback will not be called in the event of a handshake where session resumption -occurs (because there are no Certificates exchanged in such a handshake). -The callback previously set via \fBSSL_CTX_set_tlsext_status_cb()\fR can be retrieved -by calling \fBSSL_CTX_get_tlsext_status_cb()\fR, and the argument by calling -\&\fBSSL_CTX_get_tlsext_status_arg()\fR. -.PP -On the client side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether -the client has previously called \fBSSL_set_tlsext_status_type()\fR. It will return -\&\fBTLSEXT_STATUSTYPE_ocsp\fR if it has been called or \-1 otherwise. On the server -side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether the client -requested \s-1OCSP\s0 stapling. If the client requested it then this function will -return \fBTLSEXT_STATUSTYPE_ocsp\fR, or \-1 otherwise. -.PP -The response returned by the server can be obtained via a call to -\&\fBSSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point -to the \s-1OCSP\s0 response data and the return value will be the length of that data. -Typically a callback would obtain an \s-1OCSP_RESPONSE\s0 object from this data via a -call to the \fBd2i_OCSP_RESPONSE()\fR function. If the server has not provided any -response data then \fB*resp\fR will be \s-1NULL\s0 and the return value from -\&\fBSSL_get_tlsext_status_ocsp_resp()\fR will be \-1. -.PP -A server application must also call the \fBSSL_CTX_set_tlsext_status_cb()\fR function -if it wants to be able to provide clients with \s-1OCSP\s0 Certificate Status -responses. Typically the server callback would obtain the server certificate -that is being sent back to the client via a call to \fBSSL_get_certificate()\fR; -obtain the \s-1OCSP\s0 response to be sent back; and then set that response data by -calling \fBSSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should -be provided in the \fBresp\fR argument, and the length of that data should be in -the \fBlen\fR argument. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The callback when used on the client side should return a negative value on -error; 0 if the response is not acceptable (in which case the handshake will -fail) or a positive value if it is acceptable. -.PP -The callback when used on the server side should return with either -\&\s-1SSL_TLSEXT_ERR_OK\s0 (meaning that the \s-1OCSP\s0 response that has been set should be -returned), \s-1SSL_TLSEXT_ERR_NOACK\s0 (meaning that an \s-1OCSP\s0 response should not be -returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 (meaning that a fatal error has -occurred). -.PP -\&\fBSSL_CTX_set_tlsext_status_cb()\fR, \fBSSL_CTX_set_tlsext_status_arg()\fR, -\&\fBSSL_CTX_set_tlsext_status_type()\fR, \fBSSL_set_tlsext_status_type()\fR and -\&\fBSSL_set_tlsext_status_ocsp_resp()\fR return 0 on error or 1 on success. -.PP -\&\fBSSL_CTX_get_tlsext_status_type()\fR returns the value previously set by -\&\fBSSL_CTX_set_tlsext_status_type()\fR, or \-1 if not set. -.PP -\&\fBSSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data -or \-1 if there is no \s-1OCSP\s0 response data. -.PP -\&\fBSSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client -side if \fBSSL_set_tlsext_status_type()\fR was previously called, or on the server -side if the client requested \s-1OCSP\s0 stapling. Otherwise \-1 is returned. -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_get_tlsext_status_type()\fR, \fBSSL_CTX_get_tlsext_status_type()\fR -and \fBSSL_CTX_set_tlsext_status_type()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 deleted file mode 100644 index d86500b0e4d7..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ /dev/null @@ -1,323 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3" -.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, -\& int (*cb)(SSL *s, unsigned char key_name[16], -\& unsigned char iv[EVP_MAX_IV_LENGTH], -\& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback function \fIcb\fR for handling -session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in -\&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server -implementation is not required to maintain per session state. It only applies -to \s-1TLS\s0 and there is no SSLv3 implementation. -.PP -The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0 -session when session ticket extension is presented in the \s-1TLS\s0 hello -message. It is the responsibility of this function to create or retrieve the -cryptographic parameters and to maintain their state. -.PP -The OpenSSL library uses your callback function to help implement a common \s-1TLS\s0 -ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session -state is unnecessary and a small set of cryptographic variables needs to be -maintained by the callback function implementation. -.PP -In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket -extension to the server. The client can only send exactly one session ticket. -The server, through the callback function, either agrees to reuse the session -ticket information or it starts a full \s-1TLS\s0 handshake to create a new session -ticket. -.PP -Before the callback function is started \fIctx\fR and \fIhctx\fR have been -initialised with \fBEVP_CIPHER_CTX_reset\fR\|(3) and \fBHMAC_CTX_reset\fR\|(3) respectively. -.PP -For new sessions tickets, when the client doesn't present a session ticket, or -an attempted retrieval of the ticket failed, or a renew option was indicated, -the callback function will be called with \fIenc\fR equal to 1. The OpenSSL -library expects that the function will set an arbitrary \fIname\fR, initialize -\&\fIiv\fR, and set the cipher context \fIctx\fR and the hash context \fIhctx\fR. -.PP -The \fIname\fR is 16 characters long and is used as a key identifier. -.PP -The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The -maximum \s-1IV\s0 length is \fB\s-1EVP_MAX_IV_LENGTH\s0\fR bytes defined in \fBevp.h\fR. -.PP -The initialization vector \fIiv\fR should be a random value. The cipher context -\&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be -set using \fBEVP_EncryptInit_ex\fR\|(3). The hmac context can be set using -\&\fBHMAC_Init_ex\fR\|(3). -.PP -When the client presents a session ticket, the callback function with be called -with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retrieve a set -of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out of -the session ticket. The OpenSSL library expects that the \fIname\fR will be used -to retrieve a cryptographic parameters and that the cryptographic context -\&\fIctx\fR will be set with the retrieved parameters and the initialization vector -\&\fIiv\fR. using a function like \fBEVP_DecryptInit_ex\fR\|(3). The \fIhctx\fR needs to be -set using \fBHMAC_Init_ex\fR\|(3). -.PP -If the \fIname\fR is still valid but a renewal of the ticket is required the -callback function should return 2. The library will call the callback again -with an argument of enc equal to 1 to set the new ticket. -.PP -The return value of the \fIcb\fR function is used by OpenSSL to determine what -further processing will occur. The following return values have meaning: -.IP "2" 4 -.IX Item "2" -This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can -continue on those parameters. Additionally it indicates that the session -ticket is in a renewal period and should be replaced. The OpenSSL library will -call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077 -3.3\s0 paragraph 2). -.IP "1" 4 -.IX Item "1" -This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can -continue on those parameters. -.IP "0" 4 -This indicates that it was not possible to set/retrieve a session ticket and -the \s-1SSL/TLS\s0 session will continue by negotiating a set of cryptographic -parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids. -.Sp -If called with enc equal to 0 the library will call the \fIcb\fR again to get -a new set of parameters. -.IP "less than 0" 4 -.IX Item "less than 0" -This indicates an error. -.SH "NOTES" -.IX Header "NOTES" -Session resumption shortcuts the \s-1TLS\s0 so that the client certificate -negotiation don't occur. It makes up for this by storing client certificate -an all other negotiated state information encrypted within the ticket. In a -resumed session the applications will have all this state information available -exactly as if a full negotiation had occurred. -.PP -If an attacker can obtain the key used to encrypt a session ticket, they can -obtain the master secret for any ticket using that key and decrypt any traffic -using that session: even if the cipher suite supports forward secrecy. As -a result applications may wish to use multiple keys and avoid using long term -keys stored in files. -.PP -Applications can use longer keys to maintain a consistent level of security. -For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key -the overall security is only 128 bits because breaking the ticket key will -enable an attacker to obtain the session keys. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -returns 0 to indicate the callback function was set. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Reference Implementation: -.PP -.Vb 2 -\& SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb); -\& ... -\& -\& static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], -\& unsigned char *iv, EVP_CIPHER_CTX *ctx, -\& HMAC_CTX *hctx, int enc) -\& { -\& if (enc) { /* create new session */ -\& if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) -\& return \-1; /* insufficient random */ -\& -\& key = currentkey(); /* something that you need to implement */ -\& if (key == NULL) { -\& /* current key doesn\*(Aqt exist or isn\*(Aqt valid */ -\& key = createkey(); /* -\& * Something that you need to implement. -\& * createkey needs to initialise a name, -\& * an aes_key, a hmac_key and optionally -\& * an expire time. -\& */ -\& if (key == NULL) /* key couldn\*(Aqt be created */ -\& return 0; -\& } -\& memcpy(key_name, key\->name, 16); -\& -\& EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); -\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); -\& -\& return 1; -\& -\& } else { /* retrieve session */ -\& key = findkey(name); -\& -\& if (key == NULL || key\->expire < now()) -\& return 0; -\& -\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); -\& EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); -\& -\& if (key\->expire < now() \- RENEW_TIME) { -\& /* -\& * return 2 \- This session will get a new ticket even though the -\& * current one is still valid. -\& */ -\& return 2; -\& } -\& return 1; -\& } -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), -\&\fBSSL_session_reused\fR\|(3), -\&\fBSSL_CTX_add_session\fR\|(3), -\&\fBSSL_CTX_sess_number\fR\|(3), -\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), -\&\fBSSL_CTX_set_session_id_context\fR\|(3), -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2014\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 deleted file mode 100644 index a7c747c01289..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tlsext_use_srtp.3 +++ /dev/null @@ -1,231 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3" -.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_tlsext_use_srtp, SSL_set_tlsext_use_srtp, SSL_get_srtp_profiles, SSL_get_selected_srtp_profile \&\- Configure and query SRTP support -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); -\& int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); -\& -\& STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); -\& SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1SRTP\s0 is the Secure Real-Time Transport Protocol. OpenSSL implements support for -the \*(L"use_srtp\*(R" \s-1DTLS\s0 extension defined in \s-1RFC5764.\s0 This provides a mechanism for -establishing \s-1SRTP\s0 keying material, algorithms and parameters using \s-1DTLS.\s0 This -capability may be used as part of an implementation that conforms to \s-1RFC5763.\s0 -OpenSSL does not implement \s-1SRTP\s0 itself or \s-1RFC5763.\s0 Note that OpenSSL does not -support the use of \s-1SRTP\s0 Master Key Identifiers (MKIs). Also note that this -extension is only supported in \s-1DTLS.\s0 Any \s-1SRTP\s0 configuration will be ignored if a -\&\s-1TLS\s0 connection is attempted. -.PP -An OpenSSL client wishing to send the \*(L"use_srtp\*(R" extension should call -\&\fBSSL_CTX_set_tlsext_use_srtp()\fR to set its use for all \s-1SSL\s0 objects subsequently -created from an \s-1SSL_CTX.\s0 Alternatively a client may call -\&\fBSSL_set_tlsext_use_srtp()\fR to set its use for an individual \s-1SSL\s0 object. The -\&\fBprofiles\fR parameters should point to a NUL-terminated, colon delimited list of -\&\s-1SRTP\s0 protection profile names. -.PP -The currently supported protection profile names are: -.IP "\s-1SRTP_AES128_CM_SHA1_80\s0" 4 -.IX Item "SRTP_AES128_CM_SHA1_80" -This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_80\s0 defined in \s-1RFC5764.\s0 -.IP "\s-1SRTP_AES128_CM_SHA1_32\s0" 4 -.IX Item "SRTP_AES128_CM_SHA1_32" -This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_32\s0 defined in \s-1RFC5764.\s0 -.IP "\s-1SRTP_AEAD_AES_128_GCM\s0" 4 -.IX Item "SRTP_AEAD_AES_128_GCM" -This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 -.IP "\s-1SRTP_AEAD_AES_256_GCM\s0" 4 -.IX Item "SRTP_AEAD_AES_256_GCM" -This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 -.PP -Supplying an unrecognised protection profile name will result in an error. -.PP -An OpenSSL server wishing to support the \*(L"use_srtp\*(R" extension should also call -\&\fBSSL_CTX_set_tlsext_use_srtp()\fR or \fBSSL_set_tlsext_use_srtp()\fR to indicate the -protection profiles that it is willing to negotiate. -.PP -The currently configured list of protection profiles for either a client or a -server can be obtained by calling \fBSSL_get_srtp_profiles()\fR. This returns a stack -of \s-1SRTP_PROTECTION_PROFILE\s0 objects. The memory pointed to in the return value of -this function should not be freed by the caller. -.PP -After a handshake has been completed the negotiated \s-1SRTP\s0 protection profile (if -any) can be obtained (on the client or the server) by calling -\&\fBSSL_get_selected_srtp_profile()\fR. This function will return \s-1NULL\s0 if no \s-1SRTP\s0 -protection profile was negotiated. The memory returned from this function should -not be freed by the caller. -.PP -If an \s-1SRTP\s0 protection profile has been successfully negotiated then the \s-1SRTP\s0 -keying material (on both the client and server) should be obtained via a call to -\&\fBSSL_export_keying_material\fR\|(3). This call should provide a label value of -\&\*(L"EXTRACTOR\-dtls_srtp\*(R" and a \s-1NULL\s0 context value (use_context is 0). The total -length of keying material obtained should be equal to two times the sum of the -master key length and the salt length as defined for the protection profile in -use. This provides the client write master key, the server write master key, the -client write master salt and the server write master salt in that order. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_tlsext_use_srtp()\fR and \fBSSL_set_tlsext_use_srtp()\fR return 0 on success -or 1 on error. -.PP -\&\fBSSL_get_srtp_profiles()\fR returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects on -success or \s-1NULL\s0 on error or if no protection profiles have been configured. -.PP -\&\fBSSL_get_selected_srtp_profile()\fR returns a pointer to an \s-1SRTP_PROTECTION_PROFILE\s0 -object if one has been negotiated or \s-1NULL\s0 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_export_keying_material\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 deleted file mode 100644 index ef6c569a920f..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 +++ /dev/null @@ -1,269 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3" -.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, -\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, -\& int keylength)); -\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); -\& -\& void SSL_set_tmp_dh_callback(SSL *ctx, -\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, -\& int keylength)); -\& long SSL_set_tmp_dh(SSL *ssl, DH *dh) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be -used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. -The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. -.PP -\&\fBSSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. -The key is inherited by all \fBssl\fR objects created from \fBctx\fR. -.PP -\&\fBSSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. -.PP -\&\fBSSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. -.PP -These functions apply to \s-1SSL/TLS\s0 servers only. -.SH "NOTES" -.IX Header "NOTES" -When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange -can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well. -In these cases, the session data are negotiated using the -ephemeral/temporary \s-1DH\s0 key and the key supplied and certified -by the certificate chain is only used for signing. -Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys. -.PP -Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection -can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary -\&\s-1DH\s0 key inside the server application that is lost when the application -is left, it becomes impossible for an attacker to decrypt past sessions, -even if he gets hold of the normal (certified) key, as this key was -only used for signing. -.PP -In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group -(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate -a new \s-1DH\s0 key during the negotiation. -.PP -As generating \s-1DH\s0 parameters is extremely time consuming, an application -should not generate the parameters on the fly but supply the parameters. -\&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during -the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker -may specialize on a very often used \s-1DH\s0 group. Applications should therefore -generate their own \s-1DH\s0 parameters during the installation process using the -openssl \fBdhparam\fR\|(1) application. This application -guarantees that \*(L"strong\*(R" primes are used. -.PP -Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current -version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, -which use safe primes and were generated verifiably pseudo-randomly. -These files can be converted into C code using the \fB\-C\fR option of the -\&\fBdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 -parameters during installation should still be preferred to stop an -attacker from specializing on a commonly used group. File dh1024.pem -contains old parameters that must not be used by applications. -.PP -An application may either directly specify the \s-1DH\s0 parameters or -can supply the \s-1DH\s0 parameters via a callback function. -.PP -Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR -parameters to control parameter generation for export and non-export -cipher suites. Modern servers that do not support export cipher suites -are advised to either use \fBSSL_CTX_set_tmp_dh()\fR or alternatively, use -the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply -supply at least 2048\-bit parameters in the callback. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_set_tmp_dh_callback()\fR and \fBSSL_set_tmp_dh_callback()\fR do not return -diagnostic output. -.PP -\&\fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do return 1 on success and 0 -on failure. Check the error queue to find out the reason of failure. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Setup \s-1DH\s0 parameters with a key length of 2048 bits. (Error handling -partly left out.) -.PP -Command-line parameter generation: -.PP -.Vb 1 -\& $ openssl dhparam \-out dh_param_2048.pem 2048 -.Ve -.PP -Code for setting up parameters during server initialization: -.PP -.Vb 1 -\& SSL_CTX ctx = SSL_CTX_new(); -\& -\& DH *dh_2048 = NULL; -\& FILE *paramfile = fopen("dh_param_2048.pem", "r"); -\& -\& if (paramfile) { -\& dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); -\& fclose(paramfile); -\& } else { -\& /* Error. */ -\& } -\& if (dh_2048 == NULL) -\& /* Error. */ -\& if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) -\& /* Error. */ -\& ... -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), -\&\fBSSL_CTX_set_options\fR\|(3), -\&\fBciphers\fR\|(1), \fBdhparam\fR\|(1) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 b/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 deleted file mode 100644 index 30a09f774873..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 +++ /dev/null @@ -1,472 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_SET_VERIFY 3" -.TH SSL_CTX_SET_VERIFY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_ex_data_X509_STORE_CTX_idx, SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth, SSL_verify_cb, SSL_verify_client_post_handshake, SSL_set_post_handshake_auth, SSL_CTX_set_post_handshake_auth \&\- set peer certificate verification parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); -\& -\& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback); -\& void SSL_set_verify(SSL *ssl, int mode, SSL_verify_cb verify_callback); -\& SSL_get_ex_data_X509_STORE_CTX_idx(void); -\& -\& void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); -\& void SSL_set_verify_depth(SSL *ssl, int depth); -\& -\& int SSL_verify_client_post_handshake(SSL *ssl); -\& void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); -\& void SSL_set_post_handshake_auth(SSL *ssl, int val); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and -specifies the \fBverify_callback\fR function to be used. If no callback function -shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. -.PP -\&\fBSSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and -specifies the \fBverify_callback\fR function to be used. If no callback function -shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In -this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If -no special \fBcallback\fR was set before, the default callback for the underlying -\&\fBctx\fR is used, that was valid at the time \fBssl\fR was created with -\&\fBSSL_new\fR\|(3). Within the callback function, -\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR can be called to get the data index -of the current \s-1SSL\s0 object that is doing the verification. -.PP -\&\fBSSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain -verification that shall be allowed for \fBctx\fR. -.PP -\&\fBSSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain -verification that shall be allowed for \fBssl\fR. -.PP -\&\fBSSL_CTX_set_post_handshake_auth()\fR and \fBSSL_set_post_handshake_auth()\fR enable the -Post-Handshake Authentication extension to be added to the ClientHello such that -post-handshake authentication can be requested by the server. If \fBval\fR is 0 -then the extension is not sent, otherwise it is. By default the extension is not -sent. A certificate callback will need to be set via -\&\fBSSL_CTX_set_client_cert_cb()\fR if no certificate is provided at initialization. -.PP -\&\fBSSL_verify_client_post_handshake()\fR causes a CertificateRequest message to be -sent by a server on the given \fBssl\fR connection. The \s-1SSL_VERIFY_PEER\s0 flag must -be set; the \s-1SSL_VERIFY_POST_HANDSHAKE\s0 flag is optional. -.SH "NOTES" -.IX Header "NOTES" -The verification of certificates can be controlled by a set of logically -or'ed \fBmode\fR flags: -.IP "\s-1SSL_VERIFY_NONE\s0" 4 -.IX Item "SSL_VERIFY_NONE" -\&\fBServer mode:\fR the server will not send a client certificate request to the -client, so the client will not send a certificate. -.Sp -\&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the -server will send a certificate which will be checked. The result of the -certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake -using the \fBSSL_get_verify_result\fR\|(3) function. -The handshake will be continued regardless of the verification result. -.IP "\s-1SSL_VERIFY_PEER\s0" 4 -.IX Item "SSL_VERIFY_PEER" -\&\fBServer mode:\fR the server sends a client certificate request to the client. -The certificate returned (if any) is checked. If the verification process -fails, the \s-1TLS/SSL\s0 handshake is -immediately terminated with an alert message containing the reason for -the verification failure. -The behaviour can be controlled by the additional -\&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_CLIENT_ONCE\s0 and -\&\s-1SSL_VERIFY_POST_HANDSHAKE\s0 flags. -.Sp -\&\fBClient mode:\fR the server certificate is verified. If the verification process -fails, the \s-1TLS/SSL\s0 handshake is -immediately terminated with an alert message containing the reason for -the verification failure. If no server certificate is sent, because an -anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. -.IP "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 -.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" -\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 -handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. -This flag must be used together with \s-1SSL_VERIFY_PEER.\s0 -.Sp -\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) -.IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 -.IX Item "SSL_VERIFY_CLIENT_ONCE" -\&\fBServer mode:\fR only request a client certificate once during the -connection. Do not ask for a client certificate again during -renegotiation or post-authentication if a certificate was requested -during the initial handshake. This flag must be used together with -\&\s-1SSL_VERIFY_PEER.\s0 -.Sp -\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) -.IP "\s-1SSL_VERIFY_POST_HANDSHAKE\s0" 4 -.IX Item "SSL_VERIFY_POST_HANDSHAKE" -\&\fBServer mode:\fR the server will not send a client certificate request -during the initial handshake, but will send the request via -\&\fBSSL_verify_client_post_handshake()\fR. This allows the \s-1SSL_CTX\s0 or \s-1SSL\s0 -to be configured for post-handshake peer verification before the -handshake occurs. This flag must be used together with -\&\s-1SSL_VERIFY_PEER.\s0 TLSv1.3 only; no effect on pre\-TLSv1.3 connections. -.Sp -\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) -.PP -If the \fBmode\fR is \s-1SSL_VERIFY_NONE\s0 none of the other flags may be set. -.PP -The actual verification procedure is performed either using the built-in -verification procedure or using another application provided verification -function set with -\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3). -The following descriptions apply in the case of the built-in procedure. An -application provided procedure also has access to the verify depth information -and the \fBverify_callback()\fR function, but the way this information is used -may be different. -.PP -\&\fBSSL_CTX_set_verify_depth()\fR and \fBSSL_set_verify_depth()\fR set a limit on the -number of certificates between the end-entity and trust-anchor certificates. -Neither the -end-entity nor the trust-anchor certificates count against \fBdepth\fR. If the -certificate chain needed to reach a trusted issuer is longer than \fBdepth+2\fR, -X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued. -The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", -\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum -depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the -trust-anchor). -The default depth limit is 100, -allowing for the peer certificate, at most 100 intermediate \s-1CA\s0 certificates and -a final trust anchor certificate. -.PP -The \fBverify_callback\fR function is used to control the behaviour when the -\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and -receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of -the certificate in question was passed (preverify_ok=1) or not -(preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used -for the certificate chain verification. -.PP -The certificate chain is checked starting with the deepest nesting level -(the root \s-1CA\s0 certificate) and worked upward to the peer's certificate. -At each level signatures and issuer attributes are checked. Whenever -a verification error is found, the error number is stored in \fBx509_ctx\fR -and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying -X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate -in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is -found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1 -before advancing to the next level. -.PP -The return value of \fBverify_callback\fR controls the strategy of the further -verification process. If \fBverify_callback\fR returns 0, the verification -process is immediately stopped with \*(L"verification failed\*(R" state. If -\&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and -the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, -the verification process is continued. If \fBverify_callback\fR always returns -1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification -failures and the connection will be established. The calling process can -however retrieve the error code of the last verification error using -\&\fBSSL_get_verify_result\fR\|(3) or by maintaining its -own error storage managed by \fBverify_callback\fR. -.PP -If no \fBverify_callback\fR is specified, the default callback will be used. -Its return value is identical to \fBpreverify_ok\fR, so that any verification -failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an -alert message, if \s-1SSL_VERIFY_PEER\s0 is set. -.PP -After calling \fBSSL_set_post_handshake_auth()\fR, the client will need to add a -certificate or certificate callback to its configuration before it can -successfully authenticate. This must be called before \fBSSL_connect()\fR. -.PP -\&\fBSSL_verify_client_post_handshake()\fR requires that verify flags have been -previously set, and that a client sent the post-handshake authentication -extension. When the client returns a certificate the verify callback will be -invoked. A write operation must take place for the Certificate Request to be -sent to the client, this can be done with \fBSSL_do_handshake()\fR or \fBSSL_write_ex()\fR. -Only one certificate request may be outstanding at any time. -.PP -When post-handshake authentication occurs, a refreshed NewSessionTicket -message is sent to the client. -.SH "BUGS" -.IX Header "BUGS" -In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag -is set, but whether any flags other than \s-1SSL_VERIFY_NONE\s0 are set. This can -lead to unexpected behaviour if \s-1SSL_VERIFY_PEER\s0 and other flags are not used as -required. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The SSL*_set_verify*() functions do not provide diagnostic information. -.PP -The \fBSSL_verify_client_post_handshake()\fR function returns 1 if the request -succeeded, and 0 if the request failed. The error stack can be examined -to determine the failure reason. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -The following code sequence realizes an example \fBverify_callback\fR function -that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification -failure, if wished. The callback realizes a verification depth limit with -more informational output. -.PP -All verification errors are printed; information about the certificate chain -is printed on request. -The example is realized for a server that does allow but not require client -certificates. -.PP -The example makes use of the ex_data technique to store application data -into/retrieve application data from the \s-1SSL\s0 structure -(see \fBCRYPTO_get_ex_new_index\fR\|(3), -\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). -.PP -.Vb 7 -\& ... -\& typedef struct { -\& int verbose_mode; -\& int verify_depth; -\& int always_continue; -\& } mydata_t; -\& int mydata_index; -\& -\& ... -\& static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) -\& { -\& char buf[256]; -\& X509 *err_cert; -\& int err, depth; -\& SSL *ssl; -\& mydata_t *mydata; -\& -\& err_cert = X509_STORE_CTX_get_current_cert(ctx); -\& err = X509_STORE_CTX_get_error(ctx); -\& depth = X509_STORE_CTX_get_error_depth(ctx); -\& -\& /* -\& * Retrieve the pointer to the SSL of the connection currently treated -\& * and the application specific data stored into the SSL object. -\& */ -\& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); -\& mydata = SSL_get_ex_data(ssl, mydata_index); -\& -\& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); -\& -\& /* -\& * Catch a too long certificate chain. The depth limit set using -\& * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so -\& * that whenever the "depth>verify_depth" condition is met, we -\& * have violated the limit and want to log this error condition. -\& * We must do it here, because the CHAIN_TOO_LONG error would not -\& * be found explicitly; only errors introduced by cutting off the -\& * additional certificates would be logged. -\& */ -\& if (depth > mydata\->verify_depth) { -\& preverify_ok = 0; -\& err = X509_V_ERR_CERT_CHAIN_TOO_LONG; -\& X509_STORE_CTX_set_error(ctx, err); -\& } -\& if (!preverify_ok) { -\& printf("verify error:num=%d:%s:depth=%d:%s\en", err, -\& X509_verify_cert_error_string(err), depth, buf); -\& } else if (mydata\->verbose_mode) { -\& printf("depth=%d:%s\en", depth, buf); -\& } -\& -\& /* -\& * At this point, err contains the last verification error. We can use -\& * it for something special -\& */ -\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { -\& X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256); -\& printf("issuer= %s\en", buf); -\& } -\& -\& if (mydata\->always_continue) -\& return 1; -\& else -\& return preverify_ok; -\& } -\& ... -\& -\& mydata_t mydata; -\& -\& ... -\& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); -\& -\& ... -\& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, -\& verify_callback); -\& -\& /* -\& * Let the verify_callback catch the verify_depth error so that we get -\& * an appropriate error in the logfile. -\& */ -\& SSL_CTX_set_verify_depth(verify_depth + 1); -\& -\& /* -\& * Set up the SSL specific data into "mydata" and store it into th SSL -\& * structure. -\& */ -\& mydata.verify_depth = verify_depth; ... -\& SSL_set_ex_data(ssl, mydata_index, &mydata); -\& -\& ... -\& SSL_accept(ssl); /* check of success left out for clarity */ -\& if (peer = SSL_get_peer_certificate(ssl)) { -\& if (SSL_get_verify_result(ssl) == X509_V_OK) { -\& /* The client sent a certificate which verified OK */ -\& } -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), -\&\fBSSL_CTX_get_verify_mode\fR\|(3), -\&\fBSSL_get_verify_result\fR\|(3), -\&\fBSSL_CTX_load_verify_locations\fR\|(3), -\&\fBSSL_get_peer_certificate\fR\|(3), -\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), -\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), -\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), -\&\fBCRYPTO_get_ex_new_index\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fBSSL_verify_client_post_handshake()\fR -and \fBSSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 b/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 deleted file mode 100644 index 2adc7071de39..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 +++ /dev/null @@ -1,324 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_USE_CERTIFICATE 3" -.TH SSL_CTX_USE_CERTIFICATE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, SSL_CTX_use_cert_and_key, SSL_use_cert_and_key \&\- load certificate and key data -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); -\& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); -\& int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); -\& int SSL_use_certificate(SSL *ssl, X509 *x); -\& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); -\& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); -\& -\& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); -\& int SSL_use_certificate_chain_file(SSL *ssl, const char *file); -\& -\& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); -\& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, -\& long len); -\& int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); -\& int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); -\& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); -\& int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); -\& int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); -\& int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len); -\& int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); -\& int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); -\& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); -\& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); -\& -\& int SSL_CTX_check_private_key(const SSL_CTX *ctx); -\& int SSL_check_private_key(const SSL *ssl); -\& -\& int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); -\& int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions load the certificates and private keys into the \s-1SSL_CTX\s0 -or \s-1SSL\s0 object, respectively. -.PP -The SSL_CTX_* class of functions loads the certificates and keys into the -\&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR -created from \fBctx\fR with \fBSSL_new\fR\|(3) by copying, so that -changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. -.PP -The SSL_* class of functions only loads certificates and keys into a -specific \s-1SSL\s0 object. The specific information is kept, when -\&\fBSSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. -.PP -\&\fBSSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, -\&\fBSSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the -certificates needed to form the complete certificate chain can be -specified using the -\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) -function. -.PP -\&\fBSSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from -the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, -\&\fBSSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. -.PP -\&\fBSSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR -into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified -from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 -\&\fBSSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. -See the \s-1NOTES\s0 section on why \fBSSL_CTX_use_certificate_chain_file()\fR -should be preferred. -.PP -\&\fBSSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from -\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must -be sorted starting with the subject's certificate (actual client or server -certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and -ending at the highest level (root) \s-1CA.\s0 \fBSSL_use_certificate_chain_file()\fR is -similar except it loads the certificate chain into \fBssl\fR. -.PP -\&\fBSSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. -\&\fBSSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 -to \fBctx\fR. \fBSSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; -\&\fBSSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. -If a certificate has already been set and the private does not belong -to the certificate an error is returned. To change a certificate, private -key pair the new certificate needs to be set with \fBSSL_use_certificate()\fR -or \fBSSL_CTX_use_certificate()\fR before setting the private key with -\&\fBSSL_CTX_use_PrivateKey()\fR or \fBSSL_use_PrivateKey()\fR. -.PP -\&\fBSSL_CTX_use_cert_and_key()\fR and \fBSSL_use_cert_and_key()\fR assign the X.509 -certificate \fBx\fR, private key \fBkey\fR, and certificate \fBchain\fR onto the -corresponding \fBssl\fR or \fBctx\fR. The \fBpkey\fR argument must be the private -key of the X.509 certificate \fBx\fR. If the \fBoverride\fR argument is 0, then -\&\fBx\fR, \fBpkey\fR and \fBchain\fR are set only if all were not previously set. -If \fBoverride\fR is non\-0, then the certificate, private key and chain certs -are always set. If \fBpkey\fR is \s-1NULL,\s0 then the public key of \fBx\fR is used as -the private key. This is intended to be used with hardware (via the \s-1ENGINE\s0 -interface) that stores the private key securely, such that it cannot be -accessed by OpenSSL. The reference count of the public key is incremented -(twice if there is no private key); it is not copied nor duplicated. This -allows all private key validations checks to succeed without an actual -private key being assigned via \fBSSL_CTX_use_PrivateKey()\fR, etc. -.PP -\&\fBSSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR -stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. -\&\fBSSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 -stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. -\&\fBSSL_use_PrivateKey_ASN1()\fR and \fBSSL_use_RSAPrivateKey_ASN1()\fR add the private -key to \fBssl\fR. -.PP -\&\fBSSL_CTX_use_PrivateKey_file()\fR adds the first private key found in -\&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the private key must be specified -from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 -\&\fBSSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in -\&\fBfile\fR to \fBctx\fR. \fBSSL_use_PrivateKey_file()\fR adds the first private key found -in \fBfile\fR to \fBssl\fR; \fBSSL_use_RSAPrivateKey_file()\fR adds the first private -\&\s-1RSA\s0 key found to \fBssl\fR. -.PP -\&\fBSSL_CTX_check_private_key()\fR checks the consistency of a private key with -the corresponding certificate loaded into \fBctx\fR. If more than one -key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will -be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 -key/certificate pair will be checked. \fBSSL_check_private_key()\fR performs -the same check for \fBssl\fR. If no key/certificate was explicitly added for -this \fBssl\fR, the last item added into \fBctx\fR will be checked. -.SH "NOTES" -.IX Header "NOTES" -The internal certificate store of OpenSSL can hold several private -key/certificate pairs at a time. The certificate used depends on the -cipher selected, see also \fBSSL_CTX_set_cipher_list\fR\|(3). -.PP -When reading certificates and private keys from file, files of type -\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain -one certificate or private key, consequently -\&\fBSSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. -Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. -.PP -\&\fBSSL_CTX_use_certificate_chain_file()\fR adds the first certificate found -in the file to the certificate store. The other certificates are added -to the store of chain certificates using \fBSSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single -certificate chain store for all certificate types, OpenSSL 1.0.2 and later -have a separate chain store for each type. \fBSSL_CTX_use_certificate_chain_file()\fR -should be used instead of the \fBSSL_CTX_use_certificate_file()\fR function in order -to allow the use of complete certificate chains even when no trusted \s-1CA\s0 -storage is used or when the \s-1CA\s0 issuing the certificate shall not be added to -the trusted \s-1CA\s0 storage. -.PP -If additional certificates are needed to complete the chain during the -\&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the -locations of trusted \s-1CA\s0 certificates, see -\&\fBSSL_CTX_load_verify_locations\fR\|(3). -.PP -The private keys loaded from file can be encrypted. In order to successfully -load encrypted keys, a function returning the passphrase must have been -supplied, see -\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3). -(Certificate files might be encrypted as well from the technical point -of view, it however does not make sense as the data in the certificate -is considered public anyway.) -.PP -All of the functions to set a new certificate will replace any existing -certificate of the same type that has already been set. Similarly all of the -functions to set a new private key will replace any private key that has already -been set. Applications should call \fBSSL_CTX_check_private_key\fR\|(3) or -\&\fBSSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and -private key to confirm that the certificate and key match. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -On success, the functions return 1. -Otherwise check out the error stack to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), -\&\fBSSL_CTX_load_verify_locations\fR\|(3), -\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3), -\&\fBSSL_CTX_set_cipher_list\fR\|(3), -\&\fBSSL_CTX_set_client_CA_list\fR\|(3), -\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), -\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 deleted file mode 100644 index eecfefa5774f..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_use_psk_identity_hint.3 +++ /dev/null @@ -1,269 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3" -.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint, SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback, SSL_CTX_set_psk_find_session_callback, SSL_set_psk_find_session_callback \&\- set PSK identity hint to use -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, -\& const unsigned char *identity, -\& size_t identity_len, -\& SSL_SESSION **sess); -\& -\& -\& void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, -\& SSL_psk_find_session_cb_func cb); -\& void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); -\& -\& typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, -\& const char *identity, -\& unsigned char *psk, -\& unsigned int max_psk_len); -\& -\& int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); -\& int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); -\& -\& void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); -\& void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A client application wishing to use TLSv1.3 PSKs should set a callback -using either \fBSSL_CTX_set_psk_use_session_callback()\fR or -\&\fBSSL_set_psk_use_session_callback()\fR as appropriate. -.PP -The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and -an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function -should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it -in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key, -the ciphersuite and the protocol version. See -\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) for details. -.PP -It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this -case no \s-1PSK\s0 will be used but the handshake will continue. To do this the -callback should return successfully and ensure that \fB*sess\fR is -\&\s-1NULL.\s0 -.PP -Identity hints are not relevant for TLSv1.3. A server application wishing to use -\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fBSSL_CTX_use_psk_identity_hint()\fR -to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context -object \fBctx\fR. \fBSSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 -identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is -\&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. -.PP -In the case where \s-1PSK\s0 identity hint is \fB\s-1NULL\s0\fR, the server does not send the -ServerKeyExchange message to the client. -.PP -A server application wishing to use PSKs for TLSv1.2 and below must provide a -callback function which is called when the server receives the -ClientKeyExchange message from the client. The purpose of the callback function -is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used -during the connection setup phase. The callback is set using the functions -\&\fBSSL_CTX_set_psk_server_callback()\fR or \fBSSL_set_psk_server_callback()\fR. The callback -function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 -identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of -length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored. -.PP -The callback for use in TLSv1.2 will also work in TLSv1.3 although it is -recommended to use \fBSSL_CTX_set_psk_find_session_callback()\fR -or \fBSSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has -been negotiated then OpenSSL will first check to see if a callback has been set -via \fBSSL_CTX_set_psk_find_session_callback()\fR or \fBSSL_set_psk_find_session_callback()\fR -and it will use that in preference. If no such callback is present then it will -check to see if a callback has been set via \fBSSL_CTX_set_psk_server_callback()\fR or -\&\fBSSL_set_psk_server_callback()\fR and use that. In this case the handshake digest -will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0 -.SH "NOTES" -.IX Header "NOTES" -A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption -has occurred so that \fBSSL_session_reused\fR\|(3) will return true. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fB\fBSSL_CTX_use_psk_identity_hint()\fB\fR and \fB\fBSSL_use_psk_identity_hint()\fB\fR return -1 on success, 0 otherwise. -.PP -Return values from the TLSv1.2 and below server callback are interpreted as -follows: -.IP "0" 4 -\&\s-1PSK\s0 identity was not found. An \*(L"unknown_psk_identity\*(R" alert message -will be sent and the connection setup fails. -.IP ">0" 4 -.IX Item ">0" -\&\s-1PSK\s0 identity was found and the server callback has provided the \s-1PSK\s0 -successfully in parameter \fBpsk\fR. Return value is the length of -\&\fBpsk\fR in bytes. It is an error to return a value greater than -\&\fBmax_psk_len\fR. -.Sp -If the \s-1PSK\s0 identity was not found but the callback instructs the -protocol to continue anyway, the callback must provide some random -data to \fBpsk\fR and return the length of the random data, so the -connection will fail with decryption_error before it will be finished -completely. -.PP -The \fBSSL_psk_find_session_cb_func\fR callback should return 1 on success or 0 on -failure. In the event of failure the connection setup fails. -.SH "NOTES" -.IX Header "NOTES" -There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or -below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: -.PP -\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output -in both versions, only limited analysis has been done. Implementations can -ensure safety from cross-protocol related output by not reusing PSKs between -\&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), -\&\fBSSL_set_psk_use_session_callback\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBSSL_CTX_set_psk_find_session_callback()\fR and \fBSSL_set_psk_find_session_callback()\fR -were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 b/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 deleted file mode 100644 index 6493233ed82f..000000000000 --- a/secure/lib/libcrypto/man/SSL_CTX_use_serverinfo.3 +++ /dev/null @@ -1,215 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CTX_USE_SERVERINFO 3" -.TH SSL_CTX_USE_SERVERINFO 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_CTX_use_serverinfo_ex, SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file \&\- use serverinfo extension -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, -\& const unsigned char *serverinfo, -\& size_t serverinfo_length); -\& -\& int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, -\& size_t serverinfo_length); -\& -\& int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 extensions into the \s-1SSL_CTX. A\s0 -\&\*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello -Extension. -.PP -\&\fBSSL_CTX_use_serverinfo_ex()\fR loads one or more serverinfo extensions from -a byte array into \fBctx\fR. The \fBversion\fR parameter specifies the format of the -byte array provided in \fB*serverinfo\fR which is of length \fBserverinfo_length\fR. -.PP -If \fBversion\fR is \fB\s-1SSL_SERVERINFOV2\s0\fR then the extensions in the array must -consist of a 4\-byte context, a 2\-byte Extension Type, a 2\-byte length, and then -length bytes of extension_data. The context and type values have the same -meaning as for \fBSSL_CTX_add_custom_ext\fR\|(3). If serverinfo is being loaded for -extensions to be added to a Certificate message, then the extension will only -be added for the first certificate in the message (which is always the -end-entity certificate). -.PP -If \fBversion\fR is \fB\s-1SSL_SERVERINFOV1\s0\fR then the extensions in the array must -consist of a 2\-byte Extension Type, a 2\-byte length, and then length bytes of -extension_data. The type value has the same meaning as for -\&\fBSSL_CTX_add_custom_ext\fR\|(3). The following default context value will be used -in this case: -.PP -.Vb 2 -\& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO -\& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION -.Ve -.PP -\&\fBSSL_CTX_use_serverinfo()\fR does the same thing as \fBSSL_CTX_use_serverinfo_ex()\fR -except that there is no \fBversion\fR parameter so a default version of -\&\s-1SSL_SERVERINFOV1\s0 is used instead. -.PP -\&\fBSSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from -\&\fBfile\fR into \fBctx\fR. The extensions must be in \s-1PEM\s0 format. Each extension -must be in a format as described above for \fBSSL_CTX_use_serverinfo_ex()\fR. Each -\&\s-1PEM\s0 extension name must begin with the phrase \*(L"\s-1BEGIN SERVERINFOV2 FOR \*(R"\s0 for -\&\s-1SSL_SERVERINFOV2\s0 data or \*(L"\s-1BEGIN SERVERINFO FOR \*(R"\s0 for \s-1SSL_SERVERINFOV1\s0 data. -.PP -If more than one certificate (\s-1RSA/DSA\s0) is installed using -\&\fBSSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the -last certificate installed. If e.g. the last item was a \s-1RSA\s0 certificate, the -loaded serverinfo extension data will be loaded for that certificate. To -use the serverinfo extension for multiple certificates, -\&\fBSSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR -each time a certificate is loaded via a call to \fBSSL_CTX_use_certificate()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -On success, the functions return 1. -On failure, the functions return 0. Check out the error stack to find out -the reason. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_free.3 b/secure/lib/libcrypto/man/SSL_SESSION_free.3 deleted file mode 100644 index 212ba5c9e78e..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_free.3 +++ /dev/null @@ -1,214 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_FREE 3" -.TH SSL_SESSION_FREE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_new, SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free \- create, free and manage SSL_SESSION structures -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& SSL_SESSION *SSL_SESSION_new(void); -\& SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); -\& int SSL_SESSION_up_ref(SSL_SESSION *ses); -\& void SSL_SESSION_free(SSL_SESSION *session); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to -it. -.PP -\&\fBSSL_SESSION_dup()\fR copies the contents of the \s-1SSL_SESSION\s0 structure in \fBsrc\fR -and returns a pointer to it. -.PP -\&\fBSSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0 -structure. -.PP -\&\fBSSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes -the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated -memory, if the reference count has reached 0. -If \fBsession\fR is \s-1NULL\s0 nothing is done. -.SH "NOTES" -.IX Header "NOTES" -\&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation -is successfully completed. Depending on the settings, see -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), -the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and -linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; -as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 -object at the same time. It is therefore crucial to keep the reference -count (usage information) correct and not delete a \s-1SSL_SESSION\s0 object -that is still used, as this may lead to program failures due to -dangling pointers. These failures may also appear delayed, e.g. -when an \s-1SSL_SESSION\s0 object was completely freed as the reference count -incorrectly became 0, but it is still referenced in the internal -session cache and the cache list is processed during a -\&\fBSSL_CTX_flush_sessions\fR\|(3) operation. -.PP -\&\fBSSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for -which the reference count was explicitly incremented (e.g. -by calling \fBSSL_get1_session()\fR, see \fBSSL_get_session\fR\|(3)) -or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake -operation, e.g. by using \fBd2i_SSL_SESSION\fR\|(3). -It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause -incorrect reference counts and therefore program failures. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -SSL_SESSION_new returns a pointer to the newly allocated \s-1SSL_SESSION\s0 structure -or \s-1NULL\s0 on error. -.PP -SSL_SESSION_up_ref returns 1 on success or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_get_session\fR\|(3), -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), -\&\fBSSL_CTX_flush_sessions\fR\|(3), -\&\fBd2i_SSL_SESSION\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_SESSION_dup()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 deleted file mode 100644 index 021eb8a99f04..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_get0_cipher.3 +++ /dev/null @@ -1,187 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_GET0_CIPHER 3" -.TH SSL_SESSION_GET0_CIPHER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_get0_cipher, SSL_SESSION_set_cipher \&\- set and retrieve the SSL cipher associated with a session -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); -\& int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_SESSION_get0_cipher()\fR retrieves the cipher that was used by the -connection when the session was created, or \s-1NULL\s0 if it cannot be determined. -.PP -The value returned is a pointer to an object maintained within \fBs\fR and -should not be released. -.PP -\&\fBSSL_SESSION_set_cipher()\fR can be used to set the ciphersuite associated with the -\&\s-1SSL_SESSION\s0 \fBs\fR to \fBcipher\fR. For example, this could be used to set up a -session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_get0_cipher()\fR returns the \s-1SSL_CIPHER\s0 associated with the \s-1SSL_SESSION\s0 -or \s-1NULL\s0 if it cannot be determined. -.PP -\&\fBSSL_SESSION_set_cipher()\fR returns 1 on success or 0 on failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBd2i_SSL_SESSION\fR\|(3), -\&\fBSSL_SESSION_get_time\fR\|(3), -\&\fBSSL_SESSION_get0_hostname\fR\|(3), -\&\fBSSL_SESSION_free\fR\|(3), -\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_SESSION_get0_cipher()\fR function was added in OpenSSL 1.1.0. -The \fBSSL_SESSION_set_cipher()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 deleted file mode 100644 index 81f3cf9f0adf..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_get0_hostname.3 +++ /dev/null @@ -1,201 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_GET0_HOSTNAME 3" -.TH SSL_SESSION_GET0_HOSTNAME 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_selected, SSL_SESSION_set1_alpn_selected \&\- get and set SNI and ALPN data associated with a session -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); -\& int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); -\& -\& void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, -\& const unsigned char **alpn, -\& size_t *len); -\& int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, -\& size_t len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_SESSION_get0_hostname()\fR retrieves the \s-1SNI\s0 value that was sent by the -client when the session was created, or \s-1NULL\s0 if no value was sent. -.PP -The value returned is a pointer to memory maintained within \fBs\fR and -should not be free'd. -.PP -\&\fBSSL_SESSION_set1_hostname()\fR sets the \s-1SNI\s0 value for the hostname to a copy of -the string provided in hostname. -.PP -\&\fBSSL_SESSION_get0_alpn_selected()\fR retrieves the selected \s-1ALPN\s0 protocol for this -session and its associated length in bytes. The returned value of \fB*alpn\fR is a -pointer to memory maintained within \fBs\fR and should not be free'd. -.PP -\&\fBSSL_SESSION_set1_alpn_selected()\fR sets the \s-1ALPN\s0 protocol for this session to the -value in \fBalpn\fR which should be of length \fBlen\fR bytes. A copy of the input -value is made, and the caller retains ownership of the memory pointed to by -\&\fBalpn\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_get0_hostname()\fR returns either a string or \s-1NULL\s0 based on if there -is the \s-1SNI\s0 value sent by client. -.PP -\&\fBSSL_SESSION_set1_hostname()\fR returns 1 on success or 0 on error. -.PP -\&\fBSSL_SESSION_set1_alpn_selected()\fR returns 1 on success or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBd2i_SSL_SESSION\fR\|(3), -\&\fBSSL_SESSION_get_time\fR\|(3), -\&\fBSSL_SESSION_free\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_SESSION_set1_hostname()\fR, \fBSSL_SESSION_get0_alpn_selected()\fR and -\&\fBSSL_SESSION_set1_alpn_selected()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 deleted file mode 100644 index 08e6b1e1a9a6..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_get0_id_context.3 +++ /dev/null @@ -1,185 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_GET0_ID_CONTEXT 3" -.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_get0_id_context, SSL_SESSION_set1_id_context \&\- get and set the SSL ID context associated with a session -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, -\& unsigned int *len) -\& int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, -\& unsigned int sid_ctx_len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -See \fBSSL_CTX_set_session_id_context\fR\|(3) for further details on session \s-1ID\s0 -contexts. -.PP -\&\fBSSL_SESSION_get0_id_context()\fR returns the \s-1ID\s0 context associated with -the \s-1SSL/TLS\s0 session \fBs\fR. The length of the \s-1ID\s0 context is written to -\&\fB*len\fR if \fBlen\fR is not \s-1NULL.\s0 -.PP -The value returned is a pointer to an object maintained within \fBs\fR and -should not be released. -.PP -\&\fBSSL_SESSION_set1_id_context()\fR takes a copy of the provided \s-1ID\s0 context given in -\&\fBsid_ctx\fR and associates it with the session \fBs\fR. The length of the \s-1ID\s0 context -is given by \fBsid_ctx_len\fR which must not exceed \s-1SSL_MAX_SID_CTX_LENGTH\s0 bytes. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_set1_id_context()\fR returns 1 on success or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_set_session_id_context\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_SESSION_get0_id_context()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 b/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 deleted file mode 100644 index 10492f60d8ef..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_get0_peer.3 +++ /dev/null @@ -1,169 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_GET0_PEER 3" -.TH SSL_SESSION_GET0_PEER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_get0_peer \&\- get details about peer's certificate for a session -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_SESSION_get0_peer()\fR returns the peer certificate associated with the session -\&\fBs\fR or \s-1NULL\s0 if no peer certificate is available. The caller should not free the -returned value (unless \fBX509_up_ref\fR\|(3) has also been called). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or \s-1NULL\s0 if -no peer certificate is available. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 deleted file mode 100644 index 7cfcd71fa3e0..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_compress_id.3 +++ /dev/null @@ -1,170 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_GET_COMPRESS_ID 3" -.TH SSL_SESSION_GET_COMPRESS_ID 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_get_compress_id \&\- get details about the compression associated with a session -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -If compression has been negotiated for an ssl session then -\&\fBSSL_SESSION_get_compress_id()\fR will return the id for the compression method or -0 otherwise. The only built-in supported compression method is zlib which has an -id of 1. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_get_compress_id()\fR returns the id of the compression method or 0 if -none. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 deleted file mode 100644 index b38fe75ba97e..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_data.3 +++ /dev/null @@ -1,177 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_GET_EX_DATA 3" -.TH SSL_SESSION_GET_EX_DATA 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \&\- get and set application specific data on a session -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); -\& void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_SESSION_set_ex_data()\fR enables an application to store arbitrary application -specific data \fBdata\fR in an \s-1SSL_SESSION\s0 structure \fBss\fR. The index \fBidx\fR should -be a value previously returned from a call to \fBCRYPTO_get_ex_new_index\fR\|(3). -.PP -\&\fBSSL_SESSION_get_ex_data()\fR retrieves application specific data previously stored -in an \s-1SSL_SESSION\s0 structure \fBs\fR. The \fBidx\fR value should be the same as that -used when originally storing the data. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_set_ex_data()\fR returns 1 for success or 0 for failure. -.PP -\&\fBSSL_SESSION_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on -failure. \s-1NULL\s0 may also be a valid value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBCRYPTO_get_ex_new_index\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 deleted file mode 100644 index d4affa087015..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_protocol_version.3 +++ /dev/null @@ -1,185 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3" -.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_get_protocol_version, SSL_SESSION_set_protocol_version \&\- get and set the session protocol version -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); -\& int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_SESSION_get_protocol_version()\fR returns the protocol version number used -by session \fBs\fR. -.PP -\&\fBSSL_SESSION_set_protocol_version()\fR sets the protocol version associated with the -\&\s-1SSL_SESSION\s0 object \fBs\fR to the value \fBversion\fR. This value should be a version -constant such as \fB\s-1TLS1_3_VERSION\s0\fR etc. For example, this could be used to set -up a session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_get_protocol_version()\fR returns a number indicating the protocol -version used for the session; this number matches the constants \fIe.g.\fR -\&\fB\s-1TLS1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR or \fB\s-1TLS1_3_VERSION\s0\fR. -.PP -Note that the \fBSSL_SESSION_get_protocol_version()\fR function -does \fBnot\fR perform a null check on the provided session \fBs\fR pointer. -.PP -\&\fBSSL_SESSION_set_protocol_version()\fR returns 1 on success or 0 on failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_SESSION_get_protocol_version()\fR function was added in OpenSSL 1.1.0. -The \fBSSL_SESSION_set_protocol_version()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 deleted file mode 100644 index 52234cc258f7..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 +++ /dev/null @@ -1,204 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_GET_TIME 3" -.TH SSL_SESSION_GET_TIME 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout, SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout \&\- retrieve and manipulate session time and timeout settings -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_SESSION_get_time(const SSL_SESSION *s); -\& long SSL_SESSION_set_time(SSL_SESSION *s, long tm); -\& long SSL_SESSION_get_timeout(const SSL_SESSION *s); -\& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); -\& -\& long SSL_get_time(const SSL_SESSION *s); -\& long SSL_set_time(SSL_SESSION *s, long tm); -\& long SSL_get_timeout(const SSL_SESSION *s); -\& long SSL_set_timeout(SSL_SESSION *s, long tm); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was -established. The time is given in seconds since the Epoch and therefore -compatible to the time delivered by the \fBtime()\fR call. -.PP -\&\fBSSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with -the chosen value \fBtm\fR. -.PP -\&\fBSSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR -in seconds. -.PP -\&\fBSSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds -to \fBtm\fR. -.PP -The \fBSSL_get_time()\fR, \fBSSL_set_time()\fR, \fBSSL_get_timeout()\fR, and \fBSSL_set_timeout()\fR -functions are synonyms for the SSL_SESSION_*() counterparts. -.SH "NOTES" -.IX Header "NOTES" -Sessions are expired by examining the creation time and the timeout value. -Both are set at creation time of the session to the actual time and the -default timeout value at creation, respectively, as set by -\&\fBSSL_CTX_set_timeout\fR\|(3). -Using these functions it is possible to extend or shorten the lifetime -of the session. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_get_time()\fR and \fBSSL_SESSION_get_timeout()\fR return the currently -valid values. -.PP -\&\fBSSL_SESSION_set_time()\fR and \fBSSL_SESSION_set_timeout()\fR return 1 on success. -.PP -If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, -0 is returned. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_set_timeout\fR\|(3), -\&\fBSSL_get_default_timeout\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 b/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 deleted file mode 100644 index 383cd2cdc568..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_has_ticket.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_HAS_TICKET 3" -.TH SSL_SESSION_HAS_TICKET 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_get0_ticket, SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint \&\- get details about the ticket associated with a session -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_SESSION_has_ticket(const SSL_SESSION *s); -\& unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); -\& void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, -\& size_t *len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_SESSION_has_ticket()\fR returns 1 if there is a Session Ticket associated with -this session, and 0 otherwise. -.PP -SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds -associated with the session ticket. -.PP -SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a -session. The length of the ticket is written to \fB*len\fR. If \fBtick\fR is non -\&\s-1NULL\s0 then a pointer to the ticket is written to \fB*tick\fR. The pointer is only -valid while the connection is in use. The session (and hence the ticket pointer) -may also become invalid as a result of a call to \fBSSL_CTX_flush_sessions()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_has_ticket()\fR returns 1 if session ticket exists or 0 otherwise. -.PP -\&\fBSSL_SESSION_get_ticket_lifetime_hint()\fR returns the number of seconds. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBd2i_SSL_SESSION\fR\|(3), -\&\fBSSL_SESSION_get_time\fR\|(3), -\&\fBSSL_SESSION_free\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_SESSION_has_ticket()\fR, \fBSSL_SESSION_get_ticket_lifetime_hint()\fR -and \fBSSL_SESSION_get0_ticket()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 b/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 deleted file mode 100644 index 59bcb792ce23..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_is_resumable.3 +++ /dev/null @@ -1,174 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_IS_RESUMABLE 3" -.TH SSL_SESSION_IS_RESUMABLE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_is_resumable \&\- determine whether an SSL_SESSION object can be used for resumption -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_SESSION_is_resumable(const SSL_SESSION *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_SESSION_is_resumable()\fR determines whether an \s-1SSL_SESSION\s0 object can be used -to resume a session or not. Returns 1 if it can or 0 if not. Note that -attempting to resume with a non-resumable session will result in a full -handshake. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_is_resumable()\fR returns 1 if the session is resumable or 0 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_get_session\fR\|(3), -\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_SESSION_is_resumable()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_print.3 b/secure/lib/libcrypto/man/SSL_SESSION_print.3 deleted file mode 100644 index ce1dc38f3083..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_print.3 +++ /dev/null @@ -1,176 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_PRINT 3" -.TH SSL_SESSION_PRINT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_print, SSL_SESSION_print_fp, SSL_SESSION_print_keylog \&\- printf information about a session -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); -\& int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); -\& int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_SESSION_print()\fR prints summary information about the session provided in -\&\fBses\fR to the \s-1BIO\s0 \fBfp\fR. -.PP -\&\fBSSL_SESSION_print_fp()\fR does the same as \fBSSL_SESSION_print()\fR except it prints it -to the \s-1FILE\s0 \fBfp\fR. -.PP -\&\fBSSL_SESSION_print_keylog()\fR prints session information to the provided \s-1BIO\s0 -in \s-1NSS\s0 keylog format. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_print()\fR, \fBSSL_SESSION_print_fp()\fR and SSL_SESSION_print_keylog return -1 on success or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 b/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 deleted file mode 100644 index dd1f1f758e74..000000000000 --- a/secure/lib/libcrypto/man/SSL_SESSION_set1_id.3 +++ /dev/null @@ -1,179 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_SET1_ID 3" -.TH SSL_SESSION_SET1_ID 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_SESSION_get_id, SSL_SESSION_set1_id \&\- get and set the SSL session ID -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, -\& unsigned int *len) -\& int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, -\& unsigned int sid_len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_SESSION_get_id()\fR returns a pointer to the internal session id value for the -session \fBs\fR. The length of the id in bytes is stored in \fB*len\fR. The length may -be 0. The caller should not free the returned pointer directly. -.PP -\&\fBSSL_SESSION_set1_id()\fR sets the session \s-1ID\s0 for the \fBssl\fR \s-1SSL/TLS\s0 session -to \fBsid\fR of length \fBsid_len\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_get_id()\fR returns a pointer to the session id value. -\&\fBSSL_SESSION_set1_id()\fR returns 1 for success and 0 for failure, for example -if the supplied session \s-1ID\s0 length exceeds \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_SESSION_set1_id()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_accept.3 b/secure/lib/libcrypto/man/SSL_accept.3 deleted file mode 100644 index bd49f996741b..000000000000 --- a/secure/lib/libcrypto/man/SSL_accept.3 +++ /dev/null @@ -1,205 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_ACCEPT 3" -.TH SSL_ACCEPT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_accept(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. -The communication channel must already have been set and assigned to the -\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. -.SH "NOTES" -.IX Header "NOTES" -The behaviour of \fBSSL_accept()\fR depends on the underlying \s-1BIO.\s0 -.PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_accept()\fR will only return once the -handshake has been finished or an error occurred. -.PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_accept()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_accept()\fR -to continue the handshake, indicating the problem by the return value \-1. -In this case a call to \fBSSL_get_error()\fR with the -return value of \fBSSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fBSSL_accept()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, -nothing is to be done, but \fBselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "0" 4 -The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the -return value \fBret\fR to find out the reason. -.IP "1" 4 -.IX Item "1" -The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been -established. -.IP "<0" 4 -.IX Item "<0" -The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either -at the protocol level or a connection failure occurred. The shutdown was -not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR -to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), -\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), -\&\fBSSL_set_connect_state\fR\|(3), -\&\fBSSL_do_handshake\fR\|(3), -\&\fBSSL_CTX_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_alert_type_string.3 b/secure/lib/libcrypto/man/SSL_alert_type_string.3 deleted file mode 100644 index cfb15a0b84ed..000000000000 --- a/secure/lib/libcrypto/man/SSL_alert_type_string.3 +++ /dev/null @@ -1,369 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_ALERT_TYPE_STRING 3" -.TH SSL_ALERT_TYPE_STRING 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const char *SSL_alert_type_string(int value); -\& const char *SSL_alert_type_string_long(int value); -\& -\& const char *SSL_alert_desc_string(int value); -\& const char *SSL_alert_desc_string_long(int value); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_alert_type_string()\fR returns a one letter string indicating the -type of the alert specified by \fBvalue\fR. -.PP -\&\fBSSL_alert_type_string_long()\fR returns a string indicating the type of the alert -specified by \fBvalue\fR. -.PP -\&\fBSSL_alert_desc_string()\fR returns a two letter string as a short form -describing the reason of the alert specified by \fBvalue\fR. -.PP -\&\fBSSL_alert_desc_string_long()\fR returns a string describing the reason -of the alert specified by \fBvalue\fR. -.SH "NOTES" -.IX Header "NOTES" -When one side of an \s-1SSL/TLS\s0 communication wants to inform the peer about -a special situation, it sends an alert. The alert is sent as a special message -and does not influence the normal data stream (unless its contents results -in the communication being canceled). -.PP -A warning alert is sent, when a non-fatal error condition occurs. The -\&\*(L"close notify\*(R" alert is sent as a warning alert. Other examples for -non-fatal errors are certificate errors (\*(L"certificate expired\*(R", -\&\*(L"unsupported certificate\*(R"), for which a warning alert may be sent. -(The sending party may however decide to send a fatal error.) The -receiving side may cancel the connection on reception of a warning -alert on it discretion. -.PP -Several alert messages must be sent as fatal alert messages as specified -by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following strings can occur for \fBSSL_alert_type_string()\fR or -\&\fBSSL_alert_type_string_long()\fR: -.ie n .IP """W""/""warning""" 4 -.el .IP "``W''/``warning''" 4 -.IX Item "W/warning" -.PD 0 -.ie n .IP """F""/""fatal""" 4 -.el .IP "``F''/``fatal''" 4 -.IX Item "F/fatal" -.ie n .IP """U""/""unknown""" 4 -.el .IP "``U''/``unknown''" 4 -.IX Item "U/unknown" -.PD -This indicates that no support is available for this alert type. -Probably \fBvalue\fR does not contain a correct alert message. -.PP -The following strings can occur for \fBSSL_alert_desc_string()\fR or -\&\fBSSL_alert_desc_string_long()\fR: -.ie n .IP """\s-1CN""/\s0""close notify""" 4 -.el .IP "``\s-1CN''/\s0``close notify''" 4 -.IX Item "CN/close notify" -The connection shall be closed. This is a warning alert. -.ie n .IP """\s-1UM""/\s0""unexpected message""" 4 -.el .IP "``\s-1UM''/\s0``unexpected message''" 4 -.IX Item "UM/unexpected message" -An inappropriate message was received. This alert is always fatal -and should never be observed in communication between proper -implementations. -.ie n .IP """\s-1BM""/\s0""bad record mac""" 4 -.el .IP "``\s-1BM''/\s0``bad record mac''" 4 -.IX Item "BM/bad record mac" -This alert is returned if a record is received with an incorrect -\&\s-1MAC.\s0 This message is always fatal. -.ie n .IP """\s-1DF""/\s0""decompression failure""" 4 -.el .IP "``\s-1DF''/\s0``decompression failure''" 4 -.IX Item "DF/decompression failure" -The decompression function received improper input (e.g. data -that would expand to excessive length). This message is always -fatal. -.ie n .IP """\s-1HF""/\s0""handshake failure""" 4 -.el .IP "``\s-1HF''/\s0``handshake failure''" 4 -.IX Item "HF/handshake failure" -Reception of a handshake_failure alert message indicates that the -sender was unable to negotiate an acceptable set of security -parameters given the options available. This is a fatal error. -.ie n .IP """\s-1NC""/\s0""no certificate""" 4 -.el .IP "``\s-1NC''/\s0``no certificate''" 4 -.IX Item "NC/no certificate" -A client, that was asked to send a certificate, does not send a certificate -(SSLv3 only). -.ie n .IP """\s-1BC""/\s0""bad certificate""" 4 -.el .IP "``\s-1BC''/\s0``bad certificate''" 4 -.IX Item "BC/bad certificate" -A certificate was corrupt, contained signatures that did not -verify correctly, etc -.ie n .IP """\s-1UC""/\s0""unsupported certificate""" 4 -.el .IP "``\s-1UC''/\s0``unsupported certificate''" 4 -.IX Item "UC/unsupported certificate" -A certificate was of an unsupported type. -.ie n .IP """\s-1CR""/\s0""certificate revoked""" 4 -.el .IP "``\s-1CR''/\s0``certificate revoked''" 4 -.IX Item "CR/certificate revoked" -A certificate was revoked by its signer. -.ie n .IP """\s-1CE""/\s0""certificate expired""" 4 -.el .IP "``\s-1CE''/\s0``certificate expired''" 4 -.IX Item "CE/certificate expired" -A certificate has expired or is not currently valid. -.ie n .IP """\s-1CU""/\s0""certificate unknown""" 4 -.el .IP "``\s-1CU''/\s0``certificate unknown''" 4 -.IX Item "CU/certificate unknown" -Some other (unspecified) issue arose in processing the -certificate, rendering it unacceptable. -.ie n .IP """\s-1IP""/\s0""illegal parameter""" 4 -.el .IP "``\s-1IP''/\s0``illegal parameter''" 4 -.IX Item "IP/illegal parameter" -A field in the handshake was out of range or inconsistent with -other fields. This is always fatal. -.ie n .IP """\s-1DC""/\s0""decryption failed""" 4 -.el .IP "``\s-1DC''/\s0``decryption failed''" 4 -.IX Item "DC/decryption failed" -A TLSCiphertext decrypted in an invalid way: either it wasn't an -even multiple of the block length or its padding values, when -checked, weren't correct. This message is always fatal. -.ie n .IP """\s-1RO""/\s0""record overflow""" 4 -.el .IP "``\s-1RO''/\s0``record overflow''" 4 -.IX Item "RO/record overflow" -A TLSCiphertext record was received which had a length more than -2^14+2048 bytes, or a record decrypted to a TLSCompressed record -with more than 2^14+1024 bytes. This message is always fatal. -.ie n .IP """\s-1CA""/\s0""unknown \s-1CA""\s0" 4 -.el .IP "``\s-1CA''/\s0``unknown \s-1CA''\s0" 4 -.IX Item "CA/unknown CA" -A valid certificate chain or partial chain was received, but the -certificate was not accepted because the \s-1CA\s0 certificate could not -be located or couldn't be matched with a known, trusted \s-1CA.\s0 This -message is always fatal. -.ie n .IP """\s-1AD""/\s0""access denied""" 4 -.el .IP "``\s-1AD''/\s0``access denied''" 4 -.IX Item "AD/access denied" -A valid certificate was received, but when access control was -applied, the sender decided not to proceed with negotiation. -This message is always fatal. -.ie n .IP """\s-1DE""/\s0""decode error""" 4 -.el .IP "``\s-1DE''/\s0``decode error''" 4 -.IX Item "DE/decode error" -A message could not be decoded because some field was out of the -specified range or the length of the message was incorrect. This -message is always fatal. -.ie n .IP """\s-1CY""/\s0""decrypt error""" 4 -.el .IP "``\s-1CY''/\s0``decrypt error''" 4 -.IX Item "CY/decrypt error" -A handshake cryptographic operation failed, including being -unable to correctly verify a signature, decrypt a key exchange, -or validate a finished message. -.ie n .IP """\s-1ER""/\s0""export restriction""" 4 -.el .IP "``\s-1ER''/\s0``export restriction''" 4 -.IX Item "ER/export restriction" -A negotiation not in compliance with export restrictions was -detected; for example, attempting to transfer a 1024 bit -ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This -message is always fatal. -.ie n .IP """\s-1PV""/\s0""protocol version""" 4 -.el .IP "``\s-1PV''/\s0``protocol version''" 4 -.IX Item "PV/protocol version" -The protocol version the client has attempted to negotiate is -recognized, but not supported. (For example, old protocol -versions might be avoided for security reasons). This message is -always fatal. -.ie n .IP """\s-1IS""/\s0""insufficient security""" 4 -.el .IP "``\s-1IS''/\s0``insufficient security''" 4 -.IX Item "IS/insufficient security" -Returned instead of handshake_failure when a negotiation has -failed specifically because the server requires ciphers more -secure than those supported by the client. This message is always -fatal. -.ie n .IP """\s-1IE""/\s0""internal error""" 4 -.el .IP "``\s-1IE''/\s0``internal error''" 4 -.IX Item "IE/internal error" -An internal error unrelated to the peer or the correctness of the -protocol makes it impossible to continue (such as a memory -allocation failure). This message is always fatal. -.ie n .IP """\s-1US""/\s0""user canceled""" 4 -.el .IP "``\s-1US''/\s0``user canceled''" 4 -.IX Item "US/user canceled" -This handshake is being canceled for some reason unrelated to a -protocol failure. If the user cancels an operation after the -handshake is complete, just closing the connection by sending a -close_notify is more appropriate. This alert should be followed -by a close_notify. This message is generally a warning. -.ie n .IP """\s-1NR""/\s0""no renegotiation""" 4 -.el .IP "``\s-1NR''/\s0``no renegotiation''" 4 -.IX Item "NR/no renegotiation" -Sent by the client in response to a hello request or by the -server in response to a client hello after initial handshaking. -Either of these would normally lead to renegotiation; when that -is not appropriate, the recipient should respond with this alert; -at that point, the original requester can decide whether to -proceed with the connection. One case where this would be -appropriate would be where a server has spawned a process to -satisfy a request; the process might receive security parameters -(key length, authentication, etc.) at startup and it might be -difficult to communicate changes to these parameters after that -point. This message is always a warning. -.ie n .IP """\s-1UP""/\s0""unknown \s-1PSK\s0 identity""" 4 -.el .IP "``\s-1UP''/\s0``unknown \s-1PSK\s0 identity''" 4 -.IX Item "UP/unknown PSK identity" -Sent by the server to indicate that it does not recognize a \s-1PSK\s0 -identity or an \s-1SRP\s0 identity. -.ie n .IP """\s-1UK""/\s0""unknown""" 4 -.el .IP "``\s-1UK''/\s0``unknown''" 4 -.IX Item "UK/unknown" -This indicates that no description is available for this alert type. -Probably \fBvalue\fR does not contain a correct alert message. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_alloc_buffers.3 b/secure/lib/libcrypto/man/SSL_alloc_buffers.3 deleted file mode 100644 index 7846926ec896..000000000000 --- a/secure/lib/libcrypto/man/SSL_alloc_buffers.3 +++ /dev/null @@ -1,193 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_ALLOC_BUFFERS 3" -.TH SSL_ALLOC_BUFFERS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_free_buffers, SSL_alloc_buffers \- manage SSL structure buffers -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_free_buffers(SSL *ssl); -\& int SSL_alloc_buffers(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_free_buffers()\fR frees the read and write buffers of the given \fBssl\fR. -\&\fBSSL_alloc_buffers()\fR allocates the read and write buffers of the given \fBssl\fR. -.PP -The \fB\s-1SSL_MODE_RELEASE_BUFFERS\s0\fR mode releases read or write buffers whenever -the buffers have been drained. These functions allow applications to manually -control when buffers are freed and allocated. -.PP -After freeing the buffers, the buffers are automatically reallocated upon a -new read or write. The \fBSSL_alloc_buffers()\fR does not need to be called, but -can be used to make sure the buffers are pre-allocated. This can be used to -avoid allocation during data processing or with \fBCRYPTO_set_mem_functions()\fR -to control where and how buffers are allocated. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "0 (Failure)" 4 -.IX Item "0 (Failure)" -The \fBSSL_free_buffers()\fR function returns 0 when there is pending data to be -read or written. The \fBSSL_alloc_buffers()\fR function returns 0 when there is -an allocation failure. -.IP "1 (Success)" 4 -.IX Item "1 (Success)" -The \fBSSL_free_buffers()\fR function returns 1 if the buffers have been freed. This -value is also returned if the buffers had been freed before calling -\&\fBSSL_free_buffers()\fR. -The \fBSSL_alloc_buffers()\fR function returns 1 if the buffers have been allocated. -This value is also returned if the buffers had been allocated before calling -\&\fBSSL_alloc_buffers()\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), -\&\fBSSL_new\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3), -CRYPTO_set_mem_functions -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_check_chain.3 b/secure/lib/libcrypto/man/SSL_check_chain.3 deleted file mode 100644 index 96fa735735d4..000000000000 --- a/secure/lib/libcrypto/man/SSL_check_chain.3 +++ /dev/null @@ -1,225 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CHECK_CHAIN 3" -.TH SSL_CHECK_CHAIN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_check_chain \- check certificate chain suitability -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and -certificate chain \fBchain\fR is suitable for use with the current session -\&\fBs\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_check_chain()\fR returns a bitmap of flags indicating the validity of the -chain. -.PP -\&\fB\s-1CERT_PKEY_VALID\s0\fR: the chain can be used with the current session. -If this flag is \fBnot\fR set then the certificate will never be used even -if the application tries to set it because it is inconsistent with the -peer preferences. -.PP -\&\fB\s-1CERT_PKEY_SIGN\s0\fR: the \s-1EE\s0 key can be used for signing. -.PP -\&\fB\s-1CERT_PKEY_EE_SIGNATURE\s0\fR: the signature algorithm of the \s-1EE\s0 certificate is -acceptable. -.PP -\&\fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR: the signature algorithms of all \s-1CA\s0 certificates -are acceptable. -.PP -\&\fB\s-1CERT_PKEY_EE_PARAM\s0\fR: the parameters of the end entity certificate are -acceptable (e.g. it is a supported curve). -.PP -\&\fB\s-1CERT_PKEY_CA_PARAM\s0\fR: the parameters of all \s-1CA\s0 certificates are acceptable. -.PP -\&\fB\s-1CERT_PKEY_EXPLICIT_SIGN\s0\fR: the end entity certificate algorithm -can be used explicitly for signing (i.e. it is mentioned in the signature -algorithms extension). -.PP -\&\fB\s-1CERT_PKEY_ISSUER_NAME\s0\fR: the issuer name is acceptable. This is only -meaningful for client authentication. -.PP -\&\fB\s-1CERT_PKEY_CERT_TYPE\s0\fR: the certificate type is acceptable. Only meaningful -for client authentication. -.PP -\&\fB\s-1CERT_PKEY_SUITEB\s0\fR: chain is suitable for Suite B use. -.SH "NOTES" -.IX Header "NOTES" -\&\fBSSL_check_chain()\fR must be called in servers after a client hello message or in -clients after a certificate request message. It will typically be called -in the certificate callback. -.PP -An application wishing to support multiple certificate chains may call this -function on each chain in turn: starting with the one it considers the -most secure. It could then use the chain of the first set which returns -suitable flags. -.PP -As a minimum the flag \fB\s-1CERT_PKEY_VALID\s0\fR must be set for a chain to be -usable. An application supporting multiple chains with different \s-1CA\s0 signature -algorithms may also wish to check \fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR too. If no -chain is suitable a server should fall back to the most secure chain which -sets \fB\s-1CERT_PKEY_VALID\s0\fR. -.PP -The validity of a chain is determined by checking if it matches a supported -signature algorithm, supported curves and in the case of client authentication -certificate types and issuer names. -.PP -Since the supported signature algorithms extension is only used in \s-1TLS 1.2, -TLS 1.3\s0 and \s-1DTLS 1.2\s0 the results for earlier versions of \s-1TLS\s0 and \s-1DTLS\s0 may not -be very useful. Applications may wish to specify a different \*(L"legacy\*(R" chain -for earlier versions of \s-1TLS\s0 or \s-1DTLS.\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CTX_set_cert_cb\fR\|(3), -\&\fBssl\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_clear.3 b/secure/lib/libcrypto/man/SSL_clear.3 deleted file mode 100644 index 50dd9bf0b090..000000000000 --- a/secure/lib/libcrypto/man/SSL_clear.3 +++ /dev/null @@ -1,208 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CLEAR 3" -.TH SSL_CLEAR 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_clear \- reset SSL object to allow another connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_clear(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Reset \fBssl\fR to allow another connection. All settings (method, ciphers, -BIOs) are kept. -.SH "NOTES" -.IX Header "NOTES" -SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all -settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. -If a session is still \fBopen\fR, it is considered bad and will be removed -from the session cache, as required by \s-1RFC2246. A\s0 session is considered open, -if \fBSSL_shutdown\fR\|(3) was not called for the connection -or at least \fBSSL_set_shutdown\fR\|(3) was used to -set the \s-1SSL_SENT_SHUTDOWN\s0 state. -.PP -If a session was closed cleanly, the session object will be kept and all -settings corresponding. This explicitly means, that e.g. the special method -used during the session will be kept for the next handshake. So if the -session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client -method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 -server method, even if TLS_*_methods were chosen on startup. This -will might lead to connection failures (see \fBSSL_new\fR\|(3)) -for a description of the method's properties. -.SH "WARNINGS" -.IX Header "WARNINGS" -\&\fBSSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The -reset operation however keeps several settings of the last sessions -(some of these settings were made automatically during the last -handshake). It only makes sense for a new connection with the exact -same peer that shares these settings, and may fail if that peer -changes its settings between connections. Use the sequence -\&\fBSSL_get_session\fR\|(3); -\&\fBSSL_new\fR\|(3); -\&\fBSSL_set_session\fR\|(3); -\&\fBSSL_free\fR\|(3) -instead to avoid such failures -(or simply \fBSSL_free\fR\|(3); \fBSSL_new\fR\|(3) -if session reuse is not desired). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "0" 4 -The \fBSSL_clear()\fR operation could not be performed. Check the error stack to -find out the reason. -.IP "1" 4 -.IX Item "1" -The \fBSSL_clear()\fR operation was successful. -.PP -\&\fBSSL_new\fR\|(3), \fBSSL_free\fR\|(3), -\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), -\&\fBSSL_CTX_set_options\fR\|(3), \fBssl\fR\|(7), -\&\fBSSL_CTX_set_client_cert_cb\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_connect.3 b/secure/lib/libcrypto/man/SSL_connect.3 deleted file mode 100644 index 3cf6cb35c962..000000000000 --- a/secure/lib/libcrypto/man/SSL_connect.3 +++ /dev/null @@ -1,220 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_CONNECT 3" -.TH SSL_CONNECT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_connect(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication -channel must already have been set and assigned to the \fBssl\fR by setting an -underlying \fB\s-1BIO\s0\fR. -.SH "NOTES" -.IX Header "NOTES" -The behaviour of \fBSSL_connect()\fR depends on the underlying \s-1BIO.\s0 -.PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_connect()\fR will only return once the -handshake has been finished or an error occurred. -.PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_connect()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_connect()\fR -to continue the handshake, indicating the problem by the return value \-1. -In this case a call to \fBSSL_get_error()\fR with the -return value of \fBSSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fBSSL_connect()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, -nothing is to be done, but \fBselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. -.PP -Many systems implement Nagle's algorithm by default which means that it will -buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent for which no -corresponding \s-1ACK\s0 has been received yet from the peer. This can have performance -impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) -resumption handshake, because the last peer to communicate in the handshake is -the client. If the client is also the first to send application data (as is -typical for many protocols) then this data could be buffered until an \s-1ACK\s0 has -been received for the final handshake message. -.PP -The \fB\s-1TCP_NODELAY\s0\fR socket option is often available to disable Nagle's -algorithm. If an application opts to disable Nagle's algorithm consideration -should be given to turning it back on again later if appropriate. The helper -function \fBBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fB\s-1TCP_NODELAY\s0\fR -option. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "0" 4 -The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the -return value \fBret\fR to find out the reason. -.IP "1" 4 -.IX Item "1" -The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been -established. -.IP "<0" 4 -.IX Item "<0" -The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either -at the protocol level or a connection failure occurred. The shutdown was -not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR -to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_get_error\fR\|(3), \fBSSL_accept\fR\|(3), -\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), -\&\fBSSL_set_connect_state\fR\|(3), -\&\fBSSL_do_handshake\fR\|(3), -\&\fBSSL_CTX_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_do_handshake.3 b/secure/lib/libcrypto/man/SSL_do_handshake.3 deleted file mode 100644 index 7b1bc59ab3dd..000000000000 --- a/secure/lib/libcrypto/man/SSL_do_handshake.3 +++ /dev/null @@ -1,204 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_DO_HANDSHAKE 3" -.TH SSL_DO_HANDSHAKE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_do_handshake \- perform a TLS/SSL handshake -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_do_handshake(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the -connection is in client mode, the handshake will be started. The handshake -routines may have to be explicitly set in advance using either -\&\fBSSL_set_connect_state\fR\|(3) or -\&\fBSSL_set_accept_state\fR\|(3). -.SH "NOTES" -.IX Header "NOTES" -The behaviour of \fBSSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 -.PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_do_handshake()\fR will only return -once the handshake has been finished or an error occurred. -.PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_do_handshake()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_do_handshake()\fR -to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the -return value of \fBSSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fBSSL_do_handshake()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, -nothing is to be done, but \fBselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "0" 4 -The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and -by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the -return value \fBret\fR to find out the reason. -.IP "1" 4 -.IX Item "1" -The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been -established. -.IP "<0" 4 -.IX Item "<0" -The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either -at the protocol level or a connection failure occurred. The shutdown was -not clean. It can also occur of action is need to continue the operation -for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR -to find out the reason. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), -\&\fBSSL_accept\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), -\&\fBSSL_set_connect_state\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_export_keying_material.3 b/secure/lib/libcrypto/man/SSL_export_keying_material.3 deleted file mode 100644 index fa4cdfdb179e..000000000000 --- a/secure/lib/libcrypto/man/SSL_export_keying_material.3 +++ /dev/null @@ -1,217 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_EXPORT_KEYING_MATERIAL 3" -.TH SSL_EXPORT_KEYING_MATERIAL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_export_keying_material, SSL_export_keying_material_early \&\- obtain keying material for application use -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, -\& const char *label, size_t llen, -\& const unsigned char *context, -\& size_t contextlen, int use_context); -\& -\& int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, -\& const char *label, size_t llen, -\& const unsigned char *context, -\& size_t contextlen); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -During the creation of a \s-1TLS\s0 or \s-1DTLS\s0 connection shared keying material is -established between the two endpoints. The functions -\&\fBSSL_export_keying_material()\fR and \fBSSL_export_keying_material_early()\fR enable an -application to use some of this keying material for its own purposes in -accordance with \s-1RFC5705\s0 (for TLSv1.2 and below) or \s-1RFC8446\s0 (for TLSv1.3). -.PP -\&\fBSSL_export_keying_material()\fR derives keying material using -the \fIexporter_master_secret\fR established in the handshake. -.PP -\&\fBSSL_export_keying_material_early()\fR is only usable with TLSv1.3, and derives -keying material using the \fIearly_exporter_master_secret\fR (as defined in the -\&\s-1TLS 1.3 RFC\s0). For the client, the \fIearly_exporter_master_secret\fR is only -available when the client attempts to send 0\-RTT data. For the server, it is -only available when the server accepts 0\-RTT data. -.PP -An application may need to securely establish the context within which this -keying material will be used. For example this may include identifiers for the -application session, application algorithms or parameters, or the lifetime of -the context. The context value is left to the application but must be the same -on both sides of the communication. -.PP -For a given \s-1SSL\s0 connection \fBs\fR, \fBolen\fR bytes of data will be written to -\&\fBout\fR. The application specific context should be supplied in the location -pointed to by \fBcontext\fR and should be \fBcontextlen\fR bytes long. Provision of -a context is optional. If the context should be omitted entirely then -\&\fBuse_context\fR should be set to 0. Otherwise it should be any other value. If -\&\fBuse_context\fR is 0 then the values of \fBcontext\fR and \fBcontextlen\fR are ignored. -Note that in TLSv1.2 and below a zero length context is treated differently from -no context at all, and will result in different keying material being returned. -In TLSv1.3 a zero length context is that same as no context at all and will -result in the same keying material being returned. -.PP -An application specific label should be provided in the location pointed to by -\&\fBlabel\fR and should be \fBllen\fR bytes long. Typically this will be a value from -the \s-1IANA\s0 Exporter Label Registry -(). -Alternatively labels beginning with \*(L"\s-1EXPERIMENTAL\*(R"\s0 are permitted by the standard -to be used without registration. TLSv1.3 imposes a maximum label length of -249 bytes. -.PP -Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and -above. Attempting to use it in SSLv3 will result in an error. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success. -.PP -\&\fBSSL_export_keying_material_early()\fR returns 0 on failure or 1 on success. -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_export_keying_material_early()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_extension_supported.3 b/secure/lib/libcrypto/man/SSL_extension_supported.3 deleted file mode 100644 index 34691c5a330a..000000000000 --- a/secure/lib/libcrypto/man/SSL_extension_supported.3 +++ /dev/null @@ -1,399 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_EXTENSION_SUPPORTED 3" -.TH SSL_EXTENSION_SUPPORTED 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_extension_supported, SSL_CTX_add_custom_ext, SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb \&\- custom TLS extension handling -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef int (*SSL_custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type, -\& unsigned int context, -\& const unsigned char **out, -\& size_t *outlen, X509 *x, -\& size_t chainidx, int *al, -\& void *add_arg); -\& -\& typedef void (*SSL_custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type, -\& unsigned int context, -\& const unsigned char *out, -\& void *add_arg); -\& -\& typedef int (*SSL_custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type, -\& unsigned int context, -\& const unsigned char *in, -\& size_t inlen, X509 *x, -\& size_t chainidx, int *al, -\& void *parse_arg); -\& -\& int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, -\& unsigned int context, -\& SSL_custom_ext_add_cb_ex add_cb, -\& SSL_custom_ext_free_cb_ex free_cb, -\& void *add_arg, -\& SSL_custom_ext_parse_cb_ex parse_cb, -\& void *parse_arg); -\& -\& typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, -\& const unsigned char **out, -\& size_t *outlen, int *al, -\& void *add_arg); -\& -\& typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, -\& const unsigned char *out, -\& void *add_arg); -\& -\& typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, -\& const unsigned char *in, -\& size_t inlen, int *al, -\& void *parse_arg); -\& -\& int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, -\& custom_ext_add_cb add_cb, -\& custom_ext_free_cb free_cb, void *add_arg, -\& custom_ext_parse_cb parse_cb, -\& void *parse_arg); -\& -\& int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, -\& custom_ext_add_cb add_cb, -\& custom_ext_free_cb free_cb, void *add_arg, -\& custom_ext_parse_cb parse_cb, -\& void *parse_arg); -\& -\& int SSL_extension_supported(unsigned int ext_type); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_CTX_add_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client or server -for all supported protocol versions with extension type \fBext_type\fR and -callbacks \fBadd_cb\fR, \fBfree_cb\fR and \fBparse_cb\fR (see the -\&\*(L"\s-1EXTENSION CALLBACKS\*(R"\s0 section below). The \fBcontext\fR value determines -which messages and under what conditions the extension will be added/parsed (see -the \*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 section below). -.PP -\&\fBSSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client -with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and -\&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it only -applies to clients, uses the older style of callbacks, and implicitly sets the -\&\fBcontext\fR value to: -.PP -.Vb 2 -\& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO -\& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION -.Ve -.PP -\&\fBSSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 server -with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and -\&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it -only applies to servers, uses the older style of callbacks, and implicitly sets -the \fBcontext\fR value to the same as for \fBSSL_CTX_add_client_custom_ext()\fR above. -.PP -The \fBext_type\fR parameter corresponds to the \fBextension_type\fR field of -\&\s-1RFC5246\s0 et al. It is \fBnot\fR a \s-1NID.\s0 In all cases the extension type must not be -handled by OpenSSL internally or an error occurs. -.PP -\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled -internally by OpenSSL and 0 otherwise. -.SH "EXTENSION CALLBACKS" -.IX Header "EXTENSION CALLBACKS" -The callback \fBadd_cb\fR is called to send custom extension data to be -included in various \s-1TLS\s0 messages. The \fBext_type\fR parameter is set to the -extension type which will be added and \fBadd_arg\fR to the value set when the -extension handler was added. When using the new style callbacks the \fBcontext\fR -parameter will indicate which message is currently being constructed e.g. for -the ClientHello it will be set to \fB\s-1SSL_EXT_CLIENT_HELLO\s0\fR. -.PP -If the application wishes to include the extension \fBext_type\fR it should -set \fB*out\fR to the extension data, set \fB*outlen\fR to the length of the -extension data and return 1. -.PP -If the \fBadd_cb\fR does not wish to include the extension it must return 0. -.PP -If \fBadd_cb\fR returns \-1 a fatal handshake error occurs using the \s-1TLS\s0 -alert value specified in \fB*al\fR. -.PP -When constructing the ClientHello, if \fBadd_cb\fR is set to \s-1NULL\s0 a zero length -extension is added for \fBext_type\fR. For all other messages if \fBadd_cb\fR is set -to \s-1NULL\s0 then no extension is added. -.PP -When constructing a Certificate message the callback will be called for each -certificate in the message. The \fBx\fR parameter will indicate the -current certificate and the \fBchainidx\fR parameter will indicate the position -of the certificate in the message. The first certificate is always the end -entity certificate and has a \fBchainidx\fR value of 0. The certificates are in the -order that they were received in the Certificate message. -.PP -For all messages except the ServerHello and EncryptedExtensions every -registered \fBadd_cb\fR is always called to see if the application wishes to add an -extension (as long as all requirements of the specified \fBcontext\fR are met). -.PP -For the ServerHello and EncryptedExtension messages every registered \fBadd_cb\fR -is called once if and only if the requirements of the specified \fBcontext\fR are -met and the corresponding extension was received in the ClientHello. That is, if -no corresponding extension was received in the ClientHello then \fBadd_cb\fR will -not be called. -.PP -If an extension is added (that is \fBadd_cb\fR returns 1) \fBfree_cb\fR is called -(if it is set) with the value of \fBout\fR set by the add callback. It can be -used to free up any dynamic extension data set by \fBadd_cb\fR. Since \fBout\fR is -constant (to permit use of constant data in \fBadd_cb\fR) applications may need to -cast away const to free the data. -.PP -The callback \fBparse_cb\fR receives data for \s-1TLS\s0 extensions. The callback is only -called if the extension is present and relevant for the context (see -\&\*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 below). -.PP -The extension data consists of \fBinlen\fR bytes in the buffer \fBin\fR for the -extension \fBext_type\fR. -.PP -If the message being parsed is a TLSv1.3 compatible Certificate message then -\&\fBparse_cb\fR will be called for each certificate contained within the message. -The \fBx\fR parameter will indicate the current certificate and the \fBchainidx\fR -parameter will indicate the position of the certificate in the message. The -first certificate is always the end entity certificate and has a \fBchainidx\fR -value of 0. -.PP -If the \fBparse_cb\fR considers the extension data acceptable it must return -1. If it returns 0 or a negative value a fatal handshake error occurs -using the \s-1TLS\s0 alert value specified in \fB*al\fR. -.PP -The buffer \fBin\fR is a temporary internal buffer which will not be valid after -the callback returns. -.SH "EXTENSION CONTEXTS" -.IX Header "EXTENSION CONTEXTS" -An extension context defines which messages and under which conditions an -extension should be added or expected. The context is built up by performing -a bitwise \s-1OR\s0 of multiple pre-defined values together. The valid context values -are: -.IP "\s-1SSL_EXT_TLS_ONLY\s0" 4 -.IX Item "SSL_EXT_TLS_ONLY" -The extension is only allowed in \s-1TLS\s0 -.IP "\s-1SSL_EXT_DTLS_ONLY\s0" 4 -.IX Item "SSL_EXT_DTLS_ONLY" -The extension is only allowed in \s-1DTLS\s0 -.IP "\s-1SSL_EXT_TLS_IMPLEMENTATION_ONLY\s0" 4 -.IX Item "SSL_EXT_TLS_IMPLEMENTATION_ONLY" -The extension is allowed in \s-1DTLS,\s0 but there is only a \s-1TLS\s0 implementation -available (so it is ignored in \s-1DTLS\s0). -.IP "\s-1SSL_EXT_SSL3_ALLOWED\s0" 4 -.IX Item "SSL_EXT_SSL3_ALLOWED" -Extensions are not typically defined for SSLv3. Setting this value will allow -the extension in SSLv3. Applications will not typically need to use this. -.IP "\s-1SSL_EXT_TLS1_2_AND_BELOW_ONLY\s0" 4 -.IX Item "SSL_EXT_TLS1_2_AND_BELOW_ONLY" -The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will -ignore this extension if it is present in the ClientHello and TLSv1.3 is -negotiated. -.IP "\s-1SSL_EXT_TLS1_3_ONLY\s0" 4 -.IX Item "SSL_EXT_TLS1_3_ONLY" -The extension is only defined for \s-1TLS1.3\s0 and above. Servers will ignore this -extension if it is present in the ClientHello and TLSv1.2 or below is -negotiated. -.IP "\s-1SSL_EXT_IGNORE_ON_RESUMPTION\s0" 4 -.IX Item "SSL_EXT_IGNORE_ON_RESUMPTION" -The extension will be ignored during parsing if a previous session is being -successfully resumed. -.IP "\s-1SSL_EXT_CLIENT_HELLO\s0" 4 -.IX Item "SSL_EXT_CLIENT_HELLO" -The extension may be present in the ClientHello message. -.IP "\s-1SSL_EXT_TLS1_2_SERVER_HELLO\s0" 4 -.IX Item "SSL_EXT_TLS1_2_SERVER_HELLO" -The extension may be present in a TLSv1.2 or below compatible ServerHello -message. -.IP "\s-1SSL_EXT_TLS1_3_SERVER_HELLO\s0" 4 -.IX Item "SSL_EXT_TLS1_3_SERVER_HELLO" -The extension may be present in a TLSv1.3 compatible ServerHello message. -.IP "\s-1SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS\s0" 4 -.IX Item "SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS" -The extension may be present in an EncryptedExtensions message. -.IP "\s-1SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST\s0" 4 -.IX Item "SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST" -The extension may be present in a HelloRetryRequest message. -.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE\s0" 4 -.IX Item "SSL_EXT_TLS1_3_CERTIFICATE" -The extension may be present in a TLSv1.3 compatible Certificate message. -.IP "\s-1SSL_EXT_TLS1_3_NEW_SESSION_TICKET\s0" 4 -.IX Item "SSL_EXT_TLS1_3_NEW_SESSION_TICKET" -The extension may be present in a TLSv1.3 compatible NewSessionTicket message. -.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE_REQUEST\s0" 4 -.IX Item "SSL_EXT_TLS1_3_CERTIFICATE_REQUEST" -The extension may be present in a TLSv1.3 compatible CertificateRequest message. -.PP -The context must include at least one message value (otherwise the extension -will never be used). -.SH "NOTES" -.IX Header "NOTES" -The \fBadd_arg\fR and \fBparse_arg\fR parameters can be set to arbitrary values -which will be passed to the corresponding callbacks. They can, for example, -be used to store the extension data received in a convenient structure or -pass the extension data to be added or freed when adding extensions. -.PP -If the same custom extension type is received multiple times a fatal -\&\fBdecode_error\fR alert is sent and the handshake aborts. If a custom extension -is received in a ServerHello/EncryptedExtensions message which was not sent in -the ClientHello a fatal \fBunsupported_extension\fR alert is sent and the -handshake is aborted. The ServerHello/EncryptedExtensions \fBadd_cb\fR callback is -only called if the corresponding extension was received in the ClientHello. This -is compliant with the \s-1TLS\s0 specifications. This behaviour ensures that each -callback is called at most once and that an application can never send -unsolicited extensions. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_CTX_add_custom_ext()\fR, \fBSSL_CTX_add_client_custom_ext()\fR and -\&\fBSSL_CTX_add_server_custom_ext()\fR return 1 for success and 0 for failure. A -failure can occur if an attempt is made to add the same \fBext_type\fR more than -once, if an attempt is made to use an extension type handled internally by -OpenSSL or if an internal error occurs (for example a memory allocation -failure). -.PP -\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled -internally by OpenSSL and 0 otherwise. -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_CTX_add_custom_ext()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2014\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_free.3 b/secure/lib/libcrypto/man/SSL_free.3 deleted file mode 100644 index ed1596765f98..000000000000 --- a/secure/lib/libcrypto/man/SSL_free.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_FREE 3" -.TH SSL_FREE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_free \- free an allocated SSL structure -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_free(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 -structure pointed to by \fBssl\fR and frees up the allocated memory if the -reference count has reached 0. -If \fBssl\fR is \s-1NULL\s0 nothing is done. -.SH "NOTES" -.IX Header "NOTES" -\&\fBSSL_free()\fR also calls the \fBfree()\fRing procedures for indirectly affected items, if -applicable: the buffering \s-1BIO,\s0 the read and write BIOs, -cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. -Do not explicitly free these indirectly freed up items before or after -calling \fBSSL_free()\fR, as trying to free things twice may lead to program -failure. -.PP -The ssl session has reference counts from two users: the \s-1SSL\s0 object, for -which the reference count is removed by \fBSSL_free()\fR and the internal -session cache. If the session is considered bad, because -\&\fBSSL_shutdown\fR\|(3) was not called for the connection -and \fBSSL_set_shutdown\fR\|(3) was not used to set the -\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed -from the session cache as required by \s-1RFC2246.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_free()\fR does not provide diagnostic information. -.PP -\&\fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), -\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), -\&\fBssl\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 b/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 deleted file mode 100644 index 8797c4e1168b..000000000000 --- a/secure/lib/libcrypto/man/SSL_get0_peer_scts.3 +++ /dev/null @@ -1,176 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET0_PEER_SCTS 3" -.TH SSL_GET0_PEER_SCTS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get0_peer_scts \- get SCTs received -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get0_peer_scts()\fR returns the signed certificate timestamps (SCTs) that have -been received. If this is the first time that this function has been called for -a given \fB\s-1SSL\s0\fR instance, it will examine the \s-1TLS\s0 extensions, \s-1OCSP\s0 response and -the peer's certificate for SCTs. Future calls will return the same SCTs. -.SH "RESTRICTIONS" -.IX Header "RESTRICTIONS" -If no Certificate Transparency validation callback has been set (using -\&\fBSSL_CTX_set_ct_validation_callback\fR or \fBSSL_set_ct_validation_callback\fR), -this function is not guaranteed to return all of the SCTs that the peer is -capable of sending. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_get0_peer_scts()\fR returns a list of SCTs found, or \s-1NULL\s0 if an error occurs. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 b/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 deleted file mode 100644 index 3da243622bb9..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 +++ /dev/null @@ -1,167 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_SSL_CTX 3" -.TH SSL_GET_SSL_CTX 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which -\&\fBssl\fR was created with \fBSSL_new\fR\|(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The pointer to the \s-1SSL_CTX\s0 object is returned. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 b/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 deleted file mode 100644 index 29f672ad1d1f..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_all_async_fds.3 +++ /dev/null @@ -1,213 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_ALL_ASYNC_FDS 3" -.TH SSL_GET_ALL_ASYNC_FDS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds \&\- manage asynchronous operations -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 2 -\& #include -\& #include -\& -\& int SSL_waiting_for_async(SSL *s); -\& int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fd, size_t *numfds); -\& int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, -\& OSSL_ASYNC_FD *delfd, size_t *numdelfds); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently -waiting for asynchronous operations to complete (see the \s-1SSL_MODE_ASYNC\s0 mode in -\&\fBSSL_CTX_set_mode\fR\|(3)). -.PP -\&\fBSSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a -call to \fBselect()\fR or \fBpoll()\fR to determine whether the current asynchronous -operation has completed or not. A completed operation will result in data -appearing as \*(L"read ready\*(R" on the file descriptor (no actual data should be read -from the file descriptor). This function should only be called if the \s-1SSL\s0 object -is currently waiting for asynchronous work to complete (i.e. -\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received \- see \fBSSL_get_error\fR\|(3)). Typically the -list will only contain one file descriptor. However if multiple asynchronous -capable engines are in use then more than one is possible. The number of file -descriptors returned is stored in \fB*numfds\fR and the file descriptors themselves -are in \fB*fds\fR. The \fBfds\fR parameter may be \s-1NULL\s0 in which case no file -descriptors are returned but \fB*numfds\fR is still populated. It is the callers -responsibility to ensure sufficient memory is allocated at \fB*fds\fR so typically -this function is called twice (once with a \s-1NULL\s0 \fBfds\fR parameter and once -without). -.PP -\&\fBSSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors -that have been added and a list that have been deleted since the last -\&\s-1SSL_ERROR_WANT_ASYNC\s0 was received (or since the \s-1SSL\s0 object was created if no -\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received). Similar to \fBSSL_get_all_async_fds()\fR it -is the callers responsibility to ensure that \fB*addfd\fR and \fB*delfd\fR have -sufficient memory allocated, although they may be \s-1NULL.\s0 The number of added fds -and the number of deleted fds are stored in \fB*numaddfds\fR and \fB*numdelfds\fR -respectively. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_waiting_for_async()\fR will return 1 if the current \s-1SSL\s0 operation is waiting -for an async operation to complete and 0 otherwise. -.PP -\&\fBSSL_get_all_async_fds()\fR and \fBSSL_get_changed_async_fds()\fR return 1 on success or -0 on error. -.SH "NOTES" -.IX Header "NOTES" -On Windows platforms the openssl/async.h header is dependent on some -of the types customarily made available by including windows.h. The -application developer is likely to require control over when the latter -is included, commonly as one of the first included headers. Therefore -it is defined as an application developer's responsibility to include -windows.h prior to async.h. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_get_error\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_waiting_for_async()\fR, \fBSSL_get_all_async_fds()\fR -and \fBSSL_get_changed_async_fds()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_ciphers.3 b/secure/lib/libcrypto/man/SSL_get_ciphers.3 deleted file mode 100644 index 3975bcf0b93b..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_ciphers.3 +++ /dev/null @@ -1,241 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_CIPHERS 3" -.TH SSL_GET_CIPHERS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get1_supported_ciphers, SSL_get_client_ciphers, SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_bytes_to_cipher_list, SSL_get_cipher_list, SSL_get_shared_ciphers \&\- get list of available SSL_CIPHERs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); -\& STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); -\& STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); -\& STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); -\& int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, -\& int isv2format, STACK_OF(SSL_CIPHER) **sk, -\& STACK_OF(SSL_CIPHER) **scsvs); -\& const char *SSL_get_cipher_list(const SSL *ssl, int priority); -\& char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, -sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 -is returned. -.PP -\&\fBSSL_CTX_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBctx\fR. -.PP -\&\fBSSL_get1_supported_ciphers()\fR returns the stack of enabled SSL_CIPHERs for -\&\fBssl\fR as would be sent in a ClientHello (that is, sorted by preference). -The list depends on settings like the cipher list, the supported protocol -versions, the security level, and the enabled signature algorithms. -\&\s-1SRP\s0 and \s-1PSK\s0 ciphers are only enabled if the appropriate callbacks or settings -have been applied. -The list of ciphers that would be sent in a ClientHello can differ from -the list of ciphers that would be acceptable when acting as a server. -For example, additional ciphers may be usable by a server if there is -a gap in the list of supported protocols, and some ciphers may not be -usable by a server if there is not a suitable certificate configured. -If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned. -.PP -\&\fBSSL_get_client_ciphers()\fR returns the stack of available SSL_CIPHERs matching the -list received from the client on \fBssl\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are -available, or \fBssl\fR is not operating in server mode, \s-1NULL\s0 is returned. -.PP -\&\fBSSL_bytes_to_cipher_list()\fR treats the supplied \fBlen\fR octets in \fBbytes\fR -as a wire-protocol cipher suite specification (in the three-octet-per-cipher -SSLv2 wire format if \fBisv2format\fR is nonzero; otherwise the two-octet -SSLv3/TLS wire format), and parses the cipher suites supported by the library -into the returned stacks of \s-1SSL_CIPHER\s0 objects sk and Signalling Cipher-Suite -Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success -and 0 on failure. -.PP -\&\fBSSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 -listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are -available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 -is returned. -.PP -\&\fBSSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of -\&\s-1SSL_CIPHER\s0 names that are available in both the client and the server. \fBbuf\fR is -the buffer that should be populated with the list of names and \fBsize\fR is the -size of that buffer. A pointer to \fBbuf\fR is returned on success or \s-1NULL\s0 on -error. If the supplied buffer is not large enough to contain the complete list -of names then a truncated list of names will be returned. Note that just because -a ciphersuite is available (i.e. it is configured in the cipher list) and shared -by both the client and the server it does not mean that it is enabled (see the -description of \fBSSL_get1_supported_ciphers()\fR above). This function will return -available shared ciphersuites whether or not they are enabled. This is a server -side function only and must only be called after the completion of the initial -handshake. -.SH "NOTES" -.IX Header "NOTES" -The details of the ciphers obtained by \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR -\&\fBSSL_get1_supported_ciphers()\fR and \fBSSL_get_client_ciphers()\fR can be obtained using -the \fBSSL_CIPHER_get_name\fR\|(3) family of functions. -.PP -Call \fBSSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the -sorted list of available ciphers, until \s-1NULL\s0 is returned. -.PP -Note: \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR and \fBSSL_get_client_ciphers()\fR -return a pointer to an internal cipher stack, which will be freed later on when -the \s-1SSL\s0 or \s-1SSL_SESSION\s0 object is freed. Therefore, the calling code \fB\s-1MUST NOT\s0\fR -free the return value itself. -.PP -The stack returned by \fBSSL_get1_supported_ciphers()\fR should be freed using -\&\fBsk_SSL_CIPHER_free()\fR. -.PP -The stacks returned by \fBSSL_bytes_to_cipher_list()\fR should be freed using -\&\fBsk_SSL_CIPHER_free()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -See \s-1DESCRIPTION\s0 -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), -\&\fBSSL_CIPHER_get_name\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_client_random.3 b/secure/lib/libcrypto/man/SSL_get_client_random.3 deleted file mode 100644 index 87717bcc0dfa..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_client_random.3 +++ /dev/null @@ -1,229 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_CLIENT_RANDOM 3" -.TH SSL_GET_CLIENT_RANDOM 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key, SSL_SESSION_set1_master_key \&\- get internal TLS/SSL random values and get/set master key -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); -\& size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); -\& size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, -\& unsigned char *out, size_t outlen); -\& int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, -\& size_t len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_client_random()\fR extracts the random value sent from the client -to the server during the initial \s-1SSL/TLS\s0 handshake. It copies as many -bytes as it can of this value into the buffer provided in \fBout\fR, -which must have at least \fBoutlen\fR bytes available. It returns the -total number of bytes that were actually copied. If \fBoutlen\fR is -zero, \fBSSL_get_client_random()\fR copies nothing, and returns the -total size of the client_random value. -.PP -\&\fBSSL_get_server_random()\fR behaves the same, but extracts the random value -sent from the server to the client during the initial \s-1SSL/TLS\s0 handshake. -.PP -\&\fBSSL_SESSION_get_master_key()\fR behaves the same, but extracts the master -secret used to guarantee the security of the \s-1SSL/TLS\s0 session. This one -can be dangerous if misused; see \s-1NOTES\s0 below. -.PP -\&\fBSSL_SESSION_set1_master_key()\fR sets the master key value associated with the -\&\s-1SSL_SESSION\s0 \fBsess\fR. For example, this could be used to set up a session based -\&\s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length -\&\fBlen\fR should be provided at \fBin\fR. The supplied master key is copied by the -function, so the caller is responsible for freeing and cleaning any memory -associated with \fBin\fR. The caller must ensure that the length of the key is -suitable for the ciphersuite associated with the \s-1SSL_SESSION.\s0 -.SH "NOTES" -.IX Header "NOTES" -You probably shouldn't use these functions. -.PP -These functions expose internal values from the \s-1TLS\s0 handshake, for -use in low-level protocols. You probably should not use them, unless -you are implementing something that needs access to the internal protocol -details. -.PP -Despite the names of \fBSSL_get_client_random()\fR and \fBSSL_get_server_random()\fR, they -\&\s-1ARE NOT\s0 random number generators. Instead, they return the mostly-random values that -were already generated and used in the \s-1TLS\s0 protocol. Using them -in place of \fBRAND_bytes()\fR would be grossly foolish. -.PP -The security of your \s-1TLS\s0 session depends on keeping the master key secret: -do not expose it, or any information about it, to anybody. -If you need to calculate another secret value that depends on the master -secret, you should probably use \fBSSL_export_keying_material()\fR instead, and -forget that you ever saw these functions. -.PP -In current versions of the \s-1TLS\s0 protocols, the length of client_random -(and also server_random) is always \s-1SSL3_RANDOM_SIZE\s0 bytes. Support for -other outlen arguments to the SSL_get_*\fB_random()\fR functions is provided -in case of the unlikely event that a future version or variant of \s-1TLS\s0 -uses some other length there. -.PP -Finally, though the \*(L"client_random\*(R" and \*(L"server_random\*(R" values are called -\&\*(L"random\*(R", many \s-1TLS\s0 implementations will generate four bytes of those -values based on their view of the current time. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_SESSION_set1_master_key()\fR returns 1 on success or 0 on failure. -.PP -For the other functions, if \fBoutlen\fR is greater than 0 then these functions -return the number of bytes actually copied, which will be less than or equal to -\&\fBoutlen\fR. If \fBoutlen\fR is 0 then these functions return the maximum number -of bytes they would copy \*(-- that is, the length of the underlying field. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBRAND_bytes\fR\|(3), -\&\fBSSL_export_keying_material\fR\|(3), -\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 b/secure/lib/libcrypto/man/SSL_get_current_cipher.3 deleted file mode 100644 index c91ba56a04c5..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 +++ /dev/null @@ -1,200 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_CURRENT_CIPHER 3" -.TH SSL_GET_CURRENT_CIPHER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, SSL_get_pending_cipher \- get SSL_CIPHER of a connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); -\& SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); -\& -\& const char *SSL_get_cipher_name(const SSL *s); -\& const char *SSL_get_cipher(const SSL *s); -\& int SSL_get_cipher_bits(const SSL *s, int *np); -\& const char *SSL_get_cipher_version(const SSL *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing -the description of the actually used cipher of a connection established with -the \fBssl\fR object. -See \fBSSL_CIPHER_get_name\fR\|(3) for more details. -.PP -\&\fBSSL_get_cipher_name()\fR obtains the -name of the currently used cipher. -\&\fBSSL_get_cipher()\fR is identical to \fBSSL_get_cipher_name()\fR. -\&\fBSSL_get_cipher_bits()\fR is a -macro to obtain the number of secret/algorithm bits used and -\&\fBSSL_get_cipher_version()\fR returns the protocol name. -.PP -\&\fBSSL_get_pending_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing -the description of the cipher (if any) that has been negotiated for future use -on the connection established with the \fBssl\fR object, but is not yet in use. -This may be the case during handshake processing, when control flow can be -returned to the application via any of several callback methods. The internal -sequencing of handshake processing and callback invocation is not guaranteed -to be stable from release to release, and at present only the callback set -by \fBSSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non-NULL return value. -Other callbacks may be added to this list over time. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_get_current_cipher()\fR returns the cipher actually used, or \s-1NULL\s0 if -no session has been established. -.PP -\&\fBSSL_get_pending_cipher()\fR returns the cipher to be used at the next change -of cipher suite, or \s-1NULL\s0 if no such cipher is known. -.SH "NOTES" -.IX Header "NOTES" -SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and -SSL_get_cipher_name are implemented as macros. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_CIPHER_get_name\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 b/secure/lib/libcrypto/man/SSL_get_default_timeout.3 deleted file mode 100644 index 1949f4f60289..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 +++ /dev/null @@ -1,181 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_DEFAULT_TIMEOUT 3" -.TH SSL_GET_DEFAULT_TIMEOUT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_default_timeout \- get default session timeout value -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_get_default_timeout(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_default_timeout()\fR returns the default timeout value assigned to -\&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -Whenever a new session is negotiated, it is assigned a timeout value, -after which it will not be accepted for session reuse. If the timeout -value was not explicitly set using -\&\fBSSL_CTX_set_timeout\fR\|(3), the hardcoded default -timeout for the protocol will be used. -.PP -\&\fBSSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds -for all currently supported protocols. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -See description. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), -\&\fBSSL_SESSION_get_time\fR\|(3), -\&\fBSSL_CTX_flush_sessions\fR\|(3), -\&\fBSSL_get_default_timeout\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_error.3 b/secure/lib/libcrypto/man/SSL_get_error.3 deleted file mode 100644 index 981e5a55d23a..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_error.3 +++ /dev/null @@ -1,293 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_ERROR 3" -.TH SSL_GET_ERROR 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_error \- obtain result code for TLS/SSL I/O operation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_get_error(const SSL *ssl, int ret); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" -statement) for a preceding call to \fBSSL_connect()\fR, \fBSSL_accept()\fR, \fBSSL_do_handshake()\fR, -\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, \fBSSL_peek()\fR, \fBSSL_shutdown()\fR, -\&\fBSSL_write_ex()\fR or \fBSSL_write()\fR on \fBssl\fR. The value returned by that \s-1TLS/SSL I/O\s0 -function must be passed to \fBSSL_get_error()\fR in parameter \fBret\fR. -.PP -In addition to \fBssl\fR and \fBret\fR, \fBSSL_get_error()\fR inspects the -current thread's OpenSSL error queue. Thus, \fBSSL_get_error()\fR must be -used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no -other OpenSSL function calls should appear in between. The current -thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is -attempted, or \fBSSL_get_error()\fR will not work reliably. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can currently occur: -.IP "\s-1SSL_ERROR_NONE\s0" 4 -.IX Item "SSL_ERROR_NONE" -The \s-1TLS/SSL I/O\s0 operation completed. This result code is returned -if and only if \fBret > 0\fR. -.IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 -.IX Item "SSL_ERROR_ZERO_RETURN" -The \s-1TLS/SSL\s0 peer has closed the connection for writing by sending the -close_notify alert. -No more data can be read. -Note that \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily -indicate that the underlying transport has been closed. -.IP "\s-1SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE\s0" 4 -.IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" -The operation did not complete and can be retried later. -.Sp -\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR is returned when the last operation was a read -operation from a non-blocking \fB\s-1BIO\s0\fR. -It means that not enough data was available at this time to complete the -operation. -If at a later time the underlying \fB\s-1BIO\s0\fR has data available for reading the same -function can be called again. -.Sp -\&\fBSSL_read()\fR and \fBSSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is -still unprocessed data available at either the \fB\s-1SSL\s0\fR or the \fB\s-1BIO\s0\fR layer, even -for a blocking \fB\s-1BIO\s0\fR. -See \fBSSL_read\fR\|(3) for more information. -.Sp -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR is returned when the last operation was a write -to a non-blocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR. -When the \fB\s-1BIO\s0\fR is writeable again, the same function can be called again. -.Sp -Note that the retry may again lead to an \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition. -There is no fixed upper limit for the number of iterations that -may be necessary until progress becomes visible at application -protocol level. -.Sp -It is safe to call \fBSSL_read()\fR or \fBSSL_read_ex()\fR when more data is available -even when the call that set this error was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR. -However if the call was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR, it should be called -again to continue sending the application data. -.Sp -For socket \fB\s-1BIO\s0\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or -\&\fBpoll()\fR on the underlying socket can be used to find out when the -\&\s-1TLS/SSL I/O\s0 function should be retried. -.Sp -Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of -\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. -In particular, -\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, or \fBSSL_peek()\fR may want to write data -and \fBSSL_write()\fR or \fBSSL_write_ex()\fR may want to read data. -This is mainly because -\&\s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by -either the client or the server); \fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, -\&\fBSSL_peek()\fR, \fBSSL_write_ex()\fR, and \fBSSL_write()\fR will handle any pending handshakes. -.IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4 -.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" -The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be -called again later. The underlying \s-1BIO\s0 was not connected yet to the peer -and the call would block in \fBconnect()\fR/\fBaccept()\fR. The \s-1SSL\s0 function should be -called again when the connection is established. These messages can only -appear with a \fBBIO_s_connect()\fR or \fBBIO_s_accept()\fR \s-1BIO,\s0 respectively. -In order to find out, when the connection has been successfully established, -on many platforms \fBselect()\fR or \fBpoll()\fR for writing on the socket file descriptor -can be used. -.IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 -.IX Item "SSL_ERROR_WANT_X509_LOOKUP" -The operation did not complete because an application callback set by -\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. -The \s-1TLS/SSL I/O\s0 function should be called again later. -Details depend on the application. -.IP "\s-1SSL_ERROR_WANT_ASYNC\s0" 4 -.IX Item "SSL_ERROR_WANT_ASYNC" -The operation did not complete because an asynchronous engine is still -processing data. This will only occur if the mode has been set to \s-1SSL_MODE_ASYNC\s0 -using \fBSSL_CTX_set_mode\fR\|(3) or \fBSSL_set_mode\fR\|(3) and an asynchronous capable -engine is being used. An application can determine whether the engine has -completed its processing using \fBselect()\fR or \fBpoll()\fR on the asynchronous wait file -descriptor. This file descriptor is available by calling -\&\fBSSL_get_all_async_fds\fR\|(3) or \fBSSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL I/O\s0 -function should be called again later. The function \fBmust\fR be called from the -same thread that the original call was made from. -.IP "\s-1SSL_ERROR_WANT_ASYNC_JOB\s0" 4 -.IX Item "SSL_ERROR_WANT_ASYNC_JOB" -The asynchronous job could not be started because there were no async jobs -available in the pool (see \fBASYNC_init_thread\fR\|(3)). This will only occur if the -mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fBSSL_CTX_set_mode\fR\|(3) or -\&\fBSSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool -through a call to \fBASYNC_init_thread\fR\|(3). The application should retry the -operation after a currently executing asynchronous operation for the current -thread has completed. -.IP "\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0" 4 -.IX Item "SSL_ERROR_WANT_CLIENT_HELLO_CB" -The operation did not complete because an application callback set by -\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. -The \s-1TLS/SSL I/O\s0 function should be called again later. -Details depend on the application. -.IP "\s-1SSL_ERROR_SYSCALL\s0" 4 -.IX Item "SSL_ERROR_SYSCALL" -Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may -contain more information on the error. For socket I/O on Unix systems, consult -\&\fBerrno\fR for details. If this error occurs then no further I/O operations should -be performed on the connection and \fBSSL_shutdown()\fR must not be called. -.Sp -This value can also be returned for other errors, check the error queue for -details. -.IP "\s-1SSL_ERROR_SSL\s0" 4 -.IX Item "SSL_ERROR_SSL" -A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a protocol -error. The OpenSSL error queue contains more information on the error. If this -error occurs then no further I/O operations should be performed on the -connection and \fBSSL_shutdown()\fR must not be called. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \s-1SSL_ERROR_WANT_ASYNC\s0 error code was added in OpenSSL 1.1.0. -The \s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 error code was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_extms_support.3 b/secure/lib/libcrypto/man/SSL_get_extms_support.3 deleted file mode 100644 index e35972e489cf..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_extms_support.3 +++ /dev/null @@ -1,172 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_EXTMS_SUPPORT 3" -.TH SSL_GET_EXTMS_SUPPORT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_extms_support \- extended master secret support -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_get_extms_support(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_extms_support()\fR indicates whether the current session used extended -master secret. -.PP -This function is implemented as a macro. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_get_extms_support()\fR returns 1 if the current session used extended -master secret, 0 if it did not and \-1 if a handshake is currently in -progress i.e. it is not possible to determine if extended master secret -was used. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_fd.3 b/secure/lib/libcrypto/man/SSL_get_fd.3 deleted file mode 100644 index 1dcd5bab8d2d..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_fd.3 +++ /dev/null @@ -1,179 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_FD 3" -.TH SSL_GET_FD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_fd, SSL_get_rfd, SSL_get_wfd \- get file descriptor linked to an SSL object -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_get_fd(const SSL *ssl); -\& int SSL_get_rfd(const SSL *ssl); -\& int SSL_get_wfd(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. -\&\fBSSL_get_rfd()\fR and \fBSSL_get_wfd()\fR return the file descriptors for the -read or the write channel, which can be different. If the read and the -write channel are different, \fBSSL_get_fd()\fR will return the file descriptor -of the read channel. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "\-1" 4 -.IX Item "-1" -The operation failed, because the underlying \s-1BIO\s0 is not of the correct type -(suitable for file descriptors). -.IP ">=0" 4 -.IX Item ">=0" -The file descriptor linked to \fBssl\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_set_fd\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 b/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 deleted file mode 100644 index 4f8fe4632a94..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 +++ /dev/null @@ -1,201 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_PEER_CERT_CHAIN 3" -.TH SSL_GET_PEER_CERT_CHAIN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_peer_cert_chain, SSL_get0_verified_chain \- get the X509 certificate chain of the peer -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); -\& STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates -forming the certificate chain sent by the peer. If called on the client side, -the stack also contains the peer's certificate; if called on the server -side, the peer's certificate must be obtained separately using -\&\fBSSL_get_peer_certificate\fR\|(3). -If the peer did not present a certificate, \s-1NULL\s0 is returned. -.PP -\&\s-1NB:\s0 \fBSSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it -only consists of certificates the peer has sent (in the order the peer -has sent them) it is \fBnot\fR a verified chain. -.PP -\&\fBSSL_get0_verified_chain()\fR returns the \fBverified\fR certificate chain -of the peer including the peer's end entity certificate. It must be called -after a session has been successfully established. If peer verification was -not successful (as indicated by \fBSSL_get_verify_result()\fR not returning -X509_V_OK) the chain may be incomplete or invalid. -.SH "NOTES" -.IX Header "NOTES" -If the session is resumed peers do not send certificates so a \s-1NULL\s0 pointer -is returned by these functions. Applications can call \fBSSL_session_reused()\fR -to determine whether a session is resumed. -.PP -The reference count of each certificate in the returned \s-1STACK_OF\s0(X509) object -is not incremented and the returned stack may be invalidated by renegotiation. -If applications wish to use any certificates in the returned chain -indefinitely they must increase the reference counts using \fBX509_up_ref()\fR or -obtain a copy of the whole chain with \fBX509_chain_up_ref()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "\s-1NULL\s0" 4 -.IX Item "NULL" -No certificate was presented by the peer or no connection was established -or the certificate chain is no longer available when a session is reused. -.IP "Pointer to a \s-1STACK_OF\s0(X509)" 4 -.IX Item "Pointer to a STACK_OF(X509)" -The return value points to the certificate chain presented by the peer. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), \fBX509_up_ref\fR\|(3), -\&\fBX509_chain_up_ref\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 b/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 deleted file mode 100644 index 01eae91d8f67..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 +++ /dev/null @@ -1,189 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_PEER_CERTIFICATE 3" -.TH SSL_GET_PEER_CERTIFICATE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_peer_certificate \- get the X509 certificate of the peer -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509 *SSL_get_peer_certificate(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the -peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. -.SH "NOTES" -.IX Header "NOTES" -Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a -certificate, if present. A client will only send a certificate when -explicitly requested to do so by the server (see -\&\fBSSL_CTX_set_verify\fR\|(3)). If an anonymous cipher -is used, no certificates are sent. -.PP -That a certificate is returned does not indicate information about the -verification state, use \fBSSL_get_verify_result\fR\|(3) -to check the verification state. -.PP -The reference count of the X509 object is incremented by one, so that it -will not be destroyed when the session containing the peer certificate is -freed. The X509 object must be explicitly freed using \fBX509_free()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "\s-1NULL\s0" 4 -.IX Item "NULL" -No certificate was presented by the peer or no connection was established. -.IP "Pointer to an X509 certificate" 4 -.IX Item "Pointer to an X509 certificate" -The return value points to the certificate presented by the peer. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), -\&\fBSSL_CTX_set_verify\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 b/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 deleted file mode 100644 index a9c1cde0a6af..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_peer_signature_nid.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_PEER_SIGNATURE_NID 3" -.TH SSL_GET_PEER_SIGNATURE_NID 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, SSL_get_signature_nid, SSL_get_signature_type_nid \- get TLS message signing types -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid); -\& int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid); -\& int SSL_get_signature_nid(SSL *ssl, int *psig_nid); -\& int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the \s-1NID\s0 of the digest used -by the peer to sign \s-1TLS\s0 messages. It is implemented as a macro. -.PP -\&\fBSSL_get_peer_signature_type_nid()\fR sets \fB*psigtype_nid\fR to the signature -type used by the peer to sign \s-1TLS\s0 messages. Currently the signature type -is the \s-1NID\s0 of the public key type used for signing except for \s-1PSS\s0 signing -where it is \fB\s-1EVP_PKEY_RSA_PSS\s0\fR. To differentiate between -\&\fBrsa_pss_rsae_*\fR and \fBrsa_pss_pss_*\fR signatures, it's necessary to check -the type of public key in the peer's certificate. -.PP -\&\fBSSL_get_signature_nid()\fR and \fBSSL_get_signature_type_nid()\fR return the equivalent -information for the local end of the connection. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -These functions return 1 for success and 0 for failure. There are several -possible reasons for failure: the cipher suite has no signature (e.g. it -uses \s-1RSA\s0 key exchange or is anonymous), the \s-1TLS\s0 version is below 1.2 or -the functions were called too early, e.g. before the peer signed a message. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 b/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 deleted file mode 100644 index fc37dd06cf84..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_peer_tmp_key.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_PEER_TMP_KEY 3" -.TH SSL_GET_PEER_TMP_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information about temporary keys used during a handshake -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key); -\& long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); -\& long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and -used during key exchange. For example, if \s-1ECDHE\s0 is in use, then this represents -the peer's public \s-1ECDHE\s0 key. On success a pointer to the key is stored in -\&\fB*key\fR. It is the caller's responsibility to free this key after use using -\&\fBEVP_PKEY_free\fR\|(3). -.PP -\&\fBSSL_get_server_tmp_key()\fR is a backwards compatibility alias for -\&\fBSSL_get_peer_tmp_key()\fR. -Under that name it worked just on the client side of the connection, its -behaviour on the server end is release-dependent. -.PP -\&\fBSSL_get_tmp_key()\fR returns the equivalent information for the local -end of the connection. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All these functions return 1 on success and 0 otherwise. -.SH "NOTES" -.IX Header "NOTES" -This function is implemented as a macro. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBEVP_PKEY_free\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_psk_identity.3 b/secure/lib/libcrypto/man/SSL_get_psk_identity.3 deleted file mode 100644 index 3b61985d2d00..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_psk_identity.3 +++ /dev/null @@ -1,173 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_PSK_IDENTITY 3" -.TH SSL_GET_PSK_IDENTITY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_psk_identity, SSL_get_psk_identity_hint \- get PSK client identity and hint -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const char *SSL_get_psk_identity_hint(const SSL *ssl); -\& const char *SSL_get_psk_identity(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint -used during the connection setup related to \s-1SSL\s0 object -\&\fBssl\fR. Similarly, \fBSSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 -identity used during the connection setup. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -If non\-\fB\s-1NULL\s0\fR, \fBSSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity -hint and \fBSSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are -\&\fB\s-1NULL\s0\fR\-terminated. \fBSSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if -no \s-1PSK\s0 identity hint was used during the connection setup. -.PP -Note that the return value is valid only during the lifetime of the -\&\s-1SSL\s0 object \fBssl\fR. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_rbio.3 b/secure/lib/libcrypto/man/SSL_get_rbio.3 deleted file mode 100644 index 034785846653..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_rbio.3 +++ /dev/null @@ -1,175 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_RBIO 3" -.TH SSL_GET_RBIO 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_rbio, SSL_get_wbio \- get BIO linked to an SSL object -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& BIO *SSL_get_rbio(SSL *ssl); -\& BIO *SSL_get_wbio(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_rbio()\fR and \fBSSL_get_wbio()\fR return pointers to the BIOs for the -read or the write channel, which can be different. The reference count -of the \s-1BIO\s0 is not incremented. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "\s-1NULL\s0" 4 -.IX Item "NULL" -No \s-1BIO\s0 was connected to the \s-1SSL\s0 object -.IP "Any other pointer" 4 -.IX Item "Any other pointer" -The \s-1BIO\s0 linked to \fBssl\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_session.3 b/secure/lib/libcrypto/man/SSL_get_session.3 deleted file mode 100644 index edf036fc0ab0..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_session.3 +++ /dev/null @@ -1,235 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_SESSION 3" -.TH SSL_GET_SESSION 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_session, SSL_get0_session, SSL_get1_session \- retrieve TLS/SSL session data -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& SSL_SESSION *SSL_get_session(const SSL *ssl); -\& SSL_SESSION *SSL_get0_session(const SSL *ssl); -\& SSL_SESSION *SSL_get1_session(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in -\&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so -that the pointer can become invalid by other operations. -.PP -\&\fBSSL_get0_session()\fR is the same as \fBSSL_get_session()\fR. -.PP -\&\fBSSL_get1_session()\fR is the same as \fBSSL_get_session()\fR, but the reference -count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. -.SH "NOTES" -.IX Header "NOTES" -The ssl session contains all information required to re-establish the -connection without a full handshake for \s-1SSL\s0 versions up to and including -TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the -main handshake has occurred. The server will send the session information to the -client at a time of its choosing, which may be some while after the initial -connection is established (or never). Calling these functions on the client side -in TLSv1.3 before the session has been established will still return an -\&\s-1SSL_SESSION\s0 object but that object cannot be used for resuming the session. See -\&\fBSSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an -\&\s-1SSL_SESSION\s0 object can be used for resumption or not. -.PP -Additionally, in TLSv1.3, a server can send multiple messages that establish a -session for a single connection. In that case the above functions will only -return information on the last session that was received. -.PP -The preferred way for applications to obtain a resumable \s-1SSL_SESSION\s0 object is -to use a new session callback as described in \fBSSL_CTX_sess_set_new_cb\fR\|(3). -The new session callback is only invoked when a session is actually established, -so this avoids the problem described above where an application obtains an -\&\s-1SSL_SESSION\s0 object that cannot be used for resumption in TLSv1.3. It also -enables applications to obtain information about all sessions sent by the -server. -.PP -A session will be automatically removed from the session cache and marked as -non-resumable if the connection is not closed down cleanly, e.g. if a fatal -error occurs on the connection or \fBSSL_shutdown\fR\|(3) is not called prior to -\&\fBSSL_free\fR\|(3). -.PP -In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for -resumption once. -.PP -\&\fBSSL_get0_session()\fR returns a pointer to the actual session. As the -reference counter is not incremented, the pointer is only valid while -the connection is in use. If \fBSSL_clear\fR\|(3) or -\&\fBSSL_free\fR\|(3) is called, the session may be removed completely -(if considered bad), and the pointer obtained will become invalid. Even -if the session is valid, it can be removed at any time due to timeout -during \fBSSL_CTX_flush_sessions\fR\|(3). -.PP -If the data is to be kept, \fBSSL_get1_session()\fR will increment the reference -count, so that the session will not be implicitly removed by other operations -but stays in memory. In order to remove the session -\&\fBSSL_SESSION_free\fR\|(3) must be explicitly called once -to decrement the reference count again. -.PP -\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache -list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. -One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore -only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created -from this \s-1SSL_CTX\s0 object). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "\s-1NULL\s0" 4 -.IX Item "NULL" -There is no session available in \fBssl\fR. -.IP "Pointer to an \s-1SSL_SESSION\s0" 4 -.IX Item "Pointer to an SSL_SESSION" -The return value points to the data of an \s-1SSL\s0 session. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_free\fR\|(3), -\&\fBSSL_clear\fR\|(3), -\&\fBSSL_SESSION_free\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 b/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 deleted file mode 100644 index c4084ee1c21b..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_shared_sigalgs.3 +++ /dev/null @@ -1,219 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_SHARED_SIGALGS 3" -.TH SSL_GET_SHARED_SIGALGS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_shared_sigalgs, SSL_get_sigalgs \- get supported signature algorithms -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_get_shared_sigalgs(SSL *s, int idx, -\& int *psign, int *phash, int *psignhash, -\& unsigned char *rsig, unsigned char *rhash); -\& -\& int SSL_get_sigalgs(SSL *s, int idx, -\& int *psign, int *phash, int *psignhash, -\& unsigned char *rsig, unsigned char *rhash); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_shared_sigalgs()\fR returns information about the shared signature -algorithms supported by peer \fBs\fR. The parameter \fBidx\fR indicates the index -of the shared signature algorithm to return starting from zero. The signature -algorithm \s-1NID\s0 is written to \fB*psign\fR, the hash \s-1NID\s0 to \fB*phash\fR and the -sign and hash \s-1NID\s0 to \fB*psignhash\fR. The raw signature and hash values -are written to \fB*rsig\fR and \fB*rhash\fR. -.PP -\&\fBSSL_get_sigalgs()\fR is similar to \fBSSL_get_shared_sigalgs()\fR except it returns -information about all signature algorithms supported by \fBs\fR in the order -they were sent by the peer. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_get_shared_sigalgs()\fR and \fBSSL_get_sigalgs()\fR return the number of -signature algorithms or \fB0\fR if the \fBidx\fR parameter is out of range. -.SH "NOTES" -.IX Header "NOTES" -These functions are typically called for debugging purposes (to report -the peer's preferences) or where an application wants finer control over -certificate selection. Most applications will rely on internal handling -and will not need to call them. -.PP -If an application is only interested in the highest preference shared -signature algorithm it can just set \fBidx\fR to zero. -.PP -Any or all of the parameters \fBpsign\fR, \fBphash\fR, \fBpsignhash\fR, \fBrsig\fR or -\&\fBrhash\fR can be set to \fB\s-1NULL\s0\fR if the value is not required. By setting -them all to \fB\s-1NULL\s0\fR and setting \fBidx\fR to zero the total number of -signature algorithms can be determined: which can be zero. -.PP -These functions must be called after the peer has sent a list of supported -signature algorithms: after a client hello (for servers) or a certificate -request (for clients). They can (for example) be called in the certificate -callback. -.PP -Only \s-1TLS 1.2, TLS 1.3\s0 and \s-1DTLS 1.2\s0 currently support signature algorithms. -If these -functions are called on an earlier version of \s-1TLS\s0 or \s-1DTLS\s0 zero is returned. -.PP -The shared signature algorithms returned by \fBSSL_get_shared_sigalgs()\fR are -ordered according to configuration and peer preferences. -.PP -The raw values correspond to the on the wire form as defined by \s-1RFC5246\s0 et al. -The NIDs are OpenSSL equivalents. For example if the peer sent \fBsha256\fR\|(4) and -\&\fBrsa\fR\|(1) then \fB*rhash\fR would be 4, \fB*rsign\fR 1, \fB*phash\fR NID_sha256, \fB*psig\fR -NID_rsaEncryption and \fB*psighash\fR NID_sha256WithRSAEncryption. -.PP -If a signature algorithm is not recognised the corresponding NIDs -will be set to \fBNID_undef\fR. This may be because the value is not supported, -is not an appropriate combination (for example \s-1MD5\s0 and \s-1DSA\s0) or the -signature algorithm does not use a hash (for example Ed25519). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_CTX_set_cert_cb\fR\|(3), -\&\fBssl\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_verify_result.3 b/secure/lib/libcrypto/man/SSL_get_verify_result.3 deleted file mode 100644 index 3231f4f9380c..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_verify_result.3 +++ /dev/null @@ -1,190 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_VERIFY_RESULT 3" -.TH SSL_GET_VERIFY_RESULT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_get_verify_result \- get result of peer certificate verification -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long SSL_get_verify_result(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_get_verify_result()\fR returns the result of the verification of the -X509 certificate presented by the peer, if any. -.SH "NOTES" -.IX Header "NOTES" -\&\fBSSL_get_verify_result()\fR can only return one error code while the verification -of a certificate can fail because of many reasons at the same time. Only -the last verification error that occurred during the processing is available -from \fBSSL_get_verify_result()\fR. -.PP -The verification result is part of the established session and is restored -when a session is reused. -.SH "BUGS" -.IX Header "BUGS" -If no peer certificate was presented, the returned result code is -X509_V_OK. This is because no verification error occurred, it does however -not indicate success. \fBSSL_get_verify_result()\fR is only useful in connection -with \fBSSL_get_peer_certificate\fR\|(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can currently occur: -.IP "X509_V_OK" 4 -.IX Item "X509_V_OK" -The verification succeeded or no peer certificate was presented. -.IP "Any other value" 4 -.IX Item "Any other value" -Documented in \fBverify\fR\|(1). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_set_verify_result\fR\|(3), -\&\fBSSL_get_peer_certificate\fR\|(3), -\&\fBverify\fR\|(1) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_get_version.3 b/secure/lib/libcrypto/man/SSL_get_version.3 deleted file mode 100644 index 00c4800b61cb..000000000000 --- a/secure/lib/libcrypto/man/SSL_get_version.3 +++ /dev/null @@ -1,221 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_GET_VERSION 3" -.TH SSL_GET_VERSION 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version \- get the protocol information of a connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_client_version(const SSL *s); -\& -\& const char *SSL_get_version(const SSL *ssl); -\& -\& int SSL_is_dtls(const SSL *ssl); -\& -\& int SSL_version(const SSL *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_client_version()\fR returns the numeric protocol version advertised by the -client in the legacy_version field of the ClientHello when initiating the -connection. Note that, for \s-1TLS,\s0 this value will never indicate a version greater -than TLSv1.2 even if TLSv1.3 is subsequently negotiated. \fBSSL_get_version()\fR -returns the name of the protocol used for the connection. \fBSSL_version()\fR returns -the numeric protocol version used for the connection. They should only be called -after the initial handshake has been completed. Prior to that the results -returned from these functions may be unreliable. -.PP -\&\fBSSL_is_dtls()\fR returns one if the connection is using \s-1DTLS,\s0 zero if not. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_get_version()\fR returns one of the following strings: -.IP "SSLv3" 4 -.IX Item "SSLv3" -The connection uses the SSLv3 protocol. -.IP "TLSv1" 4 -.IX Item "TLSv1" -The connection uses the TLSv1.0 protocol. -.IP "TLSv1.1" 4 -.IX Item "TLSv1.1" -The connection uses the TLSv1.1 protocol. -.IP "TLSv1.2" 4 -.IX Item "TLSv1.2" -The connection uses the TLSv1.2 protocol. -.IP "TLSv1.3" 4 -.IX Item "TLSv1.3" -The connection uses the TLSv1.3 protocol. -.IP "unknown" 4 -.IX Item "unknown" -This indicates an unknown protocol version. -.PP -\&\fBSSL_version()\fR and \fBSSL_client_version()\fR return an integer which could include any -of the following: -.IP "\s-1SSL3_VERSION\s0" 4 -.IX Item "SSL3_VERSION" -The connection uses the SSLv3 protocol. -.IP "\s-1TLS1_VERSION\s0" 4 -.IX Item "TLS1_VERSION" -The connection uses the TLSv1.0 protocol. -.IP "\s-1TLS1_1_VERSION\s0" 4 -.IX Item "TLS1_1_VERSION" -The connection uses the TLSv1.1 protocol. -.IP "\s-1TLS1_2_VERSION\s0" 4 -.IX Item "TLS1_2_VERSION" -The connection uses the TLSv1.2 protocol. -.IP "\s-1TLS1_3_VERSION\s0" 4 -.IX Item "TLS1_3_VERSION" -The connection uses the TLSv1.3 protocol (never returned for -\&\fBSSL_client_version()\fR). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_is_dtls()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_in_init.3 b/secure/lib/libcrypto/man/SSL_in_init.3 deleted file mode 100644 index 5c22629c168f..000000000000 --- a/secure/lib/libcrypto/man/SSL_in_init.3 +++ /dev/null @@ -1,227 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_IN_INIT 3" -.TH SSL_IN_INIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_in_before, SSL_in_init, SSL_is_init_finished, SSL_in_connect_init, SSL_in_accept_init, SSL_get_state \&\- retrieve information about the handshake state machine -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_in_init(const SSL *s); -\& int SSL_in_before(const SSL *s); -\& int SSL_is_init_finished(const SSL *s); -\& -\& int SSL_in_connect_init(SSL *s); -\& int SSL_in_accept_init(SSL *s); -\& -\& OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_in_init()\fR returns 1 if the \s-1SSL/TLS\s0 state machine is currently processing or -awaiting handshake messages, or 0 otherwise. -.PP -\&\fBSSL_in_before()\fR returns 1 if no \s-1SSL/TLS\s0 handshake has yet been initiated, or 0 -otherwise. -.PP -\&\fBSSL_is_init_finished()\fR returns 1 if the \s-1SSL/TLS\s0 connection is in a state where -fully protected application data can be transferred or 0 otherwise. -.PP -Note that in some circumstances (such as when early data is being transferred) -\&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR and \fBSSL_is_init_finished()\fR can all return 0. -.PP -\&\fBSSL_in_connect_init()\fR returns 1 if \fBs\fR is acting as a client and \fBSSL_in_init()\fR -would return 1, or 0 otherwise. -.PP -\&\fBSSL_in_accept_init()\fR returns 1 if \fBs\fR is acting as a server and \fBSSL_in_init()\fR -would return 1, or 0 otherwise. -.PP -\&\fBSSL_in_connect_init()\fR and \fBSSL_in_accept_init()\fR are implemented as macros. -.PP -\&\fBSSL_get_state()\fR returns a value indicating the current state of the handshake -state machine. \s-1OSSL_HANDSHAKE_STATE\s0 is an enumerated type where each value -indicates a discrete state machine state. Note that future versions of OpenSSL -may define more states so applications should expect to receive unrecognised -state values. The naming format is made up of a number of elements as follows: -.PP -\&\fBprotocol\fR_ST_\fBrole\fR_\fBmessage\fR -.PP -\&\fBprotocol\fR is one of \s-1TLS\s0 or \s-1DTLS. DTLS\s0 is used where a state is specific to the -\&\s-1DTLS\s0 protocol. Otherwise \s-1TLS\s0 is used. -.PP -\&\fBrole\fR is one of \s-1CR, CW, SR\s0 or \s-1SW\s0 to indicate \*(L"client reading\*(R", -\&\*(L"client writing\*(R", \*(L"server reading\*(R" or \*(L"server writing\*(R" respectively. -.PP -\&\fBmessage\fR is the name of a handshake message that is being or has been sent, or -is being or has been processed. -.PP -Additionally there are some special states that do not conform to the above -format. These are: -.IP "\s-1TLS_ST_BEFORE\s0" 4 -.IX Item "TLS_ST_BEFORE" -No handshake messages have yet been been sent or received. -.IP "\s-1TLS_ST_OK\s0" 4 -.IX Item "TLS_ST_OK" -Handshake message sending/processing has completed. -.IP "\s-1TLS_ST_EARLY_DATA\s0" 4 -.IX Item "TLS_ST_EARLY_DATA" -Early data is being processed -.IP "\s-1TLS_ST_PENDING_EARLY_DATA_END\s0" 4 -.IX Item "TLS_ST_PENDING_EARLY_DATA_END" -Awaiting the end of early data processing -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR, \fBSSL_is_init_finished()\fR, \fBSSL_in_connect_init()\fR -and \fBSSL_in_accept_init()\fR return values as indicated above. -.PP -\&\fBSSL_get_state()\fR returns the current handshake state. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_read_early_data\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_key_update.3 b/secure/lib/libcrypto/man/SSL_key_update.3 deleted file mode 100644 index b69af2cdad35..000000000000 --- a/secure/lib/libcrypto/man/SSL_key_update.3 +++ /dev/null @@ -1,236 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_KEY_UPDATE 3" -.TH SSL_KEY_UPDATE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_key_update, SSL_get_key_update_type, SSL_renegotiate, SSL_renegotiate_abbreviated, SSL_renegotiate_pending \&\- initiate and obtain information about updating connection keys -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_key_update(SSL *s, int updatetype); -\& int SSL_get_key_update_type(const SSL *s); -\& -\& int SSL_renegotiate(SSL *s); -\& int SSL_renegotiate_abbreviated(SSL *s); -\& int SSL_renegotiate_pending(const SSL *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_key_update()\fR schedules an update of the keys for the current \s-1TLS\s0 connection. -If the \fBupdatetype\fR parameter is set to \fB\s-1SSL_KEY_UPDATE_NOT_REQUESTED\s0\fR then -the sending keys for this connection will be updated and the peer will be -informed of the change. If the \fBupdatetype\fR parameter is set to -\&\fB\s-1SSL_KEY_UPDATE_REQUESTED\s0\fR then the sending keys for this connection will be -updated and the peer will be informed of the change along with a request for the -peer to additionally update its sending keys. It is an error if \fBupdatetype\fR is -set to \fB\s-1SSL_KEY_UPDATE_NONE\s0\fR. -.PP -\&\fBSSL_key_update()\fR must only be called after the initial handshake has been -completed and TLSv1.3 has been negotiated. The key update will not take place -until the next time an \s-1IO\s0 operation such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR -takes place on the connection. Alternatively \fBSSL_do_handshake()\fR can be called to -force the update to take place immediately. -.PP -\&\fBSSL_get_key_update_type()\fR can be used to determine whether a key update -operation has been scheduled but not yet performed. The type of the pending key -update operation will be returned if there is one, or \s-1SSL_KEY_UPDATE_NONE\s0 -otherwise. -.PP -\&\fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR should only be called for -connections that have negotiated TLSv1.2 or less. Calling them on any other -connection will result in an error. -.PP -When called from the client side, \fBSSL_renegotiate()\fR schedules a completely new -handshake over an existing \s-1SSL/TLS\s0 connection. The next time an \s-1IO\s0 operation -such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR takes place on the connection a check -will be performed to confirm that it is a suitable time to start a -renegotiation. If so, then it will be initiated immediately. OpenSSL will not -attempt to resume any session associated with the connection in the new -handshake. -.PP -When called from the client side, \fBSSL_renegotiate_abbreviated()\fR works in the -same was as \fBSSL_renegotiate()\fR except that OpenSSL will attempt to resume the -session associated with the current connection in the new handshake. -.PP -When called from the server side, \fBSSL_renegotiate()\fR and -\&\fBSSL_renegotiate_abbreviated()\fR behave identically. They both schedule a request -for a new handshake to be sent to the client. The next time an \s-1IO\s0 operation is -performed then the same checks as on the client side are performed and then, if -appropriate, the request is sent. The client may or may not respond with a new -handshake and it may or may not attempt to resume an existing session. If -a new handshake is started then this will be handled transparently by calling -any OpenSSL \s-1IO\s0 function. -.PP -If an OpenSSL client receives a renegotiation request from a server then again -this will be handled transparently through calling any OpenSSL \s-1IO\s0 function. For -a \s-1TLS\s0 connection the client will attempt to resume the current session in the -new handshake. For historical reasons, \s-1DTLS\s0 clients will not attempt to resume -the session in the new handshake. -.PP -The \fBSSL_renegotiate_pending()\fR function returns 1 if a renegotiation or -renegotiation request has been scheduled but not yet acted on, or 0 otherwise. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_key_update()\fR, \fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR return 1 -on success or 0 on error. -.PP -\&\fBSSL_get_key_update_type()\fR returns the update type of the pending key update -operation or \s-1SSL_KEY_UPDATE_NONE\s0 if there is none. -.PP -\&\fBSSL_renegotiate_pending()\fR returns 1 if a renegotiation or renegotiation request -has been scheduled but not yet acted on, or 0 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), -\&\fBSSL_write_ex\fR\|(3), -\&\fBSSL_do_handshake\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_key_update()\fR and \fBSSL_get_key_update_type()\fR functions were added in -OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_library_init.3 b/secure/lib/libcrypto/man/SSL_library_init.3 deleted file mode 100644 index fc2c884623a9..000000000000 --- a/secure/lib/libcrypto/man/SSL_library_init.3 +++ /dev/null @@ -1,185 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_LIBRARY_INIT 3" -.TH SSL_LIBRARY_INIT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_library_init, OpenSSL_add_ssl_algorithms \&\- initialize SSL library by registering algorithms -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_library_init(void); -\& -\& int OpenSSL_add_ssl_algorithms(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. -.PP -\&\fBOpenSSL_add_ssl_algorithms()\fR is a synonym for \fBSSL_library_init()\fR and is -implemented as a macro. -.SH "NOTES" -.IX Header "NOTES" -\&\fBSSL_library_init()\fR must be called before any other action takes place. -\&\fBSSL_library_init()\fR is not reentrant. -.SH "WARNINGS" -.IX Header "WARNINGS" -\&\fBSSL_library_init()\fR adds ciphers and digests used directly and indirectly by -\&\s-1SSL/TLS.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return -value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBRAND_add\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_library_init()\fR and \fBOpenSSL_add_ssl_algorithms()\fR functions were -deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_ssl()\fR. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 b/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 deleted file mode 100644 index 3d39648af7fc..000000000000 --- a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 +++ /dev/null @@ -1,197 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_LOAD_CLIENT_CA_FILE 3" -.TH SSL_LOAD_CLIENT_CA_FILE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_load_client_CA_file \- load certificate names from file -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns -a \s-1STACK_OF\s0(X509_NAME) with the subject names found. -.SH "NOTES" -.IX Header "NOTES" -\&\fBSSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and -extracts the X509_NAMES of the certificates found. While the name suggests -the specific usage as support function for -\&\fBSSL_CTX_set_client_CA_list\fR\|(3), -it is not limited to \s-1CA\s0 certificates. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "\s-1NULL\s0" 4 -.IX Item "NULL" -The operation failed, check out the error stack for the reason. -.IP "Pointer to \s-1STACK_OF\s0(X509_NAME)" 4 -.IX Item "Pointer to STACK_OF(X509_NAME)" -Pointer to the subject names of the successfully read certificates. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Load names of CAs from file and use it as a client \s-1CA\s0 list: -.PP -.Vb 2 -\& SSL_CTX *ctx; -\& STACK_OF(X509_NAME) *cert_names; -\& -\& ... -\& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); -\& if (cert_names != NULL) -\& SSL_CTX_set_client_CA_list(ctx, cert_names); -\& else -\& /* error */ -\& ... -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), -\&\fBSSL_CTX_set_client_CA_list\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_new.3 b/secure/lib/libcrypto/man/SSL_new.3 deleted file mode 100644 index 4595a101f121..000000000000 --- a/secure/lib/libcrypto/man/SSL_new.3 +++ /dev/null @@ -1,195 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_NEW 3" -.TH SSL_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_dup, SSL_new, SSL_up_ref \- create an SSL structure for a connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& SSL *SSL_dup(SSL *s); -\& SSL *SSL_new(SSL_CTX *ctx); -\& int SSL_up_ref(SSL *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the -data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings -of the underlying context \fBctx\fR: connection method, -options, verification settings, timeout settings. An \fB\s-1SSL\s0\fR structure is -reference counted. Creating an \fB\s-1SSL\s0\fR structure for the first time increments -the reference count. Freeing it (using SSL_free) decrements it. When the -reference count drops to zero, any memory or resources allocated to the \fB\s-1SSL\s0\fR -structure are freed. -.PP -\&\fBSSL_up_ref()\fR increments the reference count for an -existing \fB\s-1SSL\s0\fR structure. -.PP -\&\fBSSL_dup()\fR duplicates an existing \fB\s-1SSL\s0\fR structure into a new allocated one. All -settings are inherited from the original \fB\s-1SSL\s0\fR structure. Dynamic data (i.e. -existing connection details) are not copied, the new \fB\s-1SSL\s0\fR is set into an -initial accept (server) or connect (client) state. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "\s-1NULL\s0" 4 -.IX Item "NULL" -The creation of a new \s-1SSL\s0 structure failed. Check the error stack to -find out the reason. -.IP "Pointer to an \s-1SSL\s0 structure" 4 -.IX Item "Pointer to an SSL structure" -The return value points to an allocated \s-1SSL\s0 structure. -.Sp -\&\fBSSL_up_ref()\fR returns 1 for success and 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), -\&\fBSSL_CTX_set_options\fR\|(3), -\&\fBSSL_get_SSL_CTX\fR\|(3), -\&\fBssl\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_pending.3 b/secure/lib/libcrypto/man/SSL_pending.3 deleted file mode 100644 index 7ef93680808e..000000000000 --- a/secure/lib/libcrypto/man/SSL_pending.3 +++ /dev/null @@ -1,199 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_PENDING 3" -.TH SSL_PENDING 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_pending, SSL_has_pending \- check for readable bytes buffered in an SSL object -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_pending(const SSL *ssl); -\& int SSL_has_pending(const SSL *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Data is received in whole blocks known as records from the peer. A whole record -is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is -read by the application via a call to \fBSSL_read_ex\fR\|(3) or \fBSSL_read\fR\|(3). -.PP -\&\fBSSL_pending()\fR returns the number of bytes which have been processed, buffered -and are available inside \fBssl\fR for immediate read. -.PP -If the \fB\s-1SSL\s0\fR object's \fIread_ahead\fR flag is set (see -\&\fBSSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes (beyond the current -record) may have been read containing more \s-1TLS/SSL\s0 records. This also applies to -\&\s-1DTLS\s0 and pipelining (see \fBSSL_CTX_set_split_send_fragment\fR\|(3)). These -additional bytes will be buffered by OpenSSL but will remain unprocessed until -they are needed. As these bytes are still in an unprocessed state \fBSSL_pending()\fR -will ignore them. Therefore it is possible for no more bytes to be readable from -the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fBSSL_pending()\fR -to return 0, even though readable application data bytes are available (because -the data is in unprocessed buffered records). -.PP -\&\fBSSL_has_pending()\fR returns 1 if \fBs\fR has buffered data (whether processed or -unprocessed) and 0 otherwise. Note that it is possible for \fBSSL_has_pending()\fR to -return 1, and then a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR to return no -data because the unprocessed buffered data when processed yielded no application -data (for example this can happen during renegotiation). It is also possible in -this scenario for \fBSSL_has_pending()\fR to continue to return 1 even after an -\&\fBSSL_read_ex()\fR or \fBSSL_read()\fR call because the buffered and unprocessed data is -not yet processable (e.g. because OpenSSL has only received a partial record so -far). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_pending()\fR returns the number of buffered and processed application data -bytes that are pending and are available for immediate read. \fBSSL_has_pending()\fR -returns 1 if there is buffered record data in the \s-1SSL\s0 object and 0 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_CTX_set_read_ahead\fR\|(3), -\&\fBSSL_CTX_set_split_send_fragment\fR\|(3), \fBssl\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_has_pending()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_read.3 b/secure/lib/libcrypto/man/SSL_read.3 deleted file mode 100644 index 0acfe6574ccb..000000000000 --- a/secure/lib/libcrypto/man/SSL_read.3 +++ /dev/null @@ -1,275 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_READ 3" -.TH SSL_READ 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek \&\- read bytes from a TLS/SSL connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); -\& int SSL_read(SSL *ssl, void *buf, int num); -\& -\& int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); -\& int SSL_peek(SSL *ssl, void *buf, int num); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_read_ex()\fR and \fBSSL_read()\fR try to read \fBnum\fR bytes from the specified \fBssl\fR -into the buffer \fBbuf\fR. On success \fBSSL_read_ex()\fR will store the number of bytes -actually read in \fB*readbytes\fR. -.PP -\&\fBSSL_peek_ex()\fR and \fBSSL_peek()\fR are identical to \fBSSL_read_ex()\fR and \fBSSL_read()\fR -respectively except no bytes are actually removed from the underlying \s-1BIO\s0 during -the read, so that a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR will yield -at least the same bytes. -.SH "NOTES" -.IX Header "NOTES" -In the paragraphs below a \*(L"read function\*(R" is defined as one of \fBSSL_read_ex()\fR, -\&\fBSSL_read()\fR, \fBSSL_peek_ex()\fR or \fBSSL_peek()\fR. -.PP -If necessary, a read function will negotiate a \s-1TLS/SSL\s0 session, if not already -explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the -peer requests a re-negotiation, it will be performed transparently during -the read function operation. The behaviour of the read functions depends on the -underlying \s-1BIO.\s0 -.PP -For the transparent negotiation to succeed, the \fBssl\fR must have been -initialized to client or server mode. This is being done by calling -\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR before the first -invocation of a read function. -.PP -The read functions work based on the \s-1SSL/TLS\s0 records. The data are received in -records (with a maximum record size of 16kB). Only when a record has been -completely received, can it be processed (decryption and check of integrity). -Therefore data that was not retrieved at the last read call can still be -buffered inside the \s-1SSL\s0 layer and will be retrieved on the next read -call. If \fBnum\fR is higher than the number of bytes buffered then the read -functions will return with the bytes buffered. If no more bytes are in the -buffer, the read functions will trigger the processing of the next record. -Only when the record has been received and processed completely will the read -functions return reporting success. At most the contents of one record will -be returned. As the size of an \s-1SSL/TLS\s0 record may exceed the maximum packet size -of the underlying transport (e.g. \s-1TCP\s0), it may be necessary to read several -packets from the transport layer before the record is complete and the read call -can succeed. -.PP -If \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR has been switched off and a non-application data -record has been processed, the read function can return and set the error to -\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR. -In this case there might still be unprocessed data available in the \fB\s-1BIO\s0\fR. -If read ahead was set using \fBSSL_CTX_set_read_ahead\fR\|(3), there might also still -be unprocessed data available in the \fB\s-1SSL\s0\fR. -This behaviour can be controlled using the \fBSSL_CTX_set_mode\fR\|(3) call. -.PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, a read function will only return once the -read operation has been finished or an error occurred, except when a -non-application data record has been processed and \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is -not set. -Note that if \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is set and only non-application data is -available the call will hang. -.PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, a read function will also return when -the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the -operation. -In this case a call to \fBSSL_get_error\fR\|(3) with the -return value of the read function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. -As at any time it's possible that non-application data needs to be sent, -a read function can also cause write operations. -The calling process then must repeat the call after taking appropriate action -to satisfy the needs of the read function. -The action depends on the underlying \s-1BIO.\s0 -When using a non-blocking socket, nothing is to be done, but \fBselect()\fR can be -used to check for the required condition. -When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or -retrieved out of the \s-1BIO\s0 before being able to continue. -.PP -\&\fBSSL_pending\fR\|(3) can be used to find out whether there -are buffered bytes available for immediate retrieval. -In this case the read function can be called without blocking or actually -receiving new data from the underlying socket. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR will return 1 for success or 0 for failure. -Success means that 1 or more application data bytes have been read from the \s-1SSL\s0 -connection. -Failure means that no bytes could be read from the \s-1SSL\s0 connection. -Failures can be retryable (e.g. we are waiting for more bytes to -be delivered by the network) or non-retryable (e.g. a fatal network error). -In the event of a failure call \fBSSL_get_error\fR\|(3) to find out the reason which -indicates whether the call is retryable or not. -.PP -For \fBSSL_read()\fR and \fBSSL_peek()\fR the following return values can occur: -.IP "> 0" 4 -.IX Item "> 0" -The read operation was successful. -The return value is the number of bytes actually read from the \s-1TLS/SSL\s0 -connection. -.IP "<= 0" 4 -.IX Item "<= 0" -The read operation was not successful, because either the connection was closed, -an error occurred or action must be taken by the calling process. -Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. -.Sp -Old documentation indicated a difference between 0 and \-1, and that \-1 was -retryable. -You should instead call \fBSSL_get_error()\fR to find out if it's retryable. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_get_error\fR\|(3), \fBSSL_write_ex\fR\|(3), -\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), -\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) -\&\fBSSL_set_connect_state\fR\|(3), -\&\fBSSL_pending\fR\|(3), -\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), -\&\fBssl\fR\|(7), \fBbio\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_read_early_data.3 b/secure/lib/libcrypto/man/SSL_read_early_data.3 deleted file mode 100644 index d2c487130cb1..000000000000 --- a/secure/lib/libcrypto/man/SSL_read_early_data.3 +++ /dev/null @@ -1,480 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_READ_EARLY_DATA 3" -.TH SSL_READ_EARLY_DATA 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_set_max_early_data, SSL_CTX_set_max_early_data, SSL_get_max_early_data, SSL_CTX_get_max_early_data, SSL_set_recv_max_early_data, SSL_CTX_set_recv_max_early_data, SSL_get_recv_max_early_data, SSL_CTX_get_recv_max_early_data, SSL_SESSION_get_max_early_data, SSL_SESSION_set_max_early_data, SSL_write_early_data, SSL_read_early_data, SSL_get_early_data_status, SSL_allow_early_data_cb_fn, SSL_CTX_set_allow_early_data_cb, SSL_set_allow_early_data_cb \&\- functions for sending and receiving early data -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); -\& uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); -\& int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); -\& uint32_t SSL_get_max_early_data(const SSL *s); -\& -\& int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); -\& uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); -\& int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); -\& uint32_t SSL_get_recv_max_early_data(const SSL *s); -\& -\& uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); -\& int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data); -\& -\& int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written); -\& -\& int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes); -\& -\& int SSL_get_early_data_status(const SSL *s); -\& -\& -\& typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); -\& -\& void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, -\& SSL_allow_early_data_cb_fn cb, -\& void *arg); -\& void SSL_set_allow_early_data_cb(SSL *s, -\& SSL_allow_early_data_cb_fn cb, -\& void *arg); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions are used to send and receive early data where TLSv1.3 has been -negotiated. Early data can be sent by the client immediately after its initial -ClientHello without having to wait for the server to complete the handshake. -Early data can only be sent if a session has previously been established with -the server, and the server is known to support it. Additionally these functions -can be used to send data from the server to the client when the client has not -yet completed the authentication stage of the handshake. -.PP -Early data has weaker security properties than other data sent over an \s-1SSL/TLS\s0 -connection. In particular the data does not have forward secrecy. There are also -additional considerations around replay attacks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 -below). For these reasons extreme care should be exercised when using early -data. For specific details, consult the \s-1TLS 1.3\s0 specification. -.PP -When a server receives early data it may opt to immediately respond by sending -application data back to the client. Data sent by the server at this stage is -done before the full handshake has been completed. Specifically the client's -authentication messages have not yet been received, i.e. the client is -unauthenticated at this point and care should be taken when using this -capability. -.PP -A server or client can determine whether the full handshake has been completed -or not by calling \fBSSL_is_init_finished\fR\|(3). -.PP -On the client side, the function \fBSSL_SESSION_get_max_early_data()\fR can be used to -determine if a session established with a server can be used to send early data. -If the session cannot be used then this function will return 0. Otherwise it -will return the maximum number of early data bytes that can be sent. -.PP -The function \fBSSL_SESSION_set_max_early_data()\fR sets the maximum number of early -data bytes that can be sent for a session. This would typically be used when -creating a \s-1PSK\s0 session file (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). If -using a ticket based \s-1PSK\s0 then this is set automatically to the value provided by -the server. -.PP -A client uses the function \fBSSL_write_early_data()\fR to send early data. This -function is similar to the \fBSSL_write_ex\fR\|(3) function, but with the following -differences. See \fBSSL_write_ex\fR\|(3) for information on how to write bytes to -the underlying connection, and how to handle any errors that may arise. This -page describes the differences between \fBSSL_write_early_data()\fR and -\&\fBSSL_write_ex\fR\|(3). -.PP -When called by a client, \fBSSL_write_early_data()\fR must be the first \s-1IO\s0 function -called on a new connection, i.e. it must occur before any calls to -\&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_connect\fR\|(3), \fBSSL_do_handshake\fR\|(3) -or other similar functions. It may be called multiple times to stream data to -the server, but the total number of bytes written must not exceed the value -returned from \fBSSL_SESSION_get_max_early_data()\fR. Once the initial -\&\fBSSL_write_early_data()\fR call has completed successfully the client may interleave -calls to \fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) with calls to -\&\fBSSL_write_early_data()\fR as required. -.PP -If \fBSSL_write_early_data()\fR fails you should call \fBSSL_get_error\fR\|(3) to determine -the correct course of action, as for \fBSSL_write_ex\fR\|(3). -.PP -When the client no longer wishes to send any more early data then it should -complete the handshake by calling a function such as \fBSSL_connect\fR\|(3) or -\&\fBSSL_do_handshake\fR\|(3). Alternatively you can call a standard write function -such as \fBSSL_write_ex\fR\|(3), which will transparently complete the connection and -write the requested data. -.PP -A server may choose to ignore early data that has been sent to it. Once the -connection has been completed you can determine whether the server accepted or -rejected the early data by calling \fBSSL_get_early_data_status()\fR. This will return -\&\s-1SSL_EARLY_DATA_ACCEPTED\s0 if the data was accepted, \s-1SSL_EARLY_DATA_REJECTED\s0 if it -was rejected or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. This function -may be called by either the client or the server. -.PP -A server uses the \fBSSL_read_early_data()\fR function to receive early data on a -connection for which early data has been enabled using -\&\fBSSL_CTX_set_max_early_data()\fR or \fBSSL_set_max_early_data()\fR. As for -\&\fBSSL_write_early_data()\fR, this must be the first \s-1IO\s0 function -called on a connection, i.e. it must occur before any calls to -\&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_accept\fR\|(3), \fBSSL_do_handshake\fR\|(3), -or other similar functions. -.PP -\&\fBSSL_read_early_data()\fR is similar to \fBSSL_read_ex\fR\|(3) with the following -differences. Refer to \fBSSL_read_ex\fR\|(3) for full details. -.PP -\&\fBSSL_read_early_data()\fR may return 3 possible values: -.IP "\s-1SSL_READ_EARLY_DATA_ERROR\s0" 4 -.IX Item "SSL_READ_EARLY_DATA_ERROR" -This indicates an \s-1IO\s0 or some other error occurred. This should be treated in the -same way as a 0 return value from \fBSSL_read_ex\fR\|(3). -.IP "\s-1SSL_READ_EARLY_DATA_SUCCESS\s0" 4 -.IX Item "SSL_READ_EARLY_DATA_SUCCESS" -This indicates that early data was successfully read. This should be treated in -the same way as a 1 return value from \fBSSL_read_ex\fR\|(3). You should continue to -call \fBSSL_read_early_data()\fR to read more data. -.IP "\s-1SSL_READ_EARLY_DATA_FINISH\s0" 4 -.IX Item "SSL_READ_EARLY_DATA_FINISH" -This indicates that no more early data can be read. It may be returned on the -first call to \fBSSL_read_early_data()\fR if the client has not sent any early data, -or if the early data was rejected. -.PP -Once the initial \fBSSL_read_early_data()\fR call has completed successfully (i.e. it -has returned \s-1SSL_READ_EARLY_DATA_SUCCESS\s0 or \s-1SSL_READ_EARLY_DATA_FINISH\s0) then the -server may choose to write data immediately to the unauthenticated client using -\&\fBSSL_write_early_data()\fR. If \fBSSL_read_early_data()\fR returned -\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 then in some situations (e.g. if the client only -supports TLSv1.2) the handshake may have already been completed and calls -to \fBSSL_write_early_data()\fR are not allowed. Call \fBSSL_is_init_finished\fR\|(3) to -determine whether the handshake has completed or not. If the handshake is still -in progress then the server may interleave calls to \fBSSL_write_early_data()\fR with -calls to \fBSSL_read_early_data()\fR as required. -.PP -Servers must not call \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or -\&\fBSSL_write\fR\|(3) until \fBSSL_read_early_data()\fR has returned with -\&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 Once it has done so the connection to the client -still needs to be completed. Complete the connection by calling a function such -as \fBSSL_accept\fR\|(3) or \fBSSL_do_handshake\fR\|(3). Alternatively you can call a -standard read function such as \fBSSL_read_ex\fR\|(3), which will transparently -complete the connection and read the requested data. Note that it is an error to -attempt to complete the connection before \fBSSL_read_early_data()\fR has returned -\&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 -.PP -Only servers may call \fBSSL_read_early_data()\fR. -.PP -Calls to \fBSSL_read_early_data()\fR may, in certain circumstances, complete the -connection immediately without further need to call a function such as -\&\fBSSL_accept\fR\|(3). This can happen if the client is using a protocol version less -than TLSv1.3. Applications can test for this by calling -\&\fBSSL_is_init_finished\fR\|(3). Alternatively, applications may choose to call -\&\fBSSL_accept\fR\|(3) anyway. Such a call will successfully return immediately with no -further action taken. -.PP -When a session is created between a server and a client the server will specify -the maximum amount of any early data that it will accept on any future -connection attempt. By default the server does not accept early data; a -server may indicate support for early data by calling -\&\fBSSL_CTX_set_max_early_data()\fR or -\&\fBSSL_set_max_early_data()\fR to set it for the whole \s-1SSL_CTX\s0 or an individual \s-1SSL\s0 -object respectively. The \fBmax_early_data\fR parameter specifies the maximum -amount of early data in bytes that is permitted to be sent on a single -connection. Similarly the \fBSSL_CTX_get_max_early_data()\fR and -\&\fBSSL_get_max_early_data()\fR functions can be used to obtain the current maximum -early data settings for the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. Generally a -server application will either use both of \fBSSL_read_early_data()\fR and -\&\fBSSL_CTX_set_max_early_data()\fR (or \fBSSL_set_max_early_data()\fR), or neither of them, -since there is no practical benefit from using only one of them. If the maximum -early data setting for a server is non-zero then replay protection is -automatically enabled (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 below). -.PP -If the server rejects the early data sent by a client then it will skip over -the data that is sent. The maximum amount of received early data that is skipped -is controlled by the recv_max_early_data setting. If a client sends more than -this then the connection will abort. This value can be set by calling -\&\fBSSL_CTX_set_recv_max_early_data()\fR or \fBSSL_set_recv_max_early_data()\fR. The current -value for this setting can be obtained by calling -\&\fBSSL_CTX_get_recv_max_early_data()\fR or \fBSSL_get_recv_max_early_data()\fR. The default -value for this setting is 16,384 bytes. -.PP -The recv_max_early_data value also has an impact on early data that is accepted. -The amount of data that is accepted will always be the lower of the -max_early_data for the session and the recv_max_early_data setting for the -server. If a client sends more data than this then the connection will abort. -.PP -The configured value for max_early_data on a server may change over time as -required. However clients may have tickets containing the previously configured -max_early_data value. The recv_max_early_data should always be equal to or -higher than any recently configured max_early_data value in order to avoid -aborted connections. The recv_max_early_data should never be set to less than -the current configured max_early_data value. -.PP -Some server applications may wish to have more control over whether early data -is accepted or not, for example to mitigate replay risks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 -below) or to decline early_data when the server is heavily loaded. The functions -\&\fBSSL_CTX_set_allow_early_data_cb()\fR and \fBSSL_set_allow_early_data_cb()\fR set a -callback which is called at a point in the handshake immediately before a -decision is made to accept or reject early data. The callback is provided with a -pointer to the user data argument that was provided when the callback was first -set. Returning 1 from the callback will allow early data and returning 0 will -reject it. Note that the OpenSSL library may reject early data for other reasons -in which case this callback will not get called. Notably, the built-in replay -protection feature will still be used even if a callback is present unless it -has been explicitly disabled using the \s-1SSL_OP_NO_ANTI_REPLAY\s0 option. See -\&\*(L"\s-1REPLAY PROTECTION\*(R"\s0 below. -.SH "NOTES" -.IX Header "NOTES" -The whole purpose of early data is to enable a client to start sending data to -the server before a full round trip of network traffic has occurred. Application -developers should ensure they consider optimisation of the underlying \s-1TCP\s0 socket -to obtain a performant solution. For example Nagle's algorithm is commonly used -by operating systems in an attempt to avoid lots of small \s-1TCP\s0 packets. In many -scenarios this is beneficial for performance, but it does not work well with the -early data solution as implemented in OpenSSL. In Nagle's algorithm the \s-1OS\s0 will -buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent which we have not -yet received an \s-1ACK\s0 for from the peer. The buffered data will only be -transmitted if enough data to fill an entire \s-1TCP\s0 packet is accumulated, or if -the \s-1ACK\s0 is received from the peer. The initial ClientHello will be sent in the -first \s-1TCP\s0 packet along with any data from the first call to -\&\fBSSL_write_early_data()\fR. If the amount of data written will exceed the size of a -single \s-1TCP\s0 packet, or if there are more calls to \fBSSL_write_early_data()\fR then -that additional data will be sent in subsequent \s-1TCP\s0 packets which will be -buffered by the \s-1OS\s0 and not sent until an \s-1ACK\s0 is received for the first packet -containing the ClientHello. This means the early data is not actually -sent until a complete round trip with the server has occurred which defeats the -objective of early data. -.PP -In many operating systems the \s-1TCP_NODELAY\s0 socket option is available to disable -Nagle's algorithm. If an application opts to disable Nagle's algorithm -consideration should be given to turning it back on again after the handshake is -complete if appropriate. -.PP -In rare circumstances, it may be possible for a client to have a session that -reports a max early data value greater than 0, but where the server does not -support this. For example, this can occur if a server has had its configuration -changed to accept a lower max early data value such as by calling -\&\fBSSL_CTX_set_recv_max_early_data()\fR. Another example is if a server used to -support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such -a server will cause the connection to abort. Clients that encounter an aborted -connection while sending early data may want to retry the connection without -sending early data as this does not happen automatically. A client will have to -establish a new transport layer connection to the server and attempt the \s-1SSL/TLS\s0 -connection again but without sending early data. Note that it is inadvisable to -retry with a lower maximum protocol version. -.SH "REPLAY PROTECTION" -.IX Header "REPLAY PROTECTION" -When early data is in use the \s-1TLS\s0 protocol provides no security guarantees that -the same early data was not replayed across multiple connections. As a -mitigation for this issue OpenSSL automatically enables replay protection if the -server is configured with a non-zero max early data value. With replay -protection enabled sessions are forced to be single use only. If a client -attempts to reuse a session ticket more than once, then the second and -subsequent attempts will fall back to a full handshake (and any early data that -was submitted will be ignored). Note that single use tickets are enforced even -if a client does not send any early data. -.PP -The replay protection mechanism relies on the internal OpenSSL server session -cache (see \fBSSL_CTX_set_session_cache_mode\fR\|(3)). When replay protection is -being used the server will operate as if the \s-1SSL_OP_NO_TICKET\s0 option had been -selected (see \fBSSL_CTX_set_options\fR\|(3)). Sessions will be added to the cache -whenever a session ticket is issued. When a client attempts to resume the -session, OpenSSL will check for its presence in the internal cache. If it exists -then the resumption is allowed and the session is removed from the cache. If it -does not exist then the resumption is not allowed and a full handshake will -occur. -.PP -Note that some applications may maintain an external cache of sessions (see -\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's -responsibility to ensure that any sessions in the external cache are also -populated in the internal cache and that once removed from the internal cache -they are similarly removed from the external cache. Failing to do this could -result in an application becoming vulnerable to replay attacks. Note that -OpenSSL will lock the internal cache while a session is removed but that lock is -not held when the remove session callback (see \fBSSL_CTX_sess_set_remove_cb\fR\|(3)) -is called. This could result in a small amount of time where the session has -been removed from the internal cache but is still available in the external -cache. Applications should be designed with this in mind in order to minimise -the possibility of replay attacks. -.PP -The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) -(e.g. see \fBSSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore extreme caution -should be applied when combining external PSKs with early data. -.PP -Some applications may mitigate the replay risks in other ways. For those -applications it is possible to turn off the built-in replay protection feature -using the \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR option. See \fBSSL_CTX_set_options\fR\|(3) for -details. Applications can also set a callback to make decisions about accepting -early data or not. See \fBSSL_CTX_set_allow_early_data_cb()\fR above for details. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_write_early_data()\fR returns 1 for success or 0 for failure. In the event of a -failure call \fBSSL_get_error\fR\|(3) to determine the correct course of action. -.PP -\&\fBSSL_read_early_data()\fR returns \s-1SSL_READ_EARLY_DATA_ERROR\s0 for failure, -\&\s-1SSL_READ_EARLY_DATA_SUCCESS\s0 for success with more data to read and -\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 for success with no more to data be read. In the -event of a failure call \fBSSL_get_error\fR\|(3) to determine the correct course of -action. -.PP -\&\fBSSL_get_max_early_data()\fR, \fBSSL_CTX_get_max_early_data()\fR and -\&\fBSSL_SESSION_get_max_early_data()\fR return the maximum number of early data bytes -that may be sent. -.PP -\&\fBSSL_set_max_early_data()\fR, \fBSSL_CTX_set_max_early_data()\fR and -\&\fBSSL_SESSION_set_max_early_data()\fR return 1 for success or 0 for failure. -.PP -\&\fBSSL_get_early_data_status()\fR returns \s-1SSL_EARLY_DATA_ACCEPTED\s0 if early data was -accepted by the server, \s-1SSL_EARLY_DATA_REJECTED\s0 if early data was rejected by -the server, or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_get_error\fR\|(3), -\&\fBSSL_write_ex\fR\|(3), -\&\fBSSL_read_ex\fR\|(3), -\&\fBSSL_connect\fR\|(3), -\&\fBSSL_accept\fR\|(3), -\&\fBSSL_do_handshake\fR\|(3), -\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), -\&\fBssl\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -All of the functions described above were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_rstate_string.3 b/secure/lib/libcrypto/man/SSL_rstate_string.3 deleted file mode 100644 index 3696f4f4e353..000000000000 --- a/secure/lib/libcrypto/man/SSL_rstate_string.3 +++ /dev/null @@ -1,195 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_RSTATE_STRING 3" -.TH SSL_RSTATE_STRING 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an SSL object during read operation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const char *SSL_rstate_string(SSL *ssl); -\& const char *SSL_rstate_string_long(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_rstate_string()\fR returns a 2 letter string indicating the current read state -of the \s-1SSL\s0 object \fBssl\fR. -.PP -\&\fBSSL_rstate_string_long()\fR returns a string indicating the current read state of -the \s-1SSL\s0 object \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, -consisting of header and body. When working in a blocking environment, -SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read done\*(R". -.PP -This function should only seldom be needed in applications. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_rstate_string()\fR and \fBSSL_rstate_string_long()\fR can return the following -values: -.ie n .IP """\s-1RH""/\s0""read header""" 4 -.el .IP "``\s-1RH''/\s0``read header''" 4 -.IX Item "RH/read header" -The header of the record is being evaluated. -.ie n .IP """\s-1RB""/\s0""read body""" 4 -.el .IP "``\s-1RB''/\s0``read body''" 4 -.IX Item "RB/read body" -The body of the record is being evaluated. -.ie n .IP """\s-1RD""/\s0""read done""" 4 -.el .IP "``\s-1RD''/\s0``read done''" 4 -.IX Item "RD/read done" -The record has been completely processed. -.ie n .IP """unknown""/""unknown""" 4 -.el .IP "``unknown''/``unknown''" 4 -.IX Item "unknown/unknown" -The read state is unknown. This should never happen. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_session_reused.3 b/secure/lib/libcrypto/man/SSL_session_reused.3 deleted file mode 100644 index 9a7bb5f6bac6..000000000000 --- a/secure/lib/libcrypto/man/SSL_session_reused.3 +++ /dev/null @@ -1,178 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SESSION_REUSED 3" -.TH SSL_SESSION_REUSED 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_session_reused \- query whether a reused session was negotiated during handshake -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_session_reused(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Query, whether a reused session was negotiated during the handshake. -.SH "NOTES" -.IX Header "NOTES" -During the negotiation, a client can propose to reuse a session. The server -then looks up the session in its cache. If both client and server agree -on the session, it will be reused and a flag is being set that can be -queried by the application. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "0" 4 -A new session was negotiated. -.IP "1" 4 -.IX Item "1" -A session was reused. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_set1_host.3 b/secure/lib/libcrypto/man/SSL_set1_host.3 deleted file mode 100644 index 01621f4679c0..000000000000 --- a/secure/lib/libcrypto/man/SSL_set1_host.3 +++ /dev/null @@ -1,249 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SET1_HOST 3" -.TH SSL_SET1_HOST 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- SSL server verification parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_set1_host(SSL *s, const char *hostname); -\& int SSL_add1_host(SSL *s, const char *hostname); -\& void SSL_set_hostflags(SSL *s, unsigned int flags); -\& const char *SSL_get0_peername(SSL *s); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions configure server hostname checks in the \s-1SSL\s0 client. -.PP -\&\fBSSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing -any previously specified host name or names. If \fBname\fR is \s-1NULL,\s0 -or the empty string the list of hostnames is cleared, and name -checks are not performed on the peer certificate. When a non-empty -\&\fBname\fR is specified, certificate verification automatically checks -the peer hostname via \fBX509_check_host\fR\|(3) with \fBflags\fR as specified -via \fBSSL_set_hostflags()\fR. Clients that enable \s-1DANE TLSA\s0 authentication -via \fBSSL_dane_enable\fR\|(3) should leave it to that function to set -the primary reference identifier of the peer, and should not call -\&\fBSSL_set1_host()\fR. -.PP -\&\fBSSL_add1_host()\fR adds \fBname\fR as an additional reference identifier -that can match the peer's certificate. Any previous names set via -\&\fBSSL_set1_host()\fR or \fBSSL_add1_host()\fR are retained, no change is made -if \fBname\fR is \s-1NULL\s0 or empty. When multiple names are configured, -the peer is considered verified when any name matches. This function -is required for \s-1DANE TLSA\s0 in the presence of service name indirection -via \s-1CNAME, MX\s0 or \s-1SRV\s0 records as specified in \s-1RFC7671, RFC7672\s0 or -\&\s-1RFC7673.\s0 -.PP -\&\fBSSL_set_hostflags()\fR sets the \fBflags\fR that will be passed to -\&\fBX509_check_host\fR\|(3) when name checks are applicable, by default -the \fBflags\fR value is 0. See \fBX509_check_host\fR\|(3) for the list -of available flags and their meaning. -.PP -\&\fBSSL_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName -from the peer certificate that matched one of the reference -identifiers. When wildcard matching is not disabled, the name -matched in the peer certificate may be a wildcard name. When one -of the reference identifiers configured via \fBSSL_set1_host()\fR or -\&\fBSSL_add1_host()\fR starts with \*(L".\*(R", which indicates a parent domain prefix -rather than a fixed name, the matched peer name may be a sub-domain -of the reference identifier. The returned string is allocated by -the library and is no longer valid once the associated \fBssl\fR handle -is cleared or freed, or a renegotiation takes place. Applications -must not free the return value. -.PP -\&\s-1SSL\s0 clients are advised to use these functions in preference to -explicitly calling \fBX509_check_host\fR\|(3). Hostname checks may be out -of scope with the \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3) certificate usage, and the -internal check will be suppressed as appropriate when \s-1DANE\s0 is -enabled. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_set1_host()\fR and \fBSSL_add1_host()\fR return 1 for success and 0 for -failure. -.PP -\&\fBSSL_get0_peername()\fR returns \s-1NULL\s0 if peername verification is not -applicable (as with \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3)), or no trusted peername was -matched. Otherwise, it returns the matched peername. To determine -whether verification succeeded call \fBSSL_get_verify_result\fR\|(3). -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R". -The calls below will arrange to match either the \s-1MX\s0 hostname or the -destination domain name in the \s-1SMTP\s0 server certificate. Wildcards -are supported, but must match the entire label. The actual name -matched in the certificate (which might be a wildcard) is retrieved, -and must be copied by the application if it is to be retained beyond -the lifetime of the \s-1SSL\s0 connection. -.PP -.Vb 5 -\& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); -\& if (!SSL_set1_host(ssl, "smtp.example.com")) -\& /* error */ -\& if (!SSL_add1_host(ssl, "example.com")) -\& /* error */ -\& -\& /* XXX: Perform SSL_connect() handshake and handle errors here */ -\& -\& if (SSL_get_verify_result(ssl) == X509_V_OK) { -\& const char *peername = SSL_get0_peername(ssl); -\& -\& if (peername != NULL) -\& /* Name checks were in scope and matched the peername */ -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_check_host\fR\|(3), -\&\fBSSL_get_verify_result\fR\|(3). -\&\fBSSL_dane_enable\fR\|(3). -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_set_bio.3 b/secure/lib/libcrypto/man/SSL_set_bio.3 deleted file mode 100644 index df9bba45a871..000000000000 --- a/secure/lib/libcrypto/man/SSL_set_bio.3 +++ /dev/null @@ -1,227 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SET_BIO 3" -.TH SSL_SET_BIO 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio \- connect the SSL object with a BIO -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); -\& void SSL_set0_rbio(SSL *s, BIO *rbio); -\& void SSL_set0_wbio(SSL *s, BIO *wbio); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR -object. The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR. If the \s-1BIO\s0 is -non-blocking then the \fBssl\fR object will also have non-blocking behaviour. This -function transfers ownership of \fBrbio\fR to \fBssl\fR. It will be automatically -freed using \fBBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this -function, any existing \fBrbio\fR that was previously set will also be freed via a -call to \fBBIO_free_all\fR\|(3) (this includes the case where the \fBrbio\fR is set to -the same value as previously). -.PP -\&\fBSSL_set0_wbio()\fR works in the same as \fBSSL_set0_rbio()\fR except that it connects -the \s-1BIO\s0 \fBwbio\fR for the write operations of the \fBssl\fR object. Note that if the -rbio and wbio are the same then \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR each take -ownership of one reference. Therefore it may be necessary to increment the -number of references available using \fBBIO_up_ref\fR\|(3) before calling the set0 -functions. -.PP -\&\fBSSL_set_bio()\fR is similar to \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR except -that it connects both the \fBrbio\fR and the \fBwbio\fR at the same time, and -transfers the ownership of \fBrbio\fR and \fBwbio\fR to \fBssl\fR according to -the following set of rules: -.IP "\(bu" 2 -If neither the \fBrbio\fR or \fBwbio\fR have changed from their previous values -then nothing is done. -.IP "\(bu" 2 -If the \fBrbio\fR and \fBwbio\fR parameters are different and both are different -to their -previously set values then one reference is consumed for the rbio and one -reference is consumed for the wbio. -.IP "\(bu" 2 -If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is not -the same as the previously set value then one reference is consumed. -.IP "\(bu" 2 -If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is the -same as the previously set value, then no additional references are consumed. -.IP "\(bu" 2 -If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBrbio\fR is the -same as the -previously set value then one reference is consumed for the \fBwbio\fR and no -references are consumed for the \fBrbio\fR. -.IP "\(bu" 2 -If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR is the -same as the previously set value and the old \fBrbio\fR and \fBwbio\fR values -were the same as each other then one reference is consumed for the \fBrbio\fR -and no references are consumed for the \fBwbio\fR. -.IP "\(bu" 2 -If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR -is the same as the -previously set value and the old \fBrbio\fR and \fBwbio\fR values were different -to each -other then one reference is consumed for the \fBrbio\fR and one reference -is consumed -for the \fBwbio\fR. -.PP -Because of this complexity, this function should be avoided; -use \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR instead. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_set_bio()\fR, \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR cannot fail. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_get_rbio\fR\|(3), -\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), -\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_set_connect_state.3 b/secure/lib/libcrypto/man/SSL_set_connect_state.3 deleted file mode 100644 index 850c360e2632..000000000000 --- a/secure/lib/libcrypto/man/SSL_set_connect_state.3 +++ /dev/null @@ -1,207 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SET_CONNECT_STATE 3" -.TH SSL_SET_CONNECT_STATE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_set_connect_state, SSL_set_accept_state, SSL_is_server \&\- functions for manipulating and examining the client or server mode of an SSL object -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_set_connect_state(SSL *ssl); -\& -\& void SSL_set_accept_state(SSL *ssl); -\& -\& int SSL_is_server(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. -.PP -\&\fBSSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. -.PP -\&\fBSSL_is_server()\fR checks if \fBssl\fR is working in server mode. -.SH "NOTES" -.IX Header "NOTES" -When the \s-1SSL_CTX\s0 object was created with \fBSSL_CTX_new\fR\|(3), -it was either assigned a dedicated client method, a dedicated server -method, or a generic method, that can be used for both client and -server connections. (The method might have been changed with -\&\fBSSL_CTX_set_ssl_version\fR\|(3) or -\&\fBSSL_set_ssl_method\fR\|(3).) -.PP -When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must -call the connect (client) or accept (server) routines. Even though it may -be clear from the method chosen, whether client or server mode was -requested, the handshake routines must be explicitly set. -.PP -When using the \fBSSL_connect\fR\|(3) or -\&\fBSSL_accept\fR\|(3) routines, the correct handshake -routines are automatically set. When performing a transparent negotiation -using \fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), or \fBSSL_read\fR\|(3), -the handshake routines must be explicitly set in advance using either -\&\fBSSL_set_connect_state()\fR or \fBSSL_set_accept_state()\fR. -.PP -If \fBSSL_is_server()\fR is called before \fBSSL_set_connect_state()\fR or -\&\fBSSL_set_accept_state()\fR is called (either automatically or explicitly), -the result depends on what method was used when \s-1SSL_CTX\s0 was created with -\&\fBSSL_CTX_new\fR\|(3). If a generic method or a dedicated server method was -passed to \fBSSL_CTX_new\fR\|(3), \fBSSL_is_server()\fR returns 1; otherwise, it returns 0. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_set_connect_state()\fR and \fBSSL_set_accept_state()\fR do not return diagnostic -information. -.PP -\&\fBSSL_is_server()\fR returns 1 if \fBssl\fR is working in server mode or 0 for client mode. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_CTX_new\fR\|(3), -\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), -\&\fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), -\&\fBSSL_do_handshake\fR\|(3), -\&\fBSSL_CTX_set_ssl_version\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_set_fd.3 b/secure/lib/libcrypto/man/SSL_set_fd.3 deleted file mode 100644 index bbab70ce8a9f..000000000000 --- a/secure/lib/libcrypto/man/SSL_set_fd.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SET_FD 3" -.TH SSL_SET_FD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_set_fd, SSL_set_rfd, SSL_set_wfd \- connect the SSL object with a file descriptor -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_set_fd(SSL *ssl, int fd); -\& int SSL_set_rfd(SSL *ssl, int fd); -\& int SSL_set_wfd(SSL *ssl, int fd); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility -for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the -socket file descriptor of a network connection. -.PP -When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to -interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine -inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will -also have non-blocking behaviour. -.PP -If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fBBIO_free()\fR will be called -(for both the reading and writing side, if different). -.PP -\&\fBSSL_set_rfd()\fR and \fBSSL_set_wfd()\fR perform the respective action, but only -for the read channel or the write channel, which can be set independently. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "0" 4 -The operation failed. Check the error stack to find out why. -.IP "1" 4 -.IX Item "1" -The operation succeeded. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_get_fd\fR\|(3), \fBSSL_set_bio\fR\|(3), -\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), -\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_set_session.3 b/secure/lib/libcrypto/man/SSL_set_session.3 deleted file mode 100644 index 0d0533c866ee..000000000000 --- a/secure/lib/libcrypto/man/SSL_set_session.3 +++ /dev/null @@ -1,194 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SET_SESSION 3" -.TH SSL_SET_SESSION 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_set_session(SSL *ssl, SSL_SESSION *session); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection -is to be established. \fBSSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. -When the session is set, the reference count of \fBsession\fR is incremented -by 1. If the session is not reused, the reference count is decremented -again during \fBSSL_connect()\fR. Whether the session was reused can be queried -with the \fBSSL_session_reused\fR\|(3) call. -.PP -If there is already a session set inside \fBssl\fR (because it was set with -\&\fBSSL_set_session()\fR before or because the same \fBssl\fR was already used for -a connection), \fBSSL_SESSION_free()\fR will be called for that session. If that old -session is still \fBopen\fR, it is considered bad and will be removed from the -session cache (if used). A session is considered open, if \fBSSL_shutdown\fR\|(3) was -not called for the connection (or at least \fBSSL_set_shutdown\fR\|(3) was used to -set the \s-1SSL_SENT_SHUTDOWN\s0 state). -.SH "NOTES" -.IX Header "NOTES" -\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache -list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. -One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore -only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created -from this \s-1SSL_CTX\s0 object). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "0" 4 -The operation failed; check the error stack to find out the reason. -.IP "1" 4 -.IX Item "1" -The operation succeeded. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), -\&\fBSSL_get_session\fR\|(3), -\&\fBSSL_session_reused\fR\|(3), -\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_set_shutdown.3 b/secure/lib/libcrypto/man/SSL_set_shutdown.3 deleted file mode 100644 index e76e2b68bdab..000000000000 --- a/secure/lib/libcrypto/man/SSL_set_shutdown.3 +++ /dev/null @@ -1,204 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SET_SHUTDOWN 3" -.TH SSL_SET_SHUTDOWN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_set_shutdown(SSL *ssl, int mode); -\& -\& int SSL_get_shutdown(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. -.PP -\&\fBSSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -The shutdown state of an ssl connection is a bitmask of: -.IP "0" 4 -No shutdown setting, yet. -.IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 -.IX Item "SSL_SENT_SHUTDOWN" -A close_notify shutdown alert was sent to the peer, the connection is being -considered closed and the session is closed and correct. -.IP "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 -.IX Item "SSL_RECEIVED_SHUTDOWN" -A shutdown alert was received form the peer, either a normal close_notify -or a fatal error. -.PP -\&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time. -.PP -The shutdown state of the connection is used to determine the state of -the ssl session. If the session is still open, when -\&\fBSSL_clear\fR\|(3) or \fBSSL_free\fR\|(3) is called, -it is considered bad and removed according to \s-1RFC2246.\s0 -The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 -(according to the \s-1TLS RFC,\s0 it is acceptable to only send the close_notify -alert but to not wait for the peer's answer, when the underlying connection -is closed). -\&\fBSSL_set_shutdown()\fR can be used to set this state without sending a -close alert to the peer (see \fBSSL_shutdown\fR\|(3)). -.PP -If a close_notify was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, -for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call -\&\fBSSL_shutdown\fR\|(3) or \fBSSL_set_shutdown()\fR itself. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_set_shutdown()\fR does not return diagnostic information. -.PP -\&\fBSSL_get_shutdown()\fR returns the current setting. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), -\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), -\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_set_verify_result.3 b/secure/lib/libcrypto/man/SSL_set_verify_result.3 deleted file mode 100644 index 09552f2f8db6..000000000000 --- a/secure/lib/libcrypto/man/SSL_set_verify_result.3 +++ /dev/null @@ -1,178 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SET_VERIFY_RESULT 3" -.TH SSL_SET_VERIFY_RESULT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_set_verify_result \- override result of peer certificate verification -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void SSL_set_verify_result(SSL *ssl, long verify_result); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the -result of the verification of the X509 certificate presented by the peer, -if any. -.SH "NOTES" -.IX Header "NOTES" -\&\fBSSL_set_verify_result()\fR overrides the verification result. It only changes -the verification result of the \fBssl\fR object. It does not become part of the -established session, so if the session is to be reused later, the original -value will reappear. -.PP -The valid codes for \fBverify_result\fR are documented in \fBverify\fR\|(1). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_set_verify_result()\fR does not provide a return value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), -\&\fBSSL_get_peer_certificate\fR\|(3), -\&\fBverify\fR\|(1) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_shutdown.3 b/secure/lib/libcrypto/man/SSL_shutdown.3 deleted file mode 100644 index f74ea8d095b8..000000000000 --- a/secure/lib/libcrypto/man/SSL_shutdown.3 +++ /dev/null @@ -1,287 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_SHUTDOWN 3" -.TH SSL_SHUTDOWN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_shutdown \- shut down a TLS/SSL connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_shutdown(SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the -close_notify shutdown alert to the peer. -.SH "NOTES" -.IX Header "NOTES" -\&\fBSSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer. -Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and -a currently open session is considered closed and good and will be kept in the -session cache for further reuse. -.PP -Note that \fBSSL_shutdown()\fR must not be called if a previous fatal error has -occurred on a connection i.e. if \fBSSL_get_error()\fR has returned \s-1SSL_ERROR_SYSCALL\s0 -or \s-1SSL_ERROR_SSL.\s0 -.PP -The shutdown procedure consists of two steps: sending of the close_notify -shutdown alert, and reception of the peer's close_notify shutdown alert. -The order of those two steps depends on the application. -.PP -It is acceptable for an application to only send its shutdown alert and -then close the underlying connection without waiting for the peer's response. -This way resources can be saved, as the process can already terminate or -serve another connection. -This should only be done when it is known that the other side will not send more -data, otherwise there is a risk of a truncation attack. -.PP -When a client only writes and never reads from the connection, and the server -has sent a session ticket to establish a session, the client might not be able -to resume the session because it did not received and process the session ticket -from the server. -In case the application wants to be able to resume the session, it is recommended to -do a complete shutdown procedure (bidirectional close_notify alerts). -.PP -When the underlying connection shall be used for more communications, the -complete shutdown procedure must be performed, so that the peers stay -synchronized. -.PP -\&\fBSSL_shutdown()\fR only closes the write direction. -It is not possible to call \fBSSL_write()\fR after calling \fBSSL_shutdown()\fR. -The read direction is closed by the peer. -.SS "First to close the connection" -.IX Subsection "First to close the connection" -When the application is the first party to send the close_notify -alert, \fBSSL_shutdown()\fR will only send the alert and then set the -\&\s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will -be kept in the cache). -If successful, \fBSSL_shutdown()\fR will return 0. -.PP -If a unidirectional shutdown is enough (the underlying connection shall be -closed anyway), this first successful call to \fBSSL_shutdown()\fR is sufficient. -.PP -In order to complete the bidirectional shutdown handshake, the peer needs -to send back a close_notify alert. -The \s-1SSL_RECEIVED_SHUTDOWN\s0 flag will be set after receiving and processing -it. -.PP -The peer is still allowed to send data after receiving the close_notify -event. -When it is done sending data, it will send the close_notify alert. -\&\fBSSL_read()\fR should be called until all data is received. -\&\fBSSL_read()\fR will indicate the end of the peer data by returning <= 0 -and \fBSSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN.\s0 -.SS "Peer closes the connection" -.IX Subsection "Peer closes the connection" -If the peer already sent the close_notify alert \fBand\fR it was -already processed implicitly inside another function -(\fBSSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. -\&\fBSSL_read()\fR will return <= 0 in that case, and \fBSSL_get_error()\fR will return -\&\s-1SSL_ERROR_ZERO_RETURN.\s0 -\&\fBSSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0 -flag. -If successful, \fBSSL_shutdown()\fR will return 1. -.PP -Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the -\&\fBSSL_get_shutdown()\fR (see also \fBSSL_set_shutdown\fR\|(3) call. -.SH "NOTES" -.IX Header "NOTES" -The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 -If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the -handshake step has been finished or an error occurred. -.PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_shutdown()\fR will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_shutdown()\fR -to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the -return value of \fBSSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or -\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after -taking appropriate action to satisfy the needs of \fBSSL_shutdown()\fR. -The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, -nothing is to be done, but \fBselect()\fR can be used to check for the required -condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written -into or retrieved out of the \s-1BIO\s0 before being able to continue. -.PP -After \fBSSL_shutdown()\fR returned 0, it is possible to call \fBSSL_shutdown()\fR again -to wait for the peer's close_notify alert. -\&\fBSSL_shutdown()\fR will return 1 in that case. -However, it is recommended to wait for it using \fBSSL_read()\fR instead. -.PP -\&\fBSSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" -state but not actually send the close_notify alert messages, -see \fBSSL_CTX_set_quiet_shutdown\fR\|(3). -When \*(L"quiet shutdown\*(R" is enabled, \fBSSL_shutdown()\fR will always succeed -and return 1. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.IP "0" 4 -The shutdown is not yet finished: the close_notify was sent but the peer -did not send it back yet. -Call \fBSSL_read()\fR to do a bidirectional shutdown. -The output of \fBSSL_get_error\fR\|(3) may be misleading, as an -erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. -.IP "1" 4 -.IX Item "1" -The shutdown was successfully completed. The close_notify alert was sent -and the peer's close_notify alert was received. -.IP "<0" 4 -.IX Item "<0" -The shutdown was not successful. -Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. -It can occur if an action is needed to continue the operation for non-blocking -BIOs. -.Sp -It can also occur when not all data was read using \fBSSL_read()\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), -\&\fBSSL_accept\fR\|(3), \fBSSL_set_shutdown\fR\|(3), -\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), -\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3), -\&\fBssl\fR\|(7), \fBbio\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_state_string.3 b/secure/lib/libcrypto/man/SSL_state_string.3 deleted file mode 100644 index a331aa544346..000000000000 --- a/secure/lib/libcrypto/man/SSL_state_string.3 +++ /dev/null @@ -1,185 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_STATE_STRING 3" -.TH SSL_STATE_STRING 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_state_string, SSL_state_string_long \- get textual description of state of an SSL object -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const char *SSL_state_string(const SSL *ssl); -\& const char *SSL_state_string_long(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_state_string()\fR returns a 6 letter string indicating the current state -of the \s-1SSL\s0 object \fBssl\fR. -.PP -\&\fBSSL_state_string_long()\fR returns a string indicating the current state of -the \s-1SSL\s0 object \fBssl\fR. -.SH "NOTES" -.IX Header "NOTES" -During its use, an \s-1SSL\s0 objects passes several states. The state is internally -maintained. Querying the state information is not very informative before -or when a connection has been established. It however can be of significant -interest during the handshake. -.PP -When using non-blocking sockets, the function call performing the handshake -may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition, -so that SSL_state_string[_long]() may be called. -.PP -For both blocking or non-blocking sockets, the details state information -can be used within the info_callback function set with the -\&\fBSSL_set_info_callback()\fR call. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Detailed description of possible states to be included later. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_want.3 b/secure/lib/libcrypto/man/SSL_want.3 deleted file mode 100644 index 6a801319b958..000000000000 --- a/secure/lib/libcrypto/man/SSL_want.3 +++ /dev/null @@ -1,233 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_WANT 3" -.TH SSL_WANT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb \- obtain state information TLS/SSL I/O operation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_want(const SSL *ssl); -\& int SSL_want_nothing(const SSL *ssl); -\& int SSL_want_read(const SSL *ssl); -\& int SSL_want_write(const SSL *ssl); -\& int SSL_want_x509_lookup(const SSL *ssl); -\& int SSL_want_async(const SSL *ssl); -\& int SSL_want_async_job(const SSL *ssl); -\& int SSL_want_client_hello_cb(const SSL *ssl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. -.PP -The other SSL_want_*() calls are shortcuts for the possible states returned -by \fBSSL_want()\fR. -.SH "NOTES" -.IX Header "NOTES" -\&\fBSSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its -return values are similar to that of \fBSSL_get_error\fR\|(3). -Unlike \fBSSL_get_error\fR\|(3), which also evaluates the -error queue, the results are obtained by examining an internal state flag -only. The information must therefore only be used for normal operation under -non-blocking I/O. Error conditions are not handled and must be treated -using \fBSSL_get_error\fR\|(3). -.PP -The result returned by \fBSSL_want()\fR should always be consistent with -the result of \fBSSL_get_error\fR\|(3). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can currently occur for \fBSSL_want()\fR: -.IP "\s-1SSL_NOTHING\s0" 4 -.IX Item "SSL_NOTHING" -There is no data to be written or to be read. -.IP "\s-1SSL_WRITING\s0" 4 -.IX Item "SSL_WRITING" -There are data in the \s-1SSL\s0 buffer that must be written to the underlying -\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. -A call to \fBSSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_WRITE.\s0 -.IP "\s-1SSL_READING\s0" 4 -.IX Item "SSL_READING" -More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to -complete the actual SSL_*() operation. -A call to \fBSSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_READ.\s0 -.IP "\s-1SSL_X509_LOOKUP\s0" 4 -.IX Item "SSL_X509_LOOKUP" -The operation did not complete because an application callback set by -\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. -A call to \fBSSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0 -.IP "\s-1SSL_ASYNC_PAUSED\s0" 4 -.IX Item "SSL_ASYNC_PAUSED" -An asynchronous operation partially completed and was then paused. See -\&\fBSSL_get_all_async_fds\fR\|(3). A call to \fBSSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_ASYNC.\s0 -.IP "\s-1SSL_ASYNC_NO_JOBS\s0" 4 -.IX Item "SSL_ASYNC_NO_JOBS" -The asynchronous job could not be started because there were no async jobs -available in the pool (see \fBASYNC_init_thread\fR\|(3)). A call to \fBSSL_get_error\fR\|(3) -should return \s-1SSL_ERROR_WANT_ASYNC_JOB.\s0 -.IP "\s-1SSL_CLIENT_HELLO_CB\s0" 4 -.IX Item "SSL_CLIENT_HELLO_CB" -The operation did not complete because an application callback set by -\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. -A call to \fBSSL_get_error\fR\|(3) should return -\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB.\s0 -.PP -\&\fBSSL_want_nothing()\fR, \fBSSL_want_read()\fR, \fBSSL_want_write()\fR, \fBSSL_want_x509_lookup()\fR, -\&\fBSSL_want_async()\fR, \fBSSL_want_async_job()\fR, and \fBSSL_want_client_hello_cb()\fR return -1, when the corresponding condition is true or 0 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_get_error\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_want_client_hello_cb()\fR function and the \s-1SSL_CLIENT_HELLO_CB\s0 return value -were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/SSL_write.3 b/secure/lib/libcrypto/man/SSL_write.3 deleted file mode 100644 index 763769e63827..000000000000 --- a/secure/lib/libcrypto/man/SSL_write.3 +++ /dev/null @@ -1,251 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "SSL_WRITE 3" -.TH SSL_WRITE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -SSL_write_ex, SSL_write \- write bytes to a TLS/SSL connection -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); -\& int SSL_write(SSL *ssl, const void *buf, int num); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBSSL_write_ex()\fR and \fBSSL_write()\fR write \fBnum\fR bytes from the buffer \fBbuf\fR into -the specified \fBssl\fR connection. On success \fBSSL_write_ex()\fR will store the number -of bytes written in \fB*written\fR. -.SH "NOTES" -.IX Header "NOTES" -In the paragraphs below a \*(L"write function\*(R" is defined as one of either -\&\fBSSL_write_ex()\fR, or \fBSSL_write()\fR. -.PP -If necessary, a write function will negotiate a \s-1TLS/SSL\s0 session, if not already -explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the peer -requests a re-negotiation, it will be performed transparently during -the write function operation. The behaviour of the write functions depends on the -underlying \s-1BIO.\s0 -.PP -For the transparent negotiation to succeed, the \fBssl\fR must have been -initialized to client or server mode. This is being done by calling -\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR -before the first call to a write function. -.PP -If the underlying \s-1BIO\s0 is \fBblocking\fR, the write functions will only return, once -the write operation has been finished or an error occurred. -.PP -If the underlying \s-1BIO\s0 is \fBnon-blocking\fR the write functions will also return -when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue -the operation. In this case a call to \fBSSL_get_error\fR\|(3) with the -return value of the write function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR -or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a -call to a write function can also cause read operations! The calling process -then must repeat the call after taking appropriate action to satisfy the needs -of the write function. The action depends on the underlying \s-1BIO.\s0 When using a -non-blocking socket, nothing is to be done, but \fBselect()\fR can be used to check -for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data -must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. -.PP -The write functions will only return with success when the complete contents of -\&\fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed -with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of \fBSSL_CTX_set_mode\fR\|(3). When -this flag is set the write functions will also return with success when a -partial write has been successfully completed. In this case the write function -operation is considered completed. The bytes are sent and a new write call with -a new buffer (with the already sent bytes removed) must be started. A partial -write is performed with the size of a message block, which is 16kB. -.SH "WARNINGS" -.IX Header "WARNINGS" -When a write function call has to be repeated because \fBSSL_get_error\fR\|(3) -returned \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated -with the same arguments. -The data that was passed might have been partially processed. -When \fB\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0\fR was set using \fBSSL_CTX_set_mode\fR\|(3) -the pointer can be different, but the data and length should still be the same. -.PP -You should not call \fBSSL_write()\fR with num=0, it will return an error. -\&\fBSSL_write_ex()\fR can be called with num=0, but will not send application data to -the peer. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBSSL_write_ex()\fR will return 1 for success or 0 for failure. Success means that -all requested application data bytes have been written to the \s-1SSL\s0 connection or, -if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use, at least 1 application data byte has -been written to the \s-1SSL\s0 connection. Failure means that not all the requested -bytes have been written yet (if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is not in use) or -no bytes could be written to the \s-1SSL\s0 connection (if -\&\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use). Failures can be retryable (e.g. the -network write buffer has temporarily filled up) or non-retryable (e.g. a fatal -network error). In the event of a failure call \fBSSL_get_error\fR\|(3) to find out -the reason which indicates whether the call is retryable or not. -.PP -For \fBSSL_write()\fR the following return values can occur: -.IP "> 0" 4 -.IX Item "> 0" -The write operation was successful, the return value is the number of -bytes actually written to the \s-1TLS/SSL\s0 connection. -.IP "<= 0" 4 -.IX Item "<= 0" -The write operation was not successful, because either the connection was -closed, an error occurred or action must be taken by the calling process. -Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. -.Sp -Old documentation indicated a difference between 0 and \-1, and that \-1 was -retryable. -You should instead call \fBSSL_get_error()\fR to find out if it's retryable. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_get_error\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3) -\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), -\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) -\&\fBSSL_set_connect_state\fR\|(3), -\&\fBssl\fR\|(7), \fBbio\fR\|(7) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBSSL_write_ex()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/UI_STRING.3 b/secure/lib/libcrypto/man/UI_STRING.3 deleted file mode 100644 index 61109cec98bb..000000000000 --- a/secure/lib/libcrypto/man/UI_STRING.3 +++ /dev/null @@ -1,274 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "UI_STRING 3" -.TH UI_STRING 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -UI_STRING, UI_string_types, UI_get_string_type, UI_get_input_flags, UI_get0_output_string, UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, UI_get0_test_string, UI_get_result_minsize, UI_get_result_maxsize, UI_set_result, UI_set_result_ex \&\- User interface string parsing -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef struct ui_string_st UI_STRING; -\& -\& enum UI_string_types { -\& UIT_NONE = 0, -\& UIT_PROMPT, /* Prompt for a string */ -\& UIT_VERIFY, /* Prompt for a string and verify */ -\& UIT_BOOLEAN, /* Prompt for a yes/no response */ -\& UIT_INFO, /* Send info to the user */ -\& UIT_ERROR /* Send an error message to the user */ -\& }; -\& -\& enum UI_string_types UI_get_string_type(UI_STRING *uis); -\& int UI_get_input_flags(UI_STRING *uis); -\& const char *UI_get0_output_string(UI_STRING *uis); -\& const char *UI_get0_action_string(UI_STRING *uis); -\& const char *UI_get0_result_string(UI_STRING *uis); -\& int UI_get_result_string_length(UI_STRING *uis); -\& const char *UI_get0_test_string(UI_STRING *uis); -\& int UI_get_result_minsize(UI_STRING *uis); -\& int UI_get_result_maxsize(UI_STRING *uis); -\& int UI_set_result(UI *ui, UI_STRING *uis, const char *result); -\& int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1UI_STRING\s0\fR gets created internally and added to a \fB\s-1UI\s0\fR whenever -one of the functions \fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, -\&\fBUI_add_verify_string()\fR, \fBUI_dup_verify_string()\fR, -\&\fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, \fBUI_add_info_string()\fR, -\&\fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR or \fBUI_dup_error_string()\fR -is called. -For a \fB\s-1UI_METHOD\s0\fR user, there's no need to know more. -For a \fB\s-1UI_METHOD\s0\fR creator, it is of interest to fetch text from these -\&\fB\s-1UI_STRING\s0\fR objects as well as adding results to some of them. -.PP -\&\fBUI_get_string_type()\fR is used to retrieve the type of the given -\&\fB\s-1UI_STRING\s0\fR. -.PP -\&\fBUI_get_input_flags()\fR is used to retrieve the flags associated with the -given \fB\s-1UI_STRING\s0\fR. -.PP -\&\fBUI_get0_output_string()\fR is used to retrieve the actual string to -output (prompt, info, error, ...). -.PP -\&\fBUI_get0_action_string()\fR is used to retrieve the action description -associated with a \fB\s-1UIT_BOOLEAN\s0\fR type \fB\s-1UI_STRING\s0\fR. -For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. -See \fBUI_add_input_boolean\fR\|(3). -.PP -\&\fBUI_get0_result_string()\fR and \fBUI_get_result_string_length()\fR are used to -retrieve the result of a prompt and its length. -This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. -For all other \fB\s-1UI_STRING\s0\fR types, \fBUI_get0_result_string()\fR returns \s-1NULL\s0 -and \fBUI_get_result_string_length()\fR returns \-1. -.PP -\&\fBUI_get0_test_string()\fR is used to retrieve the string to compare the -prompt result with. -This is only useful for \fB\s-1UIT_VERIFY\s0\fR type strings. -For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. -.PP -\&\fBUI_get_result_minsize()\fR and \fBUI_get_result_maxsize()\fR are used to -retrieve the minimum and maximum required size of the result. -This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. -For all other \fB\s-1UI_STRING\s0\fR types, \-1 is returned. -.PP -\&\fBUI_set_result_ex()\fR is used to set the result value of a prompt and its length. -For \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, this sets the -result retrievable with \fBUI_get0_result_string()\fR by copying the -contents of \fBresult\fR if its length fits the minimum and maximum size -requirements. -For \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, this sets the first character of -the result retrievable with \fBUI_get0_result_string()\fR to the first -\&\fBok_char\fR given with \fBUI_add_input_boolean()\fR or \fBUI_dup_input_boolean()\fR -if the \fBresult\fR matched any of them, or the first of the -\&\fBcancel_chars\fR if the \fBresult\fR matched any of them, otherwise it's -set to the \s-1NUL\s0 char \f(CW\*(C`\e0\*(C'\fR. -See \fBUI_add_input_boolean\fR\|(3) for more information on \fBok_chars\fR and -\&\fBcancel_chars\fR. -.PP -\&\fBUI_set_result()\fR does the same thing as \fBUI_set_result_ex()\fR, but calculates -its length internally. -It expects the string to be terminated with a \s-1NUL\s0 byte, and is therefore -only useful with normal C strings. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBUI_get_string_type()\fR returns the \s-1UI\s0 string type. -.PP -\&\fBUI_get_input_flags()\fR returns the \s-1UI\s0 string flags. -.PP -\&\fBUI_get0_output_string()\fR returns the \s-1UI\s0 string output string. -.PP -\&\fBUI_get0_action_string()\fR returns the \s-1UI\s0 string action description -string for \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. -.PP -\&\fBUI_get0_result_string()\fR returns the \s-1UI\s0 string result buffer for -\&\fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other -type. -.PP -\&\fBUI_get_result_string_length()\fR returns the \s-1UI\s0 string result buffer's -content length for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, -\&\-1 for any other type. -.PP -\&\fBUI_get0_test_string()\fR returns the \s-1UI\s0 string action description -string for \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. -.PP -\&\fBUI_get_result_minsize()\fR returns the minimum allowed result size for -the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, -\&\-1 for any other type. -.PP -\&\fBUI_get_result_maxsize()\fR returns the minimum allowed result size for -the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, -\&\-1 for any other type. -.PP -\&\fBUI_set_result()\fR returns 0 on success or when the \s-1UI\s0 string is of any -type other than \fB\s-1UIT_PROMPT\s0\fR, \fB\s-1UIT_VERIFY\s0\fR or \fB\s-1UIT_BOOLEAN\s0\fR, \-1 on -error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\s-1\fBUI\s0\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 b/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 deleted file mode 100644 index 40591abccc8c..000000000000 --- a/secure/lib/libcrypto/man/UI_UTIL_read_pw.3 +++ /dev/null @@ -1,202 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "UI_UTIL_READ_PW 3" -.TH UI_UTIL_READ_PW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -UI_UTIL_read_pw_string, UI_UTIL_read_pw, UI_UTIL_wrap_read_pem_callback \- user interface utilities -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, -\& int verify); -\& int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, -\& int verify); -\& UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBUI_UTIL_read_pw_string()\fR asks for a passphrase, using \fBprompt\fR as a -prompt, and stores it in \fBbuf\fR. -The maximum allowed size is given with \fBlength\fR, including the -terminating \s-1NUL\s0 byte. -If \fBverify\fR is non-zero, the password will be verified as well. -.PP -\&\fBUI_UTIL_read_pw()\fR does the same as \fBUI_UTIL_read_pw_string()\fR, the -difference is that you can give it an external buffer \fBbuff\fR for the -verification passphrase. -.PP -\&\fBUI_UTIL_wrap_read_pem_callback()\fR can be used to create a temporary -\&\fB\s-1UI_METHOD\s0\fR that wraps a given \s-1PEM\s0 password callback \fBcb\fR. -\&\fBrwflag\fR is used to specify if this method will be used for -passphrase entry without (0) or with (1) verification. -When not used any more, the returned method should be freed with -\&\fBUI_destroy_method()\fR. -.SH "NOTES" -.IX Header "NOTES" -\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR use default -\&\fB\s-1UI_METHOD\s0\fR. -See \fBUI_get_default_method\fR\|(3) and friends for more information. -.PP -The result from the \fB\s-1UI_METHOD\s0\fR created by -\&\fBUI_UTIL_wrap_read_pem_callback()\fR will generate password strings in the -encoding that the given password callback generates. -The default password prompting functions (apart from -\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR, there is -\&\fBPEM_def_callback()\fR, \fBEVP_read_pw_string()\fR and \fBEVP_read_pw_string_min()\fR) -all use the default \fB\s-1UI_METHOD\s0\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR return 0 on success or a negative -value on error. -.PP -\&\fBUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 -if an error occurred. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBUI_get_default_method\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/UI_create_method.3 b/secure/lib/libcrypto/man/UI_create_method.3 deleted file mode 100644 index 0595e3261023..000000000000 --- a/secure/lib/libcrypto/man/UI_create_method.3 +++ /dev/null @@ -1,319 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "UI_CREATE_METHOD 3" -.TH UI_CREATE_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -UI_METHOD, UI_create_method, UI_destroy_method, UI_method_set_opener, UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, UI_method_set_closer, UI_method_set_data_duplicator, UI_method_set_prompt_constructor, UI_method_set_ex_data, UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, UI_method_get_reader, UI_method_get_closer, UI_method_get_data_duplicator, UI_method_get_data_destructor, UI_method_get_prompt_constructor, UI_method_get_ex_data \- user interface method creation and destruction -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef struct ui_method_st UI_METHOD; -\& -\& UI_METHOD *UI_create_method(const char *name); -\& void UI_destroy_method(UI_METHOD *ui_method); -\& int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); -\& int UI_method_set_writer(UI_METHOD *method, -\& int (*writer) (UI *ui, UI_STRING *uis)); -\& int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); -\& int UI_method_set_reader(UI_METHOD *method, -\& int (*reader) (UI *ui, UI_STRING *uis)); -\& int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); -\& int UI_method_set_data_duplicator(UI_METHOD *method, -\& void *(*duplicator) (UI *ui, void *ui_data), -\& void (*destructor)(UI *ui, void *ui_data)); -\& int UI_method_set_prompt_constructor(UI_METHOD *method, -\& char *(*prompt_constructor) (UI *ui, -\& const char -\& *object_desc, -\& const char -\& *object_name)); -\& int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); -\& int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); -\& int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); -\& int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); -\& int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); -\& int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); -\& char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) -\& (UI *, const char *, const char *); -\& void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); -\& void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); -\& const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -A method contains a few functions that implement the low level of the -User Interface. -These functions are: -.IP "an opener" 4 -.IX Item "an opener" -This function takes a reference to a \s-1UI\s0 and starts a session, for -example by opening a channel to a tty, or by creating a dialog box. -.IP "a writer" 4 -.IX Item "a writer" -This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 String, and writes -the string where appropriate, maybe to the tty, maybe added as a field -label in a dialog box. -Note that this gets fed all strings associated with a \s-1UI,\s0 one after -the other, so care must be taken which ones it actually uses. -.IP "a flusher" 4 -.IX Item "a flusher" -This function takes a reference to a \s-1UI,\s0 and flushes everything that -has been output so far. -For example, if the method builds up a dialog box, this can be used to -actually display it and accepting input ended with a pressed button. -.IP "a reader" 4 -.IX Item "a reader" -This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 string and reads off -the given prompt, maybe from the tty, maybe from a field in a dialog -box. -Note that this gets fed all strings associated with a \s-1UI,\s0 one after -the other, so care must be taken which ones it actually uses. -.IP "a closer" 4 -.IX Item "a closer" -This function takes a reference to a \s-1UI,\s0 and closes the session, maybe -by closing the channel to the tty, maybe by destroying a dialog box. -.PP -All of these functions are expected to return 0 on error, 1 on -success, or \-1 on out-off-band events, for example if some prompting -has been cancelled (by pressing Ctrl-C, for example). -Only the flusher or the reader are expected to return \-1. -If returned by another of the functions, it's treated as if 0 was -returned. -.PP -Regarding the writer and the reader, don't assume the former should -only write and don't assume the latter should only read. -This depends on the needs of the method. -.PP -For example, a typical tty reader wouldn't write the prompts in the -write, but would rather do so in the reader, because of the sequential -nature of prompting on a tty. -This is how the \fBUI_OpenSSL()\fR method does it. -.PP -In contrast, a method that builds up a dialog box would add all prompt -text in the writer, have all input read in the flusher and store the -results in some temporary buffer, and finally have the reader just -fetch those results. -.PP -The central function that uses these method functions is \fBUI_process()\fR, -and it does it in five steps: -.IP "1." 4 -Open the session using the opener function if that one's defined. -If an error occurs, jump to 5. -.IP "2." 4 -For every \s-1UI\s0 String associated with the \s-1UI,\s0 call the writer function -if that one's defined. -If an error occurs, jump to 5. -.IP "3." 4 -Flush everything using the flusher function if that one's defined. -If an error occurs, jump to 5. -.IP "4." 4 -For every \s-1UI\s0 String associated with the \s-1UI,\s0 call the reader function -if that one's defined. -If an error occurs, jump to 5. -.IP "5." 4 -Close the session using the closer function if that one's defined. -.PP -\&\fBUI_create_method()\fR creates a new \s-1UI\s0 method with a given \fBname\fR. -.PP -\&\fBUI_destroy_method()\fR destroys the given \s-1UI\s0 method \fBui_method\fR. -.PP -\&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, -\&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR and -\&\fBUI_method_set_closer()\fR set the five main method function to the given -function pointer. -.PP -\&\fBUI_method_set_data_duplicator()\fR sets the user data duplicator and destructor. -See \fBUI_dup_user_data\fR\|(3). -.PP -\&\fBUI_method_set_prompt_constructor()\fR sets the prompt constructor. -See \fBUI_construct_prompt\fR\|(3). -.PP -\&\fBUI_method_set_ex_data()\fR sets application specific data with a given -\&\s-1EX_DATA\s0 index. -See \fBCRYPTO_get_ex_new_index\fR\|(3) for general information on how to -get that index. -.PP -\&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR, -\&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, -\&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, -\&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR -return the different method functions. -.PP -\&\fBUI_method_get_ex_data()\fR returns the application data previously stored -with \fBUI_method_set_ex_data()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBUI_create_method()\fR returns a \s-1UI_METHOD\s0 pointer on success, \s-1NULL\s0 on -error. -.PP -\&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, -\&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR, -\&\fBUI_method_set_closer()\fR, \fBUI_method_set_data_duplicator()\fR and -\&\fBUI_method_set_prompt_constructor()\fR -return 0 on success, \-1 if the given \fBmethod\fR is \s-1NULL.\s0 -.PP -\&\fBUI_method_set_ex_data()\fR returns 1 on success and 0 on error (because -\&\fBCRYPTO_set_ex_data()\fR does so). -.PP -\&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR, -\&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, -\&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, -\&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR -return the requested function pointer if it's set in the method, -otherwise \s-1NULL.\s0 -.PP -\&\fBUI_method_get_ex_data()\fR returns a pointer to the application specific -data associated with the method. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\s-1\fBUI\s0\fR\|(3), \fBCRYPTO_get_ex_data\fR\|(3), \s-1\fBUI_STRING\s0\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBUI_method_set_data_duplicator()\fR, \fBUI_method_get_data_duplicator()\fR -and \fBUI_method_get_data_destructor()\fR functions were added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/UI_new.3 b/secure/lib/libcrypto/man/UI_new.3 deleted file mode 100644 index 957dc5243ada..000000000000 --- a/secure/lib/libcrypto/man/UI_new.3 +++ /dev/null @@ -1,376 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "UI_NEW 3" -.TH UI_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -UI, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, UI_get_result_length, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, UI_null \- user interface -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef struct ui_st UI; -\& -\& UI *UI_new(void); -\& UI *UI_new_method(const UI_METHOD *method); -\& void UI_free(UI *ui); -\& -\& int UI_add_input_string(UI *ui, const char *prompt, int flags, -\& char *result_buf, int minsize, int maxsize); -\& int UI_dup_input_string(UI *ui, const char *prompt, int flags, -\& char *result_buf, int minsize, int maxsize); -\& int UI_add_verify_string(UI *ui, const char *prompt, int flags, -\& char *result_buf, int minsize, int maxsize, -\& const char *test_buf); -\& int UI_dup_verify_string(UI *ui, const char *prompt, int flags, -\& char *result_buf, int minsize, int maxsize, -\& const char *test_buf); -\& int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, -\& const char *ok_chars, const char *cancel_chars, -\& int flags, char *result_buf); -\& int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, -\& const char *ok_chars, const char *cancel_chars, -\& int flags, char *result_buf); -\& int UI_add_info_string(UI *ui, const char *text); -\& int UI_dup_info_string(UI *ui, const char *text); -\& int UI_add_error_string(UI *ui, const char *text); -\& int UI_dup_error_string(UI *ui, const char *text); -\& -\& char *UI_construct_prompt(UI *ui_method, -\& const char *object_desc, const char *object_name); -\& -\& void *UI_add_user_data(UI *ui, void *user_data); -\& int UI_dup_user_data(UI *ui, void *user_data); -\& void *UI_get0_user_data(UI *ui); -\& -\& const char *UI_get0_result(UI *ui, int i); -\& int UI_get_result_length(UI *ui, int i); -\& -\& int UI_process(UI *ui); -\& -\& int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); -\& -\& void UI_set_default_method(const UI_METHOD *meth); -\& const UI_METHOD *UI_get_default_method(void); -\& const UI_METHOD *UI_get_method(UI *ui); -\& const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); -\& -\& UI_METHOD *UI_OpenSSL(void); -\& const UI_METHOD *UI_null(void); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to -prompt the user for text-based information. Through user-written methods -(see \fBUI_create_method\fR\|(3)), prompting can be done in any way -imaginable, be it plain text prompting, through dialog boxes or from a -cell phone. -.PP -All the functions work through a context of the type \s-1UI.\s0 This context -contains all the information needed to prompt correctly as well as a -reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that -carry out the actual prompting. -.PP -The first thing to do is to create a \s-1UI\s0 with \fBUI_new()\fR or \fBUI_new_method()\fR, -then add information to it with the UI_add or UI_dup functions. Also, -user-defined random data can be passed down to the underlying method -through calls to \fBUI_add_user_data()\fR or \fBUI_dup_user_data()\fR. The default -\&\s-1UI\s0 method doesn't care about these data, but other methods might. Finally, -use \fBUI_process()\fR to actually perform the prompting and \fBUI_get0_result()\fR -and \fBUI_get_result_length()\fR to find the result to the prompt and its length. -.PP -A \s-1UI\s0 can contain more than one prompt, which are performed in the given -sequence. Each prompt gets an index number which is returned by the -UI_add and UI_dup functions, and has to be used to get the corresponding -result with \fBUI_get0_result()\fR and \fBUI_get_result_length()\fR. -.PP -\&\fBUI_process()\fR can be called more than once on the same \s-1UI,\s0 thereby allowing -a \s-1UI\s0 to have a long lifetime, but can just as well have a short lifetime. -.PP -The functions are as follows: -.PP -\&\fBUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with -this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. -.PP -\&\fBUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with -this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. -.PP -\&\fBUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not necessarily the -default one, since the default can be changed. See further on). This -method is the most machine/OS dependent part of OpenSSL and normally -generates the most problems when porting. -.PP -\&\fBUI_null()\fR returns a \s-1UI\s0 method that does nothing. Its use is to avoid -getting internal defaults for passed \s-1UI_METHOD\s0 pointers. -.PP -\&\fBUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory -that's connected to it, like duplicated input strings, results and others. -If \fBui\fR is \s-1NULL\s0 nothing is done. -.PP -\&\fBUI_add_input_string()\fR and \fBUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0 -as well as flags and a result buffer and the desired minimum and maximum -sizes of the result, not counting the final \s-1NUL\s0 character. The given -information is used to prompt for information, for example a password, -and to verify a password (i.e. having the user enter it twice and check -that the same string was entered twice). \fBUI_add_verify_string()\fR takes -and extra argument that should be a pointer to the result buffer of the -input string that it's supposed to verify, or verification will fail. -.PP -\&\fBUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered -in a boolean way, with a single character for yes and a different character -for no. A set of characters that can be used to cancel the prompt is given -as well. The prompt itself is divided in two, one part being the -descriptive text (given through the \fIprompt\fR argument) and one describing -the possible answers (given through the \fIaction_desc\fR argument). -.PP -\&\fBUI_add_info_string()\fR and \fBUI_add_error_string()\fR add strings that are shown at -the same time as the prompt for extra information or to show an error string. -The difference between the two is only conceptual. With the builtin method, -there's no technical difference between them. Other methods may make a -difference between them, however. -.PP -The flags currently supported are \fB\s-1UI_INPUT_FLAG_ECHO\s0\fR, which is relevant for -\&\fBUI_add_input_string()\fR and will have the users response be echoed (when -prompting for a password, this flag should obviously not be used, and -\&\fB\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0\fR, which means that a default password of some -sort will be used (completely depending on the application and the \s-1UI\s0 -method). -.PP -\&\fBUI_dup_input_string()\fR, \fBUI_dup_verify_string()\fR, \fBUI_dup_input_boolean()\fR, -\&\fBUI_dup_info_string()\fR and \fBUI_dup_error_string()\fR are basically the same -as their UI_add counterparts, except that they make their own copies -of all strings. -.PP -\&\fBUI_construct_prompt()\fR is a helper function that can be used to create -a prompt from two pieces of information: an description and a name. -The default constructor (if there is none provided by the method used) -creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the -description \*(R"pass phrase\*(L" and the file name \*(R"foo.key\*(L", that becomes -\&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever -string and may include encodings that will be processed by the other -method functions. -.PP -\&\fBUI_add_user_data()\fR adds a user data pointer for the method to use at any -time. The builtin \s-1UI\s0 method doesn't care about this info. Note that several -calls to this function doesn't add data, it replaces the previous blob -with the one given as argument. -.PP -\&\fBUI_dup_user_data()\fR duplicates the user data and works as an alternative -to \fBUI_add_user_data()\fR when the user data needs to be preserved for a longer -duration, perhaps even the lifetime of the application. The \s-1UI\s0 object takes -ownership of this duplicate and will free it whenever it gets replaced or -the \s-1UI\s0 is destroyed. \fBUI_dup_user_data()\fR returns 0 on success, or \-1 on memory -allocation failure or if the method doesn't have a duplicator function. -.PP -\&\fBUI_get0_user_data()\fR retrieves the data that has last been given to the -\&\s-1UI\s0 with \fBUI_add_user_data()\fR or UI_dup_user_data. -.PP -\&\fBUI_get0_result()\fR returns a pointer to the result buffer associated with -the information indexed by \fIi\fR. -.PP -\&\fBUI_get_result_length()\fR returns the length of the result buffer associated with -the information indexed by \fIi\fR. -.PP -\&\fBUI_process()\fR goes through the information given so far, does all the printing -and prompting and returns the final status, which is \-2 on out-of-band events -(Interrupt, Cancel, ...), \-1 on error and 0 on success. -.PP -\&\fBUI_ctrl()\fR adds extra control for the application author. For now, it -understands two commands: \fB\s-1UI_CTRL_PRINT_ERRORS\s0\fR, which makes \fBUI_process()\fR -print the OpenSSL error stack as part of processing the \s-1UI,\s0 and -\&\fB\s-1UI_CTRL_IS_REDOABLE\s0\fR, which returns a flag saying if the used \s-1UI\s0 can -be used again or not. -.PP -\&\fBUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. -This function is not thread-safe and should not be called at the same time -as other OpenSSL functions. -.PP -\&\fBUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. -.PP -\&\fBUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0 -.PP -\&\fBUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0 -.SH "NOTES" -.IX Header "NOTES" -The resulting strings that the built in method \fBUI_OpenSSL()\fR generate -are assumed to be encoded according to the current locale or (for -Windows) code page. -For applications having different demands, these strings need to be -converted appropriately by the caller. -For Windows, if the \s-1OPENSSL_WIN32_UTF8\s0 environment variable is set, -the built-in method \fBUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings -instead. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBUI_new()\fR and \fBUI_new_method()\fR return a valid \fB\s-1UI\s0\fR structure or \s-1NULL\s0 if an error -occurred. -.PP -\&\fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, \fBUI_add_verify_string()\fR, -\&\fBUI_dup_verify_string()\fR, \fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, -\&\fBUI_add_info_string()\fR, \fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR -and \fBUI_dup_error_string()\fR return a positive number on success or a value which -is less than or equal to 0 otherwise. -.PP -\&\fBUI_construct_prompt()\fR returns a string or \s-1NULL\s0 if an error occurred. -.PP -\&\fBUI_dup_user_data()\fR returns 0 on success or \-1 on error. -.PP -\&\fBUI_get0_result()\fR returns a string or \s-1NULL\s0 on error. -.PP -\&\fBUI_get_result_length()\fR returns a positive integer or 0 on success; otherwise it -returns \-1 on error. -.PP -\&\fBUI_process()\fR returns 0 on success or a negative value on error. -.PP -\&\fBUI_ctrl()\fR returns a mask on success or \-1 on error. -.PP -\&\fBUI_get_default_method()\fR, \fBUI_get_method()\fR, \fBUI_OpenSSL()\fR, \fBUI_null()\fR and -\&\fBUI_set_method()\fR return either a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 -respectively. -.SH "HISTORY" -.IX Header "HISTORY" -The \fBUI_dup_user_data()\fR function was added in OpenSSL 1.1.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509V3_get_d2i.3 b/secure/lib/libcrypto/man/X509V3_get_d2i.3 deleted file mode 100644 index cb8e597984e2..000000000000 --- a/secure/lib/libcrypto/man/X509V3_get_d2i.3 +++ /dev/null @@ -1,375 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509V3_GET_D2I 3" -.TH X509V3_GET_D2I 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d \- X509 extension decode and encode functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, -\& int *idx); -\& int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, -\& int crit, unsigned long flags); -\& -\& void *X509V3_EXT_d2i(X509_EXTENSION *ext); -\& X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext); -\& -\& void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); -\& int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, -\& unsigned long flags); -\& -\& void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx); -\& int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit, -\& unsigned long flags); -\& -\& void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx); -\& int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit, -\& unsigned long flags); -\& -\& const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); -\& const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); -\& const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509V3_get_ext_d2i()\fR looks for an extension with \s-1OID\s0 \fBnid\fR in the extensions -\&\fBx\fR and, if found, decodes it. If \fBidx\fR is \fB\s-1NULL\s0\fR then only one -occurrence of an extension is permissible otherwise the first extension after -index \fB*idx\fR is returned and \fB*idx\fR updated to the location of the extension. -If \fBcrit\fR is not \fB\s-1NULL\s0\fR then \fB*crit\fR is set to a status value: \-2 if the -extension occurs multiple times (this is only returned if \fBidx\fR is \fB\s-1NULL\s0\fR), -\&\-1 if the extension could not be found, 0 if the extension is found and is -not critical and 1 if critical. A pointer to an extension specific structure -or \fB\s-1NULL\s0\fR is returned. -.PP -\&\fBX509V3_add1_i2d()\fR adds extension \fBvalue\fR to \s-1STACK\s0 \fB*x\fR (allocating a new -\&\s-1STACK\s0 if necessary) using \s-1OID\s0 \fBnid\fR and criticality \fBcrit\fR according -to \fBflags\fR. -.PP -\&\fBX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN.1\s0 data contained in extension -\&\fBext\fR and returns a pointer to an extension specific structure or \fB\s-1NULL\s0\fR -if the extension could not be decoded (invalid syntax or not supported). -.PP -\&\fBX509V3_EXT_i2d()\fR encodes the extension specific structure \fBext\fR -with \s-1OID\s0 \fBext_nid\fR and criticality \fBcrit\fR. -.PP -\&\fBX509_get_ext_d2i()\fR and \fBX509_add1_ext_i2d()\fR operate on the extensions of -certificate \fBx\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and -\&\fBX509V3_add_i2d()\fR. -.PP -\&\fBX509_CRL_get_ext_d2i()\fR and \fBX509_CRL_add1_ext_i2d()\fR operate on the extensions -of \s-1CRL\s0 \fBcrl\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and -\&\fBX509V3_add_i2d()\fR. -.PP -\&\fBX509_REVOKED_get_ext_d2i()\fR and \fBX509_REVOKED_add1_ext_i2d()\fR operate on the -extensions of \fBX509_REVOKED\fR structure \fBr\fR (i.e for \s-1CRL\s0 entry extensions), -they are otherwise identical to \fBX509V3_get_d2i()\fR and \fBX509V3_add_i2d()\fR. -.PP -\&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and -\&\fBX509_REVOKED_get0_extensions()\fR return a stack of all the extensions -of a certificate a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively. -.SH "NOTES" -.IX Header "NOTES" -In almost all cases an extension can occur at most once and multiple -occurrences is an error. Therefore the \fBidx\fR parameter is usually \fB\s-1NULL\s0\fR. -.PP -The \fBflags\fR parameter may be one of the following values. -.PP -\&\fBX509V3_ADD_DEFAULT\fR appends a new extension only if the extension does -not already exist. An error is returned if the extension does already -exist. -.PP -\&\fBX509V3_ADD_APPEND\fR appends a new extension, ignoring whether the extension -already exists. -.PP -\&\fBX509V3_ADD_REPLACE\fR replaces an extension if it exists otherwise appends -a new extension. -.PP -\&\fBX509V3_ADD_REPLACE_EXISTING\fR replaces an existing extension if it exists -otherwise returns an error. -.PP -\&\fBX509V3_ADD_KEEP_EXISTING\fR appends a new extension only if the extension does -not already exist. An error \fBis not\fR returned if the extension does already -exist. -.PP -\&\fBX509V3_ADD_DELETE\fR extension \fBnid\fR is deleted: no new extension is added. -.PP -If \fBX509V3_ADD_SILENT\fR is ored with \fBflags\fR: any error returned will not -be added to the error queue. -.PP -The function \fBX509V3_get_d2i()\fR will return \fB\s-1NULL\s0\fR if the extension is not -found, occurs multiple times or cannot be decoded. It is possible to -determine the precise reason by checking the value of \fB*crit\fR. -.SH "SUPPORTED EXTENSIONS" -.IX Header "SUPPORTED EXTENSIONS" -The following sections contain a list of all supported extensions -including their name and \s-1NID.\s0 -.SS "\s-1PKIX\s0 Certificate Extensions" -.IX Subsection "PKIX Certificate Extensions" -The following certificate extensions are defined in \s-1PKIX\s0 standards such as -\&\s-1RFC5280.\s0 -.PP -.Vb 3 -\& Basic Constraints NID_basic_constraints -\& Key Usage NID_key_usage -\& Extended Key Usage NID_ext_key_usage -\& -\& Subject Key Identifier NID_subject_key_identifier -\& Authority Key Identifier NID_authority_key_identifier -\& -\& Private Key Usage Period NID_private_key_usage_period -\& -\& Subject Alternative Name NID_subject_alt_name -\& Issuer Alternative Name NID_issuer_alt_name -\& -\& Authority Information Access NID_info_access -\& Subject Information Access NID_sinfo_access -\& -\& Name Constraints NID_name_constraints -\& -\& Certificate Policies NID_certificate_policies -\& Policy Mappings NID_policy_mappings -\& Policy Constraints NID_policy_constraints -\& Inhibit Any Policy NID_inhibit_any_policy -\& -\& TLS Feature NID_tlsfeature -.Ve -.SS "Netscape Certificate Extensions" -.IX Subsection "Netscape Certificate Extensions" -The following are (largely obsolete) Netscape certificate extensions. -.PP -.Vb 8 -\& Netscape Cert Type NID_netscape_cert_type -\& Netscape Base Url NID_netscape_base_url -\& Netscape Revocation Url NID_netscape_revocation_url -\& Netscape CA Revocation Url NID_netscape_ca_revocation_url -\& Netscape Renewal Url NID_netscape_renewal_url -\& Netscape CA Policy Url NID_netscape_ca_policy_url -\& Netscape SSL Server Name NID_netscape_ssl_server_name -\& Netscape Comment NID_netscape_comment -.Ve -.SS "Miscellaneous Certificate Extensions" -.IX Subsection "Miscellaneous Certificate Extensions" -.Vb 2 -\& Strong Extranet ID NID_sxnet -\& Proxy Certificate Information NID_proxyCertInfo -.Ve -.SS "\s-1PKIX CRL\s0 Extensions" -.IX Subsection "PKIX CRL Extensions" -The following are \s-1CRL\s0 extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0 -.PP -.Vb 6 -\& CRL Number NID_crl_number -\& CRL Distribution Points NID_crl_distribution_points -\& Delta CRL Indicator NID_delta_crl -\& Freshest CRL NID_freshest_crl -\& Invalidity Date NID_invalidity_date -\& Issuing Distribution Point NID_issuing_distribution_point -.Ve -.PP -The following are \s-1CRL\s0 entry extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0 -.PP -.Vb 2 -\& CRL Reason Code NID_crl_reason -\& Certificate Issuer NID_certificate_issuer -.Ve -.SS "\s-1OCSP\s0 Extensions" -.IX Subsection "OCSP Extensions" -.Vb 7 -\& OCSP Nonce NID_id_pkix_OCSP_Nonce -\& OCSP CRL ID NID_id_pkix_OCSP_CrlID -\& Acceptable OCSP Responses NID_id_pkix_OCSP_acceptableResponses -\& OCSP No Check NID_id_pkix_OCSP_noCheck -\& OCSP Archive Cutoff NID_id_pkix_OCSP_archiveCutoff -\& OCSP Service Locator NID_id_pkix_OCSP_serviceLocator -\& Hold Instruction Code NID_hold_instruction_code -.Ve -.SS "Certificate Transparency Extensions" -.IX Subsection "Certificate Transparency Extensions" -The following extensions are used by certificate transparency, \s-1RFC6962\s0 -.PP -.Vb 2 -\& CT Precertificate SCTs NID_ct_precert_scts -\& CT Certificate SCTs NID_ct_cert_scts -.Ve -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509V3_EXT_d2i()\fR and *\fBX509V3_get_d2i()\fR return a pointer to an extension -specific structure of \fB\s-1NULL\s0\fR if an error occurs. -.PP -\&\fBX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure -or \fB\s-1NULL\s0\fR if an error occurs. -.PP -\&\fBX509V3_add1_i2d()\fR returns 1 if the operation is successful and 0 if it -fails due to a non-fatal error (extension not found, already exists, -cannot be encoded) or \-1 due to a fatal error such as a memory allocation -failure. -.PP -\&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and -\&\fBX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return -\&\s-1NULL\s0 if no extensions are present. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBERR_get_error\fR\|(3), -\&\fBX509_CRL_get0_by_serial\fR\|(3), -\&\fBX509_get0_signature\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -\&\fBX509_get_subject_name\fR\|(3), -\&\fBX509_get_version\fR\|(3), -\&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBX509_new\fR\|(3), -\&\fBX509_sign\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_ALGOR_dup.3 b/secure/lib/libcrypto/man/X509_ALGOR_dup.3 deleted file mode 100644 index 3342bff2ea5f..000000000000 --- a/secure/lib/libcrypto/man/X509_ALGOR_dup.3 +++ /dev/null @@ -1,193 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_ALGOR_DUP 3" -.TH X509_ALGOR_DUP 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp \- AlgorithmIdentifier functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg); -\& int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); -\& void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, -\& const void **ppval, const X509_ALGOR *alg); -\& void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); -\& int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_ALGOR_dup()\fR returns a copy of \fBalg\fR. -.PP -\&\fBX509_ALGOR_set0()\fR sets the algorithm \s-1OID\s0 of \fBalg\fR to \fBaobj\fR and the -associated parameter type to \fBptype\fR with value \fBpval\fR. If \fBptype\fR is -\&\fBV_ASN1_UNDEF\fR the parameter is omitted, otherwise \fBptype\fR and \fBpval\fR have -the same meaning as the \fBtype\fR and \fBvalue\fR parameters to \fBASN1_TYPE_set()\fR. -All the supplied parameters are used internally so must \fB\s-1NOT\s0\fR be freed after -this call. -.PP -\&\fBX509_ALGOR_get0()\fR is the inverse of \fBX509_ALGOR_set0()\fR: it returns the -algorithm \s-1OID\s0 in \fB*paobj\fR and the associated parameter in \fB*pptype\fR -and \fB*ppval\fR from the \fBAlgorithmIdentifier\fR \fBalg\fR. -.PP -\&\fBX509_ALGOR_set_md()\fR sets the \fBAlgorithmIdentifier\fR \fBalg\fR to appropriate -values for the message digest \fBmd\fR. -.PP -\&\fBX509_ALGOR_cmp()\fR compares \fBa\fR and \fBb\fR and returns 0 if they have identical -encodings and non-zero otherwise. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error -occurred. -.PP -\&\fBX509_ALGOR_set0()\fR returns 1 on success or 0 on error. -.PP -\&\fBX509_ALGOR_get0()\fR and \fBX509_ALGOR_set_md()\fR return no values. -.PP -\&\fBX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and -non-zero otherwise. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 b/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 deleted file mode 100644 index 511585c2568a..000000000000 --- a/secure/lib/libcrypto/man/X509_CRL_get0_by_serial.3 +++ /dev/null @@ -1,242 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_CRL_GET0_BY_SERIAL 3" -.TH X509_CRL_GET0_BY_SERIAL 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, X509_CRL_add0_revoked, X509_CRL_sort \- CRL revoked entry utility functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_CRL_get0_by_serial(X509_CRL *crl, -\& X509_REVOKED **ret, ASN1_INTEGER *serial); -\& int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); -\& -\& STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); -\& -\& const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r); -\& const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r); -\& -\& int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial); -\& int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); -\& -\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); -\& -\& int X509_CRL_sort(X509_CRL *crl); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fBcrl\fR for -serial number \fBserial\fR. If it is successful it sets \fB*ret\fR to the internal -pointer of the matching entry, as a result \fB*ret\fR must not be freed up -after the call. -.PP -\&\fBX509_CRL_get0_by_cert()\fR is similar to \fBX509_get0_by_serial()\fR except it -looks for a revoked entry using the serial number of certificate \fBx\fR. -.PP -\&\fBX509_CRL_get_REVOKED()\fR returns an internal pointer to a stack of all -revoked entries for \fBcrl\fR. -.PP -\&\fBX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the -serial number of \fBr\fR. -.PP -\&\fBX509_REVOKED_get0_revocationDate()\fR returns an internal pointer to the -revocation date of \fBr\fR. -.PP -\&\fBX509_REVOKED_set_serialNumber()\fR sets the serial number of \fBr\fR to \fBserial\fR. -The supplied \fBserial\fR pointer is not used internally so it should be -freed up after use. -.PP -\&\fBX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fBr\fR to -\&\fBtm\fR. The supplied \fBtm\fR pointer is not used internally so it should be -freed up after use. -.PP -\&\fBX509_CRL_add0_revoked()\fR appends revoked entry \fBrev\fR to \s-1CRL\s0 \fBcrl\fR. The -pointer \fBrev\fR is used internally so it must not be freed up after the call: -it is freed when the parent \s-1CRL\s0 is freed. -.PP -\&\fBX509_CRL_sort()\fR sorts the revoked entries of \fBcrl\fR into ascending serial -number order. -.SH "NOTES" -.IX Header "NOTES" -Applications can determine the number of revoked entries returned by -\&\fBX509_CRL_get_revoked()\fR using \fBsk_X509_REVOKED_num()\fR and examine each one -in turn using \fBsk_X509_REVOKED_value()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_CRL_get0_by_serial()\fR and \fBX509_CRL_get0_by_cert()\fR return 0 for failure, -1 on success except if the revoked entry has the reason \f(CW\*(C`removeFromCRL\*(C'\fR (8), -in which case 2 is returned. -.PP -\&\fBX509_REVOKED_set_serialNumber()\fR, \fBX509_REVOKED_set_revocationDate()\fR, -\&\fBX509_CRL_add0_revoked()\fR and \fBX509_CRL_sort()\fR return 1 for success and 0 for -failure. -.PP -\&\fBX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR pointer. -.PP -\&\fBX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR value. -.PP -\&\fBX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBERR_get_error\fR\|(3), -\&\fBX509_get0_signature\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -\&\fBX509_get_subject_name\fR\|(3), -\&\fBX509_get_version\fR\|(3), -\&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBX509_new\fR\|(3), -\&\fBX509_sign\fR\|(3), -\&\fBX509V3_get_d2i\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 deleted file mode 100644 index 3c612c6840e7..000000000000 --- a/secure/lib/libcrypto/man/X509_EXTENSION_set_object.3 +++ /dev/null @@ -1,223 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_EXTENSION_SET_OBJECT 3" -.TH X509_EXTENSION_SET_OBJECT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, X509_EXTENSION_get_critical, X509_EXTENSION_get_data \- extension utility functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 3 -\& int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); -\& int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); -\& int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); -\& -\& X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, -\& int nid, int crit, -\& ASN1_OCTET_STRING *data); -\& X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, -\& const ASN1_OBJECT *obj, int crit, -\& ASN1_OCTET_STRING *data); -\& -\& ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); -\& int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); -\& ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_EXTENSION_set_object()\fR sets the extension type of \fBex\fR to \fBobj\fR. The -\&\fBobj\fR pointer is duplicated internally so \fBobj\fR should be freed up after use. -.PP -\&\fBX509_EXTENSION_set_critical()\fR sets the criticality of \fBex\fR to \fBcrit\fR. If -\&\fBcrit\fR is zero the extension in non-critical otherwise it is critical. -.PP -\&\fBX509_EXTENSION_set_data()\fR sets the data in extension \fBex\fR to \fBdata\fR. The -\&\fBdata\fR pointer is duplicated internally. -.PP -\&\fBX509_EXTENSION_create_by_NID()\fR creates an extension of type \fBnid\fR, -criticality \fBcrit\fR using data \fBdata\fR. The created extension is returned and -written to \fB*ex\fR reusing or allocating a new extension if necessary so \fB*ex\fR -should either be \fB\s-1NULL\s0\fR or a valid \fBX509_EXTENSION\fR structure it must -\&\fBnot\fR be an uninitialised pointer. -.PP -\&\fBX509_EXTENSION_create_by_OBJ()\fR is identical to \fBX509_EXTENSION_create_by_NID()\fR -except it creates and extension using \fBobj\fR instead of a \s-1NID.\s0 -.PP -\&\fBX509_EXTENSION_get_object()\fR returns the extension type of \fBex\fR as an -\&\fB\s-1ASN1_OBJECT\s0\fR pointer. The returned pointer is an internal value which must -not be freed up. -.PP -\&\fBX509_EXTENSION_get_critical()\fR returns the criticality of extension \fBex\fR it -returns \fB1\fR for critical and \fB0\fR for non-critical. -.PP -\&\fBX509_EXTENSION_get_data()\fR returns the data of extension \fBex\fR. The returned -pointer is an internal value which must not be freed up. -.SH "NOTES" -.IX Header "NOTES" -These functions manipulate the contents of an extension directly. Most -applications will want to parse or encode and add an extension: they should -use the extension encode and decode functions instead such as -\&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. -.PP -The \fBdata\fR associated with an extension is the extension encoding in an -\&\fB\s-1ASN1_OCTET_STRING\s0\fR structure. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_EXTENSION_set_object()\fR \fBX509_EXTENSION_set_critical()\fR and -\&\fBX509_EXTENSION_set_data()\fR return \fB1\fR for success and \fB0\fR for failure. -.PP -\&\fBX509_EXTENSION_create_by_NID()\fR and \fBX509_EXTENSION_create_by_OBJ()\fR return -an \fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. -.PP -\&\fBX509_EXTENSION_get_object()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR pointer. -.PP -\&\fBX509_EXTENSION_get_critical()\fR returns \fB0\fR for non-critical and \fB1\fR for -critical. -.PP -\&\fBX509_EXTENSION_get_data()\fR returns an \fB\s-1ASN1_OCTET_STRING\s0\fR pointer. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509V3_get_d2i\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 b/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 deleted file mode 100644 index d3f4d8ed599b..000000000000 --- a/secure/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 +++ /dev/null @@ -1,264 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_LOOKUP_HASH_DIR 3" -.TH X509_LOOKUP_HASH_DIR 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file, X509_load_cert_crl_file \- Default OpenSSL certificate lookup methods -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); -\& X509_LOOKUP_METHOD *X509_LOOKUP_file(void); -\& -\& int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); -\& int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); -\& int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_LOOKUP_hash_dir\fR and \fBX509_LOOKUP_file\fR are two certificate -lookup methods to use with \fBX509_STORE\fR, provided by OpenSSL library. -.PP -Users of the library typically do not need to create instances of these -methods manually, they would be created automatically by -\&\fBX509_STORE_load_locations\fR\|(3) or -\&\fBSSL_CTX_load_verify_locations\fR\|(3) -functions. -.PP -Internally loading of certificates and CRLs is implemented via functions -\&\fBX509_load_cert_crl_file\fR, \fBX509_load_cert_file\fR and -\&\fBX509_load_crl_file\fR. These functions support parameter \fItype\fR, which -can be one of constants \fB\s-1FILETYPE_PEM\s0\fR, \fB\s-1FILETYPE_ASN1\s0\fR and -\&\fB\s-1FILETYPE_DEFAULT\s0\fR. They load certificates and/or CRLs from specified -file into memory cache of \fBX509_STORE\fR objects which given \fBctx\fR -parameter is associated with. -.PP -Functions \fBX509_load_cert_file\fR and -\&\fBX509_load_crl_file\fR can load both \s-1PEM\s0 and \s-1DER\s0 formats depending of -type value. Because \s-1DER\s0 format cannot contain more than one certificate -or \s-1CRL\s0 object (while \s-1PEM\s0 can contain several concatenated \s-1PEM\s0 objects) -\&\fBX509_load_cert_crl_file\fR with \fB\s-1FILETYPE_ASN1\s0\fR is equivalent to -\&\fBX509_load_cert_file\fR. -.PP -Constant \fB\s-1FILETYPE_DEFAULT\s0\fR with \s-1NULL\s0 filename causes these functions -to load default certificate store file (see -\&\fBX509_STORE_set_default_paths\fR\|(3). -.PP -Functions return number of objects loaded from file or 0 in case of -error. -.PP -Both methods support adding several certificate locations into one -\&\fBX509_STORE\fR. -.PP -This page documents certificate store formats used by these methods and -caching policy. -.SS "File Method" -.IX Subsection "File Method" -The \fBX509_LOOKUP_file\fR method loads all the certificates or CRLs -present in a file into memory at the time the file is added as a -lookup source. -.PP -File format is \s-1ASCII\s0 text which contains concatenated \s-1PEM\s0 certificates -and CRLs. -.PP -This method should be used by applications which work with a small -set of CAs. -.SS "Hashed Directory Method" -.IX Subsection "Hashed Directory Method" -\&\fBX509_LOOKUP_hash_dir\fR is a more advanced method, which loads -certificates and CRLs on demand, and caches them in memory once -they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs -upon each lookup, so that newer CRLs are as soon as they appear in -the directory. -.PP -The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format, -with a file name of the form \fIhash\fR.\fIN\fR for a certificate, or -\&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL.\s0 -The \fIhash\fR is the value returned by the \fBX509_NAME_hash\fR\|(3) function applied -to the subject name for certificates or issuer name for CRLs. -The hash can also be obtained via the \fB\-hash\fR option of the \fBx509\fR\|(1) or -\&\fBcrl\fR\|(1) commands. -.PP -The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is -incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR -value. -Gaps in the sequence numbers are not supported, it is assumed that there are no -more objects with the same hash beyond the first missing number in the -sequence. -.PP -Sequence numbers make it possible for the directory to contain multiple -certificates with same subject name hash value. -For example, it is possible to have in the store several certificates with same -subject or several CRLs with same issuer (and, for example, different validity -period). -.PP -When checking for new CRLs once one \s-1CRL\s0 for given hash value is -loaded, hash_dir lookup method checks only for certificates with -sequence number greater than that of the already cached \s-1CRL.\s0 -.PP -Note that the hash algorithm used for subject name hashing changed in OpenSSL -1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL -0.9.8 to 1.0.0. -.PP -OpenSSL includes a \fBrehash\fR\|(1) utility which creates symlinks with correct -hashed names for all files with .pem suffix in a given directory. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_LOOKUP_hash_dir()\fR and \fBX509_LOOKUP_file()\fR always return a valid -\&\fBX509_LOOKUP_METHOD\fR structure. -.PP -\&\fBX509_load_cert_file()\fR, \fBX509_load_crl_file()\fR and \fBX509_load_cert_crl_file()\fR return -the number of loaded objects or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBPEM_read_PrivateKey\fR\|(3), -\&\fBX509_STORE_load_locations\fR\|(3), -\&\fBX509_store_add_lookup\fR\|(3), -\&\fBSSL_CTX_load_verify_locations\fR\|(3), -\&\fBX509_LOOKUP_meth_new\fR\|(3), -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 b/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 deleted file mode 100644 index 98105df74981..000000000000 --- a/secure/lib/libcrypto/man/X509_LOOKUP_meth_new.3 +++ /dev/null @@ -1,313 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_LOOKUP_METH_NEW 3" -.TH X509_LOOKUP_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, X509_LOOKUP_meth_get_shutdown, X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, X509_LOOKUP_meth_get_get_by_subject, X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, X509_LOOKUP_meth_get_get_by_issuer_serial, X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, X509_LOOKUP_meth_get_get_by_fingerprint, X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, X509_LOOKUP_meth_get_get_by_alias, X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, X509_LOOKUP_get_store, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL \&\- Routines to build up X509_LOOKUP methods -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); -\& void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); -\& -\& int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, -\& int (*new_item) (X509_LOOKUP *ctx)); -\& int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) -\& (X509_LOOKUP *ctx); -\& -\& int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, -\& void (*free) (X509_LOOKUP *ctx)); -\& void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) -\& (X509_LOOKUP *ctx); -\& -\& int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, -\& int (*init) (X509_LOOKUP *ctx)); -\& int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) -\& (X509_LOOKUP *ctx); -\& -\& int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, -\& int (*shutdown) (X509_LOOKUP *ctx)); -\& int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) -\& (X509_LOOKUP *ctx); -\& -\& typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, -\& long argl, char **ret); -\& int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, -\& X509_LOOKUP_ctrl_fn ctrl_fn); -\& X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); -\& -\& typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, -\& X509_LOOKUP_TYPE type, -\& X509_NAME *name, -\& X509_OBJECT *ret); -\& int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, -\& X509_LOOKUP_get_by_subject_fn fn); -\& X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( -\& const X509_LOOKUP_METHOD *method); -\& -\& typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, -\& X509_LOOKUP_TYPE type, -\& X509_NAME *name, -\& ASN1_INTEGER *serial, -\& X509_OBJECT *ret); -\& int X509_LOOKUP_meth_set_get_by_issuer_serial( -\& X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); -\& X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( -\& const X509_LOOKUP_METHOD *method); -\& -\& typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, -\& X509_LOOKUP_TYPE type, -\& const unsigned char* bytes, -\& int len, -\& X509_OBJECT *ret); -\& int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, -\& X509_LOOKUP_get_by_fingerprint_fn fn); -\& X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( -\& const X509_LOOKUP_METHOD *method); -\& -\& typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, -\& X509_LOOKUP_TYPE type, -\& const char *str, -\& int len, -\& X509_OBJECT *ret); -\& int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, -\& X509_LOOKUP_get_by_alias_fn fn); -\& X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( -\& const X509_LOOKUP_METHOD *method); -\& -\& int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); -\& void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); -\& -\& X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); -\& -\& int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); -\& int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBX509_LOOKUP_METHOD\fR type is a structure used for the implementation of new -X509_LOOKUP types. It provides a set of functions used by OpenSSL for the -implementation of various X509 and X509_CRL lookup capabilities. One instance -of an X509_LOOKUP_METHOD can be associated to many instantiations of an -\&\fBX509_LOOKUP\fR structure. -.PP -\&\fBX509_LOOKUP_meth_new()\fR creates a new \fBX509_LOOKUP_METHOD\fR structure. It should -be given a human-readable string containing a brief description of the lookup -method. -.PP -\&\fBX509_LOOKUP_meth_free()\fR destroys a \fBX509_LOOKUP_METHOD\fR structure. -.PP -\&\fBX509_LOOKUP_get_new_item()\fR and \fBX509_LOOKUP_set_new_item()\fR get and set the -function that is called when an \fBX509_LOOKUP\fR object is created with -\&\fBX509_LOOKUP_new()\fR. If an X509_LOOKUP_METHOD requires any per\-X509_LOOKUP -specific data, the supplied new_item function should allocate this data and -invoke \fBX509_LOOKUP_set_method_data()\fR. -.PP -\&\fBX509_LOOKUP_get_free()\fR and \fBX509_LOOKUP_set_free()\fR get and set the function -that is used to free any method data that was allocated and set from within -new_item function. -.PP -\&\fBX509_LOOKUP_meth_get_init()\fR and \fBX509_LOOKUP_meth_set_init()\fR get and set the -function that is used to initialize the method data that was set with -\&\fBX509_LOOKUP_set_method_data()\fR as part of the new_item routine. -.PP -\&\fBX509_LOOKUP_meth_get_shutdown()\fR and \fBX509_LOOKUP_meth_set_shutdown()\fR get and set -the function that is used to shut down the method data whose state was -previously initialized in the init function. -.PP -\&\fBX509_LOOKUP_meth_get_ctrl()\fR and \fBX509_LOOKUP_meth_set_ctrl()\fR get and set a -function to be used to handle arbitrary control commands issued by -\&\fBX509_LOOKUP_ctrl()\fR. The control function is given the X509_LOOKUP -\&\fBctx\fR, along with the arguments passed by X509_LOOKUP_ctrl. \fBcmd\fR is -an arbitrary integer that defines some operation. \fBargc\fR is a pointer -to an array of characters. \fBargl\fR is an integer. \fBret\fR, if set, -points to a location where any return data should be written to. How -\&\fBargc\fR and \fBargl\fR are used depends entirely on the control function. -.PP -\&\fBX509_LOOKUP_set_get_by_subject()\fR, \fBX509_LOOKUP_set_get_by_issuer_serial()\fR, -\&\fBX509_LOOKUP_set_get_by_fingerprint()\fR, \fBX509_LOOKUP_set_get_by_alias()\fR set -the functions used to retrieve an X509 or X509_CRL object by the object's -subject, issuer, fingerprint, and alias respectively. These functions are given -the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters -related to the lookup, and an X509_OBJECT that will receive the requested -object. -.PP -Implementations must add objects they find to the \fBX509_STORE\fR object -using \fBX509_STORE_add_cert()\fR or \fBX509_STORE_add_crl()\fR. This increments -its reference count. However, the \fBX509_STORE_CTX_get_by_subject()\fR -function also increases the reference count which leads to one too -many references being held. Therefore applications should -additionally call \fBX509_free()\fR or \fBX509_CRL_free()\fR to decrement the -reference count again. -.PP -Implementations should also use either \fBX509_OBJECT_set1_X509()\fR or -\&\fBX509_OBJECT_set1_X509_CRL()\fR to set the result. Note that this also -increments the result's reference count. -.PP -Any method data that was created as a result of the new_item function -set by \fBX509_LOOKUP_meth_set_new_item()\fR can be accessed with -\&\fBX509_LOOKUP_get_method_data()\fR. The \fBX509_STORE\fR object that owns the -X509_LOOKUP may be accessed with \fBX509_LOOKUP_get_store()\fR. Successful lookups -should return 1, and unsuccessful lookups should return 0. -.PP -\&\fBX509_LOOKUP_get_get_by_subject()\fR, \fBX509_LOOKUP_get_get_by_issuer_serial()\fR, -\&\fBX509_LOOKUP_get_get_by_fingerprint()\fR, \fBX509_LOOKUP_get_get_by_alias()\fR retrieve -the function set by the corresponding setter. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The \fBX509_LOOKUP_meth_set\fR functions return 1 on success or 0 on error. -.PP -The \fBX509_LOOKUP_meth_get\fR functions return the corresponding function -pointers. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_STORE_new\fR\|(3), \fBSSL_CTX_set_cert_store\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The functions described here were added in OpenSSL 1.1.0i. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 deleted file mode 100644 index 9f9720d81da6..000000000000 --- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 +++ /dev/null @@ -1,224 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_NAME_ENTRY_GET_OBJECT 3" -.TH X509_NAME_ENTRY_GET_OBJECT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); -\& ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); -\& -\& int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); -\& int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, -\& const unsigned char *bytes, int len); -\& -\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, -\& int type, const unsigned char *bytes, -\& int len); -\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, -\& int type, const unsigned char *bytes, -\& int len); -\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, -\& const ASN1_OBJECT *obj, int type, -\& const unsigned char *bytes, int len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in -and \fB\s-1ASN1_OBJECT\s0\fR structure. -.PP -\&\fBX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in -and \fB\s-1ASN1_STRING\s0\fR structure. -.PP -\&\fBX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. -.PP -\&\fBX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type -\&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR. -.PP -\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR -and \fBX509_NAME_ENTRY_create_by_OBJ()\fR create and return an -\&\fBX509_NAME_ENTRY\fR structure. -.SH "NOTES" -.IX Header "NOTES" -\&\fBX509_NAME_ENTRY_get_object()\fR and \fBX509_NAME_ENTRY_get_data()\fR can be -used to examine an \fBX509_NAME_ENTRY\fR function as returned by -\&\fBX509_NAME_get_entry()\fR for example. -.PP -\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_OBJ()\fR, -\&\fBX509_NAME_ENTRY_create_by_NID()\fR and \fBX509_NAME_ENTRY_set_data()\fR -are seldom used in practice because \fBX509_NAME_ENTRY\fR structures -are almost always part of \fBX509_NAME\fR structures and the -corresponding \fBX509_NAME\fR functions are typically used to -create and add new entries in a single operation. -.PP -The arguments of these functions support similar options to the similarly -named ones of the corresponding \fBX509_NAME\fR functions such as -\&\fBX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to -\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fBX509_set_data()\fR the field name must be -set first so the relevant field information can be looked up internally. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_NAME_ENTRY_get_object()\fR returns a valid \fB\s-1ASN1_OBJECT\s0\fR structure if it is -set or \s-1NULL\s0 if an error occurred. -.PP -\&\fBX509_NAME_ENTRY_get_data()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure if it is set -or \s-1NULL\s0 if an error occurred. -.PP -\&\fBX509_NAME_ENTRY_set_object()\fR and \fBX509_NAME_ENTRY_set_data()\fR return 1 on success -or 0 on error. -.PP -\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR and -\&\fBX509_NAME_ENTRY_create_by_OBJ()\fR return a valid \fBX509_NAME_ENTRY\fR on success or -\&\s-1NULL\s0 if an error occurred. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3), -\&\fBOBJ_nid2obj\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 deleted file mode 100644 index 0e8f8f88ca31..000000000000 --- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 +++ /dev/null @@ -1,257 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3" -.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, -\& const unsigned char *bytes, int len, int loc, int set); -\& -\& int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, -\& const unsigned char *bytes, int len, int loc, int set); -\& -\& int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, -\& const unsigned char *bytes, int len, int loc, int set); -\& -\& int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set); -\& -\& X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR and -\&\fBX509_NAME_add_entry_by_NID()\fR add a field whose name is defined -by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. -The field value to be added is in \fBbytes\fR of length \fBlen\fR. If -\&\fBlen\fR is \-1 then the field length is calculated internally using -strlen(bytes). -.PP -The type of field is determined by \fBtype\fR which can either be a -definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a -standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is -added to a position determined by \fBloc\fR and \fBset\fR. -.PP -\&\fBX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR -to \fBname\fR. The new entry is added to a position determined by \fBloc\fR -and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after -the call. -.PP -\&\fBX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position -\&\fBloc\fR. The deleted entry is returned and must be freed up. -.SH "NOTES" -.IX Header "NOTES" -The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR -is strongly recommended for the \fBtype\fR parameter. This allows the -internal code to correctly determine the type of the field and to -apply length checks according to the relevant standards. This is -done using \fBASN1_STRING_set_by_NID()\fR. -.PP -If instead an \s-1ASN1\s0 type is used no checks are performed and the -supplied data in \fBbytes\fR is used directly. -.PP -In \fBX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents -the field name using OBJ_txt2obj(field, 0). -.PP -The \fBloc\fR and \fBset\fR parameters determine where a new entry should -be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR -to 0. This adds a new entry to the end of \fBname\fR as a single valued -RelativeDistinguishedName (\s-1RDN\s0). -.PP -\&\fBloc\fR actually determines the index where the new entry is inserted: -if it is \-1 it is appended. -.PP -\&\fBset\fR determines how the new type is added. If it is zero a -new \s-1RDN\s0 is created. -.PP -If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0 -structure respectively. This will then be a multivalued \s-1RDN:\s0 -since multivalues RDNs are very seldom used \fBset\fR is almost -always set to zero. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR, -\&\fBX509_NAME_add_entry_by_NID()\fR and \fBX509_NAME_add_entry()\fR return 1 for -success of 0 if an error occurred. -.PP -\&\fBX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR -structure of \fB\s-1NULL\s0\fR if an error occurred. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Create an \fBX509_NAME\fR structure: -.PP -\&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R" -.PP -.Vb 1 -\& X509_NAME *nm; -\& -\& nm = X509_NAME_new(); -\& if (nm == NULL) -\& /* Some error */ -\& if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC, -\& "UK", \-1, \-1, 0)) -\& /* Error */ -\& if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC, -\& "Disorganized Organization", \-1, \-1, 0)) -\& /* Error */ -\& if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, -\& "Joe Bloggs", \-1, \-1, 0)) -\& /* Error */ -.Ve -.SH "BUGS" -.IX Header "BUGS" -\&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a -different algorithm to determine field types. Since this form does -not understand multicharacter types, performs no length checks and -can result in invalid field types its use is strongly discouraged. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_NAME_get0_der.3 b/secure/lib/libcrypto/man/X509_NAME_get0_der.3 deleted file mode 100644 index 4e0f4e1aa8e3..000000000000 --- a/secure/lib/libcrypto/man/X509_NAME_get0_der.3 +++ /dev/null @@ -1,171 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_NAME_GET0_DER 3" -.TH X509_NAME_GET0_DER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_NAME_get0_der \- get X509_NAME DER encoding -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, -\& size_t *pderlen) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The function \fBX509_NAME_get0_der()\fR returns an internal pointer to the -encoding of an \fBX509_NAME\fR structure in \fB*pder\fR and consisting of -\&\fB*pderlen\fR bytes. It is useful for applications that wish to examine -the encoding of an \fBX509_NAME\fR structure without copying it. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The function \fBX509_NAME_get0_der()\fR returns 1 for success and 0 if an error -occurred. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 deleted file mode 100644 index 4bdf4f791297..000000000000 --- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 +++ /dev/null @@ -1,254 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_NAME_GET_INDEX_BY_NID 3" -.TH X509_NAME_GET_INDEX_BY_NID 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- X509_NAME lookup and enumeration functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); -\& int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); -\& -\& int X509_NAME_entry_count(const X509_NAME *name); -\& X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); -\& -\& int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); -\& int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions allow an \fBX509_NAME\fR structure to be examined. The -\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in -\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject -and issuer names. -.PP -\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR retrieve -the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR -should initially be set to \-1. If there are no more entries \-1 is returned. -If \fBnid\fR is invalid (doesn't correspond to a valid \s-1OID\s0) then \-2 is returned. -.PP -\&\fBX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. -.PP -\&\fBX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR -corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from -0 to (X509_NAME_entry_count(name) \- 1). The value returned is an -internal pointer which must not be freed. -.PP -\&\fBX509_NAME_get_text_by_NID()\fR, \fBX509_NAME_get_text_by_OBJ()\fR retrieve -the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or -\&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes -will be written and the text written to \fBbuf\fR will be null -terminated. The length of the output string written is returned -excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount -of space needed in \fBbuf\fR (excluding the final null) is returned. -.SH "NOTES" -.IX Header "NOTES" -\&\fBX509_NAME_get_text_by_NID()\fR and \fBX509_NAME_get_text_by_OBJ()\fR should be -considered deprecated because they -have various limitations which make them -of minimal use in practice. They can only find the first matching -entry and will copy the contents of the field verbatim: this can -be highly confusing if the target is a multicharacter string type -like a BMPString or a UTF8String. -.PP -For a more general solution \fBX509_NAME_get_index_by_NID()\fR or -\&\fBX509_NAME_get_index_by_OBJ()\fR should be used followed by -\&\fBX509_NAME_get_entry()\fR on any matching indices and then the -various \fBX509_NAME_ENTRY\fR utility functions on the result. -.PP -The list of all relevant \fBNID_*\fR and \fBOBJ_* codes\fR can be found in -the source code header files and/or -. -.PP -Applications which could pass invalid NIDs to \fBX509_NAME_get_index_by_NID()\fR -should check for the return value of \-2. Alternatively the \s-1NID\s0 validity -can be determined first by checking OBJ_nid2obj(nid) is not \s-1NULL.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR -return the index of the next matching entry or \-1 if not found. -\&\fBX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied -\&\s-1NID\s0 is invalid. -.PP -\&\fBX509_NAME_entry_count()\fR returns the total number of entries. -.PP -\&\fBX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the -requested entry or \fB\s-1NULL\s0\fR if the index is invalid. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Process all entries: -.PP -.Vb 2 -\& int i; -\& X509_NAME_ENTRY *e; -\& -\& for (i = 0; i < X509_NAME_entry_count(nm); i++) { -\& e = X509_NAME_get_entry(nm, i); -\& /* Do something with e */ -\& } -.Ve -.PP -Process all commonName entries: -.PP -.Vb 2 -\& int lastpos = \-1; -\& X509_NAME_ENTRY *e; -\& -\& for (;;) { -\& lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); -\& if (lastpos == \-1) -\& break; -\& e = X509_NAME_get_entry(nm, lastpos); -\& /* Do something with e */ -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 deleted file mode 100644 index 105de0571f67..000000000000 --- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 +++ /dev/null @@ -1,252 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_NAME_PRINT_EX 3" -.TH X509_NAME_PRINT_EX 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, X509_NAME_oneline \- X509_NAME printing routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags); -\& int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags); -\& char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); -\& int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each -line (for multiline formats) is indented by \fBindent\fR spaces. The output format -can be extensively customised by use of the \fBflags\fR parameter. -.PP -\&\fBX509_NAME_print_ex_fp()\fR is identical to \fBX509_NAME_print_ex()\fR except the output is -written to \s-1FILE\s0 pointer \fBfp\fR. -.PP -\&\fBX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. -If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and -\&\fBsize\fR is ignored. -Otherwise, at most \fBsize\fR bytes will be written, including the ending '\e0', -and \fBbuf\fR is returned. -.PP -\&\fBX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR -characters. Multiple lines are used if the output (including indent) exceeds -80 characters. -.SH "NOTES" -.IX Header "NOTES" -The functions \fBX509_NAME_oneline()\fR and \fBX509_NAME_print()\fR -produce a non standard output form, they don't handle multi character fields and -have various quirks and inconsistencies. -Their use is strongly discouraged in new applications and they could -be deprecated in a future release. -.PP -Although there are a large number of possible flags for most purposes -\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. -As noted on the \fBASN1_STRING_print_ex\fR\|(3) manual page -for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example -\&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used. -.PP -The complete set of the flags supported by \fBX509_NAME_print_ex()\fR is listed below. -.PP -Several options can be ored together. -.PP -The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, -\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators -to use. Two distinct separators are used between distinct RelativeDistinguishedName -components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN.\s0 Multi-valued -RDNs are currently very rare so the second separator will hardly ever be used. -.PP -\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR -uses comma and plus with spaces: this is more readable that plain comma and plus. -\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses -spaced newline and plus respectively. -.PP -If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order. -.PP -The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR, -\&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will -use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always -use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not -recognised) and no field name respectively. -.PP -If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character -separating field names and values. -.PP -If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is -printed instead of the values. -.PP -If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this -is only of use for multiline format. -.PP -Additionally all the options supported by \fBASN1_STRING_print_ex()\fR can be used to -control how each field value is displayed. -.PP -In addition a number options can be set for commonly used formats. -.PP -\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it -is equivalent to: - \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1XN_FLAG_SEP_COMMA_PLUS\s0 | \s-1XN_FLAG_DN_REV\s0 | \s-1XN_FLAG_FN_SN\s0 | \s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR -.PP -\&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format which is the same as: - \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1ASN1_STRFLGS_ESC_QUOTE\s0 | \s-1XN_FLAG_SEP_CPLUS_SPC\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_SN\s0\fR -.PP -\&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as: - \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR -.PP -\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fBX509_NAME_print()\fR: in fact it calls \fBX509_NAME_print()\fR internally. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error. -.PP -\&\fBX509_NAME_print()\fR returns 1 on success or 0 on error. -.PP -\&\fBX509_NAME_print_ex()\fR and \fBX509_NAME_print_ex_fp()\fR return 1 on success or 0 on error -if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fBX509_NAME_print()\fR. Otherwise, -it returns \-1 on error or other values on success. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBASN1_STRING_print_ex\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_PUBKEY_new.3 b/secure/lib/libcrypto/man/X509_PUBKEY_new.3 deleted file mode 100644 index 0e4ca164ac88..000000000000 --- a/secure/lib/libcrypto/man/X509_PUBKEY_new.3 +++ /dev/null @@ -1,248 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_PUBKEY_NEW 3" -.TH X509_PUBKEY_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param \- SubjectPublicKeyInfo public key functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509_PUBKEY *X509_PUBKEY_new(void); -\& void X509_PUBKEY_free(X509_PUBKEY *a); -\& -\& int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); -\& EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); -\& EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); -\& -\& EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); -\& int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); -\& -\& EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); -\& EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); -\& -\& int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); -\& int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); -\& -\& int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, -\& int ptype, void *pval, -\& unsigned char *penc, int penclen); -\& int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, -\& const unsigned char **pk, int *ppklen, -\& X509_ALGOR **pa, X509_PUBKEY *pub); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBX509_PUBKEY\fR structure represents the \s-1ASN.1\s0 \fBSubjectPublicKeyInfo\fR -structure defined in \s-1RFC5280\s0 and used in certificates and certificate requests. -.PP -\&\fBX509_PUBKEY_new()\fR allocates and initializes an \fBX509_PUBKEY\fR structure. -.PP -\&\fBX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fBa\fR. If \fBa\fR is \s-1NULL\s0 -nothing is done. -.PP -\&\fBX509_PUBKEY_set()\fR sets the public key in \fB*x\fR to the public key contained -in the \fB\s-1EVP_PKEY\s0\fR structure \fBpkey\fR. If \fB*x\fR is not \s-1NULL\s0 any existing -public key structure will be freed. -.PP -\&\fBX509_PUBKEY_get0()\fR returns the public key contained in \fBkey\fR. The returned -value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed after use. -.PP -\&\fBX509_PUBKEY_get()\fR is similar to \fBX509_PUBKEY_get0()\fR except the reference -count on the returned key is incremented so it \fB\s-1MUST\s0\fR be freed using -\&\fBEVP_PKEY_free()\fR after use. -.PP -\&\fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR decode and encode an \fB\s-1EVP_PKEY\s0\fR structure -using \fBSubjectPublicKeyInfo\fR format. They otherwise follow the conventions of -other \s-1ASN.1\s0 functions such as \fBd2i_X509()\fR. -.PP -\&\fBd2i_PUBKEY_bio()\fR, \fBd2i_PUBKEY_fp()\fR, \fBi2d_PUBKEY_bio()\fR and \fBi2d_PUBKEY_fp()\fR are -similar to \fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR except they decode or encode using a -\&\fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR pointer. -.PP -\&\fBX509_PUBKEY_set0_param()\fR sets the public key parameters of \fBpub\fR. The -\&\s-1OID\s0 associated with the algorithm is set to \fBaobj\fR. The type of the -algorithm parameters is set to \fBtype\fR using the structure \fBpval\fR. -The encoding of the public key itself is set to the \fBpenclen\fR -bytes contained in buffer \fBpenc\fR. On success ownership of all the supplied -parameters is passed to \fBpub\fR so they must not be freed after the -call. -.PP -\&\fBX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fBpub\fR, -\&\fB*ppkalg\fR is set to the associated \s-1OID\s0 and the encoding consists of -\&\fB*ppklen\fR bytes at \fB*pk\fR, \fB*pa\fR is set to the associated -AlgorithmIdentifier for the public key. If the value of any of these -parameters is not required it can be set to \fB\s-1NULL\s0\fR. All of the -retrieved pointers are internal and must not be freed after the -call. -.SH "NOTES" -.IX Header "NOTES" -The \fBX509_PUBKEY\fR functions can be used to encode and decode public keys -in a standard format. -.PP -In many cases applications will not call the \fBX509_PUBKEY\fR functions -directly: they will instead call wrapper functions such as \fBX509_get0_pubkey()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -If the allocation fails, \fBX509_PUBKEY_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fBERR_get_error\fR\|(3). -.PP -Otherwise it returns a pointer to the newly allocated structure. -.PP -\&\fBX509_PUBKEY_free()\fR does not return a value. -.PP -\&\fBX509_PUBKEY_get0()\fR and \fBX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR -structure or \fB\s-1NULL\s0\fR if an error occurs. -.PP -\&\fBX509_PUBKEY_set()\fR, \fBX509_PUBKEY_set0_param()\fR and \fBX509_PUBKEY_get0_param()\fR -return 1 for success and 0 if an error occurred. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBERR_get_error\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_SIG_get0.3 b/secure/lib/libcrypto/man/X509_SIG_get0.3 deleted file mode 100644 index 08e5529eb61d..000000000000 --- a/secure/lib/libcrypto/man/X509_SIG_get0.3 +++ /dev/null @@ -1,172 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_SIG_GET0 3" -.TH X509_SIG_GET0 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_SIG_get0, X509_SIG_getm \- DigestInfo functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, -\& const ASN1_OCTET_STRING **pdigest); -\& void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, -\& ASN1_OCTET_STRING **pdigest, -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_SIG_get0()\fR returns pointers to the algorithm identifier and digest -value in \fBsig\fR. \fBX509_SIG_getm()\fR is identical to \fBX509_SIG_get0()\fR -except the pointers returned are not constant and can be modified: -for example to initialise them. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_SIG_get0()\fR and \fBX509_SIG_getm()\fR return no values. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 deleted file mode 100644 index 152e9d9a8294..000000000000 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ /dev/null @@ -1,416 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_STORE_CTX_GET_ERROR 3" -.TH X509_STORE_CTX_GET_ERROR 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string \- get or set certificate verification status information -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); -\& void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); -\& int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); -\& void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); -\& X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); -\& void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); -\& X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); -\& -\& STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); -\& -\& const char *X509_verify_cert_error_string(long n); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions are typically called after \fBX509_verify_cert()\fR has indicated -an error or in a verification callback to determine the nature of an error. -.PP -\&\fBX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see -the \fB\s-1ERROR CODES\s0\fR section for a full description of all error codes. -.PP -\&\fBX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example -it might be used in a verification callback to set an error based on additional -checks. -.PP -\&\fBX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a -non-negative integer representing where in the certificate chain the error -occurred. If it is zero it occurred in the end entity certificate, one if -it is the certificate which signed the end entity certificate and so on. -.PP -\&\fBX509_STORE_CTX_set_error_depth()\fR sets the error \fBdepth\fR. -This can be used in combination with \fBX509_STORE_CTX_set_error()\fR to set the -depth at which an error condition was detected. -.PP -\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which -caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant. -.PP -\&\fBX509_STORE_CTX_set_current_cert()\fR sets the certificate \fBx\fR in \fBctx\fR which -caused the error. -This value is not intended to remain valid for very long, and remains owned by -the caller. -It may be examined by a verification callback invoked to handle each error -encountered during chain verification and is no longer required after such a -callback. -If a callback wishes the save the certificate for use after it returns, it -needs to increment its reference count via \fBX509_up_ref\fR\|(3). -Once such a \fIsaved\fR certificate is no longer needed it can be freed with -\&\fBX509_free\fR\|(3). -.PP -\&\fBX509_STORE_CTX_get0_cert()\fR retrieves an internal pointer to the -certificate being verified by the \fBctx\fR. -.PP -\&\fBX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous -call to \fBX509_verify_cert()\fR is successful. If the call to \fBX509_verify_cert()\fR -is \fBnot\fR successful the returned chain may be incomplete or invalid. The -returned chain persists after the \fBctx\fR structure is freed, when it is -no longer needed it should be free up using: -.PP -.Vb 1 -\& sk_X509_pop_free(chain, X509_free); -.Ve -.PP -\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for -verification error \fBn\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. -.PP -\&\fBX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth. -.PP -\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the -error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error. -.PP -\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for -verification error \fBn\fR. -.SH "ERROR CODES" -.IX Header "ERROR CODES" -A list of error codes and messages is shown below. Some of the -error codes are defined but currently never returned: these are described as -\&\*(L"unused\*(R". -.IP "\fBX509_V_OK: ok\fR" 4 -.IX Item "X509_V_OK: ok" -the operation was successful. -.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 -.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" -the issuer certificate of a locally looked up certificate could not be found. -This normally means the list of trusted certificates is not complete. -.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 -.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" -the \s-1CRL\s0 of a certificate could not be found. -.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 -.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" -the certificate signature could not be decrypted. This means that the actual -signature value could not be determined rather than it not matching the -expected value, this is only meaningful for \s-1RSA\s0 keys. -.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 -.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" -the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature -value could not be determined rather than it not matching the expected value. -Unused. -.IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 -.IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key" -the public key in the certificate SubjectPublicKeyInfo could not be read. -.IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 -.IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" -the signature of the certificate is invalid. -.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 -.IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" -the signature of the certificate is invalid. -.IP "\fBX509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 -.IX Item "X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" -the certificate is not yet valid: the notBefore date is after the current time. -.IP "\fBX509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4 -.IX Item "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" -the certificate has expired: that is the notAfter date is before the current time. -.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 -.IX Item "X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" -the \s-1CRL\s0 is not yet valid. -.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 -.IX Item "X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" -the \s-1CRL\s0 has expired. -.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 -.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" -the certificate notBefore field contains an invalid time. -.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 -.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" -the certificate notAfter field contains an invalid time. -.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 -.IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" -the \s-1CRL\s0 lastUpdate field contains an invalid time. -.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 -.IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" -the \s-1CRL\s0 nextUpdate field contains an invalid time. -.IP "\fBX509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 -.IX Item "X509_V_ERR_OUT_OF_MEM: out of memory" -an error occurred trying to allocate memory. This should never happen. -.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4 -.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate" -the passed certificate is self signed and the same certificate cannot be found -in the list of trusted certificates. -.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4 -.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain" -the certificate chain could be built up using the untrusted certificates but -the root could not be found locally. -.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 -.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" -the issuer certificate could not be found: this occurs if the issuer certificate -of an untrusted certificate cannot be found. -.IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 -.IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" -no signatures could be verified because the chain contains only one certificate -and it is not self signed. -.IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 -.IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" -the certificate chain length is greater than the supplied maximum depth. Unused. -.IP "\fBX509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 -.IX Item "X509_V_ERR_CERT_REVOKED: certificate revoked" -the certificate has been revoked. -.IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 -.IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate" -a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not -consistent with the supplied purpose. -.IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 -.IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" -the basicConstraints path-length parameter has been exceeded. -.IP "\fBX509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4 -.IX Item "X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose" -the supplied certificate cannot be used for the specified purpose. -.IP "\fBX509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 -.IX Item "X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" -the root \s-1CA\s0 is not marked as trusted for the specified purpose. -.IP "\fBX509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 -.IX Item "X509_V_ERR_CERT_REJECTED: certificate rejected" -the root \s-1CA\s0 is marked to reject the specified purpose. -.IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 -.IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" -the current candidate issuer certificate was rejected because its subject name -did not match the issuer name of the current certificate. This is only set -if issuer check debugging is enabled it is used for status notification and -is \fBnot\fR in itself an error. -.IP "\fBX509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4 -.IX Item "X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch" -the current candidate issuer certificate was rejected because its subject key -identifier was present and did not match the authority key identifier current -certificate. This is only set if issuer check debugging is enabled it is used -for status notification and is \fBnot\fR in itself an error. -.IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4 -.IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch" -the current candidate issuer certificate was rejected because its issuer name -and serial number was present and did not match the authority key identifier of -the current certificate. This is only set if issuer check debugging is enabled -it is used for status notification and is \fBnot\fR in itself an error. -.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4 -.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing" -the current candidate issuer certificate was rejected because its keyUsage -extension does not permit certificate signing. This is only set if issuer check -debugging is enabled it is used for status notification and is \fBnot\fR in itself -an error. -.IP "\fBX509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension\fR" 4 -.IX Item "X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension" -A certificate extension had an invalid value (for example an incorrect -encoding) or some value inconsistent with other extensions. -.IP "\fBX509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension\fR" 4 -.IX Item "X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension" -A certificate policies extension had an invalid value (for example an incorrect -encoding) or some value inconsistent with other extensions. This error only -occurs if policy processing is enabled. -.IP "\fBX509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy\fR" 4 -.IX Item "X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy" -The verification flags were set to require and explicit policy but none was -present. -.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: Different \s-1CRL\s0 scope\fR" 4 -.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope" -The only CRLs that could be found did not match the scope of the certificate. -.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature\fR" 4 -.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature" -Some feature of a certificate extension is not supported. Unused. -.IP "\fBX509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation\fR" 4 -.IX Item "X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation" -A name constraint violation occurred in the permitted subtrees. -.IP "\fBX509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation\fR" 4 -.IX Item "X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation" -A name constraint violation occurred in the excluded subtrees. -.IP "\fBX509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported\fR" 4 -.IX Item "X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported" -A certificate name constraints extension included a minimum or maximum field: -this is not supported. -.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type\fR" 4 -.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type" -An unsupported name constraint type was encountered. OpenSSL currently only -supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types. -.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax\fR" 4 -.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax" -The format of the name constraint is not recognised: for example an email -address format of a form not mentioned in \s-1RFC3280.\s0 This could be caused by -a garbage extension or some new feature not currently supported. -.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4 -.IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error" -An error occurred when attempting to verify the \s-1CRL\s0 path. This error can only -happen if extended \s-1CRL\s0 checking is enabled. -.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 -.IX Item "X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" -an application specific error. This will never be returned unless explicitly -set by an application. -.SH "NOTES" -.IX Header "NOTES" -The above functions should be used instead of directly referencing the fields -in the \fBX509_VERIFY_CTX\fR structure. -.PP -In versions of OpenSSL before 1.0 the current certificate returned by -\&\fBX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should -check the return value before printing out any debugging information relating -to the current certificate. -.PP -If an unrecognised error code is passed to \fBX509_verify_cert_error_string()\fR the -numerical value of the unknown code is returned in a static buffer. This is not -thread safe but will never happen unless an invalid code is passed. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_verify_cert\fR\|(3), -\&\fBX509_up_ref\fR\|(3), -\&\fBX509_free\fR\|(3). -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 deleted file mode 100644 index 836196cc4ff4..000000000000 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ /dev/null @@ -1,295 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_STORE_CTX_NEW 3" -.TH X509_STORE_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, X509_STORE_CTX_get_num_untrusted, X509_STORE_CTX_set_default, X509_STORE_CTX_set_verify, X509_STORE_CTX_verify_fn \&\- X509_STORE_CTX initialisation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509_STORE_CTX *X509_STORE_CTX_new(void); -\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); -\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx); -\& -\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, -\& X509 *x509, STACK_OF(X509) *chain); -\& -\& void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); -\& -\& void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); -\& STACK_OF(X509) *X509_STORE_CTX_get0_chain(X609_STORE_CTX *ctx); -\& void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); -\& void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); -\& -\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); -\& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); -\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); -\& -\& STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); -\& void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); -\& -\& int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); -\& -\& typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); -\& void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use -by \fBX509_verify_cert()\fR. -.PP -\&\fBX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. -.PP -\&\fBX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. -The context can then be reused with an new call to \fBX509_STORE_CTX_init()\fR. -.PP -\&\fBX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR -is no longer valid. -If \fBctx\fR is \s-1NULL\s0 nothing is done. -.PP -\&\fBX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. -It must be called before each call to \fBX509_verify_cert()\fR, i.e. a \fBctx\fR is only -good for one call to \fBX509_verify_cert()\fR; if you want to verify a second -certificate with the same \fBctx\fR then you must call \fBX509_STORE_CTX_cleanup()\fR -and then \fBX509_STORE_CTX_init()\fR again before the second call to -\&\fBX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end -entity certificate to be verified is set to \fBx509\fR and a set of additional -certificates (which will be untrusted but may be used to build the chain) in -\&\fBchain\fR. Any or all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be -\&\fB\s-1NULL\s0\fR. -.PP -\&\fBX509_STORE_CTX_set0_trusted_stack()\fR sets the set of trusted certificates of -\&\fBctx\fR to \fBsk\fR. This is an alternative way of specifying trusted certificates -instead of using an \fBX509_STORE\fR. -.PP -\&\fBX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to -\&\fBx\fR. -.PP -\&\fBX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used -by \fBctx\fR to be \fBchain\fR. -Ownership of the chain is transferred to \fBctx\fR and should not be -free'd by the caller. -\&\fBX509_STORE_CTX_get0_chain()\fR returns a the internal pointer used by the -\&\fBctx\fR that contains the validated chain. -.PP -\&\fBX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate -verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is -enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be -used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol, -for example in a PKCS#7 structure. -.PP -\&\fBX509_STORE_CTX_get0_param()\fR retrieves an internal pointer -to the verification parameters associated with \fBctx\fR. -.PP -\&\fBX509_STORE_CTX_get0_untrusted()\fR retrieves an internal pointer to the -stack of untrusted certificates associated with \fBctx\fR. -.PP -\&\fBX509_STORE_CTX_set0_untrusted()\fR sets the internal point to the stack -of untrusted certificates associated with \fBctx\fR to \fBsk\fR. -.PP -\&\fBX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer -to \fBparam\fR. After this call \fBparam\fR should not be used. -.PP -\&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification -method to \fBname\fR. This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to -find an appropriate set of parameters from \fBname\fR. -.PP -\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates -that were used in building the chain following a call to \fBX509_verify_cert()\fR. -.PP -\&\fBX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default -verify function. This function is responsible for verifying chain signatures and -expiration times. -.PP -A verify function is defined as an X509_STORE_CTX_verify type which has the -following signature: -.PP -.Vb 1 -\& int (*verify)(X509_STORE_CTX *); -.Ve -.PP -This function should receive the current X509_STORE_CTX as a parameter and -return 1 on success or 0 on failure. -.SH "NOTES" -.IX Header "NOTES" -The certificates and CRLs in a store are used internally and should \fBnot\fR -be freed up until after the associated \fBX509_STORE_CTX\fR is freed. -.SH "BUGS" -.IX Header "BUGS" -The certificates and CRLs in a context are used internally and should \fBnot\fR -be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies -should be made or reference counts increased instead. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an -error occurred. -.PP -\&\fBX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. -.PP -\&\fBX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR -structure or \fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBX509_STORE_CTX_cleanup()\fR, \fBX509_STORE_CTX_free()\fR, -\&\fBX509_STORE_CTX_set0_trusted_stack()\fR, -\&\fBX509_STORE_CTX_set_cert()\fR, -\&\fBX509_STORE_CTX_set0_crls()\fR and \fBX509_STORE_CTX_set0_param()\fR do not return -values. -.PP -\&\fBX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred. -.PP -\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates -used. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_verify_cert\fR\|(3) -\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBX509_STORE_CTX_set0_crls()\fR function was added in OpenSSL 1.0.0. -The \fBX509_STORE_CTX_get_num_untrusted()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 deleted file mode 100644 index df7e6a6e1942..000000000000 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 +++ /dev/null @@ -1,334 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_STORE_CTX_SET_VERIFY_CB 3" -.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_STORE_CTX_get_cleanup, X509_STORE_CTX_get_lookup_crls, X509_STORE_CTX_get_lookup_certs, X509_STORE_CTX_get_check_policy, X509_STORE_CTX_get_cert_crl, X509_STORE_CTX_get_check_crl, X509_STORE_CTX_get_get_crl, X509_STORE_CTX_get_check_revocation, X509_STORE_CTX_get_check_issued, X509_STORE_CTX_get_get_issuer, X509_STORE_CTX_get_verify_cb, X509_STORE_CTX_set_verify_cb, X509_STORE_CTX_verify_cb \&\- get and set verification callback -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); -\& -\& X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, -\& X509_STORE_CTX_verify_cb verify_cb); -\& -\& X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); -\& X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); -\& X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); -\& X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); -\& X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); -\& X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); -\& X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); -\& X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); -\& X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); -\& X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to -\&\fBverify_cb\fR overwriting any existing callback. -.PP -The verification callback can be used to customise the operation of certificate -verification, either by overriding error conditions or logging errors for -debugging purposes. -.PP -However a verification callback is \fBnot\fR essential and the default operation -is often sufficient. -.PP -The \fBok\fR parameter to the callback indicates the value the callback should -return to retain the default behaviour. If it is zero then an error condition -is indicated. If it is 1 then no error occurred. If the flag -\&\fBX509_V_FLAG_NOTIFY_POLICY\fR is set then \fBok\fR is set to 2 to indicate the -policy checking is complete. -.PP -The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that -is performing the verification operation. A callback can examine this -structure and receive additional information about the error, for example -by calling \fBX509_STORE_CTX_get_current_cert()\fR. Additional application data can -be passed to the callback via the \fBex_data\fR mechanism. -.PP -\&\fBX509_STORE_CTX_get_verify_cb()\fR returns the value of the current callback -for the specific \fBctx\fR. -.PP -\&\fBX509_STORE_CTX_get_get_issuer()\fR, -\&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR, -\&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR, -\&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, -\&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR -and \fBX509_STORE_CTX_get_cleanup()\fR return the function pointers cached -from the corresponding \fBX509_STORE\fR, please see -\&\fBX509_STORE_set_verify\fR\|(3) for more information. -.SH "WARNINGS" -.IX Header "WARNINGS" -In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in -all circumstances because this will allow verification to succeed no matter -what the error. This effectively removes all security from the application -because \fBany\fR certificate (including untrusted generated ones) will be -accepted. -.SH "NOTES" -.IX Header "NOTES" -The verification callback can be set and inherited from the parent structure -performing the operation. In some cases (such as S/MIME verification) the -\&\fBX509_STORE_CTX\fR structure is created and destroyed internally and the -only way to set a custom verification callback is by inheriting it from the -associated \fBX509_STORE\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_STORE_CTX_set_verify_cb()\fR does not return a value. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Default callback operation: -.PP -.Vb 3 -\& int verify_callback(int ok, X509_STORE_CTX *ctx) { -\& return ok; -\& } -.Ve -.PP -Simple example, suppose a certificate in the chain is expired and we wish -to continue after this error: -.PP -.Vb 7 -\& int verify_callback(int ok, X509_STORE_CTX *ctx) { -\& /* Tolerate certificate expiration */ -\& if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) -\& return 1; -\& /* Otherwise don\*(Aqt override */ -\& return ok; -\& } -.Ve -.PP -More complex example, we don't wish to continue after \fBany\fR certificate has -expired just one specific case: -.PP -.Vb 4 -\& int verify_callback(int ok, X509_STORE_CTX *ctx) -\& { -\& int err = X509_STORE_CTX_get_error(ctx); -\& X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); -\& -\& if (err == X509_V_ERR_CERT_HAS_EXPIRED) { -\& if (check_is_acceptable_expired_cert(err_cert) -\& return 1; -\& } -\& return ok; -\& } -.Ve -.PP -Full featured logging callback. In this case the \fBbio_err\fR is assumed to be -a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in \fBctx\fR using -\&\fBex_data\fR. -.PP -.Vb 4 -\& int verify_callback(int ok, X509_STORE_CTX *ctx) -\& { -\& X509 *err_cert; -\& int err, depth; -\& -\& err_cert = X509_STORE_CTX_get_current_cert(ctx); -\& err = X509_STORE_CTX_get_error(ctx); -\& depth = X509_STORE_CTX_get_error_depth(ctx); -\& -\& BIO_printf(bio_err, "depth=%d ", depth); -\& if (err_cert) { -\& X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), -\& 0, XN_FLAG_ONELINE); -\& BIO_puts(bio_err, "\en"); -\& } -\& else -\& BIO_puts(bio_err, "\en"); -\& if (!ok) -\& BIO_printf(bio_err, "verify error:num=%d:%s\en", err, -\& X509_verify_cert_error_string(err)); -\& switch (err) { -\& case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -\& BIO_puts(bio_err, "issuer= "); -\& X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), -\& 0, XN_FLAG_ONELINE); -\& BIO_puts(bio_err, "\en"); -\& break; -\& case X509_V_ERR_CERT_NOT_YET_VALID: -\& case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: -\& BIO_printf(bio_err, "notBefore="); -\& ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); -\& BIO_printf(bio_err, "\en"); -\& break; -\& case X509_V_ERR_CERT_HAS_EXPIRED: -\& case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: -\& BIO_printf(bio_err, "notAfter="); -\& ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); -\& BIO_printf(bio_err, "\en"); -\& break; -\& case X509_V_ERR_NO_EXPLICIT_POLICY: -\& policies_print(bio_err, ctx); -\& break; -\& } -\& if (err == X509_V_OK && ok == 2) -\& /* print out policies */ -\& -\& BIO_printf(bio_err, "verify return:%d\en", ok); -\& return(ok); -\& } -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_STORE_CTX_get_error\fR\|(3) -\&\fBX509_STORE_set_verify_cb_func\fR\|(3) -\&\fBX509_STORE_CTX_get_ex_new_index\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The -\&\fBX509_STORE_CTX_get_get_issuer()\fR, -\&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR, -\&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR, -\&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, -\&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR -and \fBX509_STORE_CTX_get_cleanup()\fR functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_STORE_add_cert.3 b/secure/lib/libcrypto/man/X509_STORE_add_cert.3 deleted file mode 100644 index 5ec34234c329..000000000000 --- a/secure/lib/libcrypto/man/X509_STORE_add_cert.3 +++ /dev/null @@ -1,230 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_STORE_ADD_CERT 3" -.TH X509_STORE_ADD_CERT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, X509_STORE_load_locations, X509_STORE_set_default_paths \&\- X509_STORE manipulation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); -\& int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); -\& int X509_STORE_set_depth(X509_STORE *store, int depth); -\& int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); -\& int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); -\& int X509_STORE_set_trust(X509_STORE *ctx, int trust); -\& -\& int X509_STORE_load_locations(X509_STORE *ctx, -\& const char *file, const char *dir); -\& int X509_STORE_set_default_paths(X509_STORE *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBX509_STORE\fR structure is intended to be a consolidated mechanism for -holding information about X.509 certificates and CRLs, and constructing -and validating chains of certificates terminating in trusted roots. -It admits multiple lookup mechanisms and efficient scaling performance -with large numbers of certificates, and a great deal of flexibility in -how validation and policy checks are performed. -.PP -\&\fBX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains -no information about trusted certificates or where such certificates -are located on disk, and is generally not usable. Normally, trusted -certificates will be added to the \fBX509_STORE\fR to prepare it for use, -via mechanisms such as \fBX509_STORE_add_lookup()\fR and \fBX509_LOOKUP_file()\fR, or -\&\fBPEM_read_bio_X509_AUX()\fR and \fBX509_STORE_add_cert()\fR. CRLs can also be added, -and many behaviors configured as desired. -.PP -Once the \fBX509_STORE\fR is suitably configured, \fBX509_STORE_CTX_new()\fR is -used to instantiate a single-use \fBX509_STORE_CTX\fR for each chain-building -and verification operation. That process includes providing the end-entity -certificate to be verified and an additional set of untrusted certificates -that may be used in chain-building. As such, it is expected that the -certificates included in the \fBX509_STORE\fR are certificates that represent -trusted entities such as root certificate authorities (CAs). -OpenSSL represents these trusted certificates internally as \fBX509\fR objects -with an associated \fBX509_CERT_AUX\fR, as are produced by -\&\fBPEM_read_bio_X509_AUX()\fR and similar routines that refer to X509_AUX. -The public interfaces that operate on such trusted certificates still -operate on pointers to \fBX509\fR objects, though. -.PP -\&\fBX509_STORE_add_cert()\fR and \fBX509_STORE_add_crl()\fR add the respective object -to the \fBX509_STORE\fR's local storage. Untrusted objects should not be -added in this way. The added object's reference count is incremented by one, -hence the caller retains ownership of the object and needs to free it when it -is no longer needed. -.PP -\&\fBX509_STORE_set_depth()\fR, \fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, -\&\fBX509_STORE_set_trust()\fR, and \fBX509_STORE_set1_param()\fR set the default values -for the corresponding values used in certificate chain validation. Their -behavior is documented in the corresponding \fBX509_VERIFY_PARAM\fR manual -pages, e.g., \fBX509_VERIFY_PARAM_set_depth\fR\|(3). -.PP -\&\fBX509_STORE_load_locations()\fR loads trusted certificate(s) into an -\&\fBX509_STORE\fR from a given file and/or directory path. It is permitted -to specify just a file, just a directory, or both paths. The certificates -in the directory must be in hashed form, as documented in -\&\fBX509_LOOKUP_hash_dir\fR\|(3). -.PP -\&\fBX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not -set what default paths should be used for loading certificates. Instead, -it loads certificates into the \fBX509_STORE\fR from the hardcoded default -paths. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_STORE_add_cert()\fR, \fBX509_STORE_add_crl()\fR, \fBX509_STORE_set_depth()\fR, -\&\fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, -\&\fBX509_STORE_set_trust()\fR, \fBX509_STORE_load_locations()\fR, and -\&\fBX509_STORE_set_default_paths()\fR return 1 on success or 0 on failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_LOOKUP_hash_dir\fR\|(3). -\&\fBX509_VERIFY_PARAM_set_depth\fR\|(3). -\&\fBX509_STORE_new\fR\|(3), -\&\fBX509_STORE_get0_param\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_STORE_get0_param.3 b/secure/lib/libcrypto/man/X509_STORE_get0_param.3 deleted file mode 100644 index 8196f17935a6..000000000000 --- a/secure/lib/libcrypto/man/X509_STORE_get0_param.3 +++ /dev/null @@ -1,186 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_STORE_GET0_PARAM 3" -.TH X509_STORE_GET0_PARAM 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_STORE_get0_param, X509_STORE_set1_param, X509_STORE_get0_objects \- X509_STORE setter and getter functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); -\& int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); -\& STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_STORE_set1_param()\fR sets the verification parameters -to \fBpm\fR for \fBctx\fR. -.PP -\&\fBX509_STORE_get0_param()\fR retrieves an internal pointer to the verification -parameters for \fBctx\fR. The returned pointer must not be freed by the -calling application -.PP -\&\fBX509_STORE_get0_objects()\fR retrieve an internal pointer to the store's -X509 object cache. The cache contains \fBX509\fR and \fBX509_CRL\fR objects. The -returned pointer must not be freed by the calling application. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_STORE_get0_param()\fR returns a pointer to an -\&\fBX509_VERIFY_PARAM\fR structure. -.PP -\&\fBX509_STORE_set1_param()\fR returns 1 for success and 0 for failure. -.PP -\&\fBX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_STORE_new\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBX509_STORE_get0_param\fR and \fBX509_STORE_get0_objects\fR were added in -OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_STORE_new.3 b/secure/lib/libcrypto/man/X509_STORE_new.3 deleted file mode 100644 index 291660b75abe..000000000000 --- a/secure/lib/libcrypto/man/X509_STORE_new.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_STORE_NEW 3" -.TH X509_STORE_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, X509_STORE_unlock \- X509_STORE allocation, freeing and locking functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509_STORE *X509_STORE_new(void); -\& void X509_STORE_free(X509_STORE *v); -\& int X509_STORE_lock(X509_STORE *v); -\& int X509_STORE_unlock(X509_STORE *v); -\& int X509_STORE_up_ref(X509_STORE *v); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBX509_STORE_new()\fR function returns a new X509_STORE. -.PP -\&\fBX509_STORE_up_ref()\fR increments the reference count associated with the -X509_STORE object. -.PP -\&\fBX509_STORE_lock()\fR locks the store from modification by other threads, -\&\fBX509_STORE_unlock()\fR unlocks it. -.PP -\&\fBX509_STORE_free()\fR frees up a single X509_STORE object. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_STORE_new()\fR returns a newly created X509_STORE or \s-1NULL\s0 if the call fails. -.PP -\&\fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR return -1 for success and 0 for failure. -.PP -\&\fBX509_STORE_free()\fR does not return values. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_STORE_set_verify_cb_func\fR\|(3) -\&\fBX509_STORE_get0_param\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR -functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 deleted file mode 100644 index afdc359fdb8d..000000000000 --- a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ /dev/null @@ -1,364 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3" -.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanup, X509_STORE_set_cleanup, X509_STORE_get_lookup_crls, X509_STORE_set_lookup_crls, X509_STORE_get_lookup_certs, X509_STORE_set_lookup_certs, X509_STORE_get_check_policy, X509_STORE_set_check_policy, X509_STORE_get_cert_crl, X509_STORE_set_cert_crl, X509_STORE_get_check_crl, X509_STORE_set_check_crl, X509_STORE_get_get_crl, X509_STORE_set_get_crl, X509_STORE_get_check_revocation, X509_STORE_set_check_revocation, X509_STORE_get_check_issued, X509_STORE_set_check_issued, X509_STORE_get_get_issuer, X509_STORE_set_get_issuer, X509_STORE_CTX_get_verify, X509_STORE_set_verify, X509_STORE_get_verify_cb, X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn \&\- set verification callback -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, -\& X509_STORE_CTX *ctx, X509 *x); -\& typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, -\& X509 *x, X509 *issuer); -\& typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); -\& typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, -\& X509_CRL **crl, X509 *x); -\& typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); -\& typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, -\& X509_CRL *crl, X509 *x); -\& typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); -\& typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, -\& X509_NAME *nm); -\& typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, -\& X509_NAME *nm); -\& typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_set_verify_cb(X509_STORE *ctx, -\& X509_STORE_CTX_verify_cb verify_cb); -\& X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); -\& X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_set_get_issuer(X509_STORE *ctx, -\& X509_STORE_CTX_get_issuer_fn get_issuer); -\& X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_set_check_issued(X509_STORE *ctx, -\& X509_STORE_CTX_check_issued_fn check_issued); -\& X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_set_check_revocation(X509_STORE *ctx, -\& X509_STORE_CTX_check_revocation_fn check_revocation); -\& X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_set_get_crl(X509_STORE *ctx, -\& X509_STORE_CTX_get_crl_fn get_crl); -\& X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_set_check_crl(X509_STORE *ctx, -\& X509_STORE_CTX_check_crl_fn check_crl); -\& X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_set_cert_crl(X509_STORE *ctx, -\& X509_STORE_CTX_cert_crl_fn cert_crl); -\& X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_set_check_policy(X509_STORE *ctx, -\& X509_STORE_CTX_check_policy_fn check_policy); -\& X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_set_lookup_certs(X509_STORE *ctx, -\& X509_STORE_CTX_lookup_certs_fn lookup_certs); -\& X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_set_lookup_crls(X509_STORE *ctx, -\& X509_STORE_CTX_lookup_crls_fn lookup_crls); -\& X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx); -\& -\& void X509_STORE_set_cleanup(X509_STORE *ctx, -\& X509_STORE_CTX_cleanup_fn cleanup); -\& X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx); -\& -\& /* Aliases */ -\& void X509_STORE_set_verify_cb_func(X509_STORE *st, -\& X509_STORE_CTX_verify_cb verify_cb); -\& void X509_STORE_set_verify_func(X509_STORE *ctx, -\& X509_STORE_CTX_verify_fn verify); -\& void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, -\& X509_STORE_CTX_lookup_crls_fn lookup_crls); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to -\&\fBverify_cb\fR overwriting the previous callback. -The callback assigned with this function becomes a default for the one -that can be assigned directly to the corresponding \fBX509_STORE_CTX\fR, -please see \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further information. -.PP -\&\fBX509_STORE_set_verify()\fR sets the final chain verification function for -\&\fBctx\fR to \fBverify\fR. -Its purpose is to go through the chain of certificates and check that -all signatures are valid and that the current time is within the -limits of each certificate's first and last validity time. -The final chain verification functions must return 0 on failure and 1 -on success. -\&\fIIf no chain verification function is provided, the internal default -function will be used instead.\fR -.PP -\&\fBX509_STORE_set_get_issuer()\fR sets the function to get the issuer -certificate that verifies the given certificate \fBx\fR. -When found, the issuer certificate must be assigned to \fB*issuer\fR. -This function must return 0 on failure and 1 on success. -\&\fIIf no function to get the issuer is provided, the internal default -function will be used instead.\fR -.PP -\&\fBX509_STORE_set_check_issued()\fR sets the function to check that a given -certificate \fBx\fR is issued with the issuer certificate \fBissuer\fR. -This function must return 0 on failure (among others if \fBx\fR hasn't -been issued with \fBissuer\fR) and 1 on success. -\&\fIIf no function to get the issuer is provided, the internal default -function will be used instead.\fR -.PP -\&\fBX509_STORE_set_check_revocation()\fR sets the revocation checking -function. -Its purpose is to look through the final chain and check the -revocation status for each certificate. -It must return 0 on failure and 1 on success. -\&\fIIf no function to get the issuer is provided, the internal default -function will be used instead.\fR -.PP -\&\fBX509_STORE_set_get_crl()\fR sets the function to get the crl for a given -certificate \fBx\fR. -When found, the crl must be assigned to \fB*crl\fR. -This function must return 0 on failure and 1 on success. -\&\fIIf no function to get the issuer is provided, the internal default -function will be used instead.\fR -.PP -\&\fBX509_STORE_set_check_crl()\fR sets the function to check the validity of -the given \fBcrl\fR. -This function must return 0 on failure and 1 on success. -\&\fIIf no function to get the issuer is provided, the internal default -function will be used instead.\fR -.PP -\&\fBX509_STORE_set_cert_crl()\fR sets the function to check the revocation -status of the given certificate \fBx\fR against the given \fBcrl\fR. -This function must return 0 on failure and 1 on success. -\&\fIIf no function to get the issuer is provided, the internal default -function will be used instead.\fR -.PP -\&\fBX509_STORE_set_check_policy()\fR sets the function to check the policies -of all the certificates in the final chain.. -This function must return 0 on failure and 1 on success. -\&\fIIf no function to get the issuer is provided, the internal default -function will be used instead.\fR -.PP -\&\fBX509_STORE_set_lookup_certs()\fR and \fBX509_STORE_set_lookup_crls()\fR set the -functions to look up all the certs or all the CRLs that match the -given name \fBnm\fR. -These functions return \s-1NULL\s0 on failure and a pointer to a stack of -certificates (\fBX509\fR) or to a stack of CRLs (\fBX509_CRL\fR) on -success. -\&\fIIf no function to get the issuer is provided, the internal default -function will be used instead.\fR -.PP -\&\fBX509_STORE_set_cleanup()\fR sets the final cleanup function, which is -called when the context (\fBX509_STORE_CTX\fR) is being torn down. -This function doesn't return any value. -\&\fIIf no function to get the issuer is provided, the internal default -function will be used instead.\fR -.PP -\&\fBX509_STORE_get_verify_cb()\fR, \fBX509_STORE_CTX_get_verify()\fR, -\&\fBX509_STORE_get_get_issuer()\fR, \fBX509_STORE_get_check_issued()\fR, -\&\fBX509_STORE_get_check_revocation()\fR, \fBX509_STORE_get_get_crl()\fR, -\&\fBX509_STORE_get_check_crl()\fR, \fBX509_STORE_set_verify()\fR, -\&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_cert_crl()\fR, -\&\fBX509_STORE_get_check_policy()\fR, \fBX509_STORE_get_lookup_certs()\fR, -\&\fBX509_STORE_get_lookup_crls()\fR and \fBX509_STORE_get_cleanup()\fR all return -the function pointer assigned with \fBX509_STORE_set_check_issued()\fR, -\&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_set_get_crl()\fR, -\&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_set_cert_crl()\fR, -\&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_set_lookup_certs()\fR, -\&\fBX509_STORE_set_lookup_crls()\fR and \fBX509_STORE_set_cleanup()\fR, or \s-1NULL\s0 if -no assignment has been made. -.PP -\&\fBX509_STORE_set_verify_cb_func()\fR, \fBX509_STORE_set_verify_func()\fR and -\&\fBX509_STORE_set_lookup_crls_cb()\fR are aliases for -\&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_set_verify()\fR and -X509_STORE_set_lookup_crls, available as macros for backward -compatibility. -.SH "NOTES" -.IX Header "NOTES" -All the callbacks from a \fBX509_STORE\fR are inherited by the -corresponding \fBX509_STORE_CTX\fR structure when it is initialized. -See \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further details. -.SH "BUGS" -.IX Header "BUGS" -The macro version of this function was the only one available before -OpenSSL 1.0.0. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The X509_STORE_set_*() functions do not return a value. -.PP -The X509_STORE_get_*() functions return a pointer of the appropriate -function type. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_STORE_CTX_set_verify_cb\fR\|(3), \fBX509_STORE_CTX_get0_chain\fR\|(3), -\&\fBX509_STORE_CTX_verify_cb\fR\|(3), \fBX509_STORE_CTX_verify_fn\fR\|(3), -\&\fBCMS_verify\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBX509_STORE_set_verify_cb()\fR function was added in OpenSSL 1.0.0. -.PP -The functions -\&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_get_verify_cb()\fR, -\&\fBX509_STORE_set_verify()\fR, \fBX509_STORE_CTX_get_verify()\fR, -\&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_get_issuer()\fR, -\&\fBX509_STORE_set_check_issued()\fR, \fBX509_STORE_get_check_issued()\fR, -\&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_get_check_revocation()\fR, -\&\fBX509_STORE_set_get_crl()\fR, \fBX509_STORE_get_get_crl()\fR, -\&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_get_check_crl()\fR, -\&\fBX509_STORE_set_cert_crl()\fR, \fBX509_STORE_get_cert_crl()\fR, -\&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_get_check_policy()\fR, -\&\fBX509_STORE_set_lookup_certs()\fR, \fBX509_STORE_get_lookup_certs()\fR, -\&\fBX509_STORE_set_lookup_crls()\fR, \fBX509_STORE_get_lookup_crls()\fR, -\&\fBX509_STORE_set_cleanup()\fR and \fBX509_STORE_get_cleanup()\fR -were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 deleted file mode 100644 index 09d0211d2d36..000000000000 --- a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ /dev/null @@ -1,500 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_VERIFY_PARAM_SET_FLAGS 3" -.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc \&\- X509 verification parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, -\& unsigned long flags); -\& int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, -\& unsigned long flags); -\& unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); -\& -\& int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, -\& uint32_t flags); -\& uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); -\& -\& int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); -\& int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); -\& -\& void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); -\& time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); -\& -\& int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, -\& ASN1_OBJECT *policy); -\& int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, -\& STACK_OF(ASN1_OBJECT) *policies); -\& -\& void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); -\& int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); -\& -\& void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, -\& int auth_level); -\& int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); -\& -\& int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, -\& const char *name, size_t namelen); -\& int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, -\& const char *name, size_t namelen); -\& void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, -\& unsigned int flags); -\& unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); -\& char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); -\& int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, -\& const char *email, size_t emaillen); -\& int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, -\& const unsigned char *ip, size_t iplen); -\& int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with -a certificate verification operation. -.PP -The \fBX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring -it with \fBflags\fR. See the \fB\s-1VERIFICATION FLAGS\s0\fR section for a complete -description of values the \fBflags\fR parameter can take. -.PP -\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. -.PP -\&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the inheritance flags in \fBparam\fR -which specifies how verification flags are copied from one structure to -another. \fBX509_VERIFY_PARAM_set_inh_flags()\fR sets the inheritance flags. -See the \fB\s-1INHERITANCE FLAGS\s0\fR section for a description of these bits. -.PP -\&\fBX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. -.PP -\&\fBX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR -to \fBpurpose\fR. This determines the acceptable purpose of the certificate -chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server. -.PP -\&\fBX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to -\&\fBtrust\fR. -.PP -\&\fBX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to -\&\fBt\fR. Normally the current time is used. -.PP -\&\fBX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled -by default) and adds \fBpolicy\fR to the acceptable policy set. -.PP -\&\fBX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled -by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing -policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear -an existing policy set. -.PP -\&\fBX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. -That is the maximum number of intermediate \s-1CA\s0 certificates that can appear in a -chain. -A maximal depth chain contains 2 more certificates than the limit, since -neither the end-entity certificate nor the trust-anchor count against this -limit. -Thus a \fBdepth\fR limit of 0 only allows the end-entity certificate to be signed -directly by the trust-anchor, while with a \fBdepth\fR limit of 1 there can be one -intermediate \s-1CA\s0 certificate between the trust-anchor and the end-entity -certificate. -.PP -\&\fBX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to -\&\fBauth_level\fR. -The authentication security level determines the acceptable signature and public -key strength when verifying certificate chains. -For a certificate chain to validate, the public keys of all the certificates -must meet the specified security level. -The signature algorithm security level is not enforced for the chain's \fItrust -anchor\fR certificate, which is either directly trusted or validated by means other -than its signature. -See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available -levels. -The default security level is \-1, or \*(L"not set\*(R". -At security level 0 or lower all algorithms are acceptable. -Security level 1 requires at least 80\-bit\-equivalent security and is broadly -interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys -shorter than 1024 bits. -.PP -\&\fBX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to -\&\fBname\fR clearing any previously specified host name or names. If -\&\fBname\fR is \s-1NULL,\s0 or empty the list of hostnames is cleared, and -name checks are not performed on the peer certificate. If \fBname\fR -is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR -must be set to the length of \fBname\fR. -.PP -When a hostname is specified, -certificate verification automatically invokes \fBX509_check_host\fR\|(3) -with flags equal to the \fBflags\fR argument given to -\&\fBX509_VERIFY_PARAM_set_hostflags()\fR (default zero). Applications -are strongly advised to use this interface in preference to explicitly -calling \fBX509_check_host\fR\|(3), hostname checks may be out of scope -with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will -be suppressed as appropriate when \s-1DANE\s0 verification is enabled. -.PP -When the subject CommonName will not be ignored, whether as a result of the -\&\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR host flag, or because no \s-1DNS\s0 subject -alternative names are present in the certificate, any \s-1DNS\s0 name constraints in -issuer certificates apply to the subject CommonName as well as the subject -alternative name extension. -.PP -When the subject CommonName will be ignored, whether as a result of the -\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR host flag, or because some \s-1DNS\s0 subject -alternative names are present in the certificate, \s-1DNS\s0 name constraints in -issuer certificates will not be applied to the subject \s-1DN.\s0 -As described in \fBX509_check_host\fR\|(3) the \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR -flag takes precedence over the \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag. -.PP -\&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any host flags previously set via a -call to \fBX509_VERIFY_PARAM_set_hostflags()\fR. -.PP -\&\fBX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference -identifier that can match the peer's certificate. Any previous names -set via \fBX509_VERIFY_PARAM_set1_host()\fR or \fBX509_VERIFY_PARAM_add1_host()\fR -are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty. When -multiple names are configured, the peer is considered verified when -any name matches. -.PP -\&\fBX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject -CommonName from the peer certificate that matched one of the reference -identifiers. When wildcard matching is not disabled, or when a -reference identifier specifies a parent domain (starts with \*(L".\*(R") -rather than a hostname, the peer name may be a wildcard name or a -sub-domain of the reference identifier respectively. The return -string is allocated by the library and is no longer valid once the -associated \fBparam\fR argument is freed. Applications must not free -the return value. -.PP -\&\fBX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to -\&\fBemail\fR. If \fBemail\fR is NUL-terminated, \fBemaillen\fR may be zero, otherwise -\&\fBemaillen\fR must be set to the length of \fBemail\fR. When an email address -is specified, certificate verification automatically invokes -\&\fBX509_check_email\fR\|(3). -.PP -\&\fBX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. -The \fBip\fR argument is in binary format, in network byte-order and -\&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6. When an \s-1IP\s0 -address is specified, certificate verification automatically invokes -\&\fBX509_check_ip\fR\|(3). -.PP -\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to -\&\fBipasc\fR. The \fBipasc\fR argument is a NUL-terminal \s-1ASCII\s0 string: -dotted decimal quad for IPv4 and colon-separated hexadecimal for -IPv6. The condensed \*(L"::\*(R" notation is supported for IPv6 addresses. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_VERIFY_PARAM_set_flags()\fR, \fBX509_VERIFY_PARAM_clear_flags()\fR, -\&\fBX509_VERIFY_PARAM_set_inh_flags()\fR, -\&\fBX509_VERIFY_PARAM_set_purpose()\fR, \fBX509_VERIFY_PARAM_set_trust()\fR, -\&\fBX509_VERIFY_PARAM_add0_policy()\fR \fBX509_VERIFY_PARAM_set1_policies()\fR, -\&\fBX509_VERIFY_PARAM_set1_host()\fR, \fBX509_VERIFY_PARAM_add1_host()\fR, -\&\fBX509_VERIFY_PARAM_set1_email()\fR, \fBX509_VERIFY_PARAM_set1_ip()\fR and -\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for -failure. -.PP -\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. -.PP -\&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any current host flags. -.PP -\&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the current inheritance flags. -.PP -\&\fBX509_VERIFY_PARAM_set_time()\fR and \fBX509_VERIFY_PARAM_set_depth()\fR do not return -values. -.PP -\&\fBX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth. -.PP -\&\fBX509_VERIFY_PARAM_get_auth_level()\fR returns the current authentication security -level. -.SH "VERIFICATION FLAGS" -.IX Header "VERIFICATION FLAGS" -The verification flags consists of zero or more of the following flags -ored together. -.PP -\&\fBX509_V_FLAG_CRL_CHECK\fR enables \s-1CRL\s0 checking for the certificate chain leaf -certificate. An error occurs if a suitable \s-1CRL\s0 cannot be found. -.PP -\&\fBX509_V_FLAG_CRL_CHECK_ALL\fR enables \s-1CRL\s0 checking for the entire certificate -chain. -.PP -\&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disabled critical extension checking. By default -any unhandled critical extensions in certificates or (if checked) CRLs results -in a fatal error. If this flag is set unhandled critical extensions are -ignored. \fB\s-1WARNING\s0\fR setting this option for anything other than debugging -purposes can be a security risk. Finer control over which extensions are -supported can be performed in the verification callback. -.PP -The \fBX509_V_FLAG_X509_STRICT\fR flag disables workarounds for some broken -certificates and makes the verification strictly apply \fBX509\fR rules. -.PP -\&\fBX509_V_FLAG_ALLOW_PROXY_CERTS\fR enables proxy certificate verification. -.PP -\&\fBX509_V_FLAG_POLICY_CHECK\fR enables certificate policy checking, by default -no policy checking is performed. Additional information is sent to the -verification callback relating to policy checking. -.PP -\&\fBX509_V_FLAG_EXPLICIT_POLICY\fR, \fBX509_V_FLAG_INHIBIT_ANY\fR and -\&\fBX509_V_FLAG_INHIBIT_MAP\fR set the \fBrequire explicit policy\fR, \fBinhibit any -policy\fR and \fBinhibit policy mapping\fR flags respectively as defined in -\&\fB\s-1RFC3280\s0\fR. Policy checking is automatically enabled if any of these flags -are set. -.PP -If \fBX509_V_FLAG_NOTIFY_POLICY\fR is set and the policy checking is successful -a special status code is set to the verification callback. This permits it -to examine the valid policy tree and perform additional checks or simply -log it for debugging purposes. -.PP -By default some additional features such as indirect CRLs and CRLs signed by -different keys are disabled. If \fBX509_V_FLAG_EXTENDED_CRL_SUPPORT\fR is set -they are enabled. -.PP -If \fBX509_V_FLAG_USE_DELTAS\fR is set delta CRLs (if present) are used to -determine certificate status. If not set deltas are ignored. -.PP -\&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR enables checking of the root \s-1CA\s0 self signed -certificate signature. By default this check is disabled because it doesn't -add any additional security but in some cases applications might want to -check the signature anyway. A side effect of not checking the root \s-1CA\s0 -signature is that disabled or unsupported message digests on the root \s-1CA\s0 -are not treated as fatal errors. -.PP -When \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, construction of the certificate chain -in \fBX509_verify_cert\fR\|(3) will search the trust store for issuer certificates -before searching the provided untrusted certificates. -Local issuer certificates are often more likely to satisfy local security -requirements and lead to a locally trusted root. -This is especially important when some certificates in the trust store have -explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fBx509\fR\|(1)). -As of OpenSSL 1.1.0 this option is on by default. -.PP -The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag suppresses checking for alternative -chains. -By default, unless \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, when building a -certificate chain, if the first certificate chain found is not trusted, then -OpenSSL will attempt to replace untrusted certificates supplied by the peer -with certificates from the trust store to see if an alternative chain can be -found that is trusted. -As of OpenSSL 1.1.0, with \fBX509_V_FLAG_TRUSTED_FIRST\fR always set, this option -has no effect. -.PP -The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes intermediate certificates in the -trust store to be treated as trust-anchors, in the same way as the self-signed -root \s-1CA\s0 certificates. -This makes it possible to trust certificates issued by an intermediate \s-1CA\s0 -without having to trust its ancestor root \s-1CA.\s0 -With OpenSSL 1.1.0 and later and set, chain -construction stops as soon as the first certificate from the trust store is -added to the chain, whether that certificate is a self-signed \*(L"root\*(R" -certificate or a not self-signed intermediate certificate. -Thus, when an intermediate certificate is found in the trust store, the -verified chain passed to callbacks may be shorter than it otherwise would -be without the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag. -.PP -The \fBX509_V_FLAG_NO_CHECK_TIME\fR flag suppresses checking the validity period -of certificates and CRLs against the current time. If \fBX509_VERIFY_PARAM_set_time()\fR -is used to specify a verification time, the check is not suppressed. -.SH "INHERITANCE FLAGS" -.IX Header "INHERITANCE FLAGS" -These flags specify how parameters are \*(L"inherited\*(R" from one structure to -another. -.PP -If \fBX509_VP_FLAG_ONCE\fR is set then the current setting is zeroed -after the next call. -.PP -If \fBX509_VP_FLAG_LOCKED\fR is set then no values are copied. This overrides -all of the following flags. -.PP -If \fBX509_VP_FLAG_DEFAULT\fR is set then anything set in the source is copied -to the destination. Effectively the values in \*(L"to\*(R" become default values -which will be used only if nothing new is set in \*(L"from\*(R". This is the -default. -.PP -If \fBX509_VP_FLAG_OVERWRITE\fR is set then all value are copied across whether -they are set or not. Flags is still Ored though. -.PP -If \fBX509_VP_FLAG_RESET_FLAGS\fR is set then the flags value is copied instead -of ORed. -.SH "NOTES" -.IX Header "NOTES" -The above functions should be used to manipulate verification parameters -instead of functions which work in specific structures such as -\&\fBX509_STORE_CTX_set_flags()\fR which are likely to be deprecated in a future -release. -.SH "BUGS" -.IX Header "BUGS" -Delta \s-1CRL\s0 checking is currently primitive. Only a single delta can be used and -(partly due to limitations of \fBX509_STORE\fR) constructed CRLs are not -maintained. -.PP -If CRLs checking is enable CRLs are expected to be available in the -corresponding \fBX509_STORE\fR structure. No attempt is made to download -CRLs from the \s-1CRL\s0 distribution points extension. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0 -connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: -.PP -.Vb 1 -\& X509_VERIFY_PARAM *param; -\& -\& param = X509_VERIFY_PARAM_new(); -\& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); -\& SSL_CTX_set1_param(ctx, param); -\& X509_VERIFY_PARAM_free(param); -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_verify_cert\fR\|(3), -\&\fBX509_check_host\fR\|(3), -\&\fBX509_check_email\fR\|(3), -\&\fBX509_check_ip\fR\|(3), -\&\fBx509\fR\|(1) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0. -The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in OpenSSL 1.1.0 -and has no effect. -.PP -The \fBX509_VERIFY_PARAM_get_hostflags()\fR function was added in OpenSSL 1.1.0i. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_check_ca.3 b/secure/lib/libcrypto/man/X509_check_ca.3 deleted file mode 100644 index 289b9369d068..000000000000 --- a/secure/lib/libcrypto/man/X509_check_ca.3 +++ /dev/null @@ -1,177 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_CHECK_CA 3" -.TH X509_CHECK_CA 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_check_ca \- check if given certificate is CA certificate -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_check_ca(X509 *cert); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This function checks if given certificate is \s-1CA\s0 certificate (can be used -to sign other certificates). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Function return 0, if it is not \s-1CA\s0 certificate, 1 if it is proper X509v3 -\&\s-1CA\s0 certificate with \fBbasicConstraints\fR extension \s-1CA:TRUE, -3,\s0 if it is self-signed X509 v1 certificate, 4, if it is certificate with -\&\fBkeyUsage\fR extension with bit \fBkeyCertSign\fR set, but without -\&\fBbasicConstraints\fR, and 5 if it has outdated Netscape Certificate Type -extension telling that it is \s-1CA\s0 certificate. -.PP -Actually, any non-zero value means that this certificate could have been -used to sign other certificates. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_verify_cert\fR\|(3), -\&\fBX509_check_issued\fR\|(3), -\&\fBX509_check_purpose\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_check_host.3 b/secure/lib/libcrypto/man/X509_check_host.3 deleted file mode 100644 index 9f6b088d4294..000000000000 --- a/secure/lib/libcrypto/man/X509_check_host.3 +++ /dev/null @@ -1,288 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_CHECK_HOST 3" -.TH X509_CHECK_HOST 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc \- X.509 certificate matching -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_check_host(X509 *, const char *name, size_t namelen, -\& unsigned int flags, char **peername); -\& int X509_check_email(X509 *, const char *address, size_t addresslen, -\& unsigned int flags); -\& int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen, -\& unsigned int flags); -\& int X509_check_ip_asc(X509 *, const char *address, unsigned int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The certificate matching functions are used to check whether a -certificate matches a given host name, email address, or \s-1IP\s0 address. -The validity of the certificate and its trust level has to be checked by -other means. -.PP -\&\fBX509_check_host()\fR checks if the certificate Subject Alternative -Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified host -name, which must be encoded in the preferred name syntax described -in section 3.5 of \s-1RFC 1034.\s0 By default, wildcards are supported -and they match only in the left-most label; but they may match -part of that label with an explicit prefix or suffix. For example, -by default, the host \fBname\fR \*(L"www.example.com\*(R" would match a -certificate with a \s-1SAN\s0 or \s-1CN\s0 value of \*(L"*.example.com\*(R", \*(L"w*.example.com\*(R" -or \*(L"*w.example.com\*(R". -.PP -Per section 6.4.2 of \s-1RFC 6125,\s0 \fBname\fR values representing international -domain names must be given in A\-label form. The \fBnamelen\fR argument -must be the number of characters in the name string or zero in which -case the length is calculated with strlen(\fBname\fR). When \fBname\fR starts -with a dot (e.g \*(L".example.com\*(R"), it will be matched by a certificate -valid for any sub-domain of \fBname\fR, (see also -\&\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR below). -.PP -When the certificate is matched, and \fBpeername\fR is not \s-1NULL,\s0 a -pointer to a copy of the matching \s-1SAN\s0 or \s-1CN\s0 from the peer certificate -is stored at the address passed in \fBpeername\fR. The application -is responsible for freeing the peername via \fBOPENSSL_free()\fR when it -is no longer needed. -.PP -\&\fBX509_check_email()\fR checks if the certificate matches the specified -email \fBaddress\fR. Only the mailbox syntax of \s-1RFC 822\s0 is supported, -comments are not allowed, and no attempt is made to normalize quoted -characters. The \fBaddresslen\fR argument must be the number of -characters in the address string or zero in which case the length -is calculated with strlen(\fBaddress\fR). -.PP -\&\fBX509_check_ip()\fR checks if the certificate matches a specified IPv4 or -IPv6 address. The \fBaddress\fR array is in binary format, in network -byte order. The length is either 4 (IPv4) or 16 (IPv6). Only -explicitly marked addresses in the certificates are considered; \s-1IP\s0 -addresses stored in \s-1DNS\s0 names and Common Names are ignored. -.PP -\&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated -string \fBaddress\fR is first converted to the internal representation. -.PP -The \fBflags\fR argument is usually 0. It can be the bitwise \s-1OR\s0 of the -flags: -.IP "\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR," 4 -.IX Item "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT," -.PD 0 -.IP "\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR," 4 -.IX Item "X509_CHECK_FLAG_NEVER_CHECK_SUBJECT," -.IP "\fBX509_CHECK_FLAG_NO_WILDCARDS\fR," 4 -.IX Item "X509_CHECK_FLAG_NO_WILDCARDS," -.IP "\fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR," 4 -.IX Item "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS," -.IP "\fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR." 4 -.IX Item "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS." -.IP "\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR." 4 -.IX Item "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS." -.PD -.PP -The \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag causes the function -to consider the subject \s-1DN\s0 even if the certificate contains at least -one subject alternative name of the right type (\s-1DNS\s0 name or email -address as appropriate); the default is to ignore the subject \s-1DN\s0 -when at least one corresponding subject alternative names is present. -.PP -The \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR flag causes the function to never -consider the subject \s-1DN\s0 even if the certificate contains no subject alternative -names of the right type (\s-1DNS\s0 name or email address as appropriate); the default -is to use the subject \s-1DN\s0 when no corresponding subject alternative names are -present. -If both \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR and -\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR are specified, the latter takes -precedence and the subject \s-1DN\s0 is not checked for matching names. -.PP -If set, \fBX509_CHECK_FLAG_NO_WILDCARDS\fR disables wildcard -expansion; this only applies to \fBX509_check_host\fR. -.PP -If set, \fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR suppresses support -for \*(L"*\*(R" as wildcard pattern in labels that have a prefix or suffix, -such as: \*(L"www*\*(R" or \*(L"*www\*(R"; this only applies to \fBX509_check_host\fR. -.PP -If set, \fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR allows a \*(L"*\*(R" that -constitutes the complete label of a \s-1DNS\s0 name (e.g. \*(L"*.example.com\*(R") -to match more than one label in \fBname\fR; this flag only applies -to \fBX509_check_host\fR. -.PP -If set, \fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR restricts \fBname\fR -values which start with \*(L".\*(R", that would otherwise match any sub-domain -in the peer certificate, to only match direct child sub-domains. -Thus, for instance, with this flag set a \fBname\fR of \*(L".example.com\*(R" -would match a peer certificate with a \s-1DNS\s0 name of \*(L"www.example.com\*(R", -but would not match a peer certificate with a \s-1DNS\s0 name of -\&\*(L"www.sub.example.com\*(R"; this flag only applies to \fBX509_check_host\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The functions return 1 for a successful match, 0 for a failed match -and \-1 for an internal error: typically a memory allocation failure -or an \s-1ASN.1\s0 decoding error. -.PP -All functions can also return \-2 if the input is malformed. For example, -\&\fBX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded -NULs. -.SH "NOTES" -.IX Header "NOTES" -Applications are encouraged to use \fBX509_VERIFY_PARAM_set1_host()\fR -rather than explicitly calling \fBX509_check_host\fR\|(3). Host name -checks may be out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, -and the internal checks will be suppressed as appropriate when -\&\s-1DANE\s0 support is enabled. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBSSL_get_verify_result\fR\|(3), -\&\fBX509_VERIFY_PARAM_set1_host\fR\|(3), -\&\fBX509_VERIFY_PARAM_add1_host\fR\|(3), -\&\fBX509_VERIFY_PARAM_set1_email\fR\|(3), -\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3), -\&\fBX509_VERIFY_PARAM_set1_ipasc\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.0.2. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2012\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_check_issued.3 b/secure/lib/libcrypto/man/X509_check_issued.3 deleted file mode 100644 index e109f1dfcb40..000000000000 --- a/secure/lib/libcrypto/man/X509_check_issued.3 +++ /dev/null @@ -1,175 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_CHECK_ISSUED 3" -.TH X509_CHECK_ISSUED 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_check_issued \- checks if certificate is issued by another certificate -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_check_issued(X509 *issuer, X509 *subject); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This function checks if certificate \fIsubject\fR was issued using \s-1CA\s0 -certificate \fIissuer\fR. This function takes into account not only -matching of issuer field of \fIsubject\fR with subject field of \fIissuer\fR, -but also compares \fBauthorityKeyIdentifier\fR extension of \fIsubject\fR with -\&\fBsubjectKeyIdentifier\fR of \fIissuer\fR if \fBauthorityKeyIdentifier\fR -present in the \fIsubject\fR certificate and checks \fBkeyUsage\fR field of -\&\fIissuer\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by -\&\fIissuer\fR or some \fBX509_V_ERR*\fR constant to indicate an error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_verify_cert\fR\|(3), -\&\fBX509_check_ca\fR\|(3), -\&\fBverify\fR\|(1) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_check_private_key.3 b/secure/lib/libcrypto/man/X509_check_private_key.3 deleted file mode 100644 index 7f00cf473eb4..000000000000 --- a/secure/lib/libcrypto/man/X509_check_private_key.3 +++ /dev/null @@ -1,183 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_CHECK_PRIVATE_KEY 3" -.TH X509_CHECK_PRIVATE_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_check_private_key, X509_REQ_check_private_key \- check the consistency of a private key with the public key in an X509 certificate or certificate request -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_check_private_key(X509 *x, EVP_PKEY *k); -\& -\& int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_check_private_key()\fR function checks the consistency of private -key \fBk\fR with the public key in \fBx\fR. -.PP -\&\fBX509_REQ_check_private_key()\fR is equivalent to \fBX509_check_private_key()\fR -except that \fBx\fR represents a certificate request of structure \fBX509_REQ\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_check_private_key()\fR and \fBX509_REQ_check_private_key()\fR return 1 if -the keys match each other, and 0 if not. -.PP -If the key is invalid or an error occurred, the reason code can be -obtained using \fBERR_get_error\fR\|(3). -.SH "BUGS" -.IX Header "BUGS" -The \fBcheck_private_key\fR functions don't check if \fBk\fR itself is indeed -a private key or not. It merely compares the public materials (e.g. exponent -and modulus of an \s-1RSA\s0 key) and/or key parameters (e.g. \s-1EC\s0 params of an \s-1EC\s0 key) -of a key pair. So if you pass a public key to these functions in \fBk\fR, it will -return success. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_cmp.3 b/secure/lib/libcrypto/man/X509_cmp.3 deleted file mode 100644 index 74c3882ea322..000000000000 --- a/secure/lib/libcrypto/man/X509_cmp.3 +++ /dev/null @@ -1,209 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_CMP 3" -.TH X509_CMP 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match \&\- compare X509 certificates and related values -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_cmp(const X509 *a, const X509 *b); -\& int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); -\& int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); -\& int X509_issuer_name_cmp(const X509 *a, const X509 *b); -\& int X509_subject_name_cmp(const X509 *a, const X509 *b); -\& int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); -\& int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This set of functions are used to compare X509 objects, including X509 -certificates, X509 \s-1CRL\s0 objects and various values in an X509 certificate. -.PP -The \fBX509_cmp()\fR function compares two \fBX509\fR objects indicated by parameters -\&\fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of the hash -values of two \fBX509\fR objects and the canonical (\s-1DER\s0) encoding values. -.PP -The \fBX509_NAME_cmp()\fR function compares two \fBX509_NAME\fR objects indicated by -parameters \fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of -the canonical (\s-1DER\s0) encoding values of the two objects. \fBi2d_X509_NAME\fR\|(3) -has a more detailed description of the \s-1DER\s0 encoding of the \fBX509_NAME\fR structure. -.PP -The \fBX509_issuer_and_serial_cmp()\fR function compares the serial number and issuer -values in the given \fBX509\fR objects \fBa\fR and \fBb\fR. -.PP -The \fBX509_issuer_name_cmp()\fR, \fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR functions -are effectively wrappers of the \fBX509_NAME_cmp()\fR function. These functions compare -issuer names and subject names of the objects, or issuers of \fBX509_CRL\fR -objects, respectively. -.IX Xref "509" -.PP -The \fBX509_CRL_match()\fR function compares two \fBX509_CRL\fR objects. Unlike the -\&\fBX509_CRL_cmp()\fR function, this function compares the whole \s-1CRL\s0 content instead -of just the issuer name. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -Like common memory comparison functions, the \fBX509\fR comparison functions return -an integer less than, equal to, or greater than zero if object \fBa\fR is found to -be less than, to match, or be greater than object \fBb\fR, respectively. -.PP -\&\fBX509_NAME_cmp()\fR, \fBX509_issuer_and_serial_cmp()\fR, \fBX509_issuer_name_cmp()\fR, -\&\fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR may return \fB\-2\fR to indicate an error. -.SH "NOTES" -.IX Header "NOTES" -These functions in fact utilize the underlying \fBmemcmp\fR of the C library to do -the comparison job. Data to be compared varies from \s-1DER\s0 encoding data, hash -value or \fB\s-1ASN1_STRING\s0\fR. The sign of the comparison can be used to order the -objects but it does not have a special meaning in some cases. -.PP -\&\fBX509_NAME_cmp()\fR and wrappers utilize the value \fB\-2\fR to indicate errors in some -circumstances, which could cause confusion for the applications. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBi2d_X509_NAME\fR\|(3), \fBi2d_X509\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_cmp_time.3 b/secure/lib/libcrypto/man/X509_cmp_time.3 deleted file mode 100644 index aa0e6c9e32e8..000000000000 --- a/secure/lib/libcrypto/man/X509_cmp_time.3 +++ /dev/null @@ -1,192 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_CMP_TIME 3" -.TH X509_CMP_TIME 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_cmp_time, X509_cmp_current_time, X509_time_adj, X509_time_adj_ex \&\- X509 time functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 5 -\& int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm); -\& int X509_cmp_current_time(const ASN1_TIME *asn1_time); -\& ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm); -\& ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long -\& offset_sec, time_t *in_tm); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time -in . \fBX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in -\&\fBasn1_time\fR with the current time, expressed as time_t. \fBasn1_time\fR -must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC 5280,\s0 i.e., its -format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ.\s0 -.PP -\&\fBX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time -\&\fBoffset_day\fR and \fBoffset_sec\fR after \fBin_tm\fR. -.PP -\&\fBX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time -\&\fBoffset_sec\fR after \fBin_tm\fR. This method can only handle second -offsets up to the capacity of long, so the newer \fBX509_time_adj_ex()\fR -\&\s-1API\s0 should be preferred. -.PP -In both methods, if \fBasn1_time\fR is \s-1NULL,\s0 a new \s-1ASN1_TIME\s0 structure -is allocated and returned. -.PP -In all methods, if \fBin_tm\fR is \s-1NULL,\s0 the current time, expressed as -time_t, is used. -.SH "BUGS" -.IX Header "BUGS" -Unlike many standard comparison functions, \fBX509_cmp_time()\fR and -\&\fBX509_cmp_current_time()\fR return 0 on error. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_cmp_time()\fR and \fBX509_cmp_current_time()\fR return \-1 if \fBasn1_time\fR -is earlier than, or equal to, \fBcmp_time\fR (resp. current time), and 1 -otherwise. These methods return 0 on error. -.PP -\&\fBX509_time_adj()\fR and \fBX509_time_adj_ex()\fR return a pointer to the updated -\&\s-1ASN1_TIME\s0 structure, and \s-1NULL\s0 on error. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_digest.3 b/secure/lib/libcrypto/man/X509_digest.3 deleted file mode 100644 index a976fca38ae7..000000000000 --- a/secure/lib/libcrypto/man/X509_digest.3 +++ /dev/null @@ -1,194 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_DIGEST 3" -.TH X509_DIGEST 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, X509_REQ_digest, PKCS7_ISSUER_AND_SERIAL_digest \&\- get digest of various objects -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, -\& unsigned int *len); -\& -\& int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, -\& unsigned int *len); -\& -\& int X509_pubkey_digest(const X509 *data, const EVP_MD *type, -\& unsigned char *md, unsigned int *len); -\& -\& int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, -\& unsigned char *md, unsigned int *len); -\& -\& int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, -\& unsigned char *md, unsigned int *len); -\& -\& #include -\& -\& int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, -\& const EVP_MD *type, unsigned char *md, -\& unsigned int *len); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public -key in the specified X509 \fBdata\fR object. -All other functions described here return a digest of the \s-1DER\s0 representation -of their entire \fBdata\fR objects. -.PP -The \fBtype\fR parameter specifies the digest to -be used, such as \fBEVP_sha1()\fR. The \fBmd\fR is a pointer to the buffer where the -digest will be copied and is assumed to be large enough; the constant -\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR is suggested. The \fBlen\fR parameter, if not \s-1NULL,\s0 points -to a place where the digest size will be stored. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All functions described here return 1 for success and 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBEVP_sha1\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_dup.3 b/secure/lib/libcrypto/man/X509_dup.3 deleted file mode 100644 index 291044d591ca..000000000000 --- a/secure/lib/libcrypto/man/X509_dup.3 +++ /dev/null @@ -1,202 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_DUP 3" -.TH X509_DUP 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS, ASN1_ITEM, ACCESS_DESCRIPTION_free, ACCESS_DESCRIPTION_new, ADMISSIONS_free, ADMISSIONS_new, ADMISSION_SYNTAX_free, ADMISSION_SYNTAX_new, ASIdOrRange_free, ASIdOrRange_new, ASIdentifierChoice_free, ASIdentifierChoice_new, ASIdentifiers_free, ASIdentifiers_new, ASRange_free, ASRange_new, AUTHORITY_INFO_ACCESS_free, AUTHORITY_INFO_ACCESS_new, AUTHORITY_KEYID_free, AUTHORITY_KEYID_new, BASIC_CONSTRAINTS_free, BASIC_CONSTRAINTS_new, CERTIFICATEPOLICIES_free, CERTIFICATEPOLICIES_new, CMS_ContentInfo_free, CMS_ContentInfo_new, CMS_ContentInfo_print_ctx, CMS_ReceiptRequest_free, CMS_ReceiptRequest_new, CRL_DIST_POINTS_free, CRL_DIST_POINTS_new, DIRECTORYSTRING_free, DIRECTORYSTRING_new, DISPLAYTEXT_free, DISPLAYTEXT_new, DIST_POINT_NAME_free, DIST_POINT_NAME_new, DIST_POINT_free, DIST_POINT_new, DSAparams_dup, ECPARAMETERS_free, ECPARAMETERS_new, ECPKPARAMETERS_free, ECPKPARAMETERS_new, EDIPARTYNAME_free, EDIPARTYNAME_new, ESS_CERT_ID_dup, ESS_CERT_ID_free, ESS_CERT_ID_new, ESS_ISSUER_SERIAL_dup, ESS_ISSUER_SERIAL_free, ESS_ISSUER_SERIAL_new, ESS_SIGNING_CERT_dup, ESS_SIGNING_CERT_free, ESS_SIGNING_CERT_new, EXTENDED_KEY_USAGE_free, EXTENDED_KEY_USAGE_new, GENERAL_NAMES_free, GENERAL_NAMES_new, GENERAL_NAME_dup, GENERAL_NAME_free, GENERAL_NAME_new, GENERAL_SUBTREE_free, GENERAL_SUBTREE_new, IPAddressChoice_free, IPAddressChoice_new, IPAddressFamily_free, IPAddressFamily_new, IPAddressOrRange_free, IPAddressOrRange_new, IPAddressRange_free, IPAddressRange_new, ISSUING_DIST_POINT_free, ISSUING_DIST_POINT_new, NAME_CONSTRAINTS_free, NAME_CONSTRAINTS_new, NAMING_AUTHORITY_free, NAMING_AUTHORITY_new, NETSCAPE_CERT_SEQUENCE_free, NETSCAPE_CERT_SEQUENCE_new, NETSCAPE_SPKAC_free, NETSCAPE_SPKAC_new, NETSCAPE_SPKI_free, NETSCAPE_SPKI_new, NOTICEREF_free, NOTICEREF_new, OCSP_BASICRESP_free, OCSP_BASICRESP_new, OCSP_CERTID_dup, OCSP_CERTID_new, OCSP_CERTSTATUS_free, OCSP_CERTSTATUS_new, OCSP_CRLID_free, OCSP_CRLID_new, OCSP_ONEREQ_free, OCSP_ONEREQ_new, OCSP_REQINFO_free, OCSP_REQINFO_new, OCSP_RESPBYTES_free, OCSP_RESPBYTES_new, OCSP_RESPDATA_free, OCSP_RESPDATA_new, OCSP_RESPID_free, OCSP_RESPID_new, OCSP_RESPONSE_new, OCSP_REVOKEDINFO_free, OCSP_REVOKEDINFO_new, OCSP_SERVICELOC_free, OCSP_SERVICELOC_new, OCSP_SIGNATURE_free, OCSP_SIGNATURE_new, OCSP_SINGLERESP_free, OCSP_SINGLERESP_new, OTHERNAME_free, OTHERNAME_new, PBE2PARAM_free, PBE2PARAM_new, PBEPARAM_free, PBEPARAM_new, PBKDF2PARAM_free, PBKDF2PARAM_new, PKCS12_BAGS_free, PKCS12_BAGS_new, PKCS12_MAC_DATA_free, PKCS12_MAC_DATA_new, PKCS12_SAFEBAG_free, PKCS12_SAFEBAG_new, PKCS12_free, PKCS12_new, PKCS7_DIGEST_free, PKCS7_DIGEST_new, PKCS7_ENCRYPT_free, PKCS7_ENCRYPT_new, PKCS7_ENC_CONTENT_free, PKCS7_ENC_CONTENT_new, PKCS7_ENVELOPE_free, PKCS7_ENVELOPE_new, PKCS7_ISSUER_AND_SERIAL_free, PKCS7_ISSUER_AND_SERIAL_new, PKCS7_RECIP_INFO_free, PKCS7_RECIP_INFO_new, PKCS7_SIGNED_free, PKCS7_SIGNED_new, PKCS7_SIGNER_INFO_free, PKCS7_SIGNER_INFO_new, PKCS7_SIGN_ENVELOPE_free, PKCS7_SIGN_ENVELOPE_new, PKCS7_dup, PKCS7_free, PKCS7_new, PKCS7_print_ctx, PKCS8_PRIV_KEY_INFO_free, PKCS8_PRIV_KEY_INFO_new, PKEY_USAGE_PERIOD_free, PKEY_USAGE_PERIOD_new, POLICYINFO_free, POLICYINFO_new, POLICYQUALINFO_free, POLICYQUALINFO_new, POLICY_CONSTRAINTS_free, POLICY_CONSTRAINTS_new, POLICY_MAPPING_free, POLICY_MAPPING_new, PROFESSION_INFO_free, PROFESSION_INFO_new, PROFESSION_INFOS_free, PROFESSION_INFOS_new, PROXY_CERT_INFO_EXTENSION_free, PROXY_CERT_INFO_EXTENSION_new, PROXY_POLICY_free, PROXY_POLICY_new, RSAPrivateKey_dup, RSAPublicKey_dup, RSA_OAEP_PARAMS_free, RSA_OAEP_PARAMS_new, RSA_PSS_PARAMS_free, RSA_PSS_PARAMS_new, SCRYPT_PARAMS_free, SCRYPT_PARAMS_new, SXNETID_free, SXNETID_new, SXNET_free, SXNET_new, TLS_FEATURE_free, TLS_FEATURE_new, TS_ACCURACY_dup, TS_ACCURACY_free, TS_ACCURACY_new, TS_MSG_IMPRINT_dup, TS_MSG_IMPRINT_free, TS_MSG_IMPRINT_new, TS_REQ_dup, TS_REQ_free, TS_REQ_new, TS_RESP_dup, TS_RESP_free, TS_RESP_new, TS_STATUS_INFO_dup, TS_STATUS_INFO_free, TS_STATUS_INFO_new, TS_TST_INFO_dup, TS_TST_INFO_free, TS_TST_INFO_new, USERNOTICE_free, USERNOTICE_new, X509_ALGOR_free, X509_ALGOR_new, X509_ATTRIBUTE_dup, X509_ATTRIBUTE_free, X509_ATTRIBUTE_new, X509_CERT_AUX_free, X509_CERT_AUX_new, X509_CINF_free, X509_CINF_new, X509_CRL_INFO_free, X509_CRL_INFO_new, X509_CRL_dup, X509_CRL_free, X509_CRL_new, X509_EXTENSION_dup, X509_EXTENSION_free, X509_EXTENSION_new, X509_NAME_ENTRY_dup, X509_NAME_ENTRY_free, X509_NAME_ENTRY_new, X509_NAME_dup, X509_NAME_free, X509_NAME_new, X509_REQ_INFO_free, X509_REQ_INFO_new, X509_REQ_dup, X509_REQ_free, X509_REQ_new, X509_REVOKED_dup, X509_REVOKED_free, X509_REVOKED_new, X509_SIG_free, X509_SIG_new, X509_VAL_free, X509_VAL_new, X509_dup, \&\- ASN1 object utilities -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& DECLARE_ASN1_FUNCTIONS(type) -\& IMPLEMENT_ASN1_FUNCTIONS(stname) -\& -\& typedef struct ASN1_ITEM_st ASN1_ITEM; -\& -\& extern const ASN1_ITEM TYPE_it; -\& TYPE *TYPE_new(void); -\& TYPE *TYPE_dup(TYPE *a); -\& void TYPE_free(TYPE *a); -\& int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -In the description below, \fI\s-1TYPE\s0\fR is used -as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. -.PP -The OpenSSL \s-1ASN1\s0 parsing library templates are like a data-driven bytecode -interpreter. -Every \s-1ASN1\s0 object as a global variable, TYPE_it, that describes the item -such as its fields. (On systems which cannot export variables from shared -libraries, the global is instead a function which returns a pointer to a -static variable. -.PP -The macro \s-1\fBDECLARE_ASN1_FUNCTIONS\s0()\fR is typically used in header files -to generate the function declarations. -.PP -The macro \s-1\fBIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file -to generate the function bodies. -.PP -\&\fBTYPE_new()\fR allocates an empty object of the indicated type. -The object returned must be released by calling \fBTYPE_free()\fR. -.PP -\&\fBTYPE_dup()\fR copies an existing object. -.PP -\&\fBTYPE_free()\fR releases the object and all pointers and sub-objects -within it. -.PP -\&\fBTYPE_print_ctx()\fR prints the object \fBa\fR on the specified \s-1BIO\s0 \fBout\fR. -Each line will be prefixed with \fBindent\fR spaces. -The \fBpctx\fR specifies the printing context and is for internal -use; use \s-1NULL\s0 to get the default behavior. If a print function is -user-defined, then pass in any \fBpctx\fR down to any nested calls. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBTYPE_new()\fR and \fBTYPE_dup()\fR return a pointer to the object or \s-1NULL\s0 on failure. -.PP -\&\fBTYPE_print_ctx()\fR returns 1 on success or zero on failure. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_get0_notBefore.3 b/secure/lib/libcrypto/man/X509_get0_notBefore.3 deleted file mode 100644 index e9f67eb3cd84..000000000000 --- a/secure/lib/libcrypto/man/X509_get0_notBefore.3 +++ /dev/null @@ -1,231 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_GET0_NOTBEFORE 3" -.TH X509_GET0_NOTBEFORE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, X509_CRL_set1_nextUpdate \- get or set certificate or CRL dates -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& const ASN1_TIME *X509_get0_notBefore(const X509 *x); -\& const ASN1_TIME *X509_get0_notAfter(const X509 *x); -\& -\& ASN1_TIME *X509_getm_notBefore(const X509 *x); -\& ASN1_TIME *X509_getm_notAfter(const X509 *x); -\& -\& int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); -\& int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); -\& -\& const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); -\& const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); -\& -\& int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); -\& int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR return the \fBnotBefore\fR -and \fBnotAfter\fR fields of certificate \fBx\fR respectively. The value -returned is an internal pointer which must not be freed up after -the call. -.PP -\&\fBX509_getm_notBefore()\fR and \fBX509_getm_notAfter()\fR are similar to -\&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR except they return -non-constant mutable references to the associated date field of -the certificate. -.PP -\&\fBX509_set1_notBefore()\fR and \fBX509_set1_notAfter()\fR set the \fBnotBefore\fR -and \fBnotAfter\fR fields of \fBx\fR to \fBtm\fR. Ownership of the passed -parameter \fBtm\fR is not transferred by these functions so it must -be freed up after the call. -.PP -\&\fBX509_CRL_get0_lastUpdate()\fR and \fBX509_CRL_get0_nextUpdate()\fR return the -\&\fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR. The value -returned is an internal pointer which must not be freed up after -the call. If the \fBnextUpdate\fR field is absent from \fBcrl\fR then -\&\fB\s-1NULL\s0\fR is returned. -.PP -\&\fBX509_CRL_set1_lastUpdate()\fR and \fBX509_CRL_set1_nextUpdate()\fR set the \fBlastUpdate\fR -and \fBnextUpdate\fR fields of \fBcrl\fR to \fBtm\fR. Ownership of the passed parameter -\&\fBtm\fR is not transferred by these functions so it must be freed up after the -call. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_get0_notBefore()\fR, \fBX509_get0_notAfter()\fR and \fBX509_CRL_get0_lastUpdate()\fR -return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure. -.PP -\&\fBX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure -or \s-1NULL\s0 if the \fBlastUpdate\fR field is absent. -.PP -\&\fBX509_set1_notBefore()\fR, \fBX509_set1_notAfter()\fR, \fBX509_CRL_set1_lastUpdate()\fR and -\&\fBX509_CRL_set1_nextUpdate()\fR return 1 for success or 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBERR_get_error\fR\|(3), -\&\fBX509_CRL_get0_by_serial\fR\|(3), -\&\fBX509_get0_signature\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -\&\fBX509_get_subject_name\fR\|(3), -\&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBX509_new\fR\|(3), -\&\fBX509_sign\fR\|(3), -\&\fBX509V3_get_d2i\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions are available in all versions of OpenSSL. -.PP -\&\fBX509_get_notBefore()\fR and \fBX509_get_notAfter()\fR were deprecated in OpenSSL -1.1.0 -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_get0_signature.3 b/secure/lib/libcrypto/man/X509_get0_signature.3 deleted file mode 100644 index da6a641fa2fd..000000000000 --- a/secure/lib/libcrypto/man/X509_get0_signature.3 +++ /dev/null @@ -1,257 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_GET0_SIGNATURE 3" -.TH X509_GET0_SIGNATURE 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set \- signature information -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void X509_get0_signature(const ASN1_BIT_STRING **psig, -\& const X509_ALGOR **palg, -\& const X509 *x); -\& int X509_get_signature_nid(const X509 *x); -\& const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); -\& -\& void X509_REQ_get0_signature(const X509_REQ *crl, -\& const ASN1_BIT_STRING **psig, -\& const X509_ALGOR **palg); -\& int X509_REQ_get_signature_nid(const X509_REQ *crl); -\& -\& void X509_CRL_get0_signature(const X509_CRL *crl, -\& const ASN1_BIT_STRING **psig, -\& const X509_ALGOR **palg); -\& int X509_CRL_get_signature_nid(const X509_CRL *crl); -\& -\& int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, -\& uint32_t *flags); -\& -\& int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, -\& int *secbits, uint32_t *flags); -\& void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, -\& int secbits, uint32_t flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_get0_signature()\fR sets \fB*psig\fR to the signature of \fBx\fR and \fB*palg\fR -to the signature algorithm of \fBx\fR. The values returned are internal -pointers which \fB\s-1MUST NOT\s0\fR be freed up after the call. -.PP -\&\fBX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed -portion of \fBx\fR. -.PP -\&\fBX509_get_signature_nid()\fR returns the \s-1NID\s0 corresponding to the signature -algorithm of \fBx\fR. -.PP -\&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR -\&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR perform the -same function for certificate requests and CRLs. -.PP -\&\fBX509_get_signature_info()\fR retrieves information about the signature of -certificate \fBx\fR. The \s-1NID\s0 of the signing digest is written to \fB*mdnid\fR, -the public key algorithm to \fB*pknid\fR, the effective security bits to -\&\fB*secbits\fR and flag details to \fB*flags\fR. Any of the parameters can -be set to \fB\s-1NULL\s0\fR if the information is not required. -.PP -\&\fBX509_SIG_INFO_get()\fR and \fBX509_SIG_INFO_set()\fR get and set information -about a signature in an \fBX509_SIG_INFO\fR structure. They are only -used by implementations of algorithms which need to set custom -signature information: most applications will never need to call -them. -.SH "NOTES" -.IX Header "NOTES" -These functions provide lower level access to signatures in certificates -where an application wishes to analyse or generate a signature in a form -where \fBX509_sign()\fR et al is not appropriate (for example a non standard -or unsupported format). -.PP -The security bits returned by \fBX509_get_signature_info()\fR refers to information -available from the certificate signature (such as the signing digest). In some -cases the actual security of the signature is less because the signing -key is less secure: for example a certificate signed using \s-1SHA\-512\s0 and a -1024 bit \s-1RSA\s0 key. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_get_signature_nid()\fR, \fBX509_REQ_get_signature_nid()\fR and -\&\fBX509_CRL_get_signature_nid()\fR return a \s-1NID.\s0 -.PP -\&\fBX509_get0_signature()\fR, \fBX509_REQ_get0_signature()\fR and -\&\fBX509_CRL_get0_signature()\fR do not return values. -.PP -\&\fBX509_get_signature_info()\fR returns 1 if the signature information -returned is valid or 0 if the information is not available (e.g. -unknown algorithms or malformed parameters). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBERR_get_error\fR\|(3), -\&\fBX509_CRL_get0_by_serial\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -\&\fBX509_get_subject_name\fR\|(3), -\&\fBX509_get_version\fR\|(3), -\&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBX509_new\fR\|(3), -\&\fBX509_sign\fR\|(3), -\&\fBX509V3_get_d2i\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The -\&\fBX509_get0_signature()\fR and \fBX509_get_signature_nid()\fR functions were -added in OpenSSL 1.0.2. -.PP -The -\&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR, -\&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR were -added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_get0_uids.3 b/secure/lib/libcrypto/man/X509_get0_uids.3 deleted file mode 100644 index cf86bfafea67..000000000000 --- a/secure/lib/libcrypto/man/X509_get0_uids.3 +++ /dev/null @@ -1,188 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_GET0_UIDS 3" -.TH X509_GET0_UIDS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_get0_uids \- get certificate unique identifiers -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, -\& const ASN1_BIT_STRING **psuid); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_get0_uids()\fR sets \fB*piuid\fR and \fB*psuid\fR to the issuer and subject unique -identifiers of certificate \fBx\fR or \s-1NULL\s0 if the fields are not present. -.SH "NOTES" -.IX Header "NOTES" -The issuer and subject unique identifier fields are very rarely encountered in -practice outside test cases. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_get0_uids()\fR does not return a value. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBERR_get_error\fR\|(3), -\&\fBX509_CRL_get0_by_serial\fR\|(3), -\&\fBX509_get0_signature\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -\&\fBX509_get_subject_name\fR\|(3), -\&\fBX509_get_version\fR\|(3), -\&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBX509_new\fR\|(3), -\&\fBX509_sign\fR\|(3), -\&\fBX509V3_get_d2i\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_get_extension_flags.3 b/secure/lib/libcrypto/man/X509_get_extension_flags.3 deleted file mode 100644 index 7d132afcb6f4..000000000000 --- a/secure/lib/libcrypto/man/X509_get_extension_flags.3 +++ /dev/null @@ -1,298 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_GET_EXTENSION_FLAGS 3" -.TH X509_GET_EXTENSION_FLAGS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get0_authority_issuer, X509_get0_authority_serial, X509_get_pathlen, X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage, X509_set_proxy_flag, X509_set_proxy_pathlen, X509_get_proxy_pathlen \- retrieve certificate extension data -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long X509_get_pathlen(X509 *x); -\& uint32_t X509_get_extension_flags(X509 *x); -\& uint32_t X509_get_key_usage(X509 *x); -\& uint32_t X509_get_extended_key_usage(X509 *x); -\& const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); -\& const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); -\& const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); -\& const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); -\& void X509_set_proxy_flag(X509 *x); -\& void X509_set_proxy_pathlen(int l); -\& long X509_get_proxy_pathlen(X509 *x); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions retrieve information related to commonly used certificate extensions. -.PP -\&\fBX509_get_pathlen()\fR retrieves the path length extension from a certificate. -This extension is used to limit the length of a cert chain that may be -issued from that \s-1CA.\s0 -.PP -\&\fBX509_get_extension_flags()\fR retrieves general information about a certificate, -it will return one or more of the following flags ored together. -.IP "\fB\s-1EXFLAG_V1\s0\fR" 4 -.IX Item "EXFLAG_V1" -The certificate is an obsolete version 1 certificate. -.IP "\fB\s-1EXFLAG_BCONS\s0\fR" 4 -.IX Item "EXFLAG_BCONS" -The certificate contains a basic constraints extension. -.IP "\fB\s-1EXFLAG_CA\s0\fR" 4 -.IX Item "EXFLAG_CA" -The certificate contains basic constraints and asserts the \s-1CA\s0 flag. -.IP "\fB\s-1EXFLAG_PROXY\s0\fR" 4 -.IX Item "EXFLAG_PROXY" -The certificate is a valid proxy certificate. -.IP "\fB\s-1EXFLAG_SI\s0\fR" 4 -.IX Item "EXFLAG_SI" -The certificate is self issued (that is subject and issuer names match). -.IP "\fB\s-1EXFLAG_SS\s0\fR" 4 -.IX Item "EXFLAG_SS" -The subject and issuer names match and extension values imply it is self -signed. -.IP "\fB\s-1EXFLAG_FRESHEST\s0\fR" 4 -.IX Item "EXFLAG_FRESHEST" -The freshest \s-1CRL\s0 extension is present in the certificate. -.IP "\fB\s-1EXFLAG_CRITICAL\s0\fR" 4 -.IX Item "EXFLAG_CRITICAL" -The certificate contains an unhandled critical extension. -.IP "\fB\s-1EXFLAG_INVALID\s0\fR" 4 -.IX Item "EXFLAG_INVALID" -Some certificate extension values are invalid or inconsistent. The -certificate should be rejected. -.IP "\fB\s-1EXFLAG_KUSAGE\s0\fR" 4 -.IX Item "EXFLAG_KUSAGE" -The certificate contains a key usage extension. The value can be retrieved -using \fBX509_get_key_usage()\fR. -.IP "\fB\s-1EXFLAG_XKUSAGE\s0\fR" 4 -.IX Item "EXFLAG_XKUSAGE" -The certificate contains an extended key usage extension. The value can be -retrieved using \fBX509_get_extended_key_usage()\fR. -.PP -\&\fBX509_get_key_usage()\fR returns the value of the key usage extension. If key -usage is present will return zero or more of the flags: -\&\fB\s-1KU_DIGITAL_SIGNATURE\s0\fR, \fB\s-1KU_NON_REPUDIATION\s0\fR, \fB\s-1KU_KEY_ENCIPHERMENT\s0\fR, -\&\fB\s-1KU_DATA_ENCIPHERMENT\s0\fR, \fB\s-1KU_KEY_AGREEMENT\s0\fR, \fB\s-1KU_KEY_CERT_SIGN\s0\fR, -\&\fB\s-1KU_CRL_SIGN\s0\fR, \fB\s-1KU_ENCIPHER_ONLY\s0\fR or \fB\s-1KU_DECIPHER_ONLY\s0\fR corresponding to -individual key usage bits. If key usage is absent then \fB\s-1UINT32_MAX\s0\fR is -returned. -.PP -\&\fBX509_get_extended_key_usage()\fR returns the value of the extended key usage -extension. If extended key usage is present it will return zero or more of the -flags: \fB\s-1XKU_SSL_SERVER\s0\fR, \fB\s-1XKU_SSL_CLIENT\s0\fR, \fB\s-1XKU_SMIME\s0\fR, \fB\s-1XKU_CODE_SIGN\s0\fR -\&\fB\s-1XKU_OCSP_SIGN\s0\fR, \fB\s-1XKU_TIMESTAMP\s0\fR, \fB\s-1XKU_DVCS\s0\fR or \fB\s-1XKU_ANYEKU\s0\fR. These -correspond to the OIDs \fBid-kp-serverAuth\fR, \fBid-kp-clientAuth\fR, -\&\fBid-kp-emailProtection\fR, \fBid-kp-codeSigning\fR, \fBid-kp-OCSPSigning\fR, -\&\fBid-kp-timeStamping\fR, \fBid-kp-dvcs\fR and \fBanyExtendedKeyUsage\fR respectively. -Additionally \fB\s-1XKU_SGC\s0\fR is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are -present. -.PP -\&\fBX509_get0_subject_key_id()\fR returns an internal pointer to the subject key -identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension -is not present or cannot be parsed. -.PP -\&\fBX509_get0_authority_key_id()\fR returns an internal pointer to the authority key -identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension -is not present or cannot be parsed. -.PP -\&\fBX509_get0_authority_issuer()\fR returns an internal pointer to the authority -certificate issuer of \fBx\fR as a stack of \fB\s-1GENERAL_NAME\s0\fR structures or -\&\fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. -.PP -\&\fBX509_get0_authority_serial()\fR returns an internal pointer to the authority -certificate serial number of \fBx\fR as an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1NULL\s0\fR if the -extension is not present or cannot be parsed. -.PP -\&\fBX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag. -This is for the users who need to mark non\-RFC3820 proxy certificates as -such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. -.PP -\&\fBX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given -certificate \fBx\fR. This is for the users who need to mark non\-RFC3820 proxy -certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. -.PP -\&\fBX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the -given certificate \fBx\fR if it is a proxy certificate. -.SH "NOTES" -.IX Header "NOTES" -The value of the flags correspond to extension values which are cached -in the \fBX509\fR structure. If the flags returned do not provide sufficient -information an application should examine extension values directly -for example using \fBX509_get_ext_d2i()\fR. -.PP -If the key usage or extended key usage extension is absent then typically usage -is unrestricted. For this reason \fBX509_get_key_usage()\fR and -\&\fBX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding -extension is absent. Applications can additionally check the return value of -\&\fBX509_get_extension_flags()\fR and take appropriate action is an extension is -absent. -.PP -If \fBX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be -absent or malformed. Applications can determine the precise reason using -\&\fBX509_get_ext_d2i()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_get_pathlen()\fR returns the path length value, or \-1 if the extension -is not present. -.PP -\&\fBX509_get_extension_flags()\fR, \fBX509_get_key_usage()\fR and -\&\fBX509_get_extended_key_usage()\fR return sets of flags corresponding to the -certificate extension values. -.PP -\&\fBX509_get0_subject_key_id()\fR returns the subject key identifier as a -pointer to an \fB\s-1ASN1_OCTET_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if the extension -is absent or an error occurred during parsing. -.PP -\&\fBX509_get_proxy_pathlen()\fR returns the path length value if the given -certificate is a proxy one and has a path length set, and \-1 otherwise. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_check_purpose\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBX509_get_pathlen()\fR, \fBX509_set_proxy_flag()\fR, \fBX509_set_proxy_pathlen()\fR and -\&\fBX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_get_pubkey.3 b/secure/lib/libcrypto/man/X509_get_pubkey.3 deleted file mode 100644 index 201d862f6072..000000000000 --- a/secure/lib/libcrypto/man/X509_get_pubkey.3 +++ /dev/null @@ -1,215 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_GET_PUBKEY 3" -.TH X509_GET_PUBKEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, X509_REQ_get_X509_PUBKEY \- get or set certificate or certificate request public key -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EVP_PKEY *X509_get_pubkey(X509 *x); -\& EVP_PKEY *X509_get0_pubkey(const X509 *x); -\& int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); -\& X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x); -\& -\& EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); -\& EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); -\& int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); -\& X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_get_pubkey()\fR attempts to decode the public key for certificate \fBx\fR. If -successful it returns the public key as an \fB\s-1EVP_PKEY\s0\fR pointer with its -reference count incremented: this means the returned key must be freed up -after use. \fBX509_get0_pubkey()\fR is similar except it does \fBnot\fR increment -the reference count of the returned \fB\s-1EVP_PKEY\s0\fR so it must not be freed up -after use. -.PP -\&\fBX509_get_X509_PUBKEY()\fR returns an internal pointer to the \fBX509_PUBKEY\fR -structure which encodes the certificate of \fBx\fR. The returned value -must not be freed up after use. -.PP -\&\fBX509_set_pubkey()\fR attempts to set the public key for certificate \fBx\fR to -\&\fBpkey\fR. The key \fBpkey\fR should be freed up after use. -.PP -\&\fBX509_REQ_get_pubkey()\fR, \fBX509_REQ_get0_pubkey()\fR, \fBX509_REQ_set_pubkey()\fR and -\&\fBX509_REQ_get_X509_PUBKEY()\fR are similar but operate on certificate request \fBreq\fR. -.SH "NOTES" -.IX Header "NOTES" -The first time a public key is decoded the \fB\s-1EVP_PKEY\s0\fR structure is -cached in the certificate or certificate request itself. Subsequent calls -return the cached structure with its reference count incremented to -improve performance. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_get_pubkey()\fR, \fBX509_get0_pubkey()\fR, \fBX509_get_X509_PUBKEY()\fR, -\&\fBX509_REQ_get_pubkey()\fR and \fBX509_REQ_get_X509_PUBKEY()\fR return a public key or -\&\fB\s-1NULL\s0\fR if an error occurred. -.PP -\&\fBX509_set_pubkey()\fR and \fBX509_REQ_set_pubkey()\fR return 1 for success and 0 -for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBERR_get_error\fR\|(3), -\&\fBX509_CRL_get0_by_serial\fR\|(3), -\&\fBX509_get0_signature\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_subject_name\fR\|(3), -\&\fBX509_get_version\fR\|(3), -\&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBX509_new\fR\|(3), -\&\fBX509_sign\fR\|(3), -\&\fBX509V3_get_d2i\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_get_serialNumber.3 b/secure/lib/libcrypto/man/X509_get_serialNumber.3 deleted file mode 100644 index 9f7d1700c5eb..000000000000 --- a/secure/lib/libcrypto/man/X509_get_serialNumber.3 +++ /dev/null @@ -1,200 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_GET_SERIALNUMBER 3" -.TH X509_GET_SERIALNUMBER 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_get_serialNumber, X509_get0_serialNumber, X509_set_serialNumber \&\- get or set certificate serial number -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& ASN1_INTEGER *X509_get_serialNumber(X509 *x); -\& const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); -\& int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_get_serialNumber()\fR returns the serial number of certificate \fBx\fR as an -\&\fB\s-1ASN1_INTEGER\s0\fR structure which can be examined or initialised. The value -returned is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed up after the call. -.PP -\&\fBX509_get0_serialNumber()\fR is the same as \fBX509_get_serialNumber()\fR except it -accepts a const parameter and returns a const result. -.PP -\&\fBX509_set_serialNumber()\fR sets the serial number of certificate \fBx\fR to -\&\fBserial\fR. A copy of the serial number is used internally so \fBserial\fR should -be freed up after use. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_get_serialNumber()\fR and \fBX509_get0_serialNumber()\fR return an \fB\s-1ASN1_INTEGER\s0\fR -structure. -.PP -\&\fBX509_set_serialNumber()\fR returns 1 for success and 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBERR_get_error\fR\|(3), -\&\fBX509_CRL_get0_by_serial\fR\|(3), -\&\fBX509_get0_signature\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -\&\fBX509_get_subject_name\fR\|(3), -\&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBX509_new\fR\|(3), -\&\fBX509_sign\fR\|(3), -\&\fBX509V3_get_d2i\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBX509_get_serialNumber()\fR and \fBX509_set_serialNumber()\fR functions are -available in all versions of OpenSSL. -The \fBX509_get0_serialNumber()\fR function was added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_get_subject_name.3 b/secure/lib/libcrypto/man/X509_get_subject_name.3 deleted file mode 100644 index 778f302bf29a..000000000000 --- a/secure/lib/libcrypto/man/X509_get_subject_name.3 +++ /dev/null @@ -1,214 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_GET_SUBJECT_NAME 3" -.TH X509_GET_SUBJECT_NAME 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name, X509_CRL_get_issuer, X509_CRL_set_issuer_name \- get and set issuer or subject names -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509_NAME *X509_get_subject_name(const X509 *x); -\& int X509_set_subject_name(X509 *x, X509_NAME *name); -\& -\& X509_NAME *X509_get_issuer_name(const X509 *x); -\& int X509_set_issuer_name(X509 *x, X509_NAME *name); -\& -\& X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); -\& int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); -\& -\& X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); -\& int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_get_subject_name()\fR returns the subject name of certificate \fBx\fR. The -returned value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed. -.PP -\&\fBX509_set_subject_name()\fR sets the issuer name of certificate \fBx\fR to -\&\fBname\fR. The \fBname\fR parameter is copied internally and should be freed -up when it is no longer needed. -.PP -\&\fBX509_get_issuer_name()\fR and \fBX509_set_issuer_name()\fR are identical to -\&\fBX509_get_subject_name()\fR and \fBX509_set_subject_name()\fR except the get and -set the issuer name of \fBx\fR. -.PP -Similarly \fBX509_REQ_get_subject_name()\fR, \fBX509_REQ_set_subject_name()\fR, -\&\fBX509_CRL_get_issuer()\fR and \fBX509_CRL_set_issuer_name()\fR get or set the subject -or issuer names of certificate requests of CRLs respectively. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_get_subject_name()\fR, \fBX509_get_issuer_name()\fR, \fBX509_REQ_get_subject_name()\fR -and \fBX509_CRL_get_issuer()\fR return an \fBX509_NAME\fR pointer. -.PP -\&\fBX509_set_subject_name()\fR, \fBX509_set_issuer_name()\fR, \fBX509_REQ_set_subject_name()\fR -and \fBX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBERR_get_error\fR\|(3), \fBd2i_X509\fR\|(3) -\&\fBX509_CRL_get0_by_serial\fR\|(3), -\&\fBX509_get0_signature\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -\&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBX509_new\fR\|(3), -\&\fBX509_sign\fR\|(3), -\&\fBX509V3_get_d2i\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBX509_REQ_get_subject_name()\fR is a function in OpenSSL 1.1.0 and a macro in -earlier versions. -.PP -\&\fBX509_CRL_get_issuer()\fR is a function in OpenSSL 1.1.0. It was previously -added in OpenSSL 1.0.0 as a macro. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_get_version.3 b/secure/lib/libcrypto/man/X509_get_version.3 deleted file mode 100644 index 2c20c6df2d5c..000000000000 --- a/secure/lib/libcrypto/man/X509_get_version.3 +++ /dev/null @@ -1,211 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_GET_VERSION 3" -.TH X509_GET_VERSION 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, X509_CRL_get_version, X509_CRL_set_version \- get or set certificate, certificate request or CRL version -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& long X509_get_version(const X509 *x); -\& int X509_set_version(X509 *x, long version); -\& -\& long X509_REQ_get_version(const X509_REQ *req); -\& int X509_REQ_set_version(X509_REQ *x, long version); -\& -\& long X509_CRL_get_version(const X509_CRL *crl); -\& int X509_CRL_set_version(X509_CRL *x, long version); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_get_version()\fR returns the numerical value of the version field of -certificate \fBx\fR. Note: this is defined by standards (X.509 et al) to be one -less than the certificate version. So a version 3 certificate will return 2 and -a version 1 certificate will return 0. -.PP -\&\fBX509_set_version()\fR sets the numerical value of the version field of certificate -\&\fBx\fR to \fBversion\fR. -.PP -Similarly \fBX509_REQ_get_version()\fR, \fBX509_REQ_set_version()\fR, -\&\fBX509_CRL_get_version()\fR and \fBX509_CRL_set_version()\fR get and set the version -number of certificate requests and CRLs. -.SH "NOTES" -.IX Header "NOTES" -The version field of certificates, certificate requests and CRLs has a -\&\s-1DEFAULT\s0 value of \fB\fBv1\fB\|(0)\fR meaning the field should be omitted for version -1. This is handled transparently by these functions. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR -return the numerical value of the version field. -.PP -\&\fBX509_set_version()\fR, \fBX509_REQ_set_version()\fR and \fBX509_CRL_set_version()\fR -return 1 for success and 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBERR_get_error\fR\|(3), -\&\fBX509_CRL_get0_by_serial\fR\|(3), -\&\fBX509_get0_signature\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -\&\fBX509_get_subject_name\fR\|(3), -\&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBX509_new\fR\|(3), -\&\fBX509_sign\fR\|(3), -\&\fBX509V3_get_d2i\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -\&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR are -functions in OpenSSL 1.1.0, in previous versions they were macros. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3 deleted file mode 100644 index ad0412dbd854..000000000000 --- a/secure/lib/libcrypto/man/X509_new.3 +++ /dev/null @@ -1,213 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_NEW 3" -.TH X509_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_chain_up_ref, X509_new, X509_free, X509_up_ref \- X509 certificate ASN1 allocation functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509 *X509_new(void); -\& void X509_free(X509 *a); -\& int X509_up_ref(X509 *a); -\& STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The X509 \s-1ASN1\s0 allocation routines, allocate and free an -X509 structure, which represents an X509 certificate. -.PP -\&\fBX509_new()\fR allocates and initializes a X509 structure with reference count -\&\fB1\fR. -.PP -\&\fBX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and -frees it up if the reference count is zero. If \fBa\fR is \s-1NULL\s0 nothing is done. -.PP -\&\fBX509_up_ref()\fR increments the reference count of \fBa\fR. -.PP -\&\fBX509_chain_up_ref()\fR increases the reference count of all certificates in -chain \fBx\fR and returns a copy of the stack. -.SH "NOTES" -.IX Header "NOTES" -The function \fBX509_up_ref()\fR if useful if a certificate structure is being -used by several different operations each of which will free it up after -use: this avoids the need to duplicate the entire certificate structure. -.PP -The function \fBX509_chain_up_ref()\fR doesn't just up the reference count of -each certificate it also returns a copy of the stack, using \fBsk_X509_dup()\fR, -but it serves a similar purpose: the returned chain persists after the -original has been freed. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -If the allocation fails, \fBX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error -code that can be obtained by \fBERR_get_error\fR\|(3). -Otherwise it returns a pointer to the newly allocated structure. -.PP -\&\fBX509_up_ref()\fR returns 1 for success and 0 for failure. -.PP -\&\fBX509_chain_up_ref()\fR returns a copy of the stack or \fB\s-1NULL\s0\fR if an error -occurred. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBERR_get_error\fR\|(3), -\&\fBX509_CRL_get0_by_serial\fR\|(3), -\&\fBX509_get0_signature\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -\&\fBX509_get_subject_name\fR\|(3), -\&\fBX509_get_version\fR\|(3), -\&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBX509_sign\fR\|(3), -\&\fBX509V3_get_d2i\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_sign.3 b/secure/lib/libcrypto/man/X509_sign.3 deleted file mode 100644 index 81bfc191e03f..000000000000 --- a/secure/lib/libcrypto/man/X509_sign.3 +++ /dev/null @@ -1,227 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_SIGN 3" -.TH X509_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify \- sign or verify certificate, certificate request or CRL signature -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); -\& int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); -\& int X509_verify(X509 *a, EVP_PKEY *r); -\& -\& int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); -\& int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); -\& int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); -\& -\& int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); -\& int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); -\& int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509_sign()\fR signs certificate \fBx\fR using private key \fBpkey\fR and message -digest \fBmd\fR and sets the signature in \fBx\fR. \fBX509_sign_ctx()\fR also signs -certificate \fBx\fR but uses the parameters contained in digest context \fBctx\fR. -.PP -\&\fBX509_verify()\fR verifies the signature of certificate \fBx\fR using public key -\&\fBpkey\fR. Only the signature is checked: no other checks (such as certificate -chain validity) are performed. -.PP -\&\fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, \fBX509_REQ_verify()\fR, -\&\fBX509_CRL_sign()\fR, \fBX509_CRL_sign_ctx()\fR and \fBX509_CRL_verify()\fR sign and verify -certificate requests and CRLs respectively. -.SH "NOTES" -.IX Header "NOTES" -\&\fBX509_sign_ctx()\fR is used where the default parameters for the corresponding -public key and digest are not suitable. It can be used to sign keys using -RSA-PSS for example. -.PP -For efficiency reasons and to work around \s-1ASN.1\s0 encoding issues the encoding -of the signed portion of a certificate, certificate request and \s-1CRL\s0 is cached -internally. If the signed portion of the structure is modified the encoding -is not always updated meaning a stale version is sometimes used. This is not -normally a problem because modifying the signed portion will invalidate the -signature and signing will always update the encoding. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509_sign()\fR, \fBX509_sign_ctx()\fR, \fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, -\&\fBX509_CRL_sign()\fR and \fBX509_CRL_sign_ctx()\fR return the size of the signature -in bytes for success and zero for failure. -.PP -\&\fBX509_verify()\fR, \fBX509_REQ_verify()\fR and \fBX509_CRL_verify()\fR return 1 if the -signature is valid and 0 if the signature check fails. If the signature -could not be checked at all because it was invalid or some other error -occurred then \-1 is returned. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3), -\&\fBERR_get_error\fR\|(3), -\&\fBX509_CRL_get0_by_serial\fR\|(3), -\&\fBX509_get0_signature\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -\&\fBX509_get_subject_name\fR\|(3), -\&\fBX509_get_version\fR\|(3), -\&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBX509_new\fR\|(3), -\&\fBX509V3_get_d2i\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBX509_sign()\fR, \fBX509_REQ_sign()\fR and \fBX509_CRL_sign()\fR functions are -available in all versions of OpenSSL. -.PP -The \fBX509_sign_ctx()\fR, \fBX509_REQ_sign_ctx()\fR -and \fBX509_CRL_sign_ctx()\fR functions were added OpenSSL 1.0.1. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3 deleted file mode 100644 index d745211a3bf2..000000000000 --- a/secure/lib/libcrypto/man/X509_verify_cert.3 +++ /dev/null @@ -1,190 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509_VERIFY_CERT 3" -.TH X509_VERIFY_CERT 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509_verify_cert \- discover and verify X509 certificate chain -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509_verify_cert(X509_STORE_CTX *ctx); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBX509_verify_cert()\fR function attempts to discover and validate a -certificate chain based on parameters in \fBctx\fR. A complete description of -the process is contained in the \fBverify\fR\|(1) manual page. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -If a complete chain can be built and validated this function returns 1, -otherwise it return zero, in exceptional circumstances it can also -return a negative code. -.PP -If the function fails additional error information can be obtained by -examining \fBctx\fR using, for example \fBX509_STORE_CTX_get_error()\fR. -.SH "NOTES" -.IX Header "NOTES" -Applications rarely call this function directly but it is used by -OpenSSL internally for certificate validation, in both the S/MIME and -\&\s-1SSL/TLS\s0 code. -.PP -A negative return value from \fBX509_verify_cert()\fR can occur if it is invoked -incorrectly, such as with no certificate set in \fBctx\fR, or when it is called -twice in succession without reinitialising \fBctx\fR for the second call. -A negative return value can also happen due to internal resource problems or if -a retry operation is requested during internal lookups (which never happens -with standard lookup methods). -Applications must check for <= 0 return value on error. -.SH "BUGS" -.IX Header "BUGS" -This function uses the header \fBx509.h\fR as opposed to most chain verification -functions which use \fBx509_vfy.h\fR. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509_STORE_CTX_get_error\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 b/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 deleted file mode 100644 index 9de93b5ce8b2..000000000000 --- a/secure/lib/libcrypto/man/X509v3_get_ext_by_NID.3 +++ /dev/null @@ -1,264 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "X509V3_GET_EXT_BY_NID 3" -.TH X509V3_GET_EXT_BY_NID 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, X509v3_add_ext, X509_get_ext_count, X509_get_ext, X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, X509_REVOKED_add_ext \- extension stack utility functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); -\& X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); -\& -\& int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, -\& int nid, int lastpos); -\& int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, -\& const ASN1_OBJECT *obj, int lastpos); -\& int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, -\& int crit, int lastpos); -\& X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); -\& STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, -\& X509_EXTENSION *ex, int loc); -\& -\& int X509_get_ext_count(const X509 *x); -\& X509_EXTENSION *X509_get_ext(const X509 *x, int loc); -\& int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); -\& int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); -\& int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); -\& X509_EXTENSION *X509_delete_ext(X509 *x, int loc); -\& int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); -\& -\& int X509_CRL_get_ext_count(const X509_CRL *x); -\& X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); -\& int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); -\& int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); -\& int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); -\& X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); -\& int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); -\& -\& int X509_REVOKED_get_ext_count(const X509_REVOKED *x); -\& X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); -\& int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); -\& int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, -\& int lastpos); -\& int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos); -\& X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); -\& int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBX509v3_get_ext_count()\fR retrieves the number of extensions in \fBx\fR. -.PP -\&\fBX509v3_get_ext()\fR retrieves extension \fBloc\fR from \fBx\fR. The index \fBloc\fR -can take any value from \fB0\fR to X509_get_ext_count(x) \- 1. The returned -extension is an internal pointer which \fBmust not\fR be freed up by the -application. -.PP -\&\fBX509v3_get_ext_by_NID()\fR and \fBX509v3_get_ext_by_OBJ()\fR look for an extension -with \fBnid\fR or \fBobj\fR from extension stack \fBx\fR. The search starts from the -extension after \fBlastpos\fR or from the beginning if is \fB\-1\fR. If -the extension is found its index is returned otherwise \fB\-1\fR is returned. -.PP -\&\fBX509v3_get_ext_by_critical()\fR is similar to \fBX509v3_get_ext_by_NID()\fR except it -looks for an extension of criticality \fBcrit\fR. A zero value for \fBcrit\fR -looks for a non-critical extension a non-zero value looks for a critical -extension. -.PP -\&\fBX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The -deleted extension is returned and must be freed by the caller. If \fBloc\fR -is in invalid index value \fB\s-1NULL\s0\fR is returned. -.PP -\&\fBX509v3_add_ext()\fR adds extension \fBex\fR to stack \fB*x\fR at position \fBloc\fR. If -\&\fBloc\fR is \fB\-1\fR the new extension is added to the end. If \fB*x\fR is \fB\s-1NULL\s0\fR -a new stack will be allocated. The passed extension \fBex\fR is duplicated -internally so it must be freed after use. -.PP -\&\fBX509_get_ext_count()\fR, \fBX509_get_ext()\fR, \fBX509_get_ext_by_NID()\fR, -\&\fBX509_get_ext_by_OBJ()\fR, \fBX509_get_ext_by_critical()\fR, \fBX509_delete_ext()\fR -and \fBX509_add_ext()\fR operate on the extensions of certificate \fBx\fR they are -otherwise identical to the X509v3 functions. -.PP -\&\fBX509_CRL_get_ext_count()\fR, \fBX509_CRL_get_ext()\fR, \fBX509_CRL_get_ext_by_NID()\fR, -\&\fBX509_CRL_get_ext_by_OBJ()\fR, \fBX509_CRL_get_ext_by_critical()\fR, -\&\fBX509_CRL_delete_ext()\fR and \fBX509_CRL_add_ext()\fR operate on the extensions of -\&\s-1CRL\s0 \fBx\fR they are otherwise identical to the X509v3 functions. -.PP -\&\fBX509_REVOKED_get_ext_count()\fR, \fBX509_REVOKED_get_ext()\fR, -\&\fBX509_REVOKED_get_ext_by_NID()\fR, \fBX509_REVOKED_get_ext_by_OBJ()\fR, -\&\fBX509_REVOKED_get_ext_by_critical()\fR, \fBX509_REVOKED_delete_ext()\fR and -\&\fBX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fBx\fR -they are otherwise identical to the X509v3 functions. -.SH "NOTES" -.IX Header "NOTES" -These functions are used to examine stacks of extensions directly. Many -applications will want to parse or encode and add an extension: they should -use the extension encode and decode functions instead such as -\&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. -.PP -Extension indices start from zero, so a zero index return value is \fBnot\fR an -error. These search functions start from the extension \fBafter\fR the \fBlastpos\fR -parameter so it should initially be set to \fB\-1\fR, if it is set to zero the -initial extension will not be checked. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBX509v3_get_ext_count()\fR returns the extension count. -.PP -\&\fBX509v3_get_ext()\fR, \fBX509v3_delete_ext()\fR and \fBX509_delete_ext()\fR return an -\&\fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. -.PP -\&\fBX509v3_get_ext_by_NID()\fR \fBX509v3_get_ext_by_OBJ()\fR and -\&\fBX509v3_get_ext_by_critical()\fR return the an extension index or \fB\-1\fR if an -error occurs. -.PP -\&\fBX509v3_add_ext()\fR returns a stack of extensions or \fB\s-1NULL\s0\fR on error. -.PP -\&\fBX509_add_ext()\fR returns 1 on success and 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBX509V3_get_d2i\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 deleted file mode 100644 index d4ba9be40c31..000000000000 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ /dev/null @@ -1,174 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "D2I_DHPARAMS 3" -.TH D2I_DHPARAMS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& DH *d2i_DHparams(DH **a, unsigned char **pp, long length); -\& int i2d_DHparams(DH *a, unsigned char **pp); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the -DHparameter structure described in PKCS#3. -.PP -Otherwise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR -described in the \fBd2i_X509\fR\|(3) manual page. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBd2i_DHparams()\fR returns a valid \fB\s-1DH\s0\fR structure or \s-1NULL\s0 if an error occurred. -.PP -\&\fBi2d_DHparams()\fR returns the length of encoded data on success or a value which -is less than or equal to 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBd2i_X509\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 deleted file mode 100644 index aabcf3a27a67..000000000000 --- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 +++ /dev/null @@ -1,203 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "D2I_PKCS8PRIVATEKEY_BIO 3" -.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); -\& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); -\& -\& int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, -\& char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& -\& int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, -\& char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& -\& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, -\& char *kstr, int klen, -\& pem_password_cb *cb, void *u); -\& -\& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, -\& char *kstr, int klen, -\& pem_password_cb *cb, void *u); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The PKCS#8 functions encode and decode private keys in PKCS#8 format using both -PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. -.PP -Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the -corresponding \fB\s-1PEM\s0\fR function as described in \fBPEM_read_PrivateKey\fR\|(3). -.SH "NOTES" -.IX Header "NOTES" -These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format. -.PP -Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which -work directly on memory: this can be readily worked around by converting the buffers -to memory BIOs, see \fBBIO_s_mem\fR\|(3) for details. -.PP -These functions make no assumption regarding the pass phrase received from the -password callback. -It will simply be treated as a byte sequence. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBd2i_PKCS8PrivateKey_bio()\fR and \fBd2i_PKCS8PrivateKey_fp()\fR return a valid \fB\s-1EVP_PKEY\s0\fR -structure or \s-1NULL\s0 if an error occurred. -.PP -\&\fBi2d_PKCS8PrivateKey_bio()\fR, \fBi2d_PKCS8PrivateKey_fp()\fR, \fBi2d_PKCS8PrivateKey_nid_bio()\fR -and \fBi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBPEM_read_PrivateKey\fR\|(3), -\&\fBpassphrase\-encoding\fR\|(7) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/d2i_PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PrivateKey.3 deleted file mode 100644 index fe1f6493b36d..000000000000 --- a/secure/lib/libcrypto/man/d2i_PrivateKey.3 +++ /dev/null @@ -1,209 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "D2I_PRIVATEKEY 3" -.TH D2I_PRIVATEKEY 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -d2i_PrivateKey, d2i_PublicKey, d2i_AutoPrivateKey, i2d_PrivateKey, i2d_PublicKey, d2i_PrivateKey_bio, d2i_PrivateKey_fp \&\- decode and encode functions for reading and saving EVP_PKEY structures -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, -\& long length); -\& EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, -\& long length); -\& EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, -\& long length); -\& int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); -\& int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); -\& -\& EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); -\& EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBd2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to -use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The -\&\fBtype\fR parameter should be a public key algorithm constant such as -\&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fBtype\fR. -\&\fBd2i_PublicKey()\fR does the same for public keys. -.PP -\&\fBd2i_AutoPrivateKey()\fR is similar to \fBd2i_PrivateKey()\fR except it attempts to -automatically detect the private key format. -.PP -\&\fBi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is -defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. -\&\fBi2d_PublicKey()\fR does the same for public keys. -.PP -These functions are similar to the \fBd2i_X509()\fR functions; see \fBd2i_X509\fR\|(3). -.SH "NOTES" -.IX Header "NOTES" -All these functions use \s-1DER\s0 format and unencrypted keys. Applications wishing -to encrypt or decrypt private keys should use other functions such as -\&\fBd2i_PKCS8PrivateKey()\fR instead. -.PP -If the \fB*a\fR is not \s-1NULL\s0 when calling \fBd2i_PrivateKey()\fR or \fBd2i_AutoPrivateKey()\fR -(i.e. an existing structure is being reused) and the key format is PKCS#8 -then \fB*a\fR will be freed and replaced on a successful call. -.PP -To decode a key with type \fB\s-1EVP_PKEY_EC\s0\fR, \fBd2i_PublicKey()\fR requires \fB*a\fR to be -a non-NULL \s-1EVP_PKEY\s0 structure assigned an \s-1EC_KEY\s0 structure referencing the proper -\&\s-1EC_GROUP.\s0 -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The \fBd2i_PrivateKey()\fR, \fBd2i_AutoPrivateKey()\fR, \fBd2i_PrivateKey_bio()\fR, \fBd2i_PrivateKey_fp()\fR, -and \fBd2i_PublicKey()\fR functions return a valid \fB\s-1EVP_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an -error occurs. The error code can be obtained by calling \fBERR_get_error\fR\|(3). -.PP -\&\fBi2d_PrivateKey()\fR and \fBi2d_PublicKey()\fR return the number of bytes successfully -encoded or a negative value if an error occurs. The error code can be obtained -by calling \fBERR_get_error\fR\|(3). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBcrypto\fR\|(7), -\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 b/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 deleted file mode 100644 index 1c12812fe973..000000000000 --- a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "D2I_SSL_SESSION 3" -.TH D2I_SSL_SESSION 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 representation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, -\& long length); -\& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -These functions decode and encode an \s-1SSL_SESSION\s0 object. -For encoding details see \fBd2i_X509\fR\|(3). -.PP -\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache -list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. -One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore -only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created -from this \s-1SSL_CTX\s0 object). -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBd2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 -object. In case of failure the NULL-pointer is returned and the error message -can be retrieved from the error stack. -.PP -\&\fBi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. -When the session is not valid, \fB0\fR is returned and no operation is performed. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), -\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), -\&\fBd2i_X509\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 deleted file mode 100644 index 024c8dcefd63..000000000000 --- a/secure/lib/libcrypto/man/d2i_X509.3 +++ /dev/null @@ -1,385 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "D2I_X509 3" -.TH D2I_X509 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -d2i_ACCESS_DESCRIPTION, d2i_ADMISSIONS, d2i_ADMISSION_SYNTAX, d2i_ASIdOrRange, d2i_ASIdentifierChoice, d2i_ASIdentifiers, d2i_ASN1_BIT_STRING, d2i_ASN1_BMPSTRING, d2i_ASN1_ENUMERATED, d2i_ASN1_GENERALIZEDTIME, d2i_ASN1_GENERALSTRING, d2i_ASN1_IA5STRING, d2i_ASN1_INTEGER, d2i_ASN1_NULL, d2i_ASN1_OBJECT, d2i_ASN1_OCTET_STRING, d2i_ASN1_PRINTABLE, d2i_ASN1_PRINTABLESTRING, d2i_ASN1_SEQUENCE_ANY, d2i_ASN1_SET_ANY, d2i_ASN1_T61STRING, d2i_ASN1_TIME, d2i_ASN1_TYPE, d2i_ASN1_UINTEGER, d2i_ASN1_UNIVERSALSTRING, d2i_ASN1_UTCTIME, d2i_ASN1_UTF8STRING, d2i_ASN1_VISIBLESTRING, d2i_ASRange, d2i_AUTHORITY_INFO_ACCESS, d2i_AUTHORITY_KEYID, d2i_BASIC_CONSTRAINTS, d2i_CERTIFICATEPOLICIES, d2i_CMS_ContentInfo, d2i_CMS_ReceiptRequest, d2i_CMS_bio, d2i_CRL_DIST_POINTS, d2i_DHxparams, d2i_DIRECTORYSTRING, d2i_DISPLAYTEXT, d2i_DIST_POINT, d2i_DIST_POINT_NAME, d2i_DSAPrivateKey, d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp, d2i_DSAPublicKey, d2i_DSA_PUBKEY, d2i_DSA_PUBKEY_bio, d2i_DSA_PUBKEY_fp, d2i_DSA_SIG, d2i_DSAparams, d2i_ECDSA_SIG, d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, d2i_ESS_ISSUER_SERIAL, d2i_ESS_SIGNING_CERT, d2i_EXTENDED_KEY_USAGE, d2i_GENERAL_NAME, d2i_GENERAL_NAMES, d2i_IPAddressChoice, d2i_IPAddressFamily, d2i_IPAddressOrRange, d2i_IPAddressRange, d2i_ISSUING_DIST_POINT, d2i_NAMING_AUTHORITY, d2i_NETSCAPE_CERT_SEQUENCE, d2i_NETSCAPE_SPKAC, d2i_NETSCAPE_SPKI, d2i_NOTICEREF, d2i_OCSP_BASICRESP, d2i_OCSP_CERTID, d2i_OCSP_CERTSTATUS, d2i_OCSP_CRLID, d2i_OCSP_ONEREQ, d2i_OCSP_REQINFO, d2i_OCSP_REQUEST, d2i_OCSP_RESPBYTES, d2i_OCSP_RESPDATA, d2i_OCSP_RESPID, d2i_OCSP_RESPONSE, d2i_OCSP_REVOKEDINFO, d2i_OCSP_SERVICELOC, d2i_OCSP_SIGNATURE, d2i_OCSP_SINGLERESP, d2i_OTHERNAME, d2i_PBE2PARAM, d2i_PBEPARAM, d2i_PBKDF2PARAM, d2i_PKCS12, d2i_PKCS12_BAGS, d2i_PKCS12_MAC_DATA, d2i_PKCS12_SAFEBAG, d2i_PKCS12_bio, d2i_PKCS12_fp, d2i_PKCS7, d2i_PKCS7_DIGEST, d2i_PKCS7_ENCRYPT, d2i_PKCS7_ENC_CONTENT, d2i_PKCS7_ENVELOPE, d2i_PKCS7_ISSUER_AND_SERIAL, d2i_PKCS7_RECIP_INFO, d2i_PKCS7_SIGNED, d2i_PKCS7_SIGNER_INFO, d2i_PKCS7_SIGN_ENVELOPE, d2i_PKCS7_bio, d2i_PKCS7_fp, d2i_PKCS8_PRIV_KEY_INFO, d2i_PKCS8_PRIV_KEY_INFO_bio, d2i_PKCS8_PRIV_KEY_INFO_fp, d2i_PKCS8_bio, d2i_PKCS8_fp, d2i_PKEY_USAGE_PERIOD, d2i_POLICYINFO, d2i_POLICYQUALINFO, d2i_PROFESSION_INFO, d2i_PROXY_CERT_INFO_EXTENSION, d2i_PROXY_POLICY, d2i_RSAPrivateKey, d2i_RSAPrivateKey_bio, d2i_RSAPrivateKey_fp, d2i_RSAPublicKey, d2i_RSAPublicKey_bio, d2i_RSAPublicKey_fp, d2i_RSA_OAEP_PARAMS, d2i_RSA_PSS_PARAMS, d2i_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp, d2i_SCRYPT_PARAMS, d2i_SCT_LIST, d2i_SXNET, d2i_SXNETID, d2i_TS_ACCURACY, d2i_TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT_bio, d2i_TS_MSG_IMPRINT_fp, d2i_TS_REQ, d2i_TS_REQ_bio, d2i_TS_REQ_fp, d2i_TS_RESP, d2i_TS_RESP_bio, d2i_TS_RESP_fp, d2i_TS_STATUS_INFO, d2i_TS_TST_INFO, d2i_TS_TST_INFO_bio, d2i_TS_TST_INFO_fp, d2i_USERNOTICE, d2i_X509, d2i_X509_ALGOR, d2i_X509_ALGORS, d2i_X509_ATTRIBUTE, d2i_X509_CERT_AUX, d2i_X509_CINF, d2i_X509_CRL, d2i_X509_CRL_INFO, d2i_X509_CRL_bio, d2i_X509_CRL_fp, d2i_X509_EXTENSION, d2i_X509_EXTENSIONS, d2i_X509_NAME, d2i_X509_NAME_ENTRY, d2i_X509_PUBKEY, d2i_X509_REQ, d2i_X509_REQ_INFO, d2i_X509_REQ_bio, d2i_X509_REQ_fp, d2i_X509_REVOKED, d2i_X509_SIG, d2i_X509_VAL, i2d_ACCESS_DESCRIPTION, i2d_ADMISSIONS, i2d_ADMISSION_SYNTAX, i2d_ASIdOrRange, i2d_ASIdentifierChoice, i2d_ASIdentifiers, i2d_ASN1_BIT_STRING, i2d_ASN1_BMPSTRING, i2d_ASN1_ENUMERATED, i2d_ASN1_GENERALIZEDTIME, i2d_ASN1_GENERALSTRING, i2d_ASN1_IA5STRING, i2d_ASN1_INTEGER, i2d_ASN1_NULL, i2d_ASN1_OBJECT, i2d_ASN1_OCTET_STRING, i2d_ASN1_PRINTABLE, i2d_ASN1_PRINTABLESTRING, i2d_ASN1_SEQUENCE_ANY, i2d_ASN1_SET_ANY, i2d_ASN1_T61STRING, i2d_ASN1_TIME, i2d_ASN1_TYPE, i2d_ASN1_UNIVERSALSTRING, i2d_ASN1_UTCTIME, i2d_ASN1_UTF8STRING, i2d_ASN1_VISIBLESTRING, i2d_ASN1_bio_stream, i2d_ASRange, i2d_AUTHORITY_INFO_ACCESS, i2d_AUTHORITY_KEYID, i2d_BASIC_CONSTRAINTS, i2d_CERTIFICATEPOLICIES, i2d_CMS_ContentInfo, i2d_CMS_ReceiptRequest, i2d_CMS_bio, i2d_CRL_DIST_POINTS, i2d_DHxparams, i2d_DIRECTORYSTRING, i2d_DISPLAYTEXT, i2d_DIST_POINT, i2d_DIST_POINT_NAME, i2d_DSAPrivateKey, i2d_DSAPrivateKey_bio, i2d_DSAPrivateKey_fp, i2d_DSAPublicKey, i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp, i2d_DSA_SIG, i2d_DSAparams, i2d_ECDSA_SIG, i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio, i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, i2d_ESS_ISSUER_SERIAL, i2d_ESS_SIGNING_CERT, i2d_EXTENDED_KEY_USAGE, i2d_GENERAL_NAME, i2d_GENERAL_NAMES, i2d_IPAddressChoice, i2d_IPAddressFamily, i2d_IPAddressOrRange, i2d_IPAddressRange, i2d_ISSUING_DIST_POINT, i2d_NAMING_AUTHORITY, i2d_NETSCAPE_CERT_SEQUENCE, i2d_NETSCAPE_SPKAC, i2d_NETSCAPE_SPKI, i2d_NOTICEREF, i2d_OCSP_BASICRESP, i2d_OCSP_CERTID, i2d_OCSP_CERTSTATUS, i2d_OCSP_CRLID, i2d_OCSP_ONEREQ, i2d_OCSP_REQINFO, i2d_OCSP_REQUEST, i2d_OCSP_RESPBYTES, i2d_OCSP_RESPDATA, i2d_OCSP_RESPID, i2d_OCSP_RESPONSE, i2d_OCSP_REVOKEDINFO, i2d_OCSP_SERVICELOC, i2d_OCSP_SIGNATURE, i2d_OCSP_SINGLERESP, i2d_OTHERNAME, i2d_PBE2PARAM, i2d_PBEPARAM, i2d_PBKDF2PARAM, i2d_PKCS12, i2d_PKCS12_BAGS, i2d_PKCS12_MAC_DATA, i2d_PKCS12_SAFEBAG, i2d_PKCS12_bio, i2d_PKCS12_fp, i2d_PKCS7, i2d_PKCS7_DIGEST, i2d_PKCS7_ENCRYPT, i2d_PKCS7_ENC_CONTENT, i2d_PKCS7_ENVELOPE, i2d_PKCS7_ISSUER_AND_SERIAL, i2d_PKCS7_NDEF, i2d_PKCS7_RECIP_INFO, i2d_PKCS7_SIGNED, i2d_PKCS7_SIGNER_INFO, i2d_PKCS7_SIGN_ENVELOPE, i2d_PKCS7_bio, i2d_PKCS7_fp, i2d_PKCS8PrivateKeyInfo_bio, i2d_PKCS8PrivateKeyInfo_fp, i2d_PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO_bio, i2d_PKCS8_PRIV_KEY_INFO_fp, i2d_PKCS8_bio, i2d_PKCS8_fp, i2d_PKEY_USAGE_PERIOD, i2d_POLICYINFO, i2d_POLICYQUALINFO, i2d_PROFESSION_INFO, i2d_PROXY_CERT_INFO_EXTENSION, i2d_PROXY_POLICY, i2d_PublicKey, i2d_RSAPrivateKey, i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp, i2d_RSAPublicKey, i2d_RSAPublicKey_bio, i2d_RSAPublicKey_fp, i2d_RSA_OAEP_PARAMS, i2d_RSA_PSS_PARAMS, i2d_RSA_PUBKEY, i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_SCRYPT_PARAMS, i2d_SCT_LIST, i2d_SXNET, i2d_SXNETID, i2d_TS_ACCURACY, i2d_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT_bio, i2d_TS_MSG_IMPRINT_fp, i2d_TS_REQ, i2d_TS_REQ_bio, i2d_TS_REQ_fp, i2d_TS_RESP, i2d_TS_RESP_bio, i2d_TS_RESP_fp, i2d_TS_STATUS_INFO, i2d_TS_TST_INFO, i2d_TS_TST_INFO_bio, i2d_TS_TST_INFO_fp, i2d_USERNOTICE, i2d_X509, i2d_X509_ALGOR, i2d_X509_ALGORS, i2d_X509_ATTRIBUTE, i2d_X509_CERT_AUX, i2d_X509_CINF, i2d_X509_CRL, i2d_X509_CRL_INFO, i2d_X509_CRL_bio, i2d_X509_CRL_fp, i2d_X509_EXTENSION, i2d_X509_EXTENSIONS, i2d_X509_NAME, i2d_X509_NAME_ENTRY, i2d_X509_PUBKEY, i2d_X509_REQ, i2d_X509_REQ_INFO, i2d_X509_REQ_bio, i2d_X509_REQ_fp, i2d_X509_REVOKED, i2d_X509_SIG, i2d_X509_VAL, \&\- convert objects from/to ASN.1/DER representation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 3 -\& TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); -\& TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); -\& TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); -\& -\& int i2d_TYPE(TYPE *a, unsigned char **ppout); -\& int i2d_TYPE_fp(FILE *fp, TYPE *a); -\& int i2d_TYPE_bio(BIO *bp, TYPE *a); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -In the description here, \fI\s-1TYPE\s0\fR is used a placeholder -for any of the OpenSSL datatypes, such as \fIX509_CRL\fR. -The function parameters \fIppin\fR and \fIppout\fR are generally -either both named \fIpp\fR in the headers, or \fIin\fR and \fIout\fR. -.PP -These functions convert OpenSSL objects to and from their \s-1ASN.1/DER\s0 -encoding. Unlike the C structures which can have pointers to sub-objects -within, the \s-1DER\s0 is a serialized encoding, suitable for sending over the -network, writing to a file, and so on. -.PP -\&\fBd2i_TYPE()\fR attempts to decode \fBlen\fR bytes at \fB*ppin\fR. If successful a -pointer to the \fB\s-1TYPE\s0\fR structure is returned and \fB*ppin\fR is incremented to -the byte following the parsed data. If \fBa\fR is not \fB\s-1NULL\s0\fR then a pointer -to the returned structure is also written to \fB*a\fR. If an error occurred -then \fB\s-1NULL\s0\fR is returned. -.PP -On a successful return, if \fB*a\fR is not \fB\s-1NULL\s0\fR then it is assumed that \fB*a\fR -contains a valid \fB\s-1TYPE\s0\fR structure and an attempt is made to reuse it. This -\&\*(L"reuse\*(R" capability is present for historical compatibility but its use is -\&\fBstrongly discouraged\fR (see \s-1BUGS\s0 below, and the discussion in the \s-1RETURN -VALUES\s0 section). -.PP -\&\fBd2i_TYPE_bio()\fR is similar to \fBd2i_TYPE()\fR except it attempts -to parse data from \s-1BIO\s0 \fBbp\fR. -.PP -\&\fBd2i_TYPE_fp()\fR is similar to \fBd2i_TYPE()\fR except it attempts -to parse data from \s-1FILE\s0 pointer \fBfp\fR. -.PP -\&\fBi2d_TYPE()\fR encodes the structure pointed to by \fBa\fR into \s-1DER\s0 format. -If \fBppout\fR is not \fB\s-1NULL\s0\fR, it writes the \s-1DER\s0 encoded data to the buffer -at \fB*ppout\fR, and increments it to point after the data just written. -If the return value is negative an error occurred, otherwise it -returns the length of the encoded data. -.PP -If \fB*ppout\fR is \fB\s-1NULL\s0\fR memory will be allocated for a buffer and the encoded -data written to it. In this case \fB*ppout\fR is not incremented and it points -to the start of the data just written. -.PP -\&\fBi2d_TYPE_bio()\fR is similar to \fBi2d_TYPE()\fR except it writes -the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it -returns 1 for success and 0 for failure. -.PP -\&\fBi2d_TYPE_fp()\fR is similar to \fBi2d_TYPE()\fR except it writes -the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it -returns 1 for success and 0 for failure. -.PP -These routines do not encrypt private keys and therefore offer no -security; use \fBPEM_write_PrivateKey\fR\|(3) or similar for writing to files. -.SH "NOTES" -.IX Header "NOTES" -The letters \fBi\fR and \fBd\fR in \fBi2d_TYPE\fR stand for -\&\*(L"internal\*(R" (that is, an internal C structure) and \*(L"\s-1DER\*(R"\s0 respectively. -So \fBi2d_TYPE\fR converts from internal to \s-1DER.\s0 -.PP -The functions can also understand \fB\s-1BER\s0\fR forms. -.PP -The actual \s-1TYPE\s0 structure passed to \fBi2d_TYPE()\fR must be a valid -populated \fB\s-1TYPE\s0\fR structure \*(-- it \fBcannot\fR simply be fed with an -empty structure such as that returned by \fBTYPE_new()\fR. -.PP -The encoded data is in binary form and may contain embedded zeroes. -Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. -Functions such as \fBstrlen()\fR will \fBnot\fR return the correct length -of the encoded structure. -.PP -The ways that \fB*ppin\fR and \fB*ppout\fR are incremented after the operation -can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common -errors. -The reason for this-auto increment behaviour is to reflect a typical -usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded -another will be processed after it. -.PP -The following points about the data types might be useful: -.IP "\fB\s-1ASN1_OBJECT\s0\fR" 4 -.IX Item "ASN1_OBJECT" -Represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 -.IP "\fBDHparams\fR" 4 -.IX Item "DHparams" -Represents a PKCS#3 \s-1DH\s0 parameters structure. -.IP "\fBDHparamx\fR" 4 -.IX Item "DHparamx" -Represents an \s-1ANSI X9.42 DH\s0 parameters structure. -.IP "\fB\s-1DSA_PUBKEY\s0\fR" 4 -.IX Item "DSA_PUBKEY" -Represents a \s-1DSA\s0 public key using a \fBSubjectPublicKeyInfo\fR structure. -.IP "\fBDSAPublicKey, DSAPrivateKey\fR" 4 -.IX Item "DSAPublicKey, DSAPrivateKey" -Use a non-standard OpenSSL format and should be avoided; use \fB\s-1DSA_PUBKEY\s0\fR, -\&\fB\fBPEM_write_PrivateKey\fB\|(3)\fR, or similar instead. -.IP "\fB\s-1ECDSA_SIG\s0\fR" 4 -.IX Item "ECDSA_SIG" -Represents an \s-1ECDSA\s0 signature. -.IP "\fBRSAPublicKey\fR" 4 -.IX Item "RSAPublicKey" -Represents a PKCS#1 \s-1RSA\s0 public key structure. -.IP "\fBX509_ALGOR\fR" 4 -.IX Item "X509_ALGOR" -Represents an \fBAlgorithmIdentifier\fR structure as used in \s-1IETF RFC 6960\s0 and -elsewhere. -.IP "\fBX509_Name\fR" 4 -.IX Item "X509_Name" -Represents a \fBName\fR type as used for subject and issuer names in -\&\s-1IETF RFC 6960\s0 and elsewhere. -.IP "\fBX509_REQ\fR" 4 -.IX Item "X509_REQ" -Represents a PKCS#10 certificate request. -.IP "\fBX509_SIG\fR" 4 -.IX Item "X509_SIG" -Represents the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBd2i_TYPE()\fR, \fBd2i_TYPE_bio()\fR and \fBd2i_TYPE_fp()\fR return a valid \fB\s-1TYPE\s0\fR structure -or \fB\s-1NULL\s0\fR if an error occurs. If the \*(L"reuse\*(R" capability has been used with -a valid structure being passed in via \fBa\fR, then the object is freed in -the event of error and \fB*a\fR is set to \s-1NULL.\s0 -.PP -\&\fBi2d_TYPE()\fR returns the number of bytes successfully encoded or a negative -value if an error occurs. -.PP -\&\fBi2d_TYPE_bio()\fR and \fBi2d_TYPE_fp()\fR return 1 for success and 0 if an error -occurs. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Allocate and encode the \s-1DER\s0 encoding of an X509 structure: -.PP -.Vb 2 -\& int len; -\& unsigned char *buf; -\& -\& buf = NULL; -\& len = i2d_X509(x, &buf); -\& if (len < 0) -\& /* error */ -.Ve -.PP -Attempt to decode a buffer: -.PP -.Vb 3 -\& X509 *x; -\& unsigned char *buf, *p; -\& int len; -\& -\& /* Set up buf and len to point to the input buffer. */ -\& p = buf; -\& x = d2i_X509(NULL, &p, len); -\& if (x == NULL) -\& /* error */ -.Ve -.PP -Alternative technique: -.PP -.Vb 3 -\& X509 *x; -\& unsigned char *buf, *p; -\& int len; -\& -\& /* Set up buf and len to point to the input buffer. */ -\& p = buf; -\& x = NULL; -\& -\& if (d2i_X509(&x, &p, len) == NULL) -\& /* error */ -.Ve -.SH "WARNINGS" -.IX Header "WARNINGS" -Using a temporary variable is mandatory. A common -mistake is to attempt to use a buffer directly as follows: -.PP -.Vb 2 -\& int len; -\& unsigned char *buf; -\& -\& len = i2d_X509(x, NULL); -\& buf = OPENSSL_malloc(len); -\& ... -\& i2d_X509(x, &buf); -\& ... -\& OPENSSL_free(buf); -.Ve -.PP -This code will result in \fBbuf\fR apparently containing garbage because -it was incremented after the call to point after the data just written. -Also \fBbuf\fR will no longer contain the pointer allocated by \fBOPENSSL_malloc()\fR -and the subsequent call to \fBOPENSSL_free()\fR is likely to crash. -.PP -Another trap to avoid is misuse of the \fBa\fR argument to \fBd2i_TYPE()\fR: -.PP -.Vb 1 -\& X509 *x; -\& -\& if (d2i_X509(&x, &p, len) == NULL) -\& /* error */ -.Ve -.PP -This will probably crash somewhere in \fBd2i_X509()\fR. The reason for this -is that the variable \fBx\fR is uninitialized and an attempt will be made to -interpret its (invalid) value as an \fBX509\fR structure, typically causing -a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not -happen. -.SH "BUGS" -.IX Header "BUGS" -In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_TYPE()\fR when -\&\fB*a\fR is valid is broken and some parts of the reused structure may -persist if they are not present in the new one. Additionally, in versions of -OpenSSL prior to 1.1.0, when the \*(L"reuse\*(R" behaviour is used and an error occurs -the behaviour is inconsistent. Some functions behaved as described here, while -some did not free \fB*a\fR on error and did not set \fB*a\fR to \s-1NULL.\s0 -.PP -As a result of the above issues the \*(L"reuse\*(R" behaviour is strongly discouraged. -.PP -\&\fBi2d_TYPE()\fR will not return an error in many versions of OpenSSL, -if mandatory fields are not initialized due to a programming error -then the encoded structure may contain invalid data or omit the -fields entirely and will not be parsed by \fBd2i_TYPE()\fR. This may be -fixed in future so code should not assume that \fBi2d_TYPE()\fR will -always succeed. -.PP -Any function which encodes a structure (\fBi2d_TYPE()\fR, -\&\fBi2d_TYPE()\fR or \fBi2d_TYPE()\fR) may return a stale encoding if the -structure has been modified after deserialization or previous -serialization. This is because some objects cache the encoding for -efficiency reasons. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 1998\-2019 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 deleted file mode 100644 index 36903b121e1a..000000000000 --- a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "I2D_CMS_BIO_STREAM 3" -.TH I2D_CMS_BIO_STREAM 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. -.PP -It is otherwise identical to the function \fBSMIME_write_CMS()\fR. -.SH "NOTES" -.IX Header "NOTES" -This function is effectively a version of the \fBi2d_CMS_bio()\fR supporting -streaming. -.SH "BUGS" -.IX Header "BUGS" -The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), -\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) -\&\fBCMS_decrypt\fR\|(3), -\&\fBSMIME_write_CMS\fR\|(3), -\&\fBPEM_write_bio_CMS_stream\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBi2d_CMS_bio_stream()\fR function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 deleted file mode 100644 index 96e62e7fb4c9..000000000000 --- a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 +++ /dev/null @@ -1,182 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "I2D_PKCS7_BIO_STREAM 3" -.TH I2D_PKCS7_BIO_STREAM 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fBi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. -.PP -It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. -.SH "NOTES" -.IX Header "NOTES" -This function is effectively a version of the \fBd2i_PKCS7_bio()\fR supporting -streaming. -.SH "BUGS" -.IX Header "BUGS" -The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), -\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) -\&\fBPKCS7_decrypt\fR\|(3), -\&\fBSMIME_write_PKCS7\fR\|(3), -\&\fBPEM_write_bio_PKCS7_stream\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBi2d_PKCS7_bio_stream()\fR function was added in OpenSSL 1.0.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 b/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 deleted file mode 100644 index 9fcbc89df3b5..000000000000 --- a/secure/lib/libcrypto/man/i2d_re_X509_tbs.3 +++ /dev/null @@ -1,218 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "I2D_RE_X509_TBS 3" -.TH I2D_RE_X509_TBS 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -d2i_X509_AUX, i2d_X509_AUX, i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs \&\- X509 encode and decode functions -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); -\& int i2d_X509_AUX(X509 *x, unsigned char **out); -\& int i2d_re_X509_tbs(X509 *x, unsigned char **out); -\& int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp); -\& int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The X509 encode and decode routines encode and parse an -\&\fBX509\fR structure, which represents an X509 certificate. -.PP -\&\fBd2i_X509_AUX()\fR is similar to \fBd2i_X509\fR\|(3) but the input is expected to -consist of an X509 certificate followed by auxiliary trust information. -This is used by the \s-1PEM\s0 routines to read \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. -This function should not be called on untrusted input. -.PP -\&\fBi2d_X509_AUX()\fR is similar to \fBi2d_X509\fR\|(3), but the encoded output -contains both the certificate and any auxiliary trust information. -This is used by the \s-1PEM\s0 routines to write \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. -Note that this is a non-standard OpenSSL-specific data format. -.PP -\&\fBi2d_re_X509_tbs()\fR is similar to \fBi2d_X509\fR\|(3) except it encodes only -the TBSCertificate portion of the certificate. \fBi2d_re_X509_CRL_tbs()\fR -and \fBi2d_re_X509_REQ_tbs()\fR are analogous for \s-1CRL\s0 and certificate request, -respectively. The \*(L"re\*(R" in \fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R", -and ensures that a fresh encoding is generated in case the object has been -modified after creation (see the \s-1BUGS\s0 section). -.PP -The encoding of the TBSCertificate portion of a certificate is cached -in the \fBX509\fR structure internally to improve encoding performance -and to ensure certificate signatures are verified correctly in some -certificates with broken (non-DER) encodings. -.PP -If, after modification, the \fBX509\fR object is re-signed with \fBX509_sign()\fR, -the encoding is automatically renewed. Otherwise, the encoding of the -TBSCertificate portion of the \fBX509\fR can be manually renewed by calling -\&\fBi2d_re_X509_tbs()\fR. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fBd2i_X509_AUX()\fR returns a valid \fBX509\fR structure or \s-1NULL\s0 if an error occurred. -.PP -\&\fBi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error. -.PP -\&\fBi2d_re_X509_tbs()\fR, \fBi2d_re_X509_CRL_tbs()\fR and \fBi2d_re_X509_REQ_tbs()\fR return the -length of encoded data or 0 on error. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBERR_get_error\fR\|(3) -\&\fBX509_CRL_get0_by_serial\fR\|(3), -\&\fBX509_get0_signature\fR\|(3), -\&\fBX509_get_ext_d2i\fR\|(3), -\&\fBX509_get_extension_flags\fR\|(3), -\&\fBX509_get_pubkey\fR\|(3), -\&\fBX509_get_subject_name\fR\|(3), -\&\fBX509_get_version\fR\|(3), -\&\fBX509_NAME_add_entry_by_txt\fR\|(3), -\&\fBX509_NAME_ENTRY_get_object\fR\|(3), -\&\fBX509_NAME_get_index_by_NID\fR\|(3), -\&\fBX509_NAME_print_ex\fR\|(3), -\&\fBX509_new\fR\|(3), -\&\fBX509_sign\fR\|(3), -\&\fBX509V3_get_d2i\fR\|(3), -\&\fBX509_verify_cert\fR\|(3) -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. diff --git a/secure/lib/libcrypto/man/man3/ADMISSIONS.3 b/secure/lib/libcrypto/man/man3/ADMISSIONS.3 new file mode 100644 index 000000000000..9bee22d7dbae --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ADMISSIONS.3 @@ -0,0 +1,280 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ADMISSIONS 3" +.TH ADMISSIONS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ADMISSIONS, ADMISSIONS_get0_admissionAuthority, ADMISSIONS_get0_namingAuthority, ADMISSIONS_get0_professionInfos, ADMISSIONS_set0_admissionAuthority, ADMISSIONS_set0_namingAuthority, ADMISSIONS_set0_professionInfos, ADMISSION_SYNTAX, ADMISSION_SYNTAX_get0_admissionAuthority, ADMISSION_SYNTAX_get0_contentsOfAdmissions, ADMISSION_SYNTAX_set0_admissionAuthority, ADMISSION_SYNTAX_set0_contentsOfAdmissions, NAMING_AUTHORITY, NAMING_AUTHORITY_get0_authorityId, NAMING_AUTHORITY_get0_authorityURL, NAMING_AUTHORITY_get0_authorityText, NAMING_AUTHORITY_set0_authorityId, NAMING_AUTHORITY_set0_authorityURL, NAMING_AUTHORITY_set0_authorityText, PROFESSION_INFO, PROFESSION_INFOS, PROFESSION_INFO_get0_addProfessionInfo, PROFESSION_INFO_get0_namingAuthority, PROFESSION_INFO_get0_professionItems, PROFESSION_INFO_get0_professionOIDs, PROFESSION_INFO_get0_registrationNumber, PROFESSION_INFO_set0_addProfessionInfo, PROFESSION_INFO_set0_namingAuthority, PROFESSION_INFO_set0_professionItems, PROFESSION_INFO_set0_professionOIDs, PROFESSION_INFO_set0_registrationNumber \&\- Accessors and settors for ADMISSION_SYNTAX +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 5 +\& typedef struct NamingAuthority_st NAMING_AUTHORITY; +\& typedef struct ProfessionInfo_st PROFESSION_INFO; +\& typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS; +\& typedef struct Admissions_st ADMISSIONS; +\& typedef struct AdmissionSyntax_st ADMISSION_SYNTAX; +\& +\& const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, +\& ASN1_OBJECT* namingAuthorityId); +\& const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, +\& ASN1_IA5STRING* namingAuthorityUrl); +\& const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( +\& const NAMING_AUTHORITY *n); +\& void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, +\& ASN1_STRING* namingAuthorityText); +\& +\& const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority( +\& const ADMISSION_SYNTAX *as); +\& void ADMISSION_SYNTAX_set0_admissionAuthority( +\& ADMISSION_SYNTAX *as, GENERAL_NAME *aa); +\& const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions( +\& const ADMISSION_SYNTAX *as); +\& void ADMISSION_SYNTAX_set0_contentsOfAdmissions( +\& ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a); +\& +\& const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a); +\& void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa); +\& const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a); +\& void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na); +\& const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a); +\& void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi); +\& +\& const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_addProfessionInfo( +\& PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos); +\& const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_namingAuthority( +\& PROFESSION_INFO *pi, NAMING_AUTHORITY *na); +\& const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_professionItems( +\& PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as); +\& const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_professionOIDs( +\& PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po); +\& const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber( +\& const PROFESSION_INFO *pi); +\& void PROFESSION_INFO_set0_registrationNumber( +\& PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1PROFESSION_INFOS\s0\fR, \fB\s-1ADMISSION_SYNTAX\s0\fR, \fB\s-1ADMISSIONS\s0\fR, and +\&\fB\s-1PROFESSION_INFO\s0\fR types are opaque structures representing the +analogous types defined in the Common \s-1PKI\s0 Specification published +by . +Knowledge of those structures and their semantics is assumed. +.PP +The conventional routines to convert between \s-1DER\s0 and the local format +are described in \fBd2i_X509\fR\|(3). +The conventional routines to allocate and free the types are defined +in \fBX509_dup\fR\|(3). +.PP +The \fB\s-1PROFESSION_INFOS\s0\fR type is a stack of \fB\s-1PROFESSION_INFO\s0\fR; see +\&\s-1\fBDEFINE_STACK_OF\s0\fR\|(3) for details. +.PP +The \fB\s-1NAMING_AUTHORITY\s0\fR type has an authority \s-1ID\s0 and \s-1URL,\s0 and text fields. +The \fBNAMING_AUTHORITY_get0_authorityId()\fR, +\&\fBNAMING_AUTHORITY_get0_get0_authorityURL()\fR, and +\&\fBNAMING_AUTHORITY_get0_get0_authorityText()\fR, functions return pointers +to those values within the object. +The \fBNAMING_AUTHORITY_set0_authorityId()\fR, +\&\fBNAMING_AUTHORITY_set0_get0_authorityURL()\fR, and +\&\fBNAMING_AUTHORITY_set0_get0_authorityText()\fR, +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1ADMISSION_SYNTAX\s0\fR type has an authority name and a stack of +\&\fB\s-1ADMISSION\s0\fR objects. +The \fBADMISSION_SYNTAX_get0_admissionAuthority()\fR +and \fBADMISSION_SYNTAX_get0_contentsOfAdmissions()\fR functions return pointers +to those values within the object. +The +\&\fBADMISSION_SYNTAX_set0_admissionAuthority()\fR and +\&\fBADMISSION_SYNTAX_set0_contentsOfAdmissions()\fR +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1ADMISSION\s0\fR type has an authority name, authority object, and a +stack of \fB\s-1PROFESSION_INFO\s0\fR items. +The \fBADMISSIONS_get0_admissionAuthority()\fR, \fBADMISSIONS_get0_namingAuthority()\fR, +and \fBADMISSIONS_get0_professionInfos()\fR +functions return pointers to those values within the object. +The +\&\fBADMISSIONS_set0_admissionAuthority()\fR, +\&\fBADMISSIONS_set0_namingAuthority()\fR, and +\&\fBADMISSIONS_set0_professionInfos()\fR +functions free any existing value and set the pointer to the specified value. +.PP +The \fB\s-1PROFESSION_INFO\s0\fR type has a name authority, stacks of +profession Items and OIDs, a registration number, and additional +profession info. +The functions \fBPROFESSION_INFO_get0_addProfessionInfo()\fR, +\&\fBPROFESSION_INFO_get0_namingAuthority()\fR, \fBPROFESSION_INFO_get0_professionItems()\fR, +\&\fBPROFESSION_INFO_get0_professionOIDs()\fR, and +\&\fBPROFESSION_INFO_get0_registrationNumber()\fR +functions return pointers to those values within the object. +The +\&\fBPROFESSION_INFO_set0_addProfessionInfo()\fR, +\&\fBPROFESSION_INFO_set0_namingAuthority()\fR, +\&\fBPROFESSION_INFO_set0_professionItems()\fR, +\&\fBPROFESSION_INFO_set0_professionOIDs()\fR, and +\&\fBPROFESSION_INFO_set0_registrationNumber()\fR +functions free any existing value and set the pointer to the specified value. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Described above. +Note that all of the \fIget0\fR functions return a pointer to the internal data +structure and must not be freed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_dup\fR\|(3), +\&\fBd2i_X509\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 b/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 new file mode 100644 index 000000000000..e50043241150 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_INTEGER_get_int64.3 @@ -0,0 +1,260 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_INTEGER_GET_INT64 3" +.TH ASN1_INTEGER_GET_INT64 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_INTEGER_get_uint64, ASN1_INTEGER_set_uint64, ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN \&\- ASN.1 INTEGER and ENUMERATED utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +\& long ASN1_INTEGER_get(const ASN1_INTEGER *a); +\& +\& int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +\& int ASN1_INTEGER_set(const ASN1_INTEGER *a, long v); +\& +\& int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +\& int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); +\& +\& ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +\& BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); +\& +\& int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_INTEGER *a); +\& long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +\& +\& int ASN1_ENUMERATED_set_int64(ASN1_INTEGER *a, int64_t r); +\& int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +\& +\& ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); +\& BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions convert to and from \fB\s-1ASN1_INTEGER\s0\fR and \fB\s-1ASN1_ENUMERATED\s0\fR +structures. +.PP +\&\fBASN1_INTEGER_get_int64()\fR converts an \fB\s-1ASN1_INTEGER\s0\fR into an \fBint64_t\fR type +If successful it returns 1 and sets \fB*pr\fR to the value of \fBa\fR. If it fails +(due to invalid type or the value being too big to fit into an \fBint64_t\fR type) +it returns 0. +.PP +\&\fBASN1_INTEGER_get_uint64()\fR is similar to \fBASN1_INTEGER_get_int64_t()\fR except it +converts to a \fBuint64_t\fR type and an error is returned if the passed integer +is negative. +.PP +\&\fBASN1_INTEGER_get()\fR also returns the value of \fBa\fR but it returns 0 if \fBa\fR is +\&\s-1NULL\s0 and \-1 on error (which is ambiguous because \-1 is a legitimate value for +an \fB\s-1ASN1_INTEGER\s0\fR). New applications should use \fBASN1_INTEGER_get_int64()\fR +instead. +.PP +\&\fBASN1_INTEGER_set_int64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the +\&\fBint64_t\fR value \fBr\fR. +.PP +\&\fBASN1_INTEGER_set_uint64()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the +\&\fBuint64_t\fR value \fBr\fR. +.PP +\&\fBASN1_INTEGER_set()\fR sets the value of \fB\s-1ASN1_INTEGER\s0\fR \fBa\fR to the \fBlong\fR value +\&\fBv\fR. +.PP +\&\fBBN_to_ASN1_INTEGER()\fR converts \fB\s-1BIGNUM\s0\fR \fBbn\fR to an \fB\s-1ASN1_INTEGER\s0\fR. If \fBai\fR +is \s-1NULL\s0 a new \fB\s-1ASN1_INTEGER\s0\fR structure is returned. If \fBai\fR is not \s-1NULL\s0 then +the existing structure will be used instead. +.PP +\&\fBASN1_INTEGER_to_BN()\fR converts \s-1ASN1_INTEGER\s0 \fBai\fR into a \fB\s-1BIGNUM\s0\fR. If \fBbn\fR is +\&\s-1NULL\s0 a new \fB\s-1BIGNUM\s0\fR structure is returned. If \fBbn\fR is not \s-1NULL\s0 then the +existing structure will be used instead. +.PP +\&\fBASN1_ENUMERATED_get_int64()\fR, \fBASN1_ENUMERATED_set_int64()\fR, +\&\fBASN1_ENUMERATED_set()\fR, \fBBN_to_ASN1_ENUMERATED()\fR and \fBASN1_ENUMERATED_to_BN()\fR +behave in an identical way to their \s-1ASN1_INTEGER\s0 counterparts except they +operate on an \fB\s-1ASN1_ENUMERATED\s0\fR value. +.PP +\&\fBASN1_ENUMERATED_get()\fR returns the value of \fBa\fR in a similar way to +\&\fBASN1_INTEGER_get()\fR but it returns \fB0xffffffffL\fR if the value of \fBa\fR will not +fit in a long type. New applications should use \fBASN1_ENUMERATED_get_int64()\fR +instead. +.SH "NOTES" +.IX Header "NOTES" +In general an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1ASN1_ENUMERATED\s0\fR type can contain an +integer of almost arbitrary size and so cannot always be represented by a C +\&\fBint64_t\fR type. However in many cases (for example version numbers) they +represent small integers which can be more easily manipulated if converted to +an appropriate C integer type. +.SH "BUGS" +.IX Header "BUGS" +The ambiguous return values of \fBASN1_INTEGER_get()\fR and \fBASN1_ENUMERATED_get()\fR +mean these functions should be avoided if possible. They are retained for +compatibility. Normally the ambiguous return values are not legitimate +values for the fields they represent. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_set()\fR, \fBASN1_ENUMERATED_set_int64()\fR and +\&\fBASN1_ENUMERATED_set()\fR return 1 for success and 0 for failure. They will only +fail if a memory allocation error occurs. +.PP +\&\fBASN1_INTEGER_get_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR return 1 for success +and 0 for failure. They will fail if the passed type is incorrect (this will +only happen if there is a programming error) or if the value exceeds the range +of an \fBint64_t\fR type. +.PP +\&\fBBN_to_ASN1_INTEGER()\fR and \fBBN_to_ASN1_ENUMERATED()\fR return an \fB\s-1ASN1_INTEGER\s0\fR or +\&\fB\s-1ASN1_ENUMERATED\s0\fR structure respectively or \s-1NULL\s0 if an error occurs. They will +only fail due to a memory allocation error. +.PP +\&\fBASN1_INTEGER_to_BN()\fR and \fBASN1_ENUMERATED_to_BN()\fR return a \fB\s-1BIGNUM\s0\fR structure +of \s-1NULL\s0 if an error occurs. They can fail if the passed type is incorrect +(due to programming error) or due to a memory allocation failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBASN1_INTEGER_set_int64()\fR, \fBASN1_INTEGER_get_int64()\fR, +\&\fBASN1_ENUMERATED_set_int64()\fR and \fBASN1_ENUMERATED_get_int64()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 b/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 new file mode 100644 index 000000000000..6032080cc5e6 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_ITEM_lookup.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_ITEM_LOOKUP 3" +.TH ASN1_ITEM_LOOKUP 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_ITEM_lookup, ASN1_ITEM_get \- lookup ASN.1 structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_ITEM *ASN1_ITEM_lookup(const char *name); +\& const ASN1_ITEM *ASN1_ITEM_get(size_t i); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBASN1_ITEM_lookup()\fR returns the \fB\s-1ASN1_ITEM\s0 name\fR. +.PP +\&\fBASN1_ITEM_get()\fR returns the \fB\s-1ASN1_ITEM\s0\fR with index \fBi\fR. This function +returns \fB\s-1NULL\s0\fR if the index \fBi\fR is out of range. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_ITEM_lookup()\fR and \fBASN1_ITEM_get()\fR return a valid \fB\s-1ASN1_ITEM\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 new file mode 100644 index 000000000000..ee517b0ace52 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_OBJECT_new.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_OBJECT_NEW 3" +.TH ASN1_OBJECT_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_OBJECT_new, ASN1_OBJECT_free \- object allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *ASN1_OBJECT_new(void); +\& void ASN1_OBJECT_free(ASN1_OBJECT *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an +\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 +.PP +\&\fBASN1_OBJECT_new()\fR allocates and initializes an \s-1ASN1_OBJECT\s0 structure. +.PP +\&\fBASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. +If \fBa\fR is \s-1NULL,\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +Although \fBASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it +is almost never used in applications. The \s-1ASN1\s0 object utility functions +such as \fBOBJ_nid2obj()\fR are used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fBASN1_OBJECT_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBd2i_ASN1_OBJECT\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 b/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 new file mode 100644 index 000000000000..fa1a7bc2a4b2 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_STRING_TABLE_add.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_TABLE_ADD 3" +.TH ASN1_STRING_TABLE_ADD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_TABLE, ASN1_STRING_TABLE_add, ASN1_STRING_TABLE_get, ASN1_STRING_TABLE_cleanup \- ASN1_STRING_TABLE manipulation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct asn1_string_table_st ASN1_STRING_TABLE; +\& +\& int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, +\& unsigned long mask, unsigned long flags); +\& ASN1_STRING_TABLE * ASN1_STRING_TABLE_get(int nid); +\& void ASN1_STRING_TABLE_cleanup(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1ASN1_STRING_TABLE\s0\fR is a table which holds string information +(basically minimum size, maximum size, type and etc) for a \s-1NID\s0 object. +.SS "Functions" +.IX Subsection "Functions" +\&\fBASN1_STRING_TABLE_add()\fR adds a new \fB\s-1ASN1_STRING_TABLE\s0\fR item into the +local \s-1ASN1\s0 string table based on the \fBnid\fR along with other parameters. +.PP +If the item is already in the table, fields of \fB\s-1ASN1_STRING_TABLE\s0\fR are +updated (depending on the values of those parameters, e.g., \fBminsize\fR +and \fBmaxsize\fR >= 0, \fBmask\fR and \fBflags\fR != 0). If the \fBnid\fR is standard, +a copy of the standard \fB\s-1ASN1_STRING_TABLE\s0\fR is created and updated with +other parameters. +.PP +\&\fBASN1_STRING_TABLE_get()\fR searches for an \fB\s-1ASN1_STRING_TABLE\s0\fR item based +on \fBnid\fR. It will search the local table first, then the standard one. +.PP +\&\fBASN1_STRING_TABLE_cleanup()\fR frees all \fB\s-1ASN1_STRING_TABLE\s0\fR items added +by \fBASN1_STRING_TABLE_add()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_STRING_TABLE_add()\fR returns 1 on success, 0 if an error occurred. +.PP +\&\fBASN1_STRING_TABLE_get()\fR returns a valid \fB\s-1ASN1_STRING_TABLE\s0\fR structure +or \fB\s-1NULL\s0\fR if nothing is found. +.PP +\&\fBASN1_STRING_TABLE_cleanup()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 new file mode 100644 index 000000000000..84f0edf194f4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_STRING_length.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_LENGTH 3" +.TH ASN1_STRING_LENGTH 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, ASN1_STRING_type, ASN1_STRING_get0_data, ASN1_STRING_data, ASN1_STRING_to_UTF8 \- ASN1_STRING utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_STRING_length(ASN1_STRING *x); +\& const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x); +\& unsigned char * ASN1_STRING_data(ASN1_STRING *x); +\& +\& ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); +\& +\& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); +\& +\& int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +\& +\& int ASN1_STRING_type(const ASN1_STRING *x); +\& +\& int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. +.PP +\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +.PP +\&\fBASN1_STRING_get0_data()\fR returns an internal pointer to the data of \fBx\fR. +Since this is an internal pointer it should \fBnot\fR be freed or +modified in any way. +.PP +\&\fBASN1_STRING_data()\fR is similar to \fBASN1_STRING_get0_data()\fR except the +returned value is not constant. This function is deprecated: +applications should use \fBASN1_STRING_get0_data()\fR instead. +.PP +\&\fBASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. +.PP +\&\fBASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two +are identical. The string types and content are compared. +.PP +\&\fBASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer +\&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR +is \-1 then the length is determined by strlen(data). +.PP +\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants +such as \fBV_ASN1_OCTET_STRING\fR. +.PP +\&\fBASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the +converted data is allocated in a buffer in \fB*out\fR. The length of +\&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR +should be freed using \fBOPENSSL_free()\fR. +.SH "NOTES" +.IX Header "NOTES" +Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR +structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedef'ed +to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents. +\&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist +entirely of primitive string types such as \fBDirectoryString\fR and +\&\fBTime\fR. +.PP +These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR +or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR +utility functions should be used instead. +.PP +In general it cannot be assumed that the data returned by \fBASN1_STRING_data()\fR +is null terminated or does not contain embedded nulls. The actual format +of the data will depend on the actual string type itself: for example +for an IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per +character in big endian format, and for an UTF8String it will be in \s-1UTF8\s0 format. +.PP +Similar care should be take to ensure the data is in the correct format +when calling \fBASN1_STRING_set()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +.PP +\&\fBASN1_STRING_get0_data()\fR and \fBASN1_STRING_data()\fR return an internal pointer to +the data of \fBx\fR. +.PP +\&\fBASN1_STRING_dup()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if an +error occurred. +.PP +\&\fBASN1_STRING_cmp()\fR returns an integer greater than, equal to, or less than 0, +according to whether \fBa\fR is greater than, equal to, or less than \fBb\fR. +.PP +\&\fBASN1_STRING_set()\fR returns 1 on success or 0 on error. +.PP +\&\fBASN1_STRING_type()\fR returns the type of \fBx\fR. +.PP +\&\fBASN1_STRING_to_UTF8()\fR returns the number of bytes in output string \fBout\fR or a +negative value if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 new file mode 100644 index 000000000000..ce20d45b163c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_STRING_new.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_NEW 3" +.TH ASN1_STRING_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- ASN1_STRING allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_STRING * ASN1_STRING_new(void); +\& ASN1_STRING * ASN1_STRING_type_new(int type); +\& void ASN1_STRING_free(ASN1_STRING *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type +is undefined. +.PP +\&\fBASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of +type \fBtype\fR. +.PP +\&\fBASN1_STRING_free()\fR frees up \fBa\fR. +If \fBa\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example +\&\fBASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_STRING_new()\fR and \fBASN1_STRING_type_new()\fR return a valid +\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBASN1_STRING_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 new file mode 100644 index 000000000000..96d4ab74a23b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_STRING_print_ex.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_STRING_PRINT_EX 3" +.TH ASN1_STRING_PRINT_EX 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_tag2str, ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print \&\- ASN1_STRING output routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print(BIO *out, const ASN1_STRING *str); +\& +\& const char *ASN1_tag2str(int tag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to +represent all the \s-1ASN1\s0 string types. +.PP +\&\fBASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by +the options \fBflags\fR. \fBASN1_STRING_print_ex_fp()\fR is identical except it outputs +to \fBfp\fR instead. +.PP +\&\fBASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to +\&\fBASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) +with '.'. +.PP +\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBASN1_STRING_print()\fR is a deprecated function which should be avoided; use +\&\fBASN1_STRING_print_ex()\fR instead. +.PP +Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is +suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR. +.PP +The complete set of supported options for \fBflags\fR is listed below. +.PP +Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters +determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control +characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the +\&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly +interprets \s-1UTF8\s0 sequences. +.PP +Escaping takes several forms. +.PP +If the character being escaped is a 16 bit character then the form \*(L"\eUXXXX\*(R" is used +using exactly four characters for the hex representation. If it is 32 bits then +\&\*(L"\eWXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms +will only be used if \s-1UTF8\s0 conversion is not set (see below). +.PP +Printable characters are normally escaped using the backslash '\e' character. If +\&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by +double quote characters: this is arguably more readable than the backslash +notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex +representation. +.PP +If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0 +format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this +option will correctly display multi byte characters. +.PP +If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at +all: everything is assumed to be one byte per character. This is primarily for +debugging purposes and can result in confusing output in multi character strings. +.PP +If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out +before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fBASN1_tag2str()\fR. +.PP +The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just +outputs the value of the string using the form #XXXX using hex format for each +octet. +.PP +If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. +.PP +Normally non character string types (such as \s-1OCTET STRING\s0) are assumed to be +one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will +be dumped instead. +.PP +When a type is dumped normally just the content octets are printed, if +\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped +instead (including tag and length octets). +.PP +\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253.\s0 It is +equivalent to: + \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | + \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_STRING_print_ex()\fR and \fBASN1_STRING_print_ex_fp()\fR return the number of +characters written or \-1 if an error occurred. +.PP +\&\fBASN1_STRING_print()\fR returns 1 on success or 0 on error. +.PP +\&\fBASN1_tag2str()\fR returns a human-readable name of the specified \s-1ASN.1\s0 \fBtag\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBASN1_tag2str\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 b/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 new file mode 100644 index 000000000000..c4089fa027ae --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_TIME_set.3 @@ -0,0 +1,380 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_TIME_SET 3" +.TH ASN1_TIME_SET 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_TIME_set, ASN1_UTCTIME_set, ASN1_GENERALIZEDTIME_set, ASN1_TIME_adj, ASN1_UTCTIME_adj, ASN1_GENERALIZEDTIME_adj, ASN1_TIME_check, ASN1_UTCTIME_check, ASN1_GENERALIZEDTIME_check, ASN1_TIME_set_string, ASN1_UTCTIME_set_string, ASN1_GENERALIZEDTIME_set_string, ASN1_TIME_set_string_X509, ASN1_TIME_normalize, ASN1_TIME_to_tm, ASN1_TIME_print, ASN1_UTCTIME_print, ASN1_GENERALIZEDTIME_print, ASN1_TIME_diff, ASN1_TIME_cmp_time_t, ASN1_UTCTIME_cmp_time_t, ASN1_TIME_compare, ASN1_TIME_to_generalizedtime \- ASN.1 Time functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +\& ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, +\& time_t t); +\& +\& ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, +\& long offset_sec); +\& ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, +\& int offset_day, long offset_sec); +\& ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, +\& time_t t, int offset_day, +\& long offset_sec); +\& +\& int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); +\& int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); +\& int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); +\& int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, +\& const char *str); +\& +\& int ASN1_TIME_normalize(ASN1_TIME *s); +\& +\& int ASN1_TIME_check(const ASN1_TIME *t); +\& int ASN1_UTCTIME_check(const ASN1_UTCTIME *t); +\& int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *t); +\& +\& int ASN1_TIME_print(BIO *b, const ASN1_TIME *s); +\& int ASN1_UTCTIME_print(BIO *b, const ASN1_UTCTIME *s); +\& int ASN1_GENERALIZEDTIME_print(BIO *b, const ASN1_GENERALIZEDTIME *s); +\& +\& int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +\& int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, +\& const ASN1_TIME *to); +\& +\& int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t); +\& int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); +\& +\& int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b); +\& +\& ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, +\& ASN1_GENERALIZEDTIME **out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR and \fBASN1_GENERALIZEDTIME_set()\fR +functions set the structure \fBs\fR to the time represented by the time_t +value \fBt\fR. If \fBs\fR is \s-1NULL\s0 a new time structure is allocated and returned. +.PP +The \fBASN1_TIME_adj()\fR, \fBASN1_UTCTIME_adj()\fR and \fBASN1_GENERALIZEDTIME_adj()\fR +functions set the time structure \fBs\fR to the time represented +by the time \fBoffset_day\fR and \fBoffset_sec\fR after the time_t value \fBt\fR. +The values of \fBoffset_day\fR or \fBoffset_sec\fR can be negative to set a +time before \fBt\fR. The \fBoffset_sec\fR value can also exceed the number of +seconds in a day. If \fBs\fR is \s-1NULL\s0 a new structure is allocated +and returned. +.PP +The \fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR and +\&\fBASN1_GENERALIZEDTIME_set_string()\fR functions set the time structure \fBs\fR +to the time represented by string \fBstr\fR which must be in appropriate \s-1ASN.1\s0 +time format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0). If \fBs\fR is \s-1NULL\s0 +this function performs a format check on \fBstr\fR only. The string \fBstr\fR +is copied into \fBs\fR. +.PP +\&\fBASN1_TIME_set_string_X509()\fR sets \s-1ASN1_TIME\s0 structure \fBs\fR to the time +represented by string \fBstr\fR which must be in appropriate time format +that \s-1RFC 5280\s0 requires, which means it only allows \s-1YYMMDDHHMMSSZ\s0 and +\&\s-1YYYYMMDDHHMMSSZ\s0 (leap second is rejected), all other \s-1ASN.1\s0 time format +are not allowed. If \fBs\fR is \s-1NULL\s0 this function performs a format check +on \fBstr\fR only. +.PP +The \fBASN1_TIME_normalize()\fR function converts an \s-1ASN1_GENERALIZEDTIME\s0 or +\&\s-1ASN1_UTCTIME\s0 into a time value that can be used in a certificate. It +should be used after the \fBASN1_TIME_set_string()\fR functions and before +\&\fBASN1_TIME_print()\fR functions to get consistent (i.e. \s-1GMT\s0) results. +.PP +The \fBASN1_TIME_check()\fR, \fBASN1_UTCTIME_check()\fR and \fBASN1_GENERALIZEDTIME_check()\fR +functions check the syntax of the time structure \fBs\fR. +.PP +The \fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR +functions print the time structure \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable +format. It will be of the format \s-1MMM DD HH:MM:SS YYYY\s0 [\s-1GMT\s0], for example +\&\*(L"Feb 3 00:55:52 2015 \s-1GMT\*(R"\s0 it does not include a newline. If the time +structure has invalid format it prints out \*(L"Bad time value\*(R" and returns +an error. The output for generalized time may include a fractional part +following the second. +.PP +\&\fBASN1_TIME_to_tm()\fR converts the time \fBs\fR to the standard \fBtm\fR structure. +If \fBs\fR is \s-1NULL,\s0 then the current time is converted. The output time is \s-1GMT.\s0 +The \fBtm_sec\fR, \fBtm_min\fR, \fBtm_hour\fR, \fBtm_mday\fR, \fBtm_wday\fR, \fBtm_yday\fR, +\&\fBtm_mon\fR and \fBtm_year\fR fields of \fBtm\fR structure are set to proper values, +whereas all other fields are set to 0. If \fBtm\fR is \s-1NULL\s0 this function performs +a format check on \fBs\fR only. If \fBs\fR is in Generalized format with fractional +seconds, e.g. \s-1YYYYMMDDHHMMSS.SSSZ,\s0 the fractional seconds will be lost while +converting \fBs\fR to \fBtm\fR structure. +.PP +\&\fBASN1_TIME_diff()\fR sets \fB*pday\fR and \fB*psec\fR to the time difference between +\&\fBfrom\fR and \fBto\fR. If \fBto\fR represents a time later than \fBfrom\fR then +one or both (depending on the time difference) of \fB*pday\fR and \fB*psec\fR +will be positive. If \fBto\fR represents a time earlier than \fBfrom\fR then +one or both of \fB*pday\fR and \fB*psec\fR will be negative. If \fBto\fR and \fBfrom\fR +represent the same time then \fB*pday\fR and \fB*psec\fR will both be zero. +If both \fB*pday\fR and \fB*psec\fR are non-zero they will always have the same +sign. The value of \fB*psec\fR will always be less than the number of seconds +in a day. If \fBfrom\fR or \fBto\fR is \s-1NULL\s0 the current time is used. +.PP +The \fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR functions compare +the two times represented by the time structure \fBs\fR and the time_t \fBt\fR. +.PP +The \fBASN1_TIME_compare()\fR function compares the two times represented by the +time structures \fBa\fR and \fBb\fR. +.PP +The \fBASN1_TIME_to_generalizedtime()\fR function converts an \s-1ASN1_TIME\s0 to an +\&\s-1ASN1_GENERALIZEDTIME,\s0 regardless of year. If either \fBout\fR or +\&\fB*out\fR are \s-1NULL,\s0 then a new object is allocated and must be freed after use. +.SH "NOTES" +.IX Header "NOTES" +The \s-1ASN1_TIME\s0 structure corresponds to the \s-1ASN.1\s0 structure \fBTime\fR +defined in \s-1RFC5280\s0 et al. The time setting functions obey the rules outlined +in \s-1RFC5280:\s0 if the date can be represented by UTCTime it is used, else +GeneralizedTime is used. +.PP +The \s-1ASN1_TIME, ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 structures are represented +as an \s-1ASN1_STRING\s0 internally and can be freed up using \fBASN1_STRING_free()\fR. +.PP +The \s-1ASN1_TIME\s0 structure can represent years from 0000 to 9999 but no attempt +is made to correct ancient calendar changes (for example from Julian to +Gregorian calendars). +.PP +\&\s-1ASN1_UTCTIME\s0 is limited to a year range of 1950 through 2049. +.PP +Some applications add offset times directly to a time_t value and pass the +results to \fBASN1_TIME_set()\fR (or equivalent). This can cause problems as the +time_t value can overflow on some systems resulting in unexpected results. +New applications should use \fBASN1_TIME_adj()\fR instead and pass the offset value +in the \fBoffset_sec\fR and \fBoffset_day\fR parameters instead of directly +manipulating a time_t value. +.PP +\&\fBASN1_TIME_adj()\fR may change the type from \s-1ASN1_GENERALIZEDTIME\s0 to \s-1ASN1_UTCTIME,\s0 +or vice versa, based on the resulting year. The \fBASN1_GENERALIZEDTIME_adj()\fR and +\&\fBASN1_UTCTIME_adj()\fR functions will not modify the type of the return structure. +.PP +It is recommended that functions starting with \s-1ASN1_TIME\s0 be used instead of +those starting with \s-1ASN1_UTCTIME\s0 or \s-1ASN1_GENERALIZEDTIME.\s0 The functions +starting with \s-1ASN1_UTCTIME\s0 and \s-1ASN1_GENERALIZEDTIME\s0 act only on that specific +time format. The functions starting with \s-1ASN1_TIME\s0 will operate on either +format. +.SH "BUGS" +.IX Header "BUGS" +\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR +do not print out the time zone: it either prints out \*(L"\s-1GMT\*(R"\s0 or nothing. But all +certificates complying with \s-1RFC5280\s0 et al use \s-1GMT\s0 anyway. +.PP +Use the \fBASN1_TIME_normalize()\fR function to normalize the time value before +printing to get \s-1GMT\s0 results. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_TIME_set()\fR, \fBASN1_UTCTIME_set()\fR, \fBASN1_GENERALIZEDTIME_set()\fR, \fBASN1_TIME_adj()\fR, +ASN1_UTCTIME_adj and ASN1_GENERALIZEDTIME_set return a pointer to a time structure +or \s-1NULL\s0 if an error occurred. +.PP +\&\fBASN1_TIME_set_string()\fR, \fBASN1_UTCTIME_set_string()\fR, \fBASN1_GENERALIZEDTIME_set_string()\fR +\&\fBASN1_TIME_set_string_X509()\fR return 1 if the time value is successfully set and 0 otherwise. +.PP +\&\fBASN1_TIME_normalize()\fR returns 1 on success, and 0 on error. +.PP +\&\fBASN1_TIME_check()\fR, ASN1_UTCTIME_check and \fBASN1_GENERALIZEDTIME_check()\fR return 1 +if the structure is syntactically correct and 0 otherwise. +.PP +\&\fBASN1_TIME_print()\fR, \fBASN1_UTCTIME_print()\fR and \fBASN1_GENERALIZEDTIME_print()\fR return 1 +if the time is successfully printed out and 0 if an error occurred (I/O error or +invalid time format). +.PP +\&\fBASN1_TIME_to_tm()\fR returns 1 if the time is successfully parsed and 0 if an +error occurred (invalid time format). +.PP +\&\fBASN1_TIME_diff()\fR returns 1 for success and 0 for failure. It can fail if the +passed-in time structure has invalid syntax, for example. +.PP +\&\fBASN1_TIME_cmp_time_t()\fR and \fBASN1_UTCTIME_cmp_time_t()\fR return \-1 if \fBs\fR is +before \fBt\fR, 0 if \fBs\fR equals \fBt\fR, or 1 if \fBs\fR is after \fBt\fR. \-2 is returned +on error. +.PP +\&\fBASN1_TIME_compare()\fR returns \-1 if \fBa\fR is before \fBb\fR, 0 if \fBa\fR equals \fBb\fR, or 1 if \fBa\fR is after \fBb\fR. \-2 is returned on error. +.PP +\&\fBASN1_TIME_to_generalizedtime()\fR returns a pointer to +the appropriate time structure on success or \s-1NULL\s0 if an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set a time structure to one hour after the current time and print it out: +.PP +.Vb 2 +\& #include +\& #include +\& +\& ASN1_TIME *tm; +\& time_t t; +\& BIO *b; +\& +\& t = time(NULL); +\& tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); +\& b = BIO_new_fp(stdout, BIO_NOCLOSE); +\& ASN1_TIME_print(b, tm); +\& ASN1_STRING_free(tm); +\& BIO_free(b); +.Ve +.PP +Determine if one time is later or sooner than the current time: +.PP +.Vb 1 +\& int day, sec; +\& +\& if (!ASN1_TIME_diff(&day, &sec, NULL, to)) +\& /* Invalid time format */ +\& +\& if (day > 0 || sec > 0) +\& printf("Later\en"); +\& else if (day < 0 || sec < 0) +\& printf("Sooner\en"); +\& else +\& printf("Same\en"); +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +The \fBASN1_TIME_to_tm()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_set_string_X509()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_normalize()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_cmp_time_t()\fR function was added in OpenSSL 1.1.1. +The \fBASN1_TIME_compare()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 b/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 new file mode 100644 index 000000000000..bdaa21551c1c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_TYPE_get.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_TYPE_GET 3" +.TH ASN1_TYPE_GET 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_TYPE_get, ASN1_TYPE_set, ASN1_TYPE_set1, ASN1_TYPE_cmp, ASN1_TYPE_unpack_sequence, ASN1_TYPE_pack_sequence \- ASN1_TYPE utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASN1_TYPE_get(const ASN1_TYPE *a); +\& void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +\& int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +\& int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); +\& +\& void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); +\& ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, +\& ASN1_TYPE **t); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \s-1ASN1_TYPE\s0 structure to be manipulated. The +\&\s-1ASN1_TYPE\s0 structure can contain any \s-1ASN.1\s0 type or constructed type +such as a \s-1SEQUENCE:\s0 it is effectively equivalent to the \s-1ASN.1 ANY\s0 type. +.PP +\&\fBASN1_TYPE_get()\fR returns the type of \fBa\fR. +.PP +\&\fBASN1_TYPE_set()\fR sets the value of \fBa\fR to \fBtype\fR and \fBvalue\fR. This +function uses the pointer \fBvalue\fR internally so it must \fBnot\fR be freed +up after the call. +.PP +\&\fBASN1_TYPE_set1()\fR sets the value of \fBa\fR to \fBtype\fR a copy of \fBvalue\fR. +.PP +\&\fBASN1_TYPE_cmp()\fR compares \s-1ASN.1\s0 types \fBa\fR and \fBb\fR and returns 0 if +they are identical and non-zero otherwise. +.PP +\&\fBASN1_TYPE_unpack_sequence()\fR attempts to parse the \s-1SEQUENCE\s0 present in +\&\fBt\fR using the \s-1ASN.1\s0 structure \fBit\fR. If successful it returns a pointer +to the \s-1ASN.1\s0 structure corresponding to \fBit\fR which must be freed by the +caller. If it fails it return \s-1NULL.\s0 +.PP +\&\fBASN1_TYPE_pack_sequence()\fR attempts to encode the \s-1ASN.1\s0 structure \fBs\fR +corresponding to \fBit\fR into an \s-1ASN1_TYPE.\s0 If successful the encoded +\&\s-1ASN1_TYPE\s0 is returned. If \fBt\fR and \fB*t\fR are not \s-1NULL\s0 the encoded type +is written to \fBt\fR overwriting any existing data. If \fBt\fR is not \s-1NULL\s0 +but \fB*t\fR is \s-1NULL\s0 the returned \s-1ASN1_TYPE\s0 is written to \fB*t\fR. +.SH "NOTES" +.IX Header "NOTES" +The type and meaning of the \fBvalue\fR parameter for \fBASN1_TYPE_set()\fR and +\&\fBASN1_TYPE_set1()\fR is determined by the \fBtype\fR parameter. +If \fBtype\fR is V_ASN1_NULL \fBvalue\fR is ignored. If \fBtype\fR is V_ASN1_BOOLEAN +then the boolean is set to \s-1TRUE\s0 if \fBvalue\fR is not \s-1NULL.\s0 If \fBtype\fR is +V_ASN1_OBJECT then value is an \s-1ASN1_OBJECT\s0 structure. Otherwise \fBtype\fR +is and \s-1ASN1_STRING\s0 structure. If \fBtype\fR corresponds to a primitive type +(or a string type) then the contents of the \s-1ASN1_STRING\s0 contain the content +octets of the type. If \fBtype\fR corresponds to a constructed type or +a tagged type (V_ASN1_SEQUENCE, V_ASN1_SET or V_ASN1_OTHER) then the +\&\s-1ASN1_STRING\s0 contains the entire \s-1ASN.1\s0 encoding verbatim (including tag and +length octets). +.PP +\&\fBASN1_TYPE_cmp()\fR may not return zero if two types are equivalent but have +different encodings. For example the single content octet of the boolean \s-1TRUE\s0 +value under \s-1BER\s0 can have any non-zero encoding but \fBASN1_TYPE_cmp()\fR will +only return zero if the values are the same. +.PP +If either or both of the parameters passed to \fBASN1_TYPE_cmp()\fR is \s-1NULL\s0 the +return value is non-zero. Technically if both parameters are \s-1NULL\s0 the two +types could be absent \s-1OPTIONAL\s0 fields and so should match, however passing +\&\s-1NULL\s0 values could also indicate a programming error (for example an +unparseable type which returns \s-1NULL\s0) for types which do \fBnot\fR match. So +applications should handle the case of two absent values separately. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_TYPE_get()\fR returns the type of the \s-1ASN1_TYPE\s0 argument. +.PP +\&\fBASN1_TYPE_set()\fR does not return a value. +.PP +\&\fBASN1_TYPE_set1()\fR returns 1 for success and 0 for failure. +.PP +\&\fBASN1_TYPE_cmp()\fR returns 0 if the types are identical and non-zero otherwise. +.PP +\&\fBASN1_TYPE_unpack_sequence()\fR returns a pointer to an \s-1ASN.1\s0 structure or +\&\s-1NULL\s0 on failure. +.PP +\&\fBASN1_TYPE_pack_sequence()\fR return an \s-1ASN1_TYPE\s0 structure if it succeeds or +\&\s-1NULL\s0 on failure. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 new file mode 100644 index 000000000000..835adc7b3be1 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASN1_generate_nconf.3 @@ -0,0 +1,381 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASN1_GENERATE_NCONF 3" +.TH ASN1_GENERATE_NCONF 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASN1_generate_nconf, ASN1_generate_v3 \- ASN1 generation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +\& ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions generate the \s-1ASN1\s0 encoding of a string +in an \fB\s-1ASN1_TYPE\s0\fR structure. +.PP +\&\fBstr\fR contains the string to encode \fBnconf\fR or \fBcnf\fR contains +the optional configuration information where additional strings +will be read from. \fBnconf\fR will typically come from a config +file whereas \fBcnf\fR is obtained from an \fBX509V3_CTX\fR structure +which will typically be used by X509 v3 certificate extension +functions. \fBcnf\fR or \fBnconf\fR can be set to \fB\s-1NULL\s0\fR if no additional +configuration will be used. +.SH "GENERATION STRING FORMAT" +.IX Header "GENERATION STRING FORMAT" +The actual data encoded is determined by the string \fBstr\fR and +the configuration information. The general format of the string +is: +.IP "\fB[modifier,]type[:value]\fR" 4 +.IX Item "[modifier,]type[:value]" +.PP +That is zero or more comma separated modifiers followed by a type +followed by an optional colon and a value. The formats of \fBtype\fR, +\&\fBvalue\fR and \fBmodifier\fR are explained below. +.SS "Supported Types" +.IX Subsection "Supported Types" +The supported types are listed below. Unless otherwise specified +only the \fB\s-1ASCII\s0\fR format is permissible. +.IP "\fB\s-1BOOLEAN\s0\fR, \fB\s-1BOOL\s0\fR" 4 +.IX Item "BOOLEAN, BOOL" +This encodes a boolean type. The \fBvalue\fR string is mandatory and +should be \fB\s-1TRUE\s0\fR or \fB\s-1FALSE\s0\fR. Additionally \fB\s-1TRUE\s0\fR, \fBtrue\fR, \fBY\fR, +\&\fBy\fR, \fB\s-1YES\s0\fR, \fByes\fR, \fB\s-1FALSE\s0\fR, \fBfalse\fR, \fBN\fR, \fBn\fR, \fB\s-1NO\s0\fR and \fBno\fR +are acceptable. +.IP "\fB\s-1NULL\s0\fR" 4 +.IX Item "NULL" +Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present. +.IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 4 +.IX Item "INTEGER, INT" +Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents +the value of the integer, it can be prefaced by a minus sign and +is normally interpreted as a decimal value unless the prefix \fB0x\fR +is included. +.IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 4 +.IX Item "ENUMERATED, ENUM" +Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to +\&\fB\s-1INTEGER\s0\fR. +.IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 4 +.IX Item "OBJECT, OID" +Encodes an \s-1ASN1\s0 \fB\s-1OBJECT IDENTIFIER\s0\fR, the \fBvalue\fR string can be +a short name, a long name or numerical format. +.IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 4 +.IX Item "UTCTIME, UTC" +Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in +the format \fB\s-1YYMMDDHHMMSSZ\s0\fR. +.IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 4 +.IX Item "GENERALIZEDTIME, GENTIME" +Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in +the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. +.IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 4 +.IX Item "OCTETSTRING, OCT" +Encodes an \s-1ASN1\s0 \fB\s-1OCTET STRING\s0\fR. \fBvalue\fR represents the contents +of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be +used to specify the format of \fBvalue\fR. +.IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 4 +.IX Item "BITSTRING, BITSTR" +Encodes an \s-1ASN1\s0 \fB\s-1BIT STRING\s0\fR. \fBvalue\fR represents the contents +of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR +can be used to specify the format of \fBvalue\fR. +.Sp +If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused +bits is set to zero. +.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 4 +.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC" +These encode the corresponding string types. \fBvalue\fR represents the +contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. +.IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 4 +.IX Item "SEQUENCE, SEQ, SET" +Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR +should be a section name which will contain the contents. The +field names in the section are ignored and the values are in the +generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0 +will be encoded. +.SS "Modifiers" +.IX Subsection "Modifiers" +Modifiers affect the following structure, they can be used to +add \s-1EXPLICIT\s0 or \s-1IMPLICIT\s0 tagging, add wrappers or to change +the string format of the final type and value. The supported +formats are documented below. +.IP "\fB\s-1EXPLICIT\s0\fR, \fB\s-1EXP\s0\fR" 4 +.IX Item "EXPLICIT, EXP" +Add an explicit tag to the following structure. This string +should be followed by a colon and the tag value to use as a +decimal value. +.Sp +By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL, +APPLICATION, PRIVATE\s0 or \s-1CONTEXT SPECIFIC\s0 tagging can be used, +the default is \s-1CONTEXT SPECIFIC.\s0 +.IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 4 +.IX Item "IMPLICIT, IMP" +This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used +instead. +.IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 4 +.IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP" +The following structure is surrounded by an \s-1OCTET STRING,\s0 a \s-1SEQUENCE,\s0 +a \s-1SET\s0 or a \s-1BIT STRING\s0 respectively. For a \s-1BIT STRING\s0 the number of unused +bits is set to zero. +.IP "\fB\s-1FORMAT\s0\fR" 4 +.IX Item "FORMAT" +This specifies the format of the ultimate value. It should be followed +by a colon and one of the strings \fB\s-1ASCII\s0\fR, \fB\s-1UTF8\s0\fR, \fB\s-1HEX\s0\fR or \fB\s-1BITLIST\s0\fR. +.Sp +If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is +specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the +output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT +STRING\s0) is a comma separated list of the indices of the set bits, all other +bits are zero. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASN1_generate_nconf()\fR and \fBASN1_generate_v3()\fR return the encoded +data as an \fB\s-1ASN1_TYPE\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +The error codes that can be obtained by \fBERR_get_error\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A simple IA5String: +.PP +.Vb 1 +\& IA5STRING:Hello World +.Ve +.PP +An IA5String explicitly tagged: +.PP +.Vb 1 +\& EXPLICIT:0,IA5STRING:Hello World +.Ve +.PP +An IA5String explicitly tagged using \s-1APPLICATION\s0 tagging: +.PP +.Vb 1 +\& EXPLICIT:0A,IA5STRING:Hello World +.Ve +.PP +A \s-1BITSTRING\s0 with bits 1 and 5 set and all others zero: +.PP +.Vb 1 +\& FORMAT:BITLIST,BITSTRING:1,5 +.Ve +.PP +A more complex example using a config file to produce a +\&\s-1SEQUENCE\s0 consisting of a \s-1BOOL\s0 an \s-1OID\s0 and a UTF8String: +.PP +.Vb 1 +\& asn1 = SEQUENCE:seq_section +\& +\& [seq_section] +\& +\& field1 = BOOLEAN:TRUE +\& field2 = OID:commonName +\& field3 = UTF8:Third field +.Ve +.PP +This example produces an RSAPrivateKey structure, this is the +key contained in the file client.pem in all OpenSSL distributions +(note: the field names such as 'coeff' are ignored and are present just +for clarity): +.PP +.Vb 3 +\& asn1=SEQUENCE:private_key +\& [private_key] +\& version=INTEGER:0 +\& +\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 +\& +\& e=INTEGER:0x010001 +\& +\& d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\e +\& F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D +\& +\& p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\e +\& D4BD57 +\& +\& q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\e +\& 46EC4F +\& +\& exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\e +\& 9C0A39B9 +\& +\& exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e +\& E7B2458F +\& +\& coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e +\& 628657053A +.Ve +.PP +This example is the corresponding public key in a SubjectPublicKeyInfo +structure: +.PP +.Vb 2 +\& # Start with a SEQUENCE +\& asn1=SEQUENCE:pubkeyinfo +\& +\& # pubkeyinfo contains an algorithm identifier and the public key wrapped +\& # in a BIT STRING +\& [pubkeyinfo] +\& algorithm=SEQUENCE:rsa_alg +\& pubkey=BITWRAP,SEQUENCE:rsapubkey +\& +\& # algorithm ID for RSA is just an OID and a NULL +\& [rsa_alg] +\& algorithm=OID:rsaEncryption +\& parameter=NULL +\& +\& # Actual public key: modulus and exponent +\& [rsapubkey] +\& n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +\& D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 +\& +\& e=INTEGER:0x010001 +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 b/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 new file mode 100644 index 000000000000..3e45ef782019 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASYNC_WAIT_CTX_new.3 @@ -0,0 +1,270 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASYNC_WAIT_CTX_NEW 3" +.TH ASYNC_WAIT_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASYNC_WAIT_CTX_new, ASYNC_WAIT_CTX_free, ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd \- functions to manage waiting for asynchronous jobs to complete +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +\& void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +\& int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, +\& OSSL_ASYNC_FD fd, +\& void *custom_data, +\& void (*cleanup)(ASYNC_WAIT_CTX *, const void *, +\& OSSL_ASYNC_FD, void *)); +\& int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, +\& OSSL_ASYNC_FD *fd, void **custom_data); +\& int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, +\& size_t *numfds); +\& int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, +\& size_t *numaddfds, OSSL_ASYNC_FD *delfd, +\& size_t *numdelfds); +\& int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +For an overview of how asynchronous operations are implemented in OpenSSL see +\&\fBASYNC_start_job\fR\|(3). An \s-1ASYNC_WAIT_CTX\s0 object represents an asynchronous +\&\*(L"session\*(R", i.e. a related set of crypto operations. For example in \s-1SSL\s0 terms +this would have a one-to-one correspondence with an \s-1SSL\s0 connection. +.PP +Application code must create an \s-1ASYNC_WAIT_CTX\s0 using the \fBASYNC_WAIT_CTX_new()\fR +function prior to calling \fBASYNC_start_job()\fR (see \fBASYNC_start_job\fR\|(3)). When +the job is started it is associated with the \s-1ASYNC_WAIT_CTX\s0 for the duration of +that job. An \s-1ASYNC_WAIT_CTX\s0 should only be used for one \s-1ASYNC_JOB\s0 at any one +time, but can be reused after an \s-1ASYNC_JOB\s0 has finished for a subsequent +\&\s-1ASYNC_JOB.\s0 When the session is complete (e.g. the \s-1SSL\s0 connection is closed), +application code cleans up with \fBASYNC_WAIT_CTX_free()\fR. +.PP +ASYNC_WAIT_CTXs can have \*(L"wait\*(R" file descriptors associated with them. Calling +\&\fBASYNC_WAIT_CTX_get_all_fds()\fR and passing in a pointer to an \s-1ASYNC_WAIT_CTX\s0 in +the \fBctx\fR parameter will return the wait file descriptors associated with that +job in \fB*fd\fR. The number of file descriptors returned will be stored in +\&\fB*numfds\fR. It is the caller's responsibility to ensure that sufficient memory +has been allocated in \fB*fd\fR to receive all the file descriptors. Calling +\&\fBASYNC_WAIT_CTX_get_all_fds()\fR with a \s-1NULL\s0 \fBfd\fR value will return no file +descriptors but will still populate \fB*numfds\fR. Therefore application code is +typically expected to call this function twice: once to get the number of fds, +and then again when sufficient memory has been allocated. If only one +asynchronous engine is being used then normally this call will only ever return +one fd. If multiple asynchronous engines are being used then more could be +returned. +.PP +The function \fBASYNC_WAIT_CTX_get_changed_fds()\fR can be used to detect if any fds +have changed since the last call time \fBASYNC_start_job()\fR returned an \s-1ASYNC_PAUSE\s0 +result (or since the \s-1ASYNC_WAIT_CTX\s0 was created if no \s-1ASYNC_PAUSE\s0 result has +been received). The \fBnumaddfds\fR and \fBnumdelfds\fR parameters will be populated +with the number of fds added or deleted respectively. \fB*addfd\fR and \fB*delfd\fR +will be populated with the list of added and deleted fds respectively. Similarly +to \fBASYNC_WAIT_CTX_get_all_fds()\fR either of these can be \s-1NULL,\s0 but if they are not +\&\s-1NULL\s0 then the caller is responsible for ensuring sufficient memory is allocated. +.PP +Implementors of async aware code (e.g. engines) are encouraged to return a +stable fd for the lifetime of the \s-1ASYNC_WAIT_CTX\s0 in order to reduce the \*(L"churn\*(R" +of regularly changing fds \- although no guarantees of this are provided to +applications. +.PP +Applications can wait for the file descriptor to be ready for \*(L"read\*(R" using a +system function call such as select or poll (being ready for \*(L"read\*(R" indicates +that the job should be resumed). If no file descriptor is made available then an +application will have to periodically \*(L"poll\*(R" the job by attempting to restart it +to see if it is ready to continue. +.PP +Async aware code (e.g. engines) can get the current \s-1ASYNC_WAIT_CTX\s0 from the job +via \fBASYNC_get_wait_ctx\fR\|(3) and provide a file descriptor to use for waiting +on by calling \fBASYNC_WAIT_CTX_set_wait_fd()\fR. Typically this would be done by an +engine immediately prior to calling \fBASYNC_pause_job()\fR and not by end user code. +An existing association with a file descriptor can be obtained using +\&\fBASYNC_WAIT_CTX_get_fd()\fR and cleared using \fBASYNC_WAIT_CTX_clear_fd()\fR. Both of +these functions requires a \fBkey\fR value which is unique to the async aware +code. This could be any unique value but a good candidate might be the +\&\fB\s-1ENGINE\s0 *\fR for the engine. The \fBcustom_data\fR parameter can be any value, and +will be returned in a subsequent call to \fBASYNC_WAIT_CTX_get_fd()\fR. The +\&\fBASYNC_WAIT_CTX_set_wait_fd()\fR function also expects a pointer to a \*(L"cleanup\*(R" +routine. This can be \s-1NULL\s0 but if provided will automatically get called when +the \s-1ASYNC_WAIT_CTX\s0 is freed, and gives the engine the opportunity to close the +fd or any other resources. Note: The \*(L"cleanup\*(R" routine does not get called if +the fd is cleared directly via a call to \fBASYNC_WAIT_CTX_clear_fd()\fR. +.PP +An example of typical usage might be an async capable engine. User code would +initiate cryptographic operations. The engine would initiate those operations +asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd()\fR followed by +\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then +perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other +similar function on the wait file descriptor. The engine can signal to the user +code that the job should be resumed by making the wait file descriptor +\&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait +file descriptor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBASYNC_WAIT_CTX_new()\fR returns a pointer to the newly allocated \s-1ASYNC_WAIT_CTX\s0 or +\&\s-1NULL\s0 on error. +.PP +ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds, +ASYNC_WAIT_CTX_get_changed_fds and ASYNC_WAIT_CTX_clear_fd all return 1 on +success or 0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBASYNC_start_job\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBASYNC_WAIT_CTX_new()\fR, \fBASYNC_WAIT_CTX_free()\fR, \fBASYNC_WAIT_CTX_set_wait_fd()\fR, +\&\fBASYNC_WAIT_CTX_get_fd()\fR, \fBASYNC_WAIT_CTX_get_all_fds()\fR, +\&\fBASYNC_WAIT_CTX_get_changed_fds()\fR and \fBASYNC_WAIT_CTX_clear_fd()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 b/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 new file mode 100644 index 000000000000..c55195c6ea00 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ASYNC_start_job.3 @@ -0,0 +1,453 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ASYNC_START_JOB 3" +.TH ASYNC_START_JOB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ASYNC_get_wait_ctx, ASYNC_init_thread, ASYNC_cleanup_thread, ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_block_pause, ASYNC_unblock_pause, ASYNC_is_capable \&\- asynchronous job management functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ASYNC_init_thread(size_t max_size, size_t init_size); +\& void ASYNC_cleanup_thread(void); +\& +\& int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, +\& int (*func)(void *), void *args, size_t size); +\& int ASYNC_pause_job(void); +\& +\& ASYNC_JOB *ASYNC_get_current_job(void); +\& ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +\& void ASYNC_block_pause(void); +\& void ASYNC_unblock_pause(void); +\& +\& int ASYNC_is_capable(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL implements asynchronous capabilities through an \s-1ASYNC_JOB.\s0 This +represents code that can be started and executes until some event occurs. At +that point the code can be paused and control returns to user code until some +subsequent event indicates that the job can be resumed. +.PP +The creation of an \s-1ASYNC_JOB\s0 is a relatively expensive operation. Therefore, for +efficiency reasons, jobs can be created up front and reused many times. They are +held in a pool until they are needed, at which point they are removed from the +pool, used, and then returned to the pool when the job completes. If the user +application is multi-threaded, then \fBASYNC_init_thread()\fR may be called for each +thread that will initiate asynchronous jobs. Before +user code exits per-thread resources need to be cleaned up. This will normally +occur automatically (see \fBOPENSSL_init_crypto\fR\|(3)) but may be explicitly +initiated by using \fBASYNC_cleanup_thread()\fR. No asynchronous jobs must be +outstanding for the thread when \fBASYNC_cleanup_thread()\fR is called. Failing to +ensure this will result in memory leaks. +.PP +The \fBmax_size\fR argument limits the number of ASYNC_JOBs that will be held in +the pool. If \fBmax_size\fR is set to 0 then no upper limit is set. When an +\&\s-1ASYNC_JOB\s0 is needed but there are none available in the pool already then one +will be automatically created, as long as the total of ASYNC_JOBs managed by the +pool does not exceed \fBmax_size\fR. When the pool is first initialised +\&\fBinit_size\fR ASYNC_JOBs will be created immediately. If \fBASYNC_init_thread()\fR is +not called before the pool is first used then it will be called automatically +with a \fBmax_size\fR of 0 (no upper limit) and an \fBinit_size\fR of 0 (no ASYNC_JOBs +created up front). +.PP +An asynchronous job is started by calling the \fBASYNC_start_job()\fR function. +Initially \fB*job\fR should be \s-1NULL.\s0 \fBctx\fR should point to an \s-1ASYNC_WAIT_CTX\s0 +object created through the \fBASYNC_WAIT_CTX_new\fR\|(3) function. \fBret\fR should +point to a location where the return value of the asynchronous function should +be stored on completion of the job. \fBfunc\fR represents the function that should +be started asynchronously. The data pointed to by \fBargs\fR and of size \fBsize\fR +will be copied and then passed as an argument to \fBfunc\fR when the job starts. +ASYNC_start_job will return one of the following values: +.IP "\fB\s-1ASYNC_ERR\s0\fR" 4 +.IX Item "ASYNC_ERR" +An error occurred trying to start the job. Check the OpenSSL error queue (e.g. +see \fBERR_print_errors\fR\|(3)) for more details. +.IP "\fB\s-1ASYNC_NO_JOBS\s0\fR" 4 +.IX Item "ASYNC_NO_JOBS" +There are no jobs currently available in the pool. This call can be retried +again at a later time. +.IP "\fB\s-1ASYNC_PAUSE\s0\fR" 4 +.IX Item "ASYNC_PAUSE" +The job was successfully started but was \*(L"paused\*(R" before it completed (see +\&\fBASYNC_pause_job()\fR below). A handle to the job is placed in \fB*job\fR. Other work +can be performed (if desired) and the job restarted at a later time. To restart +a job call \fBASYNC_start_job()\fR again passing the job handle in \fB*job\fR. The +\&\fBfunc\fR, \fBargs\fR and \fBsize\fR parameters will be ignored when restarting a job. +When restarting a job \fBASYNC_start_job()\fR \fBmust\fR be called from the same thread +that the job was originally started from. +.IP "\fB\s-1ASYNC_FINISH\s0\fR" 4 +.IX Item "ASYNC_FINISH" +The job completed. \fB*job\fR will be \s-1NULL\s0 and the return value from \fBfunc\fR will +be placed in \fB*ret\fR. +.PP +At any one time there can be a maximum of one job actively running per thread +(you can have many that are paused). \fBASYNC_get_current_job()\fR can be used to get +a pointer to the currently executing \s-1ASYNC_JOB.\s0 If no job is currently executing +then this will return \s-1NULL.\s0 +.PP +If executing within the context of a job (i.e. having been called directly or +indirectly by the function \*(L"func\*(R" passed as an argument to \fBASYNC_start_job()\fR) +then \fBASYNC_pause_job()\fR will immediately return control to the calling +application with \s-1ASYNC_PAUSE\s0 returned from the \fBASYNC_start_job()\fR call. A +subsequent call to ASYNC_start_job passing in the relevant \s-1ASYNC_JOB\s0 in the +\&\fB*job\fR parameter will resume execution from the \fBASYNC_pause_job()\fR call. If +\&\fBASYNC_pause_job()\fR is called whilst not within the context of a job then no +action is taken and \fBASYNC_pause_job()\fR returns immediately. +.PP +\&\fBASYNC_get_wait_ctx()\fR can be used to get a pointer to the \s-1ASYNC_WAIT_CTX\s0 +for the \fBjob\fR. ASYNC_WAIT_CTXs can have a \*(L"wait\*(R" file descriptor associated +with them. Applications can wait for the file descriptor to be ready for \*(L"read\*(R" +using a system function call such as select or poll (being ready for \*(L"read\*(R" +indicates that the job should be resumed). If no file descriptor is made +available then an application will have to periodically \*(L"poll\*(R" the job by +attempting to restart it to see if it is ready to continue. +.PP +An example of typical usage might be an async capable engine. User code would +initiate cryptographic operations. The engine would initiate those operations +asynchronously and then call \fBASYNC_WAIT_CTX_set_wait_fd\fR\|(3) followed by +\&\fBASYNC_pause_job()\fR to return control to the user code. The user code can then +perform other tasks or wait for the job to be ready by calling \*(L"select\*(R" or other +similar function on the wait file descriptor. The engine can signal to the user +code that the job should be resumed by making the wait file descriptor +\&\*(L"readable\*(R". Once resumed the engine should clear the wake signal on the wait +file descriptor. +.PP +The \fBASYNC_block_pause()\fR function will prevent the currently active job from +pausing. The block will remain in place until a subsequent call to +\&\fBASYNC_unblock_pause()\fR. These functions can be nested, e.g. if you call +\&\fBASYNC_block_pause()\fR twice then you must call \fBASYNC_unblock_pause()\fR twice in +order to re-enable pausing. If these functions are called while there is no +currently active job then they have no effect. This functionality can be useful +to avoid deadlock scenarios. For example during the execution of an \s-1ASYNC_JOB\s0 an +application acquires a lock. It then calls some cryptographic function which +invokes \fBASYNC_pause_job()\fR. This returns control back to the code that created +the \s-1ASYNC_JOB.\s0 If that code then attempts to acquire the same lock before +resuming the original job then a deadlock can occur. By calling +\&\fBASYNC_block_pause()\fR immediately after acquiring the lock and +\&\fBASYNC_unblock_pause()\fR immediately before releasing it then this situation cannot +occur. +.PP +Some platforms cannot support async operations. The \fBASYNC_is_capable()\fR function +can be used to detect whether the current platform is async capable or not. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +ASYNC_init_thread returns 1 on success or 0 otherwise. +.PP +ASYNC_start_job returns one of \s-1ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE\s0 or +\&\s-1ASYNC_FINISH\s0 as described above. +.PP +ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when +not within the context of an \s-1ASYNC_JOB\s0 then this is counted as success so 1 is +returned. +.PP +ASYNC_get_current_job returns a pointer to the currently executing \s-1ASYNC_JOB\s0 or +\&\s-1NULL\s0 if not within the context of a job. +.PP +\&\fBASYNC_get_wait_ctx()\fR returns a pointer to the \s-1ASYNC_WAIT_CTX\s0 for the job. +.PP +\&\fBASYNC_is_capable()\fR returns 1 if the current platform is async capable or 0 +otherwise. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example demonstrates how to use most of the core async APIs: +.PP +.Vb 7 +\& #ifdef _WIN32 +\& # include +\& #endif +\& #include +\& #include +\& #include +\& #include +\& +\& int unique = 0; +\& +\& void cleanup(ASYNC_WAIT_CTX *ctx, const void *key, OSSL_ASYNC_FD r, void *vw) +\& { +\& OSSL_ASYNC_FD *w = (OSSL_ASYNC_FD *)vw; +\& +\& close(r); +\& close(*w); +\& OPENSSL_free(w); +\& } +\& +\& int jobfunc(void *arg) +\& { +\& ASYNC_JOB *currjob; +\& unsigned char *msg; +\& int pipefds[2] = {0, 0}; +\& OSSL_ASYNC_FD *wptr; +\& char buf = \*(AqX\*(Aq; +\& +\& currjob = ASYNC_get_current_job(); +\& if (currjob != NULL) { +\& printf("Executing within a job\en"); +\& } else { +\& printf("Not executing within a job \- should not happen\en"); +\& return 0; +\& } +\& +\& msg = (unsigned char *)arg; +\& printf("Passed in message is: %s\en", msg); +\& +\& if (pipe(pipefds) != 0) { +\& printf("Failed to create pipe\en"); +\& return 0; +\& } +\& wptr = OPENSSL_malloc(sizeof(OSSL_ASYNC_FD)); +\& if (wptr == NULL) { +\& printf("Failed to malloc\en"); +\& return 0; +\& } +\& *wptr = pipefds[1]; +\& ASYNC_WAIT_CTX_set_wait_fd(ASYNC_get_wait_ctx(currjob), &unique, +\& pipefds[0], wptr, cleanup); +\& +\& /* +\& * Normally some external event would cause this to happen at some +\& * later point \- but we do it here for demo purposes, i.e. +\& * immediately signalling that the job is ready to be woken up after +\& * we return to main via ASYNC_pause_job(). +\& */ +\& write(pipefds[1], &buf, 1); +\& +\& /* Return control back to main */ +\& ASYNC_pause_job(); +\& +\& /* Clear the wake signal */ +\& read(pipefds[0], &buf, 1); +\& +\& printf ("Resumed the job after a pause\en"); +\& +\& return 1; +\& } +\& +\& int main(void) +\& { +\& ASYNC_JOB *job = NULL; +\& ASYNC_WAIT_CTX *ctx = NULL; +\& int ret; +\& OSSL_ASYNC_FD waitfd; +\& fd_set waitfdset; +\& size_t numfds; +\& unsigned char msg[13] = "Hello world!"; +\& +\& printf("Starting...\en"); +\& +\& ctx = ASYNC_WAIT_CTX_new(); +\& if (ctx == NULL) { +\& printf("Failed to create ASYNC_WAIT_CTX\en"); +\& abort(); +\& } +\& +\& for (;;) { +\& switch (ASYNC_start_job(&job, ctx, &ret, jobfunc, msg, sizeof(msg))) { +\& case ASYNC_ERR: +\& case ASYNC_NO_JOBS: +\& printf("An error occurred\en"); +\& goto end; +\& case ASYNC_PAUSE: +\& printf("Job was paused\en"); +\& break; +\& case ASYNC_FINISH: +\& printf("Job finished with return value %d\en", ret); +\& goto end; +\& } +\& +\& /* Wait for the job to be woken */ +\& printf("Waiting for the job to be woken up\en"); +\& +\& if (!ASYNC_WAIT_CTX_get_all_fds(ctx, NULL, &numfds) +\& || numfds > 1) { +\& printf("Unexpected number of fds\en"); +\& abort(); +\& } +\& ASYNC_WAIT_CTX_get_all_fds(ctx, &waitfd, &numfds); +\& FD_ZERO(&waitfdset); +\& FD_SET(waitfd, &waitfdset); +\& select(waitfd + 1, &waitfdset, NULL, NULL, NULL); +\& } +\& +\& end: +\& ASYNC_WAIT_CTX_free(ctx); +\& printf("Finishing\en"); +\& +\& return 0; +\& } +.Ve +.PP +The expected output from executing the above example program is: +.PP +.Vb 8 +\& Starting... +\& Executing within a job +\& Passed in message is: Hello world! +\& Job was paused +\& Waiting for the job to be woken up +\& Resumed the job after a pause +\& Job finished with return value 1 +\& Finishing +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBERR_print_errors\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +ASYNC_init_thread, ASYNC_cleanup_thread, +ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, \fBASYNC_get_wait_ctx()\fR, +\&\fBASYNC_block_pause()\fR, \fBASYNC_unblock_pause()\fR and \fBASYNC_is_capable()\fR were first +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BF_encrypt.3 b/secure/lib/libcrypto/man/man3/BF_encrypt.3 new file mode 100644 index 000000000000..6b3e3291d2f3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BF_encrypt.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BF_ENCRYPT 3" +.TH BF_ENCRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BF_set_key(BF_KEY *key, int len, const unsigned char *data); +\& +\& void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, +\& BF_KEY *key, int enc); +\& void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int enc); +\& void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int *num, int enc); +\& void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, +\& unsigned char *ivec, int *num); +\& const char *BF_options(void); +\& +\& void BF_encrypt(BF_LONG *data, const BF_KEY *key); +\& void BF_decrypt(BF_LONG *data, const BF_KEY *key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements the Blowfish cipher, which was invented and described +by Counterpane (see http://www.counterpane.com/blowfish.html ). +.PP +Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. +It uses a variable size key, but typically, 128 bit (16 byte) keys are +considered good for strong encryption. Blowfish can be used in the same +modes as \s-1DES\s0 (see \fBdes_modes\fR\|(7)). Blowfish is currently one +of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much +faster than \s-1IDEA\s0 or \s-1RC2.\s0 +.PP +Blowfish consists of a key setup phase and the actual encryption or decryption +phase. +.PP +\&\fBBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key +at \fBdata\fR. +.PP +\&\fBBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. +It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) +or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. The vector pointed at by +\&\fBin\fR and \fBout\fR must be 64 bits in length, no less. If they are larger, +everything after the first 64 bits is ignored. +.PP +The mode functions \fBBF_cbc_encrypt()\fR, \fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR +all operate on variable length data. They all take an initialization vector +\&\fBivec\fR which needs to be passed along into the next call of the same function +for the same message. \fBivec\fR may be initialized with anything, but the +recipient needs to know what it was initialized with, or it won't be able +to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where +\&\fBivec\fR is simply initialized to zero. +\&\fBBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while +\&\fBBF_cfb64_encrypt()\fR and \fBBF_ofb64_encrypt()\fR are used to encrypt an variable +number of bytes (the amount does not have to be an exact multiple of 8). The +purpose of the latter two is to simulate stream ciphers, and therefore, they +need the parameter \fBnum\fR, which is a pointer to an integer where the current +offset in \fBivec\fR is stored between calls. This integer must be initialized +to zero when \fBivec\fR is initialized. +.PP +\&\fBBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It +encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or +decryption (\s-1BF_DECRYPT\s0) shall be performed. \fBivec\fR must point at an 8 byte +long initialization vector. +.PP +\&\fBBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. +It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) +or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. \fBivec\fR must point at an +8 byte long initialization vector. \fBnum\fR must point at an integer which must +be initially zero. +.PP +\&\fBBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. +It uses the same parameters as \fBBF_cfb64_encrypt()\fR, which must be initialized +the same way. +.PP +\&\fBBF_encrypt()\fR and \fBBF_decrypt()\fR are the lowest level functions for Blowfish +encryption. They encrypt/decrypt the first 64 bits of the vector pointed by +\&\fBdata\fR, using the key \fBkey\fR. These functions should not be used unless you +implement 'modes' of Blowfish. The alternative is to use \fBBF_ecb_encrypt()\fR. +If you still want to use these functions, you should be aware that they take +each 32\-bit chunk in host-byte order, which is little-endian on little-endian +platforms and big-endian on big-endian ones. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions presented here return any value. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBdes_modes\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_ADDR.3 b/secure/lib/libcrypto/man/man3/BIO_ADDR.3 new file mode 100644 index 000000000000..3cbe4dd42cd9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_ADDR.3 @@ -0,0 +1,253 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_ADDR 3" +.TH BIO_ADDR 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_ADDR, BIO_ADDR_new, BIO_ADDR_clear, BIO_ADDR_free, BIO_ADDR_rawmake, BIO_ADDR_family, BIO_ADDR_rawaddress, BIO_ADDR_rawport, BIO_ADDR_hostname_string, BIO_ADDR_service_string, BIO_ADDR_path_string \- BIO_ADDR routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& typedef union bio_addr_st BIO_ADDR; +\& +\& BIO_ADDR *BIO_ADDR_new(void); +\& void BIO_ADDR_free(BIO_ADDR *); +\& void BIO_ADDR_clear(BIO_ADDR *ap); +\& int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, +\& const void *where, size_t wherelen, unsigned short port); +\& int BIO_ADDR_family(const BIO_ADDR *ap); +\& int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +\& unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +\& char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +\& char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +\& char *BIO_ADDR_path_string(const BIO_ADDR *ap); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_ADDR\s0\fR type is a wrapper around all types of socket +addresses that OpenSSL deals with, currently transparently +supporting \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX\s0 according to what's +available on the platform at hand. +.PP +\&\fBBIO_ADDR_new()\fR creates a new unfilled \fB\s-1BIO_ADDR\s0\fR, to be used +with routines that will fill it with information, such as +\&\fBBIO_accept_ex()\fR. +.PP +\&\fBBIO_ADDR_free()\fR frees a \fB\s-1BIO_ADDR\s0\fR created with \fBBIO_ADDR_new()\fR. +.PP +\&\fBBIO_ADDR_clear()\fR clears any data held within the provided \fB\s-1BIO_ADDR\s0\fR and sets +it back to an uninitialised state. +.PP +\&\fBBIO_ADDR_rawmake()\fR takes a protocol \fBfamily\fR, an byte array of +size \fBwherelen\fR with an address in network byte order pointed at +by \fBwhere\fR and a port number in network byte order in \fBport\fR (except +for the \fB\s-1AF_UNIX\s0\fR protocol family, where \fBport\fR is meaningless and +therefore ignored) and populates the given \fB\s-1BIO_ADDR\s0\fR with them. +In case this creates a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBwherelen\fR is expected +to be the length of the path string (not including the terminating +\&\s-1NUL,\s0 such as the result of a call to \fBstrlen()\fR). +\&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. +.PP +\&\fBBIO_ADDR_family()\fR returns the protocol family of the given +\&\fB\s-1BIO_ADDR\s0\fR. The possible non-error results are one of the +constants \s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 It will also return \s-1AF_UNSPEC\s0 if the +\&\s-1BIO_ADDR\s0 has not been initialised. +.PP +\&\fBBIO_ADDR_rawaddress()\fR will write the raw address of the given +\&\fB\s-1BIO_ADDR\s0\fR in the area pointed at by \fBp\fR if \fBp\fR is non-NULL, +and will set \fB*l\fR to be the amount of bytes the raw address +takes up if \fBl\fR is non-NULL. +A technique to only find out the size of the address is a call +with \fBp\fR set to \fB\s-1NULL\s0\fR. The raw address will be in network byte +order, most significant byte first. +In case this is a \fB\s-1AF_UNIX\s0\fR \fB\s-1BIO_ADDR\s0\fR, \fBl\fR gets the length of the +path string (not including the terminating \s-1NUL,\s0 such as the result of +a call to \fBstrlen()\fR). +\&\fIRead on about the addresses in \*(L"\s-1RAW ADDRESSES\*(R"\s0 below\fR. +.PP +\&\fBBIO_ADDR_rawport()\fR returns the raw port of the given \fB\s-1BIO_ADDR\s0\fR. +The raw port will be in network byte order. +.PP +\&\fBBIO_ADDR_hostname_string()\fR returns a character string with the +hostname of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR is 1, the string +will contain the numerical form of the address. This only works for +\&\fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The +returned string has been allocated on the heap and must be freed +with \fBOPENSSL_free()\fR. +.PP +\&\fBBIO_ADDR_service_string()\fR returns a character string with the +service name of the port of the given \fB\s-1BIO_ADDR\s0\fR. If \fBnumeric\fR +is 1, the string will contain the port number. This only works +for \fB\s-1BIO_ADDR\s0\fR of the protocol families \s-1AF_INET\s0 and \s-1AF_INET6.\s0 The +returned string has been allocated on the heap and must be freed +with \fBOPENSSL_free()\fR. +.PP +\&\fBBIO_ADDR_path_string()\fR returns a character string with the path +of the given \fB\s-1BIO_ADDR\s0\fR. This only works for \fB\s-1BIO_ADDR\s0\fR of the +protocol family \s-1AF_UNIX.\s0 The returned string has been allocated +on the heap and must be freed with \fBOPENSSL_free()\fR. +.SH "RAW ADDRESSES" +.IX Header "RAW ADDRESSES" +Both \fBBIO_ADDR_rawmake()\fR and \fBBIO_ADDR_rawaddress()\fR take a pointer to a +network byte order address of a specific site. Internally, those are +treated as a pointer to \fBstruct in_addr\fR (for \fB\s-1AF_INET\s0\fR), \fBstruct +in6_addr\fR (for \fB\s-1AF_INET6\s0\fR) or \fBchar *\fR (for \fB\s-1AF_UNIX\s0\fR), all +depending on the protocol family the address is for. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The string producing functions \fBBIO_ADDR_hostname_string()\fR, +\&\fBBIO_ADDR_service_string()\fR and \fBBIO_ADDR_path_string()\fR will +return \fB\s-1NULL\s0\fR on error and leave an error indication on the +OpenSSL error stack. +.PP +All other functions described here return 0 or \fB\s-1NULL\s0\fR when the +information they should return isn't available. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_connect\fR\|(3), \fBBIO_s_connect\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 b/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 new file mode 100644 index 000000000000..c51453898071 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_ADDRINFO.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_ADDRINFO 3" +.TH BIO_ADDRINFO 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_lookup_type, BIO_ADDRINFO, BIO_ADDRINFO_next, BIO_ADDRINFO_free, BIO_ADDRINFO_family, BIO_ADDRINFO_socktype, BIO_ADDRINFO_protocol, BIO_ADDRINFO_address, BIO_lookup_ex, BIO_lookup \&\- BIO_ADDRINFO type and routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& typedef union bio_addrinfo_st BIO_ADDRINFO; +\& +\& enum BIO_lookup_type { +\& BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +\& }; +\& +\& int BIO_lookup_ex(const char *host, const char *service, int lookup_type, +\& int family, int socktype, int protocol, BIO_ADDRINFO **res); +\& int BIO_lookup(const char *node, const char *service, +\& enum BIO_lookup_type lookup_type, +\& int family, int socktype, BIO_ADDRINFO **res); +\& +\& const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +\& int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +\& const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +\& void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_ADDRINFO\s0\fR type is a wrapper for address information +types provided on your platform. +.PP +\&\fB\s-1BIO_ADDRINFO\s0\fR normally forms a chain of several that can be +picked at one by one. +.PP +\&\fBBIO_lookup_ex()\fR looks up a specified \fBhost\fR and \fBservice\fR, and +uses \fBlookup_type\fR to determine what the default address should +be if \fBhost\fR is \fB\s-1NULL\s0\fR. \fBfamily\fR, \fBsocktype\fR and \fBprotocol\fR are used to +determine what protocol family, socket type and protocol should be used for +the lookup. \fBfamily\fR can be any of \s-1AF_INET, AF_INET6, AF_UNIX\s0 and +\&\s-1AF_UNSPEC.\s0 \fBsocktype\fR can be \s-1SOCK_STREAM, SOCK_DGRAM\s0 or 0. Specifying 0 +indicates that any type can be used. \fBprotocol\fR specifies a protocol such as +\&\s-1IPPROTO_TCP, IPPROTO_UDP\s0 or \s-1IPPORTO_SCTP.\s0 If set to 0 than any protocol can be +used. \fBres\fR points at a pointer to hold the start of a \fB\s-1BIO_ADDRINFO\s0\fR +chain. +.PP +For the family \fB\s-1AF_UNIX\s0\fR, \fBBIO_lookup_ex()\fR will ignore the \fBservice\fR +parameter and expects the \fBnode\fR parameter to hold the path to the +socket file. +.PP +\&\fBBIO_lookup()\fR does the same as \fBBIO_lookup_ex()\fR but does not provide the ability +to select based on the protocol (any protocol may be returned). +.PP +\&\fBBIO_ADDRINFO_family()\fR returns the family of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1AF_INET, AF_INET6\s0 and \s-1AF_UNIX.\s0 +.PP +\&\fBBIO_ADDRINFO_socktype()\fR returns the socket type of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1SOCK_STREAM\s0 and \s-1SOCK_DGRAM.\s0 +.PP +\&\fBBIO_ADDRINFO_protocol()\fR returns the protocol id of the given +\&\fB\s-1BIO_ADDRINFO\s0\fR. The result will be one of the constants +\&\s-1IPPROTO_TCP\s0 and \s-1IPPROTO_UDP.\s0 +.PP +\&\fBBIO_ADDRINFO_address()\fR returns the underlying \fB\s-1BIO_ADDR\s0\fR +of the given \fB\s-1BIO_ADDRINFO\s0\fR. +.PP +\&\fBBIO_ADDRINFO_next()\fR returns the next \fB\s-1BIO_ADDRINFO\s0\fR in the chain +from the given one. +.PP +\&\fBBIO_ADDRINFO_free()\fR frees the chain of \fB\s-1BIO_ADDRINFO\s0\fR starting +with the given one. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_lookup_ex()\fR and \fBBIO_lookup()\fR return 1 on success and 0 when an error +occurred, and will leave an error indication on the OpenSSL error stack in that +case. +.PP +All other functions described here return 0 or \fB\s-1NULL\s0\fR when the +information they should return isn't available. +.SH "NOTES" +.IX Header "NOTES" +The \fBBIO_lookup_ex()\fR implementation uses the platform provided \fBgetaddrinfo()\fR +function. On Linux it is known that specifying 0 for the protocol will not +return any \s-1SCTP\s0 based addresses when calling \fBgetaddrinfo()\fR. Therefore if an \s-1SCTP\s0 +address is required then the \fBprotocol\fR parameter to \fBBIO_lookup_ex()\fR should be +explicitly set to \s-1IPPROTO_SCTP.\s0 The same may be true on other platforms. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_lookup_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_connect.3 b/secure/lib/libcrypto/man/man3/BIO_connect.3 new file mode 100644 index 000000000000..b1664b43884d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_connect.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_CONNECT 3" +.TH BIO_CONNECT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_socket, BIO_bind, BIO_connect, BIO_listen, BIO_accept_ex, BIO_closesocket \- BIO socket communication setup routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_socket(int domain, int socktype, int protocol, int options); +\& int BIO_bind(int sock, const BIO_ADDR *addr, int options); +\& int BIO_connect(int sock, const BIO_ADDR *addr, int options); +\& int BIO_listen(int sock, const BIO_ADDR *addr, int options); +\& int BIO_accept_ex(int accept_sock, BIO_ADDR *peer, int options); +\& int BIO_closesocket(int sock); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_socket()\fR creates a socket in the domain \fBdomain\fR, of type +\&\fBsocktype\fR and \fBprotocol\fR. Socket \fBoptions\fR are currently unused, +but is present for future use. +.PP +\&\fBBIO_bind()\fR binds the source address and service to a socket and +may be useful before calling \fBBIO_connect()\fR. The options may include +\&\fB\s-1BIO_SOCK_REUSEADDR\s0\fR, which is described in \*(L"\s-1FLAGS\*(R"\s0 below. +.PP +\&\fBBIO_connect()\fR connects \fBsock\fR to the address and service given by +\&\fBaddr\fR. Connection \fBoptions\fR may be zero or any combination of +\&\fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR and \fB\s-1BIO_SOCK_NODELAY\s0\fR. +The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. +.PP +\&\fBBIO_listen()\fR has \fBsock\fR start listening on the address and service +given by \fBaddr\fR. Connection \fBoptions\fR may be zero or any +combination of \fB\s-1BIO_SOCK_KEEPALIVE\s0\fR, \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, +\&\fB\s-1BIO_SOCK_NODELAY\s0\fR, \fB\s-1BIO_SOCK_REUSEADDR\s0\fR and \fB\s-1BIO_SOCK_V6_ONLY\s0\fR. +The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. +.PP +\&\fBBIO_accept_ex()\fR waits for an incoming connections on the given +socket \fBaccept_sock\fR. When it gets a connection, the address and +port of the peer gets stored in \fBpeer\fR if that one is non-NULL. +Accept \fBoptions\fR may be zero or \fB\s-1BIO_SOCK_NONBLOCK\s0\fR, and is applied +on the accepted socket. The flags are described in \*(L"\s-1FLAGS\*(R"\s0 below. +.PP +\&\fBBIO_closesocket()\fR closes \fBsock\fR. +.SH "FLAGS" +.IX Header "FLAGS" +.IP "\s-1BIO_SOCK_KEEPALIVE\s0" 4 +.IX Item "BIO_SOCK_KEEPALIVE" +Enables regular sending of keep-alive messages. +.IP "\s-1BIO_SOCK_NONBLOCK\s0" 4 +.IX Item "BIO_SOCK_NONBLOCK" +Sets the socket to non-blocking mode. +.IP "\s-1BIO_SOCK_NODELAY\s0" 4 +.IX Item "BIO_SOCK_NODELAY" +Corresponds to \fB\s-1TCP_NODELAY\s0\fR, and disables the Nagle algorithm. With +this set, any data will be sent as soon as possible instead of being +buffered until there's enough for the socket to send out in one go. +.IP "\s-1BIO_SOCK_REUSEADDR\s0" 4 +.IX Item "BIO_SOCK_REUSEADDR" +Try to reuse the address and port combination for a recently closed +port. +.IP "\s-1BIO_SOCK_V6_ONLY\s0" 4 +.IX Item "BIO_SOCK_V6_ONLY" +When creating an IPv6 socket, make it only listen for IPv6 addresses +and not IPv4 addresses mapped to IPv6. +.PP +These flags are bit flags, so they are to be combined with the +\&\f(CW\*(C`|\*(C'\fR operator, for example: +.PP +.Vb 1 +\& BIO_connect(sock, addr, BIO_SOCK_KEEPALIVE | BIO_SOCK_NONBLOCK); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_socket()\fR returns the socket number on success or \fB\s-1INVALID_SOCKET\s0\fR +(\-1) on error. When an error has occurred, the OpenSSL error stack +will hold the error data and errno has the system error. +.PP +\&\fBBIO_bind()\fR, \fBBIO_connect()\fR and \fBBIO_listen()\fR return 1 on success or 0 on error. +When an error has occurred, the OpenSSL error stack will hold the error +data and errno has the system error. +.PP +\&\fBBIO_accept_ex()\fR returns the accepted socket on success or +\&\fB\s-1INVALID_SOCKET\s0\fR (\-1) on error. When an error has occurred, the +OpenSSL error stack will hold the error data and errno has the system +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBBIO_ADDR\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_gethostname()\fR, \fBBIO_get_port()\fR, \fBBIO_get_host_ip()\fR, +\&\fBBIO_get_accept_socket()\fR and \fBBIO_accept()\fR were deprecated in OpenSSL 1.1.0. +Use the functions described above instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_ctrl.3 b/secure/lib/libcrypto/man/man3/BIO_ctrl.3 new file mode 100644 index 000000000000..287f73cefc4d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_ctrl.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_CTRL 3" +.TH BIO_CTRL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb \&\- BIO control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int BIO_info_cb(BIO *b, int state, int res); +\& +\& long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +\& long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb); +\& char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +\& long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +\& +\& int BIO_reset(BIO *b); +\& int BIO_seek(BIO *b, int ofs); +\& int BIO_tell(BIO *b); +\& int BIO_flush(BIO *b); +\& int BIO_eof(BIO *b); +\& int BIO_set_close(BIO *b, long flag); +\& int BIO_get_close(BIO *b); +\& int BIO_pending(BIO *b); +\& int BIO_wpending(BIO *b); +\& size_t BIO_ctrl_pending(BIO *b); +\& size_t BIO_ctrl_wpending(BIO *b); +\& +\& int BIO_get_info_callback(BIO *b, BIO_info_cb **cbp); +\& int BIO_set_info_callback(BIO *b, BIO_info_cb *cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_ctrl()\fR, \fBBIO_callback_ctrl()\fR, \fBBIO_ptr_ctrl()\fR and \fBBIO_int_ctrl()\fR +are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. +These functions are not normally called directly, various macros +are used instead. The standard macros are described below, macros +specific to a particular type of \s-1BIO\s0 are described in the specific +BIOs manual page as well as any special features of the standard +calls. +.PP +\&\fBBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case +of file related BIOs for example it rewinds the file pointer to the +start of the file. +.PP +\&\fBBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and +\&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. +.PP +\&\fBBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0 +.PP +\&\fBBIO_flush()\fR normally writes out any internally buffered data, in some +cases it is used to signal \s-1EOF\s0 and that no more data will be written. +.PP +\&\fBBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of +\&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type. +.PP +\&\fBBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can +take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used +in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should +be closed when the \s-1BIO\s0 is freed. +.PP +\&\fBBIO_get_close()\fR returns the BIOs close flag. +.PP +\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR +return the number of pending characters in the BIOs read and write buffers. +Not all BIOs support these calls. \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR +return a size_t type and are functions, \fBBIO_pending()\fR and \fBBIO_wpending()\fR are +macros which call \fBBIO_ctrl()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File +BIOs are an exception, they return 0 for success and \-1 for failure. +.PP +\&\fBBIO_seek()\fR and \fBBIO_tell()\fR both return the current file position on success +and \-1 for failure, except file BIOs which for \fBBIO_seek()\fR always return 0 +for success and \-1 for failure. +.PP +\&\fBBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. +.PP +\&\fBBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. +.PP +\&\fBBIO_set_close()\fR always returns 1. +.PP +\&\fBBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 +.PP +\&\fBBIO_pending()\fR, \fBBIO_ctrl_pending()\fR, \fBBIO_wpending()\fR and \fBBIO_ctrl_wpending()\fR +return the amount of pending data. +.SH "NOTES" +.IX Header "NOTES" +\&\fBBIO_flush()\fR, because it can write data may return 0 or \-1 indicating +that the call should be retried later in a similar manner to \fBBIO_write_ex()\fR. +The \fBBIO_should_retry()\fR call should be used and appropriate action taken +is the call fails. +.PP +The return values of \fBBIO_pending()\fR and \fBBIO_wpending()\fR may not reliably +determine the amount of pending data in all cases. For example in the +case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures +internal buffers but it is not possible to determine this in a +portably way. For other types of \s-1BIO\s0 they may not be supported. +.PP +Filter BIOs if they do not internally handle a particular \fBBIO_ctrl()\fR +operation usually pass the operation to the next \s-1BIO\s0 in the chain. +This often means there is no need to locate the required \s-1BIO\s0 for +a particular operation, it can be called on a chain and it will +be automatically passed to the relevant \s-1BIO.\s0 However this can cause +unexpected results: for example no current filter BIOs implement +\&\fBBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 +or file descriptor \s-1BIO.\s0 +.PP +Source/sink BIOs return an 0 if they do not recognize the \fBBIO_ctrl()\fR +operation. +.SH "BUGS" +.IX Header "BUGS" +Some of the return values are ambiguous and care should be taken. In +particular a return value of 0 can be returned if an operation is not +supported, if an error occurred, if \s-1EOF\s0 has not been reached and in +the case of \fBBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_base64.3 b/secure/lib/libcrypto/man/man3/BIO_f_base64.3 new file mode 100644 index 000000000000..bed5432e7681 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_f_base64.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_BASE64 3" +.TH BIO_F_BASE64 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_base64 \- base64 BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_base64(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that base64 encodes any data written through it and decodes +any data read through it. +.PP +Base64 BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. +.PP +\&\fBBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is +used to signal that no more data is to be encoded: this is used +to flush the final block through the \s-1BIO.\s0 +.PP +The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fBBIO_set_flags()\fR +to encode the data all on one line or expect the data to be all +on one line. +.SH "NOTES" +.IX Header "NOTES" +Because of the format of base64 encoding the end of the encoded +block cannot always be reliably determined. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Base64 encode the string \*(L"Hello World\en\*(R" and write the result +to standard output: +.PP +.Vb 2 +\& BIO *bio, *b64; +\& char message[] = "Hello World \en"; +\& +\& b64 = BIO_new(BIO_f_base64()); +\& bio = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_push(b64, bio); +\& BIO_write(b64, message, strlen(message)); +\& BIO_flush(b64); +\& +\& BIO_free_all(b64); +.Ve +.PP +Read Base64 encoded data from standard input and write the decoded +data to standard output: +.PP +.Vb 3 +\& BIO *bio, *b64, *bio_out; +\& char inbuf[512]; +\& int inlen; +\& +\& b64 = BIO_new(BIO_f_base64()); +\& bio = BIO_new_fp(stdin, BIO_NOCLOSE); +\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_push(b64, bio); +\& while ((inlen = BIO_read(b64, inbuf, 512)) > 0) +\& BIO_write(bio_out, inbuf, inlen); +\& +\& BIO_flush(bio_out); +\& BIO_free_all(b64); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The ambiguity of \s-1EOF\s0 in base64 encoded data can cause additional +data following the base64 encoded block to be misinterpreted. +.PP +There should be some way of specifying a test that the \s-1BIO\s0 can perform +to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 b/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 new file mode 100644 index 000000000000..cc79eb36244f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_f_buffer.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_BUFFER 3" +.TH BIO_F_BUFFER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_buffer_num_lines, BIO_set_read_buffer_size, BIO_set_write_buffer_size, BIO_set_buffer_size, BIO_set_buffer_read_data, BIO_f_buffer \&\- buffering BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_f_buffer(void); +\& +\& long BIO_get_buffer_num_lines(BIO *b); +\& long BIO_set_read_buffer_size(BIO *b, long size); +\& long BIO_set_write_buffer_size(BIO *b, long size); +\& long BIO_set_buffer_size(BIO *b, long size); +\& long BIO_set_buffer_read_data(BIO *b, void *buf, long num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +.PP +Data written to a buffering \s-1BIO\s0 is buffered and periodically written +to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from +an internal buffer which is filled from the next \s-1BIO\s0 in the chain. +Both \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported. +.PP +Calling \fBBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. +.PP +\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. +.PP +\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR +set the read, write or both read and write buffer sizes to \fBsize\fR. The initial +buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the +buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared +when the buffer is resized. +.PP +\&\fBBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR +bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer +is expanded. +.SH "NOTES" +.IX Header "NOTES" +These functions, other than \fBBIO_f_buffer()\fR, are implemented as macros. +.PP +Buffering BIOs implement \fBBIO_gets()\fR by using \fBBIO_read_ex()\fR operations on the +next \s-1BIO\s0 in the chain. By prepending a buffering \s-1BIO\s0 to a chain it is therefore +possible to provide \fBBIO_gets()\fR functionality if the following BIOs do not +support it (for example \s-1SSL\s0 BIOs). +.PP +Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills +or when \fBBIO_flush()\fR is called. It is therefore important to call \fBBIO_flush()\fR +whenever any pending data should be written such as when removing a buffering +\&\s-1BIO\s0 using \fBBIO_pop()\fR. \fBBIO_flush()\fR may need to be retried if the ultimate +source/sink \s-1BIO\s0 is non blocking. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +.PP +\&\fBBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). +.PP +\&\fBBIO_set_read_buffer_size()\fR, \fBBIO_set_write_buffer_size()\fR and \fBBIO_set_buffer_size()\fR +return 1 if the buffer was successfully resized or 0 for failure. +.PP +\&\fBBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if +there was an error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBbio\fR\|(7), +\&\fBBIO_reset\fR\|(3), +\&\fBBIO_flush\fR\|(3), +\&\fBBIO_pop\fR\|(3), +\&\fBBIO_ctrl\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 b/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 new file mode 100644 index 000000000000..f7831722b60e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_f_cipher.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_CIPHER 3" +.TH BIO_F_CIPHER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_cipher(void); +\& void BIO_set_cipher(BIO *b, const EVP_CIPHER *cipher, +\& unsigned char *key, unsigned char *iv, int enc); +\& int BIO_get_cipher_status(BIO *b) +\& int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data +read from it. It is a \s-1BIO\s0 wrapper for the cipher routines +\&\fBEVP_CipherInit()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal()\fR. +.PP +Cipher BIOs do not support \fBBIO_gets()\fR or \fBBIO_puts()\fR. +.PP +\&\fBBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is +used to signal that no more data is to be encrypted: this is used +to flush and possibly pad the final block through the \s-1BIO.\s0 +.PP +\&\fBBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR +and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for +decryption. +.PP +When reading from an encryption \s-1BIO\s0 the final block is automatically +decrypted and checked when \s-1EOF\s0 is detected. \fBBIO_get_cipher_status()\fR +is a \fBBIO_ctrl()\fR macro which can be called to determine whether the +decryption operation was successful. +.PP +\&\fBBIO_get_cipher_ctx()\fR is a \fBBIO_ctrl()\fR macro which retrieves the internal +\&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction +with the standard cipher routines to set it up. This is useful when +\&\fBBIO_set_cipher()\fR is not flexible enough for the applications needs. +.SH "NOTES" +.IX Header "NOTES" +When encrypting \fBBIO_flush()\fR \fBmust\fR be called to flush the final block +through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent +decrypt. +.PP +When decrypting an error on the final block is signaled by a zero +return value from the read operation. A successful decrypt followed +by \s-1EOF\s0 will also return zero for the final read. \fBBIO_get_cipher_status()\fR +should be called to determine if the decrypt was successful. +.PP +As always, if \fBBIO_gets()\fR or \fBBIO_puts()\fR support is needed then it can +be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. +.PP +\&\fBBIO_set_cipher()\fR does not return a value. +.PP +\&\fBBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 +for failure. +.PP +\&\fBBIO_get_cipher_ctx()\fR currently always returns 1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_md.3 b/secure/lib/libcrypto/man/man3/BIO_f_md.3 new file mode 100644 index 000000000000..0a8eeed7a5d3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_f_md.3 @@ -0,0 +1,295 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_MD 3" +.TH BIO_F_MD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest BIO filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_md(void); +\& int BIO_set_md(BIO *b, EVP_MD *md); +\& int BIO_get_md(BIO *b, EVP_MD **mdp); +\& int BIO_get_md_ctx(BIO *b, EVP_MD_CTX **mdcp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper +for the digest routines \fBEVP_DigestInit()\fR, \fBEVP_DigestUpdate()\fR +and \fBEVP_DigestFinal()\fR. +.PP +Any data written or read through a digest \s-1BIO\s0 using \fBBIO_read_ex()\fR and +\&\fBBIO_write_ex()\fR is digested. +.PP +\&\fBBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the +digest calculation and returns the digest value. \fBBIO_puts()\fR is +not supported. +.PP +\&\fBBIO_reset()\fR reinitialises a digest \s-1BIO.\s0 +.PP +\&\fBBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this +must be called to initialize a digest \s-1BIO\s0 before any data is +passed through it. It is a \fBBIO_ctrl()\fR macro. +.PP +\&\fBBIO_get_md()\fR places the a pointer to the digest BIOs digest method +in \fBmdp\fR, it is a \fBBIO_ctrl()\fR macro. +.PP +\&\fBBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. +.SH "NOTES" +.IX Header "NOTES" +The context returned by \fBBIO_get_md_ctx()\fR can be used in calls +to \fBEVP_DigestFinal()\fR and also the signature routines \fBEVP_SignFinal()\fR +and \fBEVP_VerifyFinal()\fR. +.PP +The context returned by \fBBIO_get_md_ctx()\fR is an internal context +structure. Changes made to this context will affect the digest +\&\s-1BIO\s0 itself and the context pointer will become invalid when the digest +\&\s-1BIO\s0 is freed. +.PP +After the digest has been retrieved from a digest \s-1BIO\s0 it must be +reinitialized by calling \fBBIO_reset()\fR, or \fBBIO_set_md()\fR before any more +data is passed through it. +.PP +If an application needs to call \fBBIO_gets()\fR or \fBBIO_puts()\fR through +a chain containing digest BIOs then this can be done by prepending +a buffering \s-1BIO.\s0 +.PP +Calling \fBBIO_get_md_ctx()\fR will return the context and initialize the \s-1BIO\s0 +state. This allows applications to initialize the context externally +if the standard calls such as \fBBIO_set_md()\fR are not sufficiently flexible. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_md()\fR returns the digest \s-1BIO\s0 method. +.PP +\&\fBBIO_set_md()\fR, \fBBIO_get_md()\fR and \fBBIO_md_ctx()\fR return 1 for success and +0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example creates a \s-1BIO\s0 chain containing an \s-1SHA1\s0 and \s-1MD5\s0 +digest \s-1BIO\s0 and passes the string \*(L"Hello World\*(R" through it. Error +checking has been omitted for clarity. +.PP +.Vb 2 +\& BIO *bio, *mdtmp; +\& char message[] = "Hello World"; +\& +\& bio = BIO_new(BIO_s_null()); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_sha1()); +\& /* +\& * For BIO_push() we want to append the sink BIO and keep a note of +\& * the start of the chain. +\& */ +\& bio = BIO_push(mdtmp, bio); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_md5()); +\& bio = BIO_push(mdtmp, bio); +\& /* Note: mdtmp can now be discarded */ +\& BIO_write(bio, message, strlen(message)); +.Ve +.PP +The next example digests data by reading through a chain instead: +.PP +.Vb 3 +\& BIO *bio, *mdtmp; +\& char buf[1024]; +\& int rdlen; +\& +\& bio = BIO_new_file(file, "rb"); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_sha1()); +\& bio = BIO_push(mdtmp, bio); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_md5()); +\& bio = BIO_push(mdtmp, bio); +\& do { +\& rdlen = BIO_read(bio, buf, sizeof(buf)); +\& /* Might want to do something with the data here */ +\& } while (rdlen > 0); +.Ve +.PP +This next example retrieves the message digests from a \s-1BIO\s0 chain and +outputs them. This could be used with the examples above. +.PP +.Vb 4 +\& BIO *mdtmp; +\& unsigned char mdbuf[EVP_MAX_MD_SIZE]; +\& int mdlen; +\& int i; +\& +\& mdtmp = bio; /* Assume bio has previously been set up */ +\& do { +\& EVP_MD *md; +\& +\& mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD); +\& if (!mdtmp) +\& break; +\& BIO_get_md(mdtmp, &md); +\& printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); +\& mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); +\& for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]); +\& printf("\en"); +\& mdtmp = BIO_next(mdtmp); +\& } while (mdtmp); +\& +\& BIO_free_all(bio); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The lack of support for \fBBIO_puts()\fR and the non standard behaviour of +\&\fBBIO_gets()\fR could be regarded as anomalous. It could be argued that \fBBIO_gets()\fR +and \fBBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest +the data passed through and that digests should be retrieved using a +separate \fBBIO_ctrl()\fR call. +.SH "HISTORY" +.IX Header "HISTORY" +Before OpenSSL 1.0.0., the call to \fBBIO_get_md_ctx()\fR would only work if the +\&\s-1BIO\s0 was initialized first. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_null.3 b/secure/lib/libcrypto/man/man3/BIO_f_null.3 new file mode 100644 index 000000000000..d6d168dad204 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_f_null.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_NULL 3" +.TH BIO_F_NULL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_f_null \- null filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_f_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 +that does nothing. +.PP +All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in +the chain: this means that a \s-1BIO\s0 chain containing a null filter \s-1BIO\s0 +behaves just as though the \s-1BIO\s0 was not there. +.SH "NOTES" +.IX Header "NOTES" +As may be apparent a null filter \s-1BIO\s0 is not particularly useful. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 b/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 new file mode 100644 index 000000000000..e131f3a1dd1f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_f_ssl.3 @@ -0,0 +1,435 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_F_SSL 3" +.TH BIO_F_SSL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_do_handshake, BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, BIO_ssl_shutdown \- SSL BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& const BIO_METHOD *BIO_f_ssl(void); +\& +\& long BIO_set_ssl(BIO *b, SSL *ssl, long c); +\& long BIO_get_ssl(BIO *b, SSL **sslp); +\& long BIO_set_ssl_mode(BIO *b, long client); +\& long BIO_set_ssl_renegotiate_bytes(BIO *b, long num); +\& long BIO_set_ssl_renegotiate_timeout(BIO *b, long seconds); +\& long BIO_get_num_renegotiates(BIO *b); +\& +\& BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +\& BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +\& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +\& int BIO_ssl_copy_session_id(BIO *to, BIO *from); +\& void BIO_ssl_shutdown(BIO *bio); +\& +\& long BIO_do_handshake(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which +is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to +\&\s-1SSL I/O.\s0 +.PP +I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol with +the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established +then an attempt is made to establish one on the first I/O call. +.PP +If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fBBIO_push()\fR it is automatically +used as the \s-1SSL\s0 BIOs read and write BIOs. +.PP +Calling \fBBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection +by calling \fBSSL_shutdown()\fR. \fBBIO_reset()\fR is then sent to the next \s-1BIO\s0 in +the chain: this will typically disconnect the underlying transport. +The \s-1SSL BIO\s0 is then reset to the initial accept or connect state. +.PP +If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal +\&\s-1SSL\s0 structure is also freed using \fBSSL_free()\fR. +.PP +\&\fBBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using +the close flag \fBc\fR. +.PP +\&\fBBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be +manipulated using the standard \s-1SSL\s0 library functions. +.PP +\&\fBBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR +is 1 client mode is set. If \fBclient\fR is 0 server mode is set. +.PP +\&\fBBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count +to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) +the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at +least 512 bytes. +.PP +\&\fBBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to +\&\fBseconds\fR. When the renegotiate timeout elapses the session is +automatically renegotiated. +.PP +\&\fBBIO_get_num_renegotiates()\fR returns the total number of session +renegotiations due to I/O or timeout. +.PP +\&\fBBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using +client mode if \fBclient\fR is non zero. +.PP +\&\fBBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an +\&\s-1SSL BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO.\s0 +.PP +\&\fBBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting +of a buffering \s-1BIO,\s0 an \s-1SSL BIO\s0 (using \fBctx\fR) and a connect +\&\s-1BIO.\s0 +.PP +\&\fBBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between +\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the +\&\s-1SSL\s0 BIOs in each chain and calling \fBSSL_copy_session_id()\fR on +the internal \s-1SSL\s0 pointer. +.PP +\&\fBBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 +chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the +chain and calling \fBSSL_shutdown()\fR on its internal \s-1SSL\s0 +pointer. +.PP +\&\fBBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the +supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs +to determine if the call should be retried. If an \s-1SSL\s0 connection has +already been established this call has no effect. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport +is non blocking they can still request a retry in exceptional +circumstances. Specifically this will happen if a session +renegotiation takes place during a \fBBIO_read_ex()\fR operation, one +case where this happens is when step up occurs. +.PP +The \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be +set to disable this behaviour. That is when this flag is set +an \s-1SSL BIO\s0 using a blocking transport will never request a +retry. +.PP +Since unknown \fBBIO_ctrl()\fR operations are sent through filter +BIOs the servers name and port can be set using \fBBIO_set_host()\fR +on the \s-1BIO\s0 returned by \fBBIO_new_ssl_connect()\fR without having +to locate the connect \s-1BIO\s0 first. +.PP +Applications do not have to call \fBBIO_do_handshake()\fR but may wish +to do so to separate the handshake process from other I/O +processing. +.PP +\&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, +\&\fBBIO_set_ssl_renegotiate_bytes()\fR, \fBBIO_set_ssl_renegotiate_timeout()\fR, +\&\fBBIO_get_num_renegotiates()\fR, and \fBBIO_do_handshake()\fR are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_f_ssl()\fR returns the \s-1SSL\s0 \fB\s-1BIO_METHOD\s0\fR structure. +.PP +\&\fBBIO_set_ssl()\fR, \fBBIO_get_ssl()\fR, \fBBIO_set_ssl_mode()\fR, \fBBIO_set_ssl_renegotiate_bytes()\fR, +\&\fBBIO_set_ssl_renegotiate_timeout()\fR and \fBBIO_get_num_renegotiates()\fR return 1 on +success or a value which is less than or equal to 0 if an error occurred. +.PP +\&\fBBIO_new_ssl()\fR, \fBBIO_new_ssl_connect()\fR and \fBBIO_new_buffer_ssl_connect()\fR return +a valid \fB\s-1BIO\s0\fR structure on success or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBBIO_ssl_copy_session_id()\fR returns 1 on success or 0 on error. +.PP +\&\fBBIO_do_handshake()\fR returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection could not be established. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This \s-1SSL/TLS\s0 client example attempts to retrieve a page from an +\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the +unencrypted example in \fBBIO_s_connect\fR\|(3). +.PP +.Vb 5 +\& BIO *sbio, *out; +\& int len; +\& char tmpbuf[1024]; +\& SSL_CTX *ctx; +\& SSL *ssl; +\& +\& /* XXX Seed the PRNG if needed. */ +\& +\& ctx = SSL_CTX_new(TLS_client_method()); +\& +\& /* XXX Set verify paths and mode here. */ +\& +\& sbio = BIO_new_ssl_connect(ctx); +\& BIO_get_ssl(sbio, &ssl); +\& if (ssl == NULL) { +\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* Don\*(Aqt want any retries */ +\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); +\& +\& /* XXX We might want to do other things with ssl here */ +\& +\& /* An empty host part means the loopback address */ +\& BIO_set_conn_hostname(sbio, ":https"); +\& +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& if (BIO_do_connect(sbio) <= 0) { +\& fprintf(stderr, "Error connecting to server\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& if (BIO_do_handshake(sbio) <= 0) { +\& fprintf(stderr, "Error establishing SSL connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* XXX Could examine ssl here to get connection info */ +\& +\& BIO_puts(sbio, "GET / HTTP/1.0\en\en"); +\& for (;;) { +\& len = BIO_read(sbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(out, tmpbuf, len); +\& } +\& BIO_free_all(sbio); +\& BIO_free(out); +.Ve +.PP +Here is a simple server example. It makes use of a buffering +\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL BIO\s0 using BIO_gets. +It creates a pseudo web page containing the actual request from +a client and also echoes the request to standard output. +.PP +.Vb 5 +\& BIO *sbio, *bbio, *acpt, *out; +\& int len; +\& char tmpbuf[1024]; +\& SSL_CTX *ctx; +\& SSL *ssl; +\& +\& /* XXX Seed the PRNG if needed. */ +\& +\& ctx = SSL_CTX_new(TLS_server_method()); +\& if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM) +\& || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM) +\& || !SSL_CTX_check_private_key(ctx)) { +\& fprintf(stderr, "Error setting up SSL_CTX\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* XXX Other things like set verify locations, EDH temp callbacks. */ +\& +\& /* New SSL BIO setup as server */ +\& sbio = BIO_new_ssl(ctx, 0); +\& BIO_get_ssl(sbio, &ssl); +\& if (ssl == NULL) { +\& fprintf(stderr, "Can\*(Aqt locate SSL pointer\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); +\& bbio = BIO_new(BIO_f_buffer()); +\& sbio = BIO_push(bbio, sbio); +\& acpt = BIO_new_accept("4433"); +\& +\& /* +\& * By doing this when a new connection is established +\& * we automatically have sbio inserted into it. The +\& * BIO chain is now \*(Aqswallowed\*(Aq by the accept BIO and +\& * will be freed when the accept BIO is freed. +\& */ +\& BIO_set_accept_bios(acpt, sbio); +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& +\& /* Setup accept BIO */ +\& if (BIO_do_accept(acpt) <= 0) { +\& fprintf(stderr, "Error setting up accept BIO\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* We only want one connection so remove and free accept BIO */ +\& sbio = BIO_pop(acpt); +\& BIO_free_all(acpt); +\& +\& if (BIO_do_handshake(sbio) <= 0) { +\& fprintf(stderr, "Error in SSL handshake\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent\-type: text/plain\er\en\er\en"); +\& BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en"); +\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); +\& +\& for (;;) { +\& len = BIO_gets(sbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(sbio, tmpbuf, len); +\& BIO_write(out, tmpbuf, len); +\& /* Look for blank line signifying end of headers*/ +\& if (tmpbuf[0] == \*(Aq\er\*(Aq || tmpbuf[0] == \*(Aq\en\*(Aq) +\& break; +\& } +\& +\& BIO_puts(sbio, "\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\er\en"); +\& BIO_puts(sbio, "\er\en"); +\& BIO_flush(sbio); +\& BIO_free_all(sbio); +.Ve +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL before 1.0.0 the \fBBIO_pop()\fR call was handled incorrectly, +the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of +decremented) and dissociated with the \s-1SSL BIO\s0 even if the \s-1SSL BIO\s0 was not +explicitly being popped (e.g. a pop higher up the chain). Applications which +included workarounds for this bug (e.g. freeing BIOs more than once) should +be modified to handle this fix or they may free up an already freed \s-1BIO.\s0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_find_type.3 b/secure/lib/libcrypto/man/man3/BIO_find_type.3 new file mode 100644 index 000000000000..534534d17c2e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_find_type.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_FIND_TYPE 3" +.TH BIO_FIND_TYPE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_find_type(BIO *b, int bio_type); +\& BIO *BIO_next(BIO *b); +\& int BIO_method_type(const BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting +at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \fB\s-1BIO_TYPE_MEM\s0\fR) then a search +is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as +\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is +searched for. \fBBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is +found. +.PP +The following general types are defined: +\&\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR, \fB\s-1BIO_TYPE_FILTER\s0\fR, and \fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR. +.PP +For a list of the specific types, see the \fBopenssl/bio.h\fR header file. +.PP +\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs +in a chain or used in conjunction with \fBBIO_find_type()\fR to find all BIOs of a +certain type. +.PP +\&\fBBIO_method_type()\fR returns the type of a \s-1BIO.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. +.PP +\&\fBBIO_next()\fR returns the next \s-1BIO\s0 in a chain. +.PP +\&\fBBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Traverse a chain looking for digest BIOs: +.PP +.Vb 1 +\& BIO *btmp; +\& +\& btmp = in_bio; /* in_bio is chain to search through */ +\& do { +\& btmp = BIO_find_type(btmp, BIO_TYPE_MD); +\& if (btmp == NULL) +\& break; /* Not found */ +\& /* btmp is a digest BIO, do something with it ...*/ +\& ... +\& +\& btmp = BIO_next(btmp); +\& } while (btmp); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_get_data.3 b/secure/lib/libcrypto/man/man3/BIO_get_data.3 new file mode 100644 index 000000000000..bc46e7b22155 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_get_data.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_GET_DATA 3" +.TH BIO_GET_DATA 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_data, BIO_get_data, BIO_set_init, BIO_get_init, BIO_set_shutdown, BIO_get_shutdown \- functions for managing BIO state information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BIO_set_data(BIO *a, void *ptr); +\& void *BIO_get_data(BIO *a); +\& void BIO_set_init(BIO *a, int init); +\& int BIO_get_init(BIO *a); +\& void BIO_set_shutdown(BIO *a, int shut); +\& int BIO_get_shutdown(BIO *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are mainly useful when implementing a custom \s-1BIO.\s0 +.PP +The \fBBIO_set_data()\fR function associates the custom data pointed to by \fBptr\fR with +the \s-1BIO.\s0 This data can subsequently be retrieved via a call to \fBBIO_get_data()\fR. +This can be used by custom BIOs for storing implementation specific information. +.PP +The \fBBIO_set_init()\fR function sets the value of the \s-1BIO\s0's \*(L"init\*(R" flag to indicate +whether initialisation has been completed for this \s-1BIO\s0 or not. A non-zero value +indicates that initialisation is complete, whilst zero indicates that it is not. +Often initialisation will complete during initial construction of the \s-1BIO.\s0 For +some BIOs however, initialisation may not complete until after additional steps +have occurred (for example through calling custom ctrls). The \fBBIO_get_init()\fR +function returns the value of the \*(L"init\*(R" flag. +.PP +The \fBBIO_set_shutdown()\fR and \fBBIO_get_shutdown()\fR functions set and get the state of +this \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. If set then the underlying resource +is also closed when the \s-1BIO\s0 is freed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_get_data()\fR returns a pointer to the implementation specific custom data +associated with this \s-1BIO,\s0 or \s-1NULL\s0 if none has been set. +.PP +\&\fBBIO_get_init()\fR returns the state of the \s-1BIO\s0's init flag. +.PP +\&\fBBIO_get_shutdown()\fR returns the stat of the \s-1BIO\s0's shutdown (i.e. \s-1BIO_CLOSE\s0) flag. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio, BIO_meth_new +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 b/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 new file mode 100644 index 000000000000..2b0092d60bfd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_get_ex_new_index.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_GET_EX_NEW_INDEX 3" +.TH BIO_GET_EX_NEW_INDEX 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_ex_new_index, BIO_set_ex_data, BIO_get_ex_data, ENGINE_get_ex_new_index, ENGINE_set_ex_data, ENGINE_get_ex_data, UI_get_ex_new_index, UI_set_ex_data, UI_get_ex_data, X509_get_ex_new_index, X509_set_ex_data, X509_get_ex_data, X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_data, X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data, X509_STORE_CTX_get_ex_data, DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data, DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data, ECDH_get_ex_new_index, ECDH_set_ex_data, ECDH_get_ex_data, EC_KEY_get_ex_new_index, EC_KEY_set_ex_data, EC_KEY_get_ex_data, RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \&\- application\-specific data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int TYPE_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +\& +\& int TYPE_set_ex_data(TYPE *d, int idx, void *arg); +\& +\& void *TYPE_get_ex_data(TYPE *d, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +for any of the OpenSSL datatypes listed in +\&\fBCRYPTO_get_ex_new_index\fR\|(3). +.PP +These functions handle application-specific data for OpenSSL data +structures. +.PP +\&\fBTYPE_get_new_ex_index()\fR is a macro that calls \fBCRYPTO_get_ex_new_index()\fR +with the correct \fBindex\fR value. +.PP +\&\fBTYPE_set_ex_data()\fR is a function that calls \fBCRYPTO_set_ex_data()\fR with +an offset into the opaque exdata part of the \s-1TYPE\s0 object. +.PP +\&\fBTYPE_get_ex_data()\fR is a function that calls \fBCRYPTO_get_ex_data()\fR with +an offset into the opaque exdata part of the \s-1TYPE\s0 object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBTYPE_get_new_ex_index()\fR returns a new index on success or \-1 on error. +.PP +\&\fBTYPE_set_ex_data()\fR returns 1 on success or 0 on error. +.PP +\&\fBTYPE_get_ex_data()\fR returns the application data or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBCRYPTO_get_ex_new_index\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_meth_new.3 b/secure/lib/libcrypto/man/man3/BIO_meth_new.3 new file mode 100644 index 000000000000..306a62eb8eb0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_meth_new.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_METH_NEW 3" +.TH BIO_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_get_new_index, BIO_meth_new, BIO_meth_free, BIO_meth_get_read_ex, BIO_meth_set_read_ex, BIO_meth_get_write_ex, BIO_meth_set_write_ex, BIO_meth_get_write, BIO_meth_set_write, BIO_meth_get_read, BIO_meth_set_read, BIO_meth_get_puts, BIO_meth_set_puts, BIO_meth_get_gets, BIO_meth_set_gets, BIO_meth_get_ctrl, BIO_meth_set_ctrl, BIO_meth_get_create, BIO_meth_set_create, BIO_meth_get_destroy, BIO_meth_set_destroy, BIO_meth_get_callback_ctrl, BIO_meth_set_callback_ctrl \- Routines to build up BIO methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_get_new_index(void); +\& +\& BIO_METHOD *BIO_meth_new(int type, const char *name); +\& +\& void BIO_meth_free(BIO_METHOD *biom); +\& +\& int (*BIO_meth_get_write_ex(const BIO_METHOD *biom))(BIO *, const char *, size_t, +\& size_t *); +\& int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int); +\& int BIO_meth_set_write_ex(BIO_METHOD *biom, +\& int (*bwrite)(BIO *, const char *, size_t, size_t *)); +\& int BIO_meth_set_write(BIO_METHOD *biom, +\& int (*write)(BIO *, const char *, int)); +\& +\& int (*BIO_meth_get_read_ex(const BIO_METHOD *biom))(BIO *, char *, size_t, size_t *); +\& int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int); +\& int BIO_meth_set_read_ex(BIO_METHOD *biom, +\& int (*bread)(BIO *, char *, size_t, size_t *)); +\& int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int)); +\& +\& int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *); +\& int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *)); +\& +\& int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int); +\& int BIO_meth_set_gets(BIO_METHOD *biom, +\& int (*gets)(BIO *, char *, int)); +\& +\& long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *); +\& int BIO_meth_set_ctrl(BIO_METHOD *biom, +\& long (*ctrl)(BIO *, int, long, void *)); +\& +\& int (*BIO_meth_get_create(const BIO_METHOD *bion))(BIO *); +\& int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)); +\& +\& int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *); +\& int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)); +\& +\& long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *); +\& int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, +\& long (*callback_ctrl)(BIO *, int, BIO_info_cb *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1BIO_METHOD\s0\fR type is a structure used for the implementation of new \s-1BIO\s0 +types. It provides a set of functions used by OpenSSL for the implementation +of the various \s-1BIO\s0 capabilities. See the bio page for more information. +.PP +\&\fBBIO_meth_new()\fR creates a new \fB\s-1BIO_METHOD\s0\fR structure. It should be given a +unique integer \fBtype\fR and a string that represents its \fBname\fR. +Use \fBBIO_get_new_index()\fR to get the value for \fBtype\fR. +.PP +The set of +standard OpenSSL provided \s-1BIO\s0 types is provided in \fBbio.h\fR. Some examples +include \fB\s-1BIO_TYPE_BUFFER\s0\fR and \fB\s-1BIO_TYPE_CIPHER\s0\fR. Filter BIOs should have a +type which have the \*(L"filter\*(R" bit set (\fB\s-1BIO_TYPE_FILTER\s0\fR). Source/sink BIOs +should have the \*(L"source/sink\*(R" bit set (\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR). File descriptor +based BIOs (e.g. socket, fd, connect, accept etc) should additionally have the +\&\*(L"descriptor\*(R" bit set (\fB\s-1BIO_TYPE_DESCRIPTOR\s0\fR). See the BIO_find_type page for +more information. +.PP +\&\fBBIO_meth_free()\fR destroys a \fB\s-1BIO_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fBBIO_meth_get_write_ex()\fR and \fBBIO_meth_set_write_ex()\fR get and set the function +used for writing arbitrary length data to the \s-1BIO\s0 respectively. This function +will be called in response to the application calling \fBBIO_write_ex()\fR or +\&\fBBIO_write()\fR. The parameters for the function have the same meaning as for +\&\fBBIO_write_ex()\fR. Older code may call \fBBIO_meth_get_write()\fR and +\&\fBBIO_meth_set_write()\fR instead. Applications should not call both +\&\fBBIO_meth_set_write_ex()\fR and \fBBIO_meth_set_write()\fR or call \fBBIO_meth_get_write()\fR +when the function was set with \fBBIO_meth_set_write_ex()\fR. +.PP +\&\fBBIO_meth_get_read_ex()\fR and \fBBIO_meth_set_read_ex()\fR get and set the function used +for reading arbitrary length data from the \s-1BIO\s0 respectively. This function will +be called in response to the application calling \fBBIO_read_ex()\fR or \fBBIO_read()\fR. +The parameters for the function have the same meaning as for \fBBIO_read_ex()\fR. +Older code may call \fBBIO_meth_get_read()\fR and \fBBIO_meth_set_read()\fR instead. +Applications should not call both \fBBIO_meth_set_read_ex()\fR and \fBBIO_meth_set_read()\fR +or call \fBBIO_meth_get_read()\fR when the function was set with +\&\fBBIO_meth_set_read_ex()\fR. +.PP +\&\fBBIO_meth_get_puts()\fR and \fBBIO_meth_set_puts()\fR get and set the function used for +writing a \s-1NULL\s0 terminated string to the \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fBBIO_puts()\fR. The parameters for +the function have the same meaning as for \fBBIO_puts()\fR. +.PP +\&\fBBIO_meth_get_gets()\fR and \fBBIO_meth_set_gets()\fR get and set the function typically +used for reading a line of data from the \s-1BIO\s0 respectively (see the \fBBIO_gets\fR\|(3) +page for more information). This function will be called in response to the +application calling \fBBIO_gets()\fR. The parameters for the function have the same +meaning as for \fBBIO_gets()\fR. +.PP +\&\fBBIO_meth_get_ctrl()\fR and \fBBIO_meth_set_ctrl()\fR get and set the function used for +processing ctrl messages in the \s-1BIO\s0 respectively. See the BIO_ctrl page for +more information. This function will be called in response to the application +calling \fBBIO_ctrl()\fR. The parameters for the function have the same meaning as for +\&\fBBIO_ctrl()\fR. +.PP +\&\fBBIO_meth_get_create()\fR and \fBBIO_meth_set_create()\fR get and set the function used +for creating a new instance of the \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fBBIO_new()\fR and passing +in a pointer to the current \s-1BIO_METHOD.\s0 The \fBBIO_new()\fR function will allocate the +memory for the new \s-1BIO,\s0 and a pointer to this newly allocated structure will +be passed as a parameter to the function. +.PP +\&\fBBIO_meth_get_destroy()\fR and \fBBIO_meth_set_destroy()\fR get and set the function used +for destroying an instance of a \s-1BIO\s0 respectively. This function will be +called in response to the application calling \fBBIO_free()\fR. A pointer to the \s-1BIO\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1BIO\s0 specific clean up. The memory for the \s-1BIO\s0 itself should not be freed by +this function. +.PP +\&\fBBIO_meth_get_callback_ctrl()\fR and \fBBIO_meth_set_callback_ctrl()\fR get and set the +function used for processing callback ctrl messages in the \s-1BIO\s0 respectively. See +the \fBBIO_callback_ctrl\fR\|(3) page for more information. This function will be called +in response to the application calling \fBBIO_callback_ctrl()\fR. The parameters for +the function have the same meaning as for \fBBIO_callback_ctrl()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_get_new_index()\fR returns the new \s-1BIO\s0 type value or \-1 if an error occurred. +.PP +BIO_meth_new(int type, const char *name) returns a valid \fB\s-1BIO_METHOD\s0\fR or \s-1NULL\s0 +if an error occurred. +.PP +The \fBBIO_meth_set\fR functions return 1 on success or 0 on error. +.PP +The \fBBIO_meth_get\fR functions return the corresponding function pointers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio, BIO_find_type, BIO_ctrl, BIO_read_ex, BIO_new +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_new.3 b/secure/lib/libcrypto/man/man3/BIO_new.3 new file mode 100644 index 000000000000..6cb997f31e10 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_new.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_NEW 3" +.TH BIO_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_new, BIO_up_ref, BIO_free, BIO_vfree, BIO_free_all \&\- BIO allocation and freeing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO * BIO_new(const BIO_METHOD *type); +\& int BIO_up_ref(BIO *a); +\& int BIO_free(BIO *a); +\& void BIO_vfree(BIO *a); +\& void BIO_free_all(BIO *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. +.PP +\&\fBBIO_up_ref()\fR increments the reference count associated with the \s-1BIO\s0 object. +.PP +\&\fBBIO_free()\fR frees up a single \s-1BIO,\s0 \fBBIO_vfree()\fR also frees up a single \s-1BIO\s0 +but it does not return a value. +If \fBa\fR is \s-1NULL\s0 nothing is done. +Calling \fBBIO_free()\fR may also have some effect +on the underlying I/O structure, for example it may close the file being +referred to under certain circumstances. For more details see the individual +\&\s-1BIO_METHOD\s0 descriptions. +.PP +\&\fBBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error +occurs freeing up an individual \s-1BIO\s0 in the chain. +If \fBa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. +.PP +\&\fBBIO_up_ref()\fR and \fBBIO_free()\fR return 1 for success and 0 for failure. +.PP +\&\fBBIO_free_all()\fR and \fBBIO_vfree()\fR do not return values. +.SH "NOTES" +.IX Header "NOTES" +If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +in a memory leak. +.PP +Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling \fBBIO_free()\fR +on it other than the discarded return value. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_set()\fR was removed in OpenSSL 1.1.0 as \s-1BIO\s0 type is now opaque. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO:\s0 +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 b/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 new file mode 100644 index 000000000000..e59a0a3b7581 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_new_CMS.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_NEW_CMS 3" +.TH BIO_NEW_CMS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_new_CMS \- CMS streaming filter BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_new_CMS()\fR returns a streaming filter \s-1BIO\s0 chain based on \fBcms\fR. The output +of the filter is written to \fBout\fR. Any data written to the chain is +automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type. +.SH "NOTES" +.IX Header "NOTES" +The chain returned by this function behaves like a standard filter \s-1BIO.\s0 It +supports non blocking I/O. Content is processed and streamed on the fly and not +all held in memory at once: so it is possible to encode very large structures. +After all content has been written through the chain \fBBIO_flush()\fR must be called +to finalise the structure. +.PP +The \fB\s-1CMS_STREAM\s0\fR flag must be included in the corresponding \fBflags\fR +parameter of the \fBcms\fR creation function. +.PP +If an application wishes to write additional data to \fBout\fR BIOs should be +removed from the chain using \fBBIO_pop()\fR and freed with \fBBIO_free()\fR until \fBout\fR +is reached. If no additional data needs to be written \fBBIO_free_all()\fR can be +called to free up the whole chain. +.PP +Any content written through the filter is used verbatim: no canonical +translation is performed. +.PP +It is possible to chain multiple BIOs to, for example, create a triple wrapped +signed, enveloped, signed structure. In this case it is the applications +responsibility to set the inner content type of any outer CMS_ContentInfo +structures. +.PP +Large numbers of small writes through the chain should be avoided as this will +produce an output consisting of lots of \s-1OCTET STRING\s0 structures. Prepending +a \fBBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this. +.SH "BUGS" +.IX Header "BUGS" +There is currently no corresponding inverse \s-1BIO:\s0 i.e. one which can decode +a \s-1CMS\s0 structure on the fly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_new_CMS()\fR returns a \s-1BIO\s0 chain when successful or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_new_CMS()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 b/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 new file mode 100644 index 000000000000..747fbc19cc6c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_parse_hostserv.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PARSE_HOSTSERV 3" +.TH BIO_PARSE_HOSTSERV 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_hostserv_priorities, BIO_parse_hostserv \&\- utility routines to parse a standard host and service string +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& enum BIO_hostserv_priorities { +\& BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +\& }; +\& int BIO_parse_hostserv(const char *hostserv, char **host, char **service, +\& enum BIO_hostserv_priorities hostserv_prio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_parse_hostserv()\fR will parse the information given in \fBhostserv\fR, +create strings with the host name and service name and give those +back via \fBhost\fR and \fBservice\fR. Those will need to be freed after +they are used. \fBhostserv_prio\fR helps determine if \fBhostserv\fR shall +be interpreted primarily as a host name or a service name in ambiguous +cases. +.PP +The syntax the \fBBIO_parse_hostserv()\fR recognises is: +.PP +.Vb 7 +\& host + \*(Aq:\*(Aq + service +\& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq +\& host + \*(Aq:\*(Aq +\& \*(Aq:\*(Aq + service +\& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service +\& host +\& service +.Ve +.PP +The host part can be a name or an \s-1IP\s0 address. If it's a IPv6 +address, it \s-1MUST\s0 be enclosed in brackets, such as '[::1]'. +.PP +The service part can be a service name or its port number. +.PP +The returned values will depend on the given \fBhostserv\fR string +and \fBhostserv_prio\fR, as follows: +.PP +.Vb 5 +\& host + \*(Aq:\*(Aq + service => *host = "host", *service = "service" +\& host + \*(Aq:\*(Aq + \*(Aq*\*(Aq => *host = "host", *service = NULL +\& host + \*(Aq:\*(Aq => *host = "host", *service = NULL +\& \*(Aq:\*(Aq + service => *host = NULL, *service = "service" +\& \*(Aq*\*(Aq + \*(Aq:\*(Aq + service => *host = NULL, *service = "service" +\& +\& in case no \*(Aq:\*(Aq is present in the string, the result depends on +\& hostserv_prio, as follows: +\& +\& when hostserv_prio == BIO_PARSE_PRIO_HOST +\& host => *host = "host", *service untouched +\& +\& when hostserv_prio == BIO_PARSE_PRIO_SERV +\& service => *host untouched, *service = "service" +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_parse_hostserv()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBBIO_ADDRINFO\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_printf.3 b/secure/lib/libcrypto/man/man3/BIO_printf.3 new file mode 100644 index 000000000000..d68262148fff --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_printf.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PRINTF 3" +.TH BIO_PRINTF 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_printf, BIO_vprintf, BIO_snprintf, BIO_vsnprintf \&\- formatted output to a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_printf(BIO *bio, const char *format, ...) +\& int BIO_vprintf(BIO *bio, const char *format, va_list args) +\& +\& int BIO_snprintf(char *buf, size_t n, const char *format, ...) +\& int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_printf()\fR is similar to the standard C \fBprintf()\fR function, except that +the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard +output. All common format specifiers are supported. +.PP +\&\fBBIO_vprintf()\fR is similar to the \fBvprintf()\fR function found on many platforms, +the output is sent to the specified \s-1BIO,\s0 \fBbio\fR, rather than standard +output. All common format specifiers are supported. The argument +list \fBargs\fR is a stdarg argument list. +.PP +\&\fBBIO_snprintf()\fR is for platforms that do not have the common \fBsnprintf()\fR +function. It is like \fBsprintf()\fR except that the size parameter, \fBn\fR, +specifies the size of the output buffer. +.PP +\&\fBBIO_vsnprintf()\fR is to \fBBIO_snprintf()\fR as \fBBIO_vprintf()\fR is to \fBBIO_printf()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions return the number of bytes written, or \-1 on error. +For \fBBIO_snprintf()\fR and \fBBIO_vsnprintf()\fR this includes when the output +buffer is too small. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_push.3 b/secure/lib/libcrypto/man/man3/BIO_push.3 new file mode 100644 index 000000000000..56cf8c42036b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_push.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_PUSH 3" +.TH BIO_PUSH 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_push, BIO_pop, BIO_set_next \- add and remove BIOs from a chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *BIO_push(BIO *b, BIO *append); +\& BIO *BIO_pop(BIO *b); +\& void BIO_set_next(BIO *b, BIO *next); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns +\&\fBb\fR. +.PP +\&\fBBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 +in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then +becomes a single \s-1BIO\s0 with no association with the original chain, +it can thus be freed or attached to a different chain. +.PP +\&\fBBIO_set_next()\fR replaces the existing next \s-1BIO\s0 in a chain with the \s-1BIO\s0 pointed to +by \fBnext\fR. The new chain may include some of the same BIOs from the old chain +or it may be completely different. +.SH "NOTES" +.IX Header "NOTES" +The names of these functions are perhaps a little misleading. \fBBIO_push()\fR +joins two \s-1BIO\s0 chains whereas \fBBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, +the deleted \s-1BIO\s0 does not need to be at the end of a chain. +.PP +The process of calling \fBBIO_push()\fR and \fBBIO_pop()\fR on a \s-1BIO\s0 may have additional +consequences (a control call is made to the affected BIOs) any effects will +be noted in the descriptions of individual BIOs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_push()\fR returns the end of the chain, \fBb\fR. +.PP +\&\fBBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next +\&\s-1BIO.\s0 +.SH "EXAMPLES" +.IX Header "EXAMPLES" +For these examples suppose \fBmd1\fR and \fBmd2\fR are digest BIOs, \fBb64\fR is +a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO.\s0 +.PP +If the call: +.PP +.Vb 1 +\& BIO_push(b64, f); +.Ve +.PP +is made then the new chain will be \fBb64\-f\fR. After making the calls +.PP +.Vb 2 +\& BIO_push(md2, b64); +\& BIO_push(md1, md2); +.Ve +.PP +the new chain is \fBmd1\-md2\-b64\-f\fR. Data written to \fBmd1\fR will be digested +by \fBmd1\fR and \fBmd2\fR, \fBbase64\fR encoded and written to \fBf\fR. +.PP +It should be noted that reading causes data to pass in the reverse +direction, that is data is read from \fBf\fR, base64 \fBdecoded\fR and digested +by \fBmd1\fR and \fBmd2\fR. If the call: +.PP +.Vb 1 +\& BIO_pop(md2); +.Ve +.PP +The call will return \fBb64\fR and the new chain will be \fBmd1\-b64\-f\fR data can +be written to \fBmd1\fR as before. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_set_next()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_read.3 b/secure/lib/libcrypto/man/man3/BIO_read.3 new file mode 100644 index 000000000000..e138ff703a2c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_read.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_READ 3" +.TH BIO_READ 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_read_ex, BIO_write_ex, BIO_read, BIO_write, BIO_gets, BIO_puts \&\- BIO I/O functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes); +\& int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written); +\& +\& int BIO_read(BIO *b, void *data, int dlen); +\& int BIO_gets(BIO *b, char *buf, int size); +\& int BIO_write(BIO *b, const void *data, int dlen); +\& int BIO_puts(BIO *b, const char *buf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_read_ex()\fR attempts to read \fBdlen\fR bytes from \s-1BIO\s0 \fBb\fR and places the data +in \fBdata\fR. If any bytes were successfully read then the number of bytes read is +stored in \fB*readbytes\fR. +.PP +\&\fBBIO_write_ex()\fR attempts to write \fBdlen\fR bytes from \fBdata\fR to \s-1BIO\s0 \fBb\fR. If +successful then the number of bytes written is stored in \fB*written\fR. +.PP +\&\fBBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places +the data in \fBbuf\fR. +.PP +\&\fBBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data +in \fBbuf\fR. Usually this operation will attempt to read a line of data +from the \s-1BIO\s0 of maximum length \fBsize\-1\fR. There are exceptions to this, +however; for example, \fBBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and +return the digest and other BIOs may not support \fBBIO_gets()\fR at all. +The returned string is always NUL-terminated and the '\en' is preserved +if present in the input data. +.PP +\&\fBBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +.PP +\&\fBBIO_puts()\fR attempts to write a NUL-terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR return 1 if data was successfully read or +written, and 0 otherwise. +.PP +All other functions return either the amount of data successfully read or +written (if the return value is positive) or that no data was successfully +read or written if the result is 0 or \-1. If the return value is \-2 then +the operation is not implemented in the specific \s-1BIO\s0 type. The trailing +\&\s-1NUL\s0 is not included in the length returned by \fBBIO_gets()\fR. +.SH "NOTES" +.IX Header "NOTES" +A 0 or \-1 return is not necessarily an indication of an error. In +particular when the source/sink is non-blocking or of a certain type +it may merely be an indication that no data is currently available and that +the application should retry the operation later. +.PP +One technique sometimes used with blocking sockets is to use a system call +(such as \fBselect()\fR, \fBpoll()\fR or equivalent) to determine when data is available +and then call \fBread()\fR to read the data. The equivalent with BIOs (that is call +\&\fBselect()\fR on the underlying I/O structure and then call \fBBIO_read()\fR to +read the data) should \fBnot\fR be used because a single call to \fBBIO_read()\fR +can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying +I/O structure and may block as a result. Instead \fBselect()\fR (or equivalent) +should be combined with non blocking I/O so successive reads will request +a retry instead of blocking. +.PP +See \fBBIO_should_retry\fR\|(3) for details of how to +determine the cause of a retry and other I/O issues. +.PP +If the \fBBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to +work around this by adding a buffering \s-1BIO\s0 \fBBIO_f_buffer\fR\|(3) +to the chain. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_should_retry\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_gets()\fR on 1.1.0 and older when called on \fBBIO_fd()\fR based \s-1BIO\s0 does not +keep the '\en' at the end of the line in the buffer. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_accept.3 b/secure/lib/libcrypto/man/man3/BIO_s_accept.3 new file mode 100644 index 000000000000..8f4e156d897e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_s_accept.3 @@ -0,0 +1,365 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_ACCEPT 3" +.TH BIO_S_ACCEPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_accept, BIO_set_accept_name, BIO_set_accept_port, BIO_get_accept_name, BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_get_peer_name, BIO_get_peer_port, BIO_get_accept_ip_family, BIO_set_accept_ip_family, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_accept(void); +\& +\& long BIO_set_accept_name(BIO *b, char *name); +\& char *BIO_get_accept_name(BIO *b); +\& +\& long BIO_set_accept_port(BIO *b, char *port); +\& char *BIO_get_accept_port(BIO *b); +\& +\& BIO *BIO_new_accept(char *host_port); +\& +\& long BIO_set_nbio_accept(BIO *b, int n); +\& long BIO_set_accept_bios(BIO *b, char *bio); +\& +\& char *BIO_get_peer_name(BIO *b); +\& char *BIO_get_peer_port(BIO *b); +\& long BIO_get_accept_ip_family(BIO *b); +\& long BIO_set_accept_ip_family(BIO *b, long family); +\& +\& long BIO_set_bind_mode(BIO *b, long mode); +\& long BIO_get_bind_mode(BIO *b); +\& +\& int BIO_do_accept(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper +round the platform's \s-1TCP/IP\s0 socket accept routines. +.PP +Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data +transferred using only \s-1BIO\s0 routines. In this way any platform +specific operations are hidden by the \s-1BIO\s0 abstraction. +.PP +Read and write operations on an accept \s-1BIO\s0 will perform I/O +on the underlying connection. If no connection is established +and the port (see below) is set up properly then the \s-1BIO\s0 +waits for an incoming connection. +.PP +Accept BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. +.PP +If the close flag is set on an accept \s-1BIO\s0 then any active +connection on that chain is shutdown and the socket closed when +the \s-1BIO\s0 is freed. +.PP +Calling \fBBIO_reset()\fR on an accept \s-1BIO\s0 will close any active +connection and reset the \s-1BIO\s0 into a state where it awaits another +incoming connection. +.PP +\&\fBBIO_get_fd()\fR and \fBBIO_set_fd()\fR can be called to retrieve or set +the accept socket. See \fBBIO_s_fd\fR\|(3) +.PP +\&\fBBIO_set_accept_name()\fR uses the string \fBname\fR to set the accept +name. The name is represented as a string of the form \*(L"host:port\*(R", +where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. +The host can be \*(L"*\*(R" or empty which is interpreted as meaning +any interface. If the host is an IPv6 address, it has to be +enclosed in brackets, for example \*(L"[::1]:https\*(R". \*(L"port\*(R" has the +same syntax as the port specified in \fBBIO_set_conn_port()\fR for +connect BIOs, that is it can be a numerical port string or a +string to lookup using \fBgetservbyname()\fR and a string table. +.PP +\&\fBBIO_set_accept_port()\fR uses the string \fBport\fR to set the accept +port. \*(L"port\*(R" has the same syntax as the port specified in +\&\fBBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical +port string or a string to lookup using \fBgetservbyname()\fR and a string +table. +.PP +\&\fBBIO_new_accept()\fR combines \fBBIO_new()\fR and \fBBIO_set_accept_name()\fR into +a single call: that is it creates a new accept \s-1BIO\s0 with port +\&\fBhost_port\fR. +.PP +\&\fBBIO_set_nbio_accept()\fR sets the accept socket to blocking mode +(the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1. +.PP +\&\fBBIO_set_accept_bios()\fR can be used to set a chain of BIOs which +will be duplicated and prepended to the chain when an incoming +connection is received. This is useful if, for example, a +buffering or \s-1SSL BIO\s0 is required for each connection. The +chain of BIOs must not be freed after this call, they will +be automatically freed when the accept \s-1BIO\s0 is freed. +.PP +\&\fBBIO_set_bind_mode()\fR and \fBBIO_get_bind_mode()\fR set and retrieve +the current bind mode. If \fB\s-1BIO_BIND_NORMAL\s0\fR (the default) is set +then another socket cannot be bound to the same port. If +\&\fB\s-1BIO_BIND_REUSEADDR\s0\fR is set then other sockets can bind to the +same port. If \fB\s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0\fR is set then and +attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails +and the port is not in use then a second attempt is made +using \fB\s-1BIO_BIND_REUSEADDR\s0\fR. +.PP +\&\fBBIO_do_accept()\fR serves two functions. When it is first +called, after the accept \s-1BIO\s0 has been setup, it will attempt +to create the accept socket and bind an address to it. Second +and subsequent calls to \fBBIO_do_accept()\fR will await an incoming +connection, or request a retry in non blocking mode. +.SH "NOTES" +.IX Header "NOTES" +When an accept \s-1BIO\s0 is at the end of a chain it will await an +incoming connection before processing I/O calls. When an accept +\&\s-1BIO\s0 is not at then end of a chain it passes I/O calls to the next +\&\s-1BIO\s0 in the chain. +.PP +When a connection is established a new socket \s-1BIO\s0 is created for +the connection and appended to the chain. That is the chain is now +accept\->socket. This effectively means that attempting I/O on +an initial accept socket will await an incoming connection then +perform I/O on it. +.PP +If any additional BIOs have been set using \fBBIO_set_accept_bios()\fR +then they are placed between the socket and the accept \s-1BIO,\s0 +that is the chain will be accept\->otherbios\->socket. +.PP +If a server wishes to process multiple connections (as is normally +the case) then the accept \s-1BIO\s0 must be made available for further +incoming connections. This can be done by waiting for a connection and +then calling: +.PP +.Vb 1 +\& connection = BIO_pop(accept); +.Ve +.PP +After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently +established connection and \fBaccept\fR will now be a single \s-1BIO\s0 +again which can be used to await further incoming connections. +If no further connections will be accepted the \fBaccept\fR can +be freed using \fBBIO_free()\fR. +.PP +If only a single connection will be processed it is possible to +perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable +however because the accept \s-1BIO\s0 will still accept additional incoming +connections. This can be resolved by using \fBBIO_pop()\fR (see above) +and freeing up the accept \s-1BIO\s0 after the initial connection. +.PP +If the underlying accept socket is non-blocking and \fBBIO_do_accept()\fR is +called to await an incoming connection it is possible for +\&\fBBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens +then it is an indication that an accept attempt would block: the application +should take appropriate action to wait until the underlying socket has +accepted a connection and retry the call. +.PP +\&\fBBIO_set_accept_name()\fR, \fBBIO_get_accept_name()\fR, \fBBIO_set_accept_port()\fR, +\&\fBBIO_get_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, \fBBIO_set_accept_bios()\fR, +\&\fBBIO_get_peer_name()\fR, \fBBIO_get_peer_port()\fR, +\&\fBBIO_get_accept_ip_family()\fR, \fBBIO_set_accept_ip_family()\fR, +\&\fBBIO_set_bind_mode()\fR, \fBBIO_get_bind_mode()\fR and \fBBIO_do_accept()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_do_accept()\fR, +\&\fBBIO_set_accept_name()\fR, \fBBIO_set_accept_port()\fR, \fBBIO_set_nbio_accept()\fR, +\&\fBBIO_set_accept_bios()\fR, \fBBIO_set_accept_ip_family()\fR, and \fBBIO_set_bind_mode()\fR +return 1 for success and 0 or \-1 for failure. +.PP +\&\fBBIO_get_accept_name()\fR returns the accept name or \s-1NULL\s0 on error. +\&\fBBIO_get_peer_name()\fR returns the peer name or \s-1NULL\s0 on error. +.PP +\&\fBBIO_get_accept_port()\fR returns the accept port as a string or \s-1NULL\s0 on error. +\&\fBBIO_get_peer_port()\fR returns the peer port as a string or \s-1NULL\s0 on error. +\&\fBBIO_get_accept_ip_family()\fR returns the \s-1IP\s0 family or \-1 on error. +.PP +\&\fBBIO_get_bind_mode()\fR returns the set of \fB\s-1BIO_BIND\s0\fR flags, or \-1 on failure. +.PP +\&\fBBIO_new_accept()\fR returns a \s-1BIO\s0 or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example accepts two connections on port 4444, sends messages +down each and finally closes both down. +.PP +.Vb 1 +\& BIO *abio, *cbio, *cbio2; +\& +\& /* First call to BIO_accept() sets up accept BIO */ +\& abio = BIO_new_accept("4444"); +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error setting up accept\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& +\& /* Wait for incoming connection */ +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error accepting connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& fprintf(stderr, "Connection 1 established\en"); +\& +\& /* Retrieve BIO for connection */ +\& cbio = BIO_pop(abio); +\& BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\en"); +\& fprintf(stderr, "Sent out data on connection 1\en"); +\& +\& /* Wait for another connection */ +\& if (BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error accepting connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& fprintf(stderr, "Connection 2 established\en"); +\& +\& /* Close accept BIO to refuse further connections */ +\& cbio2 = BIO_pop(abio); +\& BIO_free(abio); +\& BIO_puts(cbio2, "Connection 2: Sending out Data on second\en"); +\& fprintf(stderr, "Sent out data on connection 2\en"); +\& +\& BIO_puts(cbio, "Connection 1: Second connection established\en"); +\& +\& /* Close the two established connections */ +\& BIO_free(cbio); +\& BIO_free(cbio2); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_bio.3 b/secure/lib/libcrypto/man/man3/BIO_s_bio.3 new file mode 100644 index 000000000000..43f2206bfce2 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_s_bio.3 @@ -0,0 +1,329 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_BIO 3" +.TH BIO_S_BIO 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- BIO pair BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_bio(void); +\& +\& int BIO_make_bio_pair(BIO *b1, BIO *b2); +\& int BIO_destroy_bio_pair(BIO *b); +\& int BIO_shutdown_wr(BIO *b); +\& +\& int BIO_set_write_buf_size(BIO *b, long size); +\& size_t BIO_get_write_buf_size(BIO *b, long size); +\& +\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); +\& +\& int BIO_get_write_guarantee(BIO *b); +\& size_t BIO_ctrl_get_write_guarantee(BIO *b); +\& int BIO_get_read_request(BIO *b); +\& size_t BIO_ctrl_get_read_request(BIO *b); +\& int BIO_ctrl_reset_read_request(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink +BIOs where data written to either half of the pair is buffered and can be read from +the other half. Both halves must usually by handled by the same application thread +since no locking is done on the internal data structures. +.PP +Since \s-1BIO\s0 chains typically end in a source/sink \s-1BIO\s0 it is possible to make this +one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application +control. +.PP +One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under application control, this +can be used when the application wishes to use a non standard transport for +\&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. +.PP +Calls to \fBBIO_read_ex()\fR will read data from the buffer or request a retry if no +data is available. +.PP +Calls to \fBBIO_write_ex()\fR will place data in the buffer or request a retry if the +buffer is full. +.PP +The standard calls \fBBIO_ctrl_pending()\fR and \fBBIO_ctrl_wpending()\fR can be used to +determine the amount of pending data in the read or write buffer. +.PP +\&\fBBIO_reset()\fR clears any data in the write buffer. +.PP +\&\fBBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair. +.PP +\&\fBBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing +up any half of the pair will automatically destroy the association. +.PP +\&\fBBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further +writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other +half of the pair will return any pending data or \s-1EOF\s0 when all pending data has +been read. +.PP +\&\fBBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. +If the size is not initialized a default value is used. This is currently +17K, sufficient for a maximum size \s-1TLS\s0 record. +.PP +\&\fBBIO_get_write_buf_size()\fR returns the size of the write buffer. +.PP +\&\fBBIO_new_bio_pair()\fR combines the calls to \fBBIO_new()\fR, \fBBIO_make_bio_pair()\fR and +\&\fBBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR +with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is +zero then the default size is used. \fBBIO_new_bio_pair()\fR does not check whether +\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten, +\&\fBBIO_free()\fR is not called. +.PP +\&\fBBIO_get_write_guarantee()\fR and \fBBIO_ctrl_get_write_guarantee()\fR return the maximum +length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this +value will return a value from \fBBIO_write_ex()\fR less than the amount requested or +if the buffer is full request a retry. \fBBIO_ctrl_get_write_guarantee()\fR is a +function whereas \fBBIO_get_write_guarantee()\fR is a macro. +.PP +\&\fBBIO_get_read_request()\fR and \fBBIO_ctrl_get_read_request()\fR return the +amount of data requested, or the buffer size if it is less, if the +last read attempt at the other half of the \s-1BIO\s0 pair failed due to an +empty buffer. This can be used to determine how much data should be +written to the \s-1BIO\s0 so the next read will succeed: this is most useful +in \s-1TLS/SSL\s0 applications where the amount of data read is usually +meaningful rather than just a buffer size. After a successful read +this call will return zero. It also will return zero once new data +has been written satisfying the read request or part of it. +Note that \fBBIO_get_read_request()\fR never returns an amount larger +than that returned by \fBBIO_get_write_guarantee()\fR. +.PP +\&\fBBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by +\&\fBBIO_get_read_request()\fR to zero. +.SH "NOTES" +.IX Header "NOTES" +Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit +freed due to a \fBBIO_free_all()\fR or \fBSSL_free()\fR call the other half needs to be freed. +.PP +When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to +flush any data in the write buffer. This can be done by calling \fBBIO_pending()\fR +on the other half of the pair and, if any data is pending, reading it and sending +it to the underlying transport. This must be done before any normal processing +(such as calling \fBselect()\fR ) due to a request and \fBBIO_should_read()\fR being true. +.PP +To see why this is important consider a case where a request is sent using +\&\fBBIO_write_ex()\fR and a response read with \fBBIO_read_ex()\fR, this can occur during an +\&\s-1TLS/SSL\s0 handshake for example. \fBBIO_write_ex()\fR will succeed and place data in the +write buffer. \fBBIO_read_ex()\fR will initially fail and \fBBIO_should_read()\fR will be +true. If the application then waits for data to be available on the underlying +transport before flushing the write buffer it will never succeed because the +request was never sent! +.PP +\&\fBBIO_eof()\fR is true if no data is in the peer \s-1BIO\s0 and the peer \s-1BIO\s0 has been +shutdown. +.PP +\&\fBBIO_make_bio_pair()\fR, \fBBIO_destroy_bio_pair()\fR, \fBBIO_shutdown_wr()\fR, +\&\fBBIO_set_write_buf_size()\fR, \fBBIO_get_write_buf_size()\fR, +\&\fBBIO_get_write_guarantee()\fR, and \fBBIO_get_read_request()\fR are implemented +as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in +\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the +locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. +.PP +[\s-1XXXXX:\s0 More return values need to be added here] +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The \s-1BIO\s0 pair can be used to have full control over the network access of an +application. The application can call \fBselect()\fR on the socket as required +without having to go through the SSL-interface. +.PP +.Vb 1 +\& BIO *internal_bio, *network_bio; +\& +\& ... +\& BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); +\& SSL_set_bio(ssl, internal_bio, internal_bio); +\& SSL_operations(); /* e.g SSL_read and SSL_write */ +\& ... +\& +\& application | TLS\-engine +\& | | +\& +\-\-\-\-\-\-\-\-\-\-> SSL_operations() +\& | /\e || +\& | || \e/ +\& | BIO\-pair (internal_bio) +\& | BIO\-pair (network_bio) +\& | || /\e +\& | \e/ || +\& +\-\-\-\-\-\-\-\-\-\-\-< BIO_operations() +\& | | +\& | | +\& socket +\& +\& ... +\& SSL_free(ssl); /* implicitly frees internal_bio */ +\& BIO_free(network_bio); +\& ... +.Ve +.PP +As the \s-1BIO\s0 pair will only buffer the data and never directly access the +connection, it behaves non-blocking and will return as soon as the write +buffer is full or the read buffer is drained. Then the application has to +flush the write buffer and/or fill the read buffer. +.PP +Use the \fBBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 +and must be transferred to the network. Use \fBBIO_ctrl_get_read_request()\fR to +find out, how many bytes must be written into the buffer before the +\&\fBSSL_operation()\fR can successfully be continued. +.SH "WARNINGS" +.IX Header "WARNINGS" +As the data is buffered, \fBSSL_operation()\fR may return with an \s-1ERROR_SSL_WANT_READ\s0 +condition, but there is still data in the write buffer. An application must +not rely on the error value of \fBSSL_operation()\fR but must assure that the +write buffer is always flushed first. Otherwise a deadlock may occur as +the peer might be waiting for the data before being able to continue. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBBIO_should_retry\fR\|(3), \fBBIO_read_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_connect.3 b/secure/lib/libcrypto/man/man3/BIO_s_connect.3 new file mode 100644 index 000000000000..c74545f610b0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_s_connect.3 @@ -0,0 +1,338 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_CONNECT 3" +.TH BIO_S_CONNECT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_conn_address, BIO_get_conn_address, BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, BIO_set_conn_ip_family, BIO_get_conn_ip_family, BIO_get_conn_hostname, BIO_get_conn_port, BIO_set_nbio, BIO_do_connect \- connect BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD * BIO_s_connect(void); +\& +\& BIO *BIO_new_connect(char *name); +\& +\& long BIO_set_conn_hostname(BIO *b, char *name); +\& long BIO_set_conn_port(BIO *b, char *port); +\& long BIO_set_conn_address(BIO *b, BIO_ADDR *addr); +\& long BIO_set_conn_ip_family(BIO *b, long family); +\& const char *BIO_get_conn_hostname(BIO *b); +\& const char *BIO_get_conn_port(BIO *b); +\& const BIO_ADDR *BIO_get_conn_address(BIO *b); +\& const long BIO_get_conn_ip_family(BIO *b); +\& +\& long BIO_set_nbio(BIO *b, long n); +\& +\& int BIO_do_connect(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper +round the platform's \s-1TCP/IP\s0 socket connection routines. +.PP +Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data +transferred using only \s-1BIO\s0 routines. In this way any platform +specific operations are hidden by the \s-1BIO\s0 abstraction. +.PP +Read and write operations on a connect \s-1BIO\s0 will perform I/O +on the underlying connection. If no connection is established +and the port and hostname (see below) is set up properly then +a connection is established first. +.PP +Connect BIOs support \fBBIO_puts()\fR but not \fBBIO_gets()\fR. +.PP +If the close flag is set on a connect \s-1BIO\s0 then any active +connection is shutdown and the socket closed when the \s-1BIO\s0 +is freed. +.PP +Calling \fBBIO_reset()\fR on a connect \s-1BIO\s0 will close any active +connection and reset the \s-1BIO\s0 into a state where it can connect +to the same host again. +.PP +\&\fBBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0 +it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of +type (int *). +.PP +\&\fBBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. +The hostname can be an \s-1IP\s0 address; if the address is an IPv6 one, it +must be enclosed with brackets. The hostname can also include the +port in the form hostname:port. +.PP +\&\fBBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the +numerical form or a string such as \*(L"http\*(R". A string will be looked +up first using \fBgetservbyname()\fR on the host platform but if that +fails a standard table of port names will be used. This internal +list is http, telnet, socks, https, ssl, ftp, and gopher. +.PP +\&\fBBIO_set_conn_address()\fR sets the address and port information using +a \s-1\fBBIO_ADDR\s0\fR\|(3ssl). +.PP +\&\fBBIO_set_conn_ip_family()\fR sets the \s-1IP\s0 family. +.PP +\&\fBBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or +\&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set. +This return value is an internal pointer which should not be modified. +.PP +\&\fBBIO_get_conn_port()\fR returns the port as a string. +This return value is an internal pointer which should not be modified. +.PP +\&\fBBIO_get_conn_address()\fR returns the address information as a \s-1BIO_ADDR.\s0 +This return value is an internal pointer which should not be modified. +.PP +\&\fBBIO_get_conn_ip_family()\fR returns the \s-1IP\s0 family of the connect \s-1BIO.\s0 +.PP +\&\fBBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is +zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O +is set. Blocking I/O is the default. The call to \fBBIO_set_nbio()\fR +should be made before the connection is established because +non blocking I/O is set during the connect process. +.PP +\&\fBBIO_new_connect()\fR combines \fBBIO_new()\fR and \fBBIO_set_conn_hostname()\fR into +a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. +.PP +\&\fBBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call \fBBIO_should_retry()\fR should be used for non blocking connect BIOs +to determine if the call should be retried. +.SH "NOTES" +.IX Header "NOTES" +If blocking I/O is set then a non positive return value from any +I/O call is caused by an error condition, although a zero return +will normally mean that the connection was closed. +.PP +If the port name is supplied as part of the host name then this will +override any value set with \fBBIO_set_conn_port()\fR. This may be undesirable +if the application does not wish to allow connection to arbitrary +ports. This can be avoided by checking for the presence of the ':' +character in the passed hostname and either indicating an error or +truncating the string at that point. +.PP +The values returned by \fBBIO_get_conn_hostname()\fR, \fBBIO_get_conn_address()\fR, +and \fBBIO_get_conn_port()\fR are updated when a connection attempt is made. +Before any connection attempt the values returned are those set by the +application itself. +.PP +Applications do not have to call \fBBIO_do_connect()\fR but may wish to do +so to separate the connection process from other I/O processing. +.PP +If non blocking I/O is set then retries will be requested as appropriate. +.PP +It addition to \fBBIO_should_read()\fR and \fBBIO_should_write()\fR it is also +possible for \fBBIO_should_io_special()\fR to be true during the initial +connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned +then this is an indication that a connection attempt would block, +the application should then take appropriate action to wait until +the underlying socket has connected and retry the call. +.PP +\&\fBBIO_set_conn_hostname()\fR, \fBBIO_set_conn_port()\fR, \fBBIO_get_conn_hostname()\fR, +\&\fBBIO_set_conn_address()\fR, \fBBIO_get_conn_port()\fR, \fBBIO_get_conn_address()\fR, +\&\fBBIO_set_conn_ip_family()\fR, \fBBIO_get_conn_ip_family()\fR, +\&\fBBIO_set_nbio()\fR, and \fBBIO_do_connect()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. +.PP +\&\fBBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not +been initialized. +.PP +\&\fBBIO_set_conn_address()\fR, \fBBIO_set_conn_port()\fR, and \fBBIO_set_conn_ip_family()\fR +always return 1. +.PP +\&\fBBIO_set_conn_hostname()\fR returns 1 on success and 0 on failure. +.PP +\&\fBBIO_get_conn_address()\fR returns the address information or \s-1NULL\s0 if none +was set. +.PP +\&\fBBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 if +none was set. +.PP +\&\fBBIO_get_conn_ip_family()\fR returns the address family or \-1 if none was set. +.PP +\&\fBBIO_get_conn_port()\fR returns a string representing the connected +port or \s-1NULL\s0 if not set. +.PP +\&\fBBIO_set_nbio()\fR always returns 1. +.PP +\&\fBBIO_do_connect()\fR returns 1 if the connection was successfully +established and 0 or \-1 if the connection failed. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This is example connects to a webserver on the local host and attempts +to retrieve a page and copy the result to standard output. +.PP +.Vb 3 +\& BIO *cbio, *out; +\& int len; +\& char tmpbuf[1024]; +\& +\& cbio = BIO_new_connect("localhost:http"); +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& if (BIO_do_connect(cbio) <= 0) { +\& fprintf(stderr, "Error connecting to server\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +\& BIO_puts(cbio, "GET / HTTP/1.0\en\en"); +\& for (;;) { +\& len = BIO_read(cbio, tmpbuf, 1024); +\& if (len <= 0) +\& break; +\& BIO_write(out, tmpbuf, len); +\& } +\& BIO_free(cbio); +\& BIO_free(out); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBBIO_ADDR\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBIO_set_conn_int_port()\fR, \fBBIO_get_conn_int_port()\fR, \fBBIO_set_conn_ip()\fR, and \fBBIO_get_conn_ip()\fR +were removed in OpenSSL 1.1.0. +Use \fBBIO_set_conn_address()\fR and \fBBIO_get_conn_address()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_fd.3 b/secure/lib/libcrypto/man/man3/BIO_s_fd.3 new file mode 100644 index 000000000000..924f962a5a2b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_s_fd.3 @@ -0,0 +1,230 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_FD 3" +.TH BIO_S_FD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_fd(void); +\& +\& int BIO_set_fd(BIO *b, int fd, int c); +\& int BIO_get_fd(BIO *b, int *c); +\& +\& BIO *BIO_new_fd(int fd, int close_flag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper +round the platforms file descriptor routines such as \fBread()\fR and \fBwrite()\fR. +.PP +\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying descriptor. +\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. +.PP +If the close flag is set then \fBclose()\fR is called on the underlying +file descriptor when the \s-1BIO\s0 is freed. +.PP +\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file +such as by using \fBlseek(fd, 0, 0)\fR. +.PP +\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +such as by using \fBlseek(fd, ofs, 0)\fR. +.PP +\&\fBBIO_tell()\fR returns the current file position such as by calling +\&\fBlseek(fd, 0, 1)\fR. +.PP +\&\fBBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +flag to \fBc\fR. +.PP +\&\fBBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also +returns the file descriptor. +.PP +\&\fBBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR depends on the behavior of the +platforms \fBread()\fR and \fBwrite()\fR calls on the descriptor. If the underlying +file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the +manner described in the \fBBIO_read_ex\fR\|(3) and \fBBIO_should_retry\fR\|(3) +manual pages. +.PP +File descriptor BIOs should not be used for socket I/O. Use socket BIOs +instead. +.PP +\&\fBBIO_set_fd()\fR and \fBBIO_get_fd()\fR are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. +.PP +\&\fBBIO_set_fd()\fR always returns 1. +.PP +\&\fBBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not +been initialized. +.PP +\&\fBBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R": +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE); +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), +\&\fBBIO_reset\fR\|(3), \fBBIO_read_ex\fR\|(3), +\&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), +\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), +\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_file.3 b/secure/lib/libcrypto/man/man3/BIO_s_file.3 new file mode 100644 index 000000000000..1f301d5c6138 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_s_file.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_FILE 3" +.TH BIO_S_FILE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, BIO_read_filename, BIO_write_filename, BIO_append_filename, BIO_rw_filename \- FILE bio +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_file(void); +\& BIO *BIO_new_file(const char *filename, const char *mode); +\& BIO *BIO_new_fp(FILE *stream, int flags); +\& +\& BIO_set_fp(BIO *b, FILE *fp, int flags); +\& BIO_get_fp(BIO *b, FILE **fpp); +\& +\& int BIO_read_filename(BIO *b, char *name) +\& int BIO_write_filename(BIO *b, char *name) +\& int BIO_append_filename(BIO *b, char *name) +\& int BIO_rw_filename(BIO *b, char *name) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it +is a wrapper round the stdio \s-1FILE\s0 structure and it is a +source/sink \s-1BIO.\s0 +.PP +Calls to \fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read and write data to the +underlying stream. \fBBIO_gets()\fR and \fBBIO_puts()\fR are supported on file BIOs. +.PP +\&\fBBIO_flush()\fR on a file \s-1BIO\s0 calls the \fBfflush()\fR function on the wrapped +stream. +.PP +\&\fBBIO_reset()\fR attempts to change the file pointer to the start of file +using fseek(stream, 0, 0). +.PP +\&\fBBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +using fseek(stream, ofs, 0). +.PP +\&\fBBIO_eof()\fR calls \fBfeof()\fR. +.PP +Setting the \s-1BIO_CLOSE\s0 flag calls \fBfclose()\fR on the stream when the \s-1BIO\s0 +is freed. +.PP +\&\fBBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning +of \fBmode\fR is the same as the stdio function \fBfopen()\fR. The \s-1BIO_CLOSE\s0 +flag is set on the returned \s-1BIO.\s0 +.PP +\&\fBBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: +\&\s-1BIO_CLOSE, BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying +stream to text mode, default is binary: this only has any effect under +Win32). +.PP +\&\fBBIO_set_fp()\fR sets the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same +meaning as in \fBBIO_new_fp()\fR, it is a macro. +.PP +\&\fBBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro. +.PP +\&\fBBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes +from the start of file. +.PP +\&\fBBIO_tell()\fR returns the value of the position pointer. +.PP +\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and +\&\fBBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for +reading, writing, append or read write respectively. +.SH "NOTES" +.IX Header "NOTES" +When wrapping stdout, stdin or stderr the underlying stream should not +normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set. +.PP +Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks +in stdio behaviour will be mirrored by the corresponding \s-1BIO.\s0 +.PP +On Windows BIO_new_files reserves for the filename argument to be +\&\s-1UTF\-8\s0 encoded. In other words if you have to make it work in multi\- +lingual environment, encode file names in \s-1UTF\-8.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_file()\fR returns the file \s-1BIO\s0 method. +.PP +\&\fBBIO_new_file()\fR and \fBBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBBIO_set_fp()\fR and \fBBIO_get_fp()\fR return 1 for success or 0 for failure +(although the current implementation never return 0). +.PP +\&\fBBIO_seek()\fR returns the same value as the underlying \fBfseek()\fR function: +0 for success or \-1 for failure. +.PP +\&\fBBIO_tell()\fR returns the current file position. +.PP +\&\fBBIO_read_filename()\fR, \fBBIO_write_filename()\fR, \fBBIO_append_filename()\fR and +\&\fBBIO_rw_filename()\fR return 1 for success or 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +File \s-1BIO\s0 \*(L"hello world\*(R": +.PP +.Vb 1 +\& BIO *bio_out; +\& +\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_printf(bio_out, "Hello World\en"); +.Ve +.PP +Alternative technique: +.PP +.Vb 1 +\& BIO *bio_out; +\& +\& bio_out = BIO_new(BIO_s_file()); +\& if (bio_out == NULL) +\& /* Error */ +\& if (!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) +\& /* Error */ +\& BIO_printf(bio_out, "Hello World\en"); +.Ve +.PP +Write to a file: +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new_file("filename.txt", "w"); +\& if (!out) +\& /* Error */ +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.PP +Alternative technique: +.PP +.Vb 1 +\& BIO *out; +\& +\& out = BIO_new(BIO_s_file()); +\& if (out == NULL) +\& /* Error */ +\& if (!BIO_write_filename(out, "filename.txt")) +\& /* Error */ +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fBBIO_reset()\fR and \fBBIO_seek()\fR are implemented using \fBfseek()\fR on the underlying +stream. The return value for \fBfseek()\fR is 0 for success or \-1 if an error +occurred this differs from other types of \s-1BIO\s0 which will typically return +1 for success and a non positive value if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_seek\fR\|(3), \fBBIO_tell\fR\|(3), +\&\fBBIO_reset\fR\|(3), \fBBIO_flush\fR\|(3), +\&\fBBIO_read_ex\fR\|(3), +\&\fBBIO_write_ex\fR\|(3), \fBBIO_puts\fR\|(3), +\&\fBBIO_gets\fR\|(3), \fBBIO_printf\fR\|(3), +\&\fBBIO_set_close\fR\|(3), \fBBIO_get_close\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_mem.3 b/secure/lib/libcrypto/man/man3/BIO_s_mem.3 new file mode 100644 index 000000000000..5e8070620550 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_s_mem.3 @@ -0,0 +1,297 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_MEM 3" +.TH BIO_S_MEM 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_secmem, BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, BIO_get_mem_ptr, BIO_new_mem_buf \- memory BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_mem(void); +\& const BIO_METHOD *BIO_s_secmem(void); +\& +\& BIO_set_mem_eof_return(BIO *b, int v) +\& long BIO_get_mem_data(BIO *b, char **pp) +\& BIO_set_mem_buf(BIO *b, BUF_MEM *bm, int c) +\& BIO_get_mem_ptr(BIO *b, BUF_MEM **pp) +\& +\& BIO *BIO_new_mem_buf(const void *buf, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_mem()\fR returns the memory \s-1BIO\s0 method function. +.PP +A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data +written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended +as appropriate to accommodate the stored data. +.PP +\&\fBBIO_s_secmem()\fR is like \fBBIO_s_mem()\fR except that the secure heap is used +for buffer storage. +.PP +Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. +Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from +the \s-1BIO.\s0 +.PP +Memory BIOs support \fBBIO_gets()\fR and \fBBIO_puts()\fR. +.PP +If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying +\&\s-1BUF_MEM\s0 structure is also freed. +.PP +Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it if the +flag \s-1BIO_FLAGS_NONCLEAR_RST\s0 is not set, otherwise it just restores the read +pointer to the state it was just after the last write was performed and the +data can be read again. On a read only \s-1BIO\s0 it similarly restores the \s-1BIO\s0 to +its original state and the read only data can be read again. +.PP +\&\fBBIO_eof()\fR is true if no data is in the \s-1BIO.\s0 +.PP +\&\fBBIO_ctrl_pending()\fR returns the number of bytes currently stored. +.PP +\&\fBBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is +empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is +it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non +zero then it will return \fBv\fR when it is empty and it will set the read retry +flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal +positive return value \fBv\fR should be set to a negative value, typically \-1. +.PP +\&\fBBIO_get_mem_data()\fR sets *\fBpp\fR to a pointer to the start of the memory BIOs data +and returns the total amount of data available. It is implemented as a macro. +.PP +\&\fBBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the +close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 +It is a macro. +.PP +\&\fBBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in *\fBpp\fR. It is +a macro. +.PP +\&\fBBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, +if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be nul terminated and its +length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and +as a result cannot be written to. This is useful when some data needs to be +made available from a static area of memory in the form of a \s-1BIO.\s0 The +supplied data is read directly from the supplied buffer: it is \fBnot\fR copied +first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed. +.SH "NOTES" +.IX Header "NOTES" +Writes to memory BIOs will always succeed if memory is available: that is +their size can grow indefinitely. +.PP +Every write after partial read (not all data in the memory buffer was read) +to a read write memory \s-1BIO\s0 will have to move the unread data with an internal +copy operation, if a \s-1BIO\s0 contains a lot of data and it is read in small +chunks intertwined with writes the operation can be very slow. Adding +a buffering \s-1BIO\s0 to the chain can speed up the process. +.PP +Calling \fBBIO_set_mem_buf()\fR on a \s-1BIO\s0 created with \fBBIO_new_secmem()\fR will +give undefined results, including perhaps a program crash. +.PP +Switching the memory \s-1BIO\s0 from read write to read only is not supported and +can give undefined results including a program crash. There are two notable +exceptions to the rule. The first one is to assign a static memory buffer +immediately after \s-1BIO\s0 creation and set the \s-1BIO\s0 as read only. +.PP +The other supported sequence is to start with read write \s-1BIO\s0 then temporarily +switch it to read only and call \fBBIO_reset()\fR on the read only \s-1BIO\s0 immediately +before switching it back to read write. Before the \s-1BIO\s0 is freed it must be +switched back to the read write mode. +.PP +Calling \fBBIO_get_mem_ptr()\fR on read only \s-1BIO\s0 will return a \s-1BUF_MEM\s0 that +contains only the remaining data to be read. If the close status of the +\&\s-1BIO\s0 is set to \s-1BIO_NOCLOSE,\s0 before freeing the \s-1BUF_MEM\s0 the data pointer +in it must be set to \s-1NULL\s0 as the data pointer does not point to an +allocated memory. +.PP +Calling \fBBIO_reset()\fR on a read write memory \s-1BIO\s0 with \s-1BIO_FLAGS_NONCLEAR_RST\s0 +flag set can have unexpected outcome when the reads and writes to the +\&\s-1BIO\s0 are intertwined. As documented above the \s-1BIO\s0 will be reset to the +state after the last completed write operation. The effects of reads +preceding that write operation cannot be undone. +.PP +Calling \fBBIO_get_mem_ptr()\fR prior to a \fBBIO_reset()\fR call with +\&\s-1BIO_FLAGS_NONCLEAR_RST\s0 set has the same effect as a write operation. +.SH "BUGS" +.IX Header "BUGS" +There should be an option to set the maximum size of a memory \s-1BIO.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_mem()\fR and \fBBIO_s_secmem()\fR return a valid memory \fB\s-1BIO_METHOD\s0\fR structure. +.PP +\&\fBBIO_set_mem_eof_return()\fR, \fBBIO_set_mem_buf()\fR and \fBBIO_get_mem_ptr()\fR +return 1 on success or a value which is less than or equal to 0 if an error occurred. +.PP +\&\fBBIO_get_mem_data()\fR returns the total number of bytes available on success, +0 if b is \s-1NULL,\s0 or a negative value in case of other errors. +.PP +\&\fBBIO_new_mem_buf()\fR returns a valid \fB\s-1BIO\s0\fR structure on success or \s-1NULL\s0 on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO\s0 and write some data to it: +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +\& +\& BIO_puts(mem, "Hello World\en"); +.Ve +.PP +Create a read only memory \s-1BIO:\s0 +.PP +.Vb 2 +\& char data[] = "Hello World"; +\& BIO *mem = BIO_new_mem_buf(data, \-1); +.Ve +.PP +Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up the \s-1BIO:\s0 +.PP +.Vb 1 +\& BUF_MEM *bptr; +\& +\& BIO_get_mem_ptr(mem, &bptr); +\& BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */ +\& BIO_free(mem); +.Ve +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_null.3 b/secure/lib/libcrypto/man/man3/BIO_s_null.3 new file mode 100644 index 000000000000..d122e432ff84 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_s_null.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_NULL 3" +.TH BIO_S_NULL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_null \- null data sink +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to +the null sink is discarded, reads return \s-1EOF.\s0 +.SH "NOTES" +.IX Header "NOTES" +A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null +device. +.PP +A null bio can be placed on the end of a chain to discard any data +passed through it. +.PP +A null sink is useful if, for example, an application wishes to digest some +data by writing through a digest bio but not send the digested data anywhere. +Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can be achieved +by adding a null sink \s-1BIO\s0 to the end of the chain +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_s_socket.3 b/secure/lib/libcrypto/man/man3/BIO_s_socket.3 new file mode 100644 index 000000000000..8e66ed794404 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_s_socket.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_S_SOCKET 3" +.TH BIO_S_SOCKET 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_s_socket, BIO_new_socket \- socket BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const BIO_METHOD *BIO_s_socket(void); +\& +\& BIO *BIO_new_socket(int sock, int close_flag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper +round the platform's socket routines. +.PP +\&\fBBIO_read_ex()\fR and \fBBIO_write_ex()\fR read or write the underlying socket. +\&\fBBIO_puts()\fR is supported but \fBBIO_gets()\fR is not. +.PP +If the close flag is set then the socket is shut down and closed +when the \s-1BIO\s0 is freed. +.PP +\&\fBBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. +.SH "NOTES" +.IX Header "NOTES" +Socket BIOs also support any relevant functionality of file descriptor +BIOs. +.PP +The reason for having separate file descriptor and socket BIOs is that on some +platforms sockets are not file descriptors and use distinct I/O routines, +Windows is one such platform. Any code mixing the two will not work on +all platforms. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. +.PP +\&\fBBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +occurred. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_set_callback.3 b/secure/lib/libcrypto/man/man3/BIO_set_callback.3 new file mode 100644 index 000000000000..844e35ac4930 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_set_callback.3 @@ -0,0 +1,392 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SET_CALLBACK 3" +.TH BIO_SET_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_set_callback_ex, BIO_get_callback_ex, BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, BIO_debug_callback, BIO_callback_fn_ex, BIO_callback_fn \&\- BIO callback functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, +\& size_t len, int argi, +\& long argl, int ret, size_t *processed); +\& typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, +\& long argl, long ret); +\& +\& void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); +\& BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +\& +\& void BIO_set_callback(BIO *b, BIO_callback_fn cb); +\& BIO_callback_fn BIO_get_callback(BIO *b); +\& void BIO_set_callback_arg(BIO *b, char *arg); +\& char *BIO_get_callback_arg(const BIO *b); +\& +\& long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, +\& long argl, long ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBIO_set_callback_ex()\fR and \fBBIO_get_callback_ex()\fR set and retrieve the \s-1BIO\s0 +callback. The callback is called during most high level \s-1BIO\s0 operations. It can +be used for debugging purposes to trace operations on a \s-1BIO\s0 or to modify its +operation. +.PP +\&\fBBIO_set_callback()\fR and \fBBIO_get_callback()\fR set and retrieve the old format \s-1BIO\s0 +callback. New code should not use these functions, but they are retained for +backwards compatibility. Any callback set via \fBBIO_set_callback_ex()\fR will get +called in preference to any set by \fBBIO_set_callback()\fR. +.PP +\&\fBBIO_set_callback_arg()\fR and \fBBIO_get_callback_arg()\fR are macros which can be +used to set and retrieve an argument for use in the callback. +.PP +\&\fBBIO_debug_callback()\fR is a standard debugging callback which prints +out information relating to each \s-1BIO\s0 operation. If the callback +argument is set it is interpreted as a \s-1BIO\s0 to send the information +to, otherwise stderr is used. +.PP +\&\fBBIO_callback_fn_ex()\fR is the type of the callback function and \fBBIO_callback_fn()\fR +is the type of the old format callback function. The meaning of each argument +is described below: +.IP "\fBb\fR" 4 +.IX Item "b" +The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR. +.IP "\fBoper\fR" 4 +.IX Item "oper" +\&\fBoper\fR is set to the operation being performed. For some operations +the callback is called twice, once before and once after the actual +operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN.\s0 +.IP "\fBlen\fR" 4 +.IX Item "len" +The length of the data requested to be read or written. This is only useful if +\&\fBoper\fR is \s-1BIO_CB_READ, BIO_CB_WRITE\s0 or \s-1BIO_CB_GETS.\s0 +.IP "\fBargp\fR \fBargi\fR \fBargl\fR" 4 +.IX Item "argp argi argl" +The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on +the value of \fBoper\fR, that is the operation being performed. +.IP "\fBprocessed\fR" 4 +.IX Item "processed" +\&\fBprocessed\fR is a pointer to a location which will be updated with the amount of +data that was actually read or written. Only used for \s-1BIO_CB_READ, BIO_CB_WRITE, +BIO_CB_GETS\s0 and \s-1BIO_CB_PUTS.\s0 +.IP "\fBret\fR" 4 +.IX Item "ret" +\&\fBret\fR is the return value that would be returned to the +application if no callback were present. The actual value returned +is the return value of the callback itself. In the case of callbacks +called before the actual \s-1BIO\s0 operation 1 is placed in \fBret\fR, if +the return value is not positive it will be immediately returned to +the application and the \s-1BIO\s0 operation will not be performed. +.PP +The callback should normally simply return \fBret\fR when it has +finished processing, unless it specifically wishes to modify the +value returned to the application. +.SH "CALLBACK OPERATIONS" +.IX Header "CALLBACK OPERATIONS" +In the notes below, \fBcallback\fR defers to the actual callback +function that is called. +.IP "\fBBIO_free(b)\fR" 4 +.IX Item "BIO_free(b)" +.Vb 1 +\& callback_ex(b, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L) +.Ve +.Sp +is called before the free operation. +.IP "\fBBIO_read_ex(b, data, dlen, readbytes)\fR" 4 +.IX Item "BIO_read_ex(b, data, dlen, readbytes)" +.Vb 1 +\& callback_ex(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_READ, data, dlen, 0L, 1L) +.Ve +.Sp +is called before the read and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_READ | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, +\& &readbytes) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_READ|BIO_CB_RETURN, data, dlen, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_write(b, data, dlen, written)\fR" 4 +.IX Item "BIO_write(b, data, dlen, written)" +.Vb 1 +\& callback_ex(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_WRITE, datat, dlen, 0L, 1L) +.Ve +.Sp +is called before the write and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_WRITE | BIO_CB_RETURN, data, dlen, 0, 0L, retvalue, +\& &written) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_WRITE|BIO_CB_RETURN, data, dlen, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_gets(b, buf, size)\fR" 4 +.IX Item "BIO_gets(b, buf, size)" +.Vb 1 +\& callback_ex(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_GETS, buf, size, 0L, 1L) +.Ve +.Sp +is called before the operation and +.Sp +.Vb 2 +\& callback_ex(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, 0, 0L, retvalue, +\& &readbytes) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_GETS|BIO_CB_RETURN, buf, size, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_puts(b, buf)\fR" 4 +.IX Item "BIO_puts(b, buf)" +.Vb 1 +\& callback_ex(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL); +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_PUTS, buf, 0, 0L, 1L) +.Ve +.Sp +is called before the operation and +.Sp +.Vb 1 +\& callback_ex(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, 0L, retvalue, &written) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_PUTS|BIO_CB_RETURN, buf, 0, 0L, retvalue) +.Ve +.Sp +after. +.IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4 +.IX Item "BIO_ctrl(BIO *b, int cmd, long larg, void *parg)" +.Vb 1 +\& callback_ex(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_CTRL, parg, cmd, larg, 1L) +.Ve +.Sp +is called before the call and +.Sp +.Vb 1 +\& callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, larg, ret, NULL) +.Ve +.Sp +or +.Sp +.Vb 1 +\& callback(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret) +.Ve +.Sp +after. +.Sp +Note: \fBcmd\fR == \fB\s-1BIO_CTRL_SET_CALLBACK\s0\fR is special, because \fBparg\fR is not the +argument of type \fBBIO_info_cb\fR itself. In this case \fBparg\fR is a pointer to +the actual call parameter, see \fBBIO_callback_ctrl\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_get_callback_ex()\fR and \fBBIO_get_callback()\fR return the callback function +previously set by a call to \fBBIO_set_callback_ex()\fR and \fBBIO_set_callback()\fR +respectively. +.PP +\&\fBBIO_get_callback_arg()\fR returns a \fBchar\fR pointer to the value previously set +via a call to \fBBIO_set_callback_arg()\fR. +.PP +\&\fBBIO_debug_callback()\fR returns 1 or \fBret\fR if it's called after specific \s-1BIO\s0 +operations. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The \fBBIO_debug_callback()\fR function is a good example, its source is +in crypto/bio/bio_cb.c +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BIO_should_retry.3 b/secure/lib/libcrypto/man/man3/BIO_should_retry.3 new file mode 100644 index 000000000000..c2e0991d6d87 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BIO_should_retry.3 @@ -0,0 +1,273 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO_SHOULD_RETRY 3" +.TH BIO_SHOULD_RETRY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BIO_should_read, BIO_should_write, BIO_should_io_special, BIO_retry_type, BIO_should_retry, BIO_get_retry_BIO, BIO_get_retry_reason, BIO_set_retry_reason \- BIO retry functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BIO_should_read(BIO *b); +\& int BIO_should_write(BIO *b); +\& int BIO_should_io_special(iBIO *b); +\& int BIO_retry_type(BIO *b); +\& int BIO_should_retry(BIO *b); +\& +\& BIO *BIO_get_retry_BIO(BIO *bio, int *reason); +\& int BIO_get_retry_reason(BIO *bio); +\& void BIO_set_retry_reason(BIO *bio, int reason); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions determine why a \s-1BIO\s0 is not able to read or write data. +They will typically be called after a failed \fBBIO_read_ex()\fR or \fBBIO_write_ex()\fR +call. +.PP +\&\fBBIO_should_retry()\fR is true if the call that produced this condition +should then be retried at a later time. +.PP +If \fBBIO_should_retry()\fR is false then the cause is an error condition. +.PP +\&\fBBIO_should_read()\fR is true if the cause of the condition is that the \s-1BIO\s0 +has insufficient data to return. Check for readability and/or retry the +last operation. +.PP +\&\fBBIO_should_write()\fR is true if the cause of the condition is that the \s-1BIO\s0 +has pending data to write. Check for writability and/or retry the +last operation. +.PP +\&\fBBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a +reason other than reading or writing is the cause of the condition. +.PP +\&\fBBIO_retry_type()\fR returns a mask of the cause of a retry condition +consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR, +\&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of +these. +.PP +\&\fBBIO_get_retry_BIO()\fR determines the precise reason for the special +condition, it returns the \s-1BIO\s0 that caused this condition and if +\&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of +the reason code and the action that should be taken depends on +the type of \s-1BIO\s0 that resulted in this condition. +.PP +\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition if +passed the relevant \s-1BIO,\s0 for example as returned by \fBBIO_get_retry_BIO()\fR. +.PP +\&\fBBIO_set_retry_reason()\fR sets the retry reason for a special condition for a given +\&\s-1BIO.\s0 This would usually only be called by \s-1BIO\s0 implementations. +.SH "NOTES" +.IX Header "NOTES" +\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, +\&\fBBIO_retry_type()\fR, and \fBBIO_should_retry()\fR, are implemented as macros. +.PP +If \fBBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" +depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0 +operation. For example if a call to \fBBIO_read_ex()\fR on a socket \s-1BIO\s0 returns +0 and \fBBIO_should_retry()\fR is false then the cause will be that the +connection closed. A similar condition on a file \s-1BIO\s0 will mean that it +has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on +the error queue. For more details see the individual \s-1BIO\s0 type manual +pages. +.PP +If the underlying I/O structure is in a blocking mode almost all current +\&\s-1BIO\s0 types will not request a retry, because the underlying I/O +calls will not. If the application knows that the \s-1BIO\s0 type will never +signal a retry then it need not call \fBBIO_should_retry()\fR after a failed +\&\s-1BIO I/O\s0 call. This is typically done with file BIOs. +.PP +\&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a +retry even if the underlying I/O structure is blocking, if a handshake +occurs during a call to \fBBIO_read()\fR. An application can retry the failed +call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0 +on the underlying \s-1SSL\s0 structure. +.PP +While an application may retry a failed non blocking call immediately +this is likely to be very inefficient because the call will fail +repeatedly until data can be processed or is available. An application +will normally wait until the necessary condition is satisfied. How +this is done depends on the underlying I/O structure. +.PP +For example if the cause is ultimately a socket and \fBBIO_should_read()\fR +is true then a call to \fBselect()\fR may be made to wait until data is +available and then retry the \s-1BIO\s0 operation. By combining the retry +conditions of several non blocking BIOs in a single \fBselect()\fR call +it is possible to service several BIOs in a single thread, though +the performance may be poor if \s-1SSL\s0 BIOs are present because long delays +can occur during the initial handshake process. +.PP +It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O +structure cannot process or return any data. This depends on the behaviour of +the platforms I/O functions. This is often not desirable: one solution +is to use non blocking I/O and use a timeout on the \fBselect()\fR (or +equivalent) call. +.SH "BUGS" +.IX Header "BUGS" +The OpenSSL \s-1ASN1\s0 functions cannot gracefully deal with non blocking I/O: +that is they cannot retry after a partial read or write. This is usually +worked around by only passing the relevant data to \s-1ASN1\s0 functions when +the entire structure can be read or written. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBIO_should_read()\fR, \fBBIO_should_write()\fR, \fBBIO_should_io_special()\fR, and +\&\fBBIO_should_retry()\fR return either 1 or 0 based on the actual conditions +of the \fB\s-1BIO\s0\fR. +.PP +\&\fBBIO_retry_type()\fR returns a flag combination presenting the cause of a retry +condition or false if there is no retry condition. +.PP +\&\fBBIO_get_retry_BIO()\fR returns a valid \fB\s-1BIO\s0\fR structure. +.PP +\&\fBBIO_get_retry_reason()\fR returns the reason for a special condition. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBIO_get_retry_reason()\fR and \fBBIO_set_retry_reason()\fR functions were added in +OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 new file mode 100644 index 000000000000..958fa5df3da4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_BLINDING_new.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_BLINDING_NEW 3" +.TH BN_BLINDING_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, BN_BLINDING_is_current_thread, BN_BLINDING_set_current_thread, BN_BLINDING_lock, BN_BLINDING_unlock, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param \- blinding related BIGNUM functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, +\& BIGNUM *mod); +\& void BN_BLINDING_free(BN_BLINDING *b); +\& int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); +\& int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, +\& BN_CTX *ctx); +\& int BN_BLINDING_is_current_thread(BN_BLINDING *b); +\& void BN_BLINDING_set_current_thread(BN_BLINDING *b); +\& int BN_BLINDING_lock(BN_BLINDING *b); +\& int BN_BLINDING_unlock(BN_BLINDING *b); +\& unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +\& void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +\& BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, +\& const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, +\& int (*bn_mod_exp)(BIGNUM *r, +\& const BIGNUM *a, +\& const BIGNUM *p, +\& const BIGNUM *m, +\& BN_CTX *ctx, +\& BN_MONT_CTX *m_ctx), +\& BN_MONT_CTX *m_ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_BLINDING_new()\fR allocates a new \fB\s-1BN_BLINDING\s0\fR structure and copies +the \fBA\fR and \fBAi\fR values into the newly created \fB\s-1BN_BLINDING\s0\fR object. +.PP +\&\fBBN_BLINDING_free()\fR frees the \fB\s-1BN_BLINDING\s0\fR structure. +If \fBb\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBBN_BLINDING_update()\fR updates the \fB\s-1BN_BLINDING\s0\fR parameters by squaring +the \fBA\fR and \fBAi\fR or, after specific number of uses and if the +necessary parameters are set, by re-creating the blinding parameters. +.PP +\&\fBBN_BLINDING_convert_ex()\fR multiplies \fBn\fR with the blinding factor \fBA\fR. +If \fBr\fR is not \s-1NULL\s0 a copy the inverse blinding factor \fBAi\fR will be +returned in \fBr\fR (this is useful if a \fB\s-1RSA\s0\fR object is shared among +several threads). \fBBN_BLINDING_invert_ex()\fR multiplies \fBn\fR with the +inverse blinding factor \fBAi\fR. If \fBr\fR is not \s-1NULL\s0 it will be used as +the inverse blinding. +.PP +\&\fBBN_BLINDING_convert()\fR and \fBBN_BLINDING_invert()\fR are wrapper +functions for \fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR +with \fBr\fR set to \s-1NULL.\s0 +.PP +\&\fBBN_BLINDING_is_current_thread()\fR returns whether the \fB\s-1BN_BLINDING\s0\fR +structure is owned by the current thread. This is to help users +provide proper locking if needed for multi-threaded use. +.PP +\&\fBBN_BLINDING_set_current_thread()\fR sets the current thread as the +owner of the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fBBN_BLINDING_lock()\fR locks the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fBBN_BLINDING_unlock()\fR unlocks the \fB\s-1BN_BLINDING\s0\fR structure. +.PP +\&\fBBN_BLINDING_get_flags()\fR returns the \s-1BN_BLINDING\s0 flags. Currently +there are two supported flags: \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR and +\&\fB\s-1BN_BLINDING_NO_RECREATE\s0\fR. \fB\s-1BN_BLINDING_NO_UPDATE\s0\fR inhibits the +automatic update of the \fB\s-1BN_BLINDING\s0\fR parameters after each use +and \fB\s-1BN_BLINDING_NO_RECREATE\s0\fR inhibits the automatic re-creation +of the \fB\s-1BN_BLINDING\s0\fR parameters after a fixed number of uses (currently +32). In newly allocated \fB\s-1BN_BLINDING\s0\fR objects no flags are set. +\&\fBBN_BLINDING_set_flags()\fR sets the \fB\s-1BN_BLINDING\s0\fR parameters flags. +.PP +\&\fBBN_BLINDING_create_param()\fR creates new \fB\s-1BN_BLINDING\s0\fR parameters +using the exponent \fBe\fR and the modulus \fBm\fR. \fBbn_mod_exp\fR and +\&\fBm_ctx\fR can be used to pass special functions for exponentiation +(normally \fBBN_mod_exp_mont()\fR and \fB\s-1BN_MONT_CTX\s0\fR). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_BLINDING_new()\fR returns the newly allocated \fB\s-1BN_BLINDING\s0\fR structure +or \s-1NULL\s0 in case of an error. +.PP +\&\fBBN_BLINDING_update()\fR, \fBBN_BLINDING_convert()\fR, \fBBN_BLINDING_invert()\fR, +\&\fBBN_BLINDING_convert_ex()\fR and \fBBN_BLINDING_invert_ex()\fR return 1 on +success and 0 if an error occurred. +.PP +\&\fBBN_BLINDING_is_current_thread()\fR returns 1 if the current thread owns +the \fB\s-1BN_BLINDING\s0\fR object, 0 otherwise. +.PP +\&\fBBN_BLINDING_set_current_thread()\fR doesn't return anything. +.PP +\&\fBBN_BLINDING_lock()\fR, \fBBN_BLINDING_unlock()\fR return 1 if the operation +succeeded or 0 on error. +.PP +\&\fBBN_BLINDING_get_flags()\fR returns the currently set \fB\s-1BN_BLINDING\s0\fR flags +(a \fBunsigned long\fR value). +.PP +\&\fBBN_BLINDING_create_param()\fR returns the newly created \fB\s-1BN_BLINDING\s0\fR +parameters or \s-1NULL\s0 on error. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_BLINDING_thread_id()\fR was first introduced in OpenSSL 1.0.0, and it +deprecates \fBBN_BLINDING_set_thread_id()\fR and \fBBN_BLINDING_get_thread_id()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2005\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_CTX_new.3 b/secure/lib/libcrypto/man/man3/BN_CTX_new.3 new file mode 100644 index 000000000000..374136f5f513 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_CTX_new.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CTX_NEW 3" +.TH BN_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_CTX_new, BN_CTX_secure_new, BN_CTX_free \- allocate and free BN_CTX structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_CTX *BN_CTX_new(void); +\& +\& BN_CTX *BN_CTX_secure_new(void); +\& +\& void BN_CTX_free(BN_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1BN_CTX\s0\fR is a structure that holds \fB\s-1BIGNUM\s0\fR temporary variables used by +library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fRs +is rather expensive when used in conjunction with repeated subroutine +calls, the \fB\s-1BN_CTX\s0\fR structure is used. +.PP +\&\fBBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure. +\&\fBBN_CTX_secure_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR structure +but uses the secure heap (see \fBCRYPTO_secure_malloc\fR\|(3)) to hold the +\&\fB\s-1BIGNUM\s0\fRs. +.PP +\&\fBBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR and the structure itself. +Since \fBBN_CTX_start()\fR is required in order to obtain \fB\s-1BIGNUM\s0\fRs from the +\&\fB\s-1BN_CTX\s0\fR, in most cases \fBBN_CTX_end()\fR must be called before the \fB\s-1BN_CTX\s0\fR may +be freed by \fBBN_CTX_free()\fR. If \fBc\fR is \s-1NULL,\s0 nothing is done. +.PP +A given \fB\s-1BN_CTX\s0\fR must only be used by a single thread of execution. No +locking is performed, and the internal pool allocator will not properly handle +multiple threads of execution. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_CTX_new()\fR and \fBBN_CTX_secure_new()\fR return a pointer to the \fB\s-1BN_CTX\s0\fR. +If the allocation fails, +they return \fB\s-1NULL\s0\fR and sets an error code that can be obtained by +\&\fBERR_get_error\fR\|(3). +.PP +\&\fBBN_CTX_free()\fR has no return values. +.SH "REMOVED FUNCTIONALITY" +.IX Header "REMOVED FUNCTIONALITY" +.Vb 1 +\& void BN_CTX_init(BN_CTX *c); +.Ve +.PP +\&\fBBN_CTX_init()\fR is no longer available as of OpenSSL 1.1.0. Applications should +replace use of BN_CTX_init with BN_CTX_new instead: +.PP +.Vb 6 +\& BN_CTX *ctx; +\& ctx = BN_CTX_new(); +\& if (!ctx) +\& /* error */ +\& ... +\& BN_CTX_free(ctx); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_start\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_CTX_init()\fR was removed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_CTX_start.3 b/secure/lib/libcrypto/man/man3/BN_CTX_start.3 new file mode 100644 index 000000000000..e4fb021d3e24 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_CTX_start.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CTX_START 3" +.TH BN_CTX_START 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary BIGNUM variables +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_CTX_start(BN_CTX *ctx); +\& +\& BIGNUM *BN_CTX_get(BN_CTX *ctx); +\& +\& void BN_CTX_end(BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from +a \fB\s-1BN_CTX\s0\fR (which can been created by using \fBBN_CTX_new\fR\|(3)) +in order to save the overhead of repeatedly creating and +freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop. +.PP +A function must call \fBBN_CTX_start()\fR first. Then, \fBBN_CTX_get()\fR may be +called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fBBN_CTX_get()\fR +calls must be made before calling any other functions that use the +\&\fBctx\fR as an argument. +.PP +Finally, \fBBN_CTX_end()\fR must be called before returning from the function. +If \fBctx\fR is \s-1NULL,\s0 nothing is done. +When \fBBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from +\&\fBBN_CTX_get()\fR become invalid. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_CTX_start()\fR and \fBBN_CTX_end()\fR return no values. +.PP +\&\fBBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. +Once \fBBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR +as well, so it is sufficient to check the return value of the last +\&\fBBN_CTX_get()\fR call. In case of an error, an error code is set, which +can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_add.3 b/secure/lib/libcrypto/man/man3/BN_add.3 new file mode 100644 index 000000000000..9683f020b1b1 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_add.3 @@ -0,0 +1,259 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ADD 3" +.TH BN_ADD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +\& +\& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +\& +\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +\& +\& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, +\& BN_CTX *ctx); +\& +\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& +\& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); +\& +\& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +.PP +\&\fBBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +.PP +\&\fBBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. +For multiplication by powers of 2, use \fBBN_lshift\fR\|(3). +.PP +\&\fBBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR +(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. +This function is faster than BN_mul(r,a,a). +.PP +\&\fBBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the +remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may +be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. +The result is rounded towards zero; thus if \fIa\fR is negative, the +remainder will be zero or negative. +For division by powers of 2, use \fBBN_rshift\fR\|(3). +.PP +\&\fBBN_mod()\fR corresponds to \fBBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. +.PP +\&\fBBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative +remainder in \fIr\fR. +.PP +\&\fBBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative +result in \fIr\fR. +.PP +\&\fBBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the +non-negative result in \fIr\fR. +.PP +\&\fBBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative +remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be +the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for +repeated computations using the same modulus, see +\&\fBBN_mod_mul_montgomery\fR\|(3) and +\&\fBBN_mod_mul_reciprocal\fR\|(3). +.PP +\&\fBBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the +result in \fIr\fR. +.PP +\&\fBBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR +(\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of +\&\fBBN_mul()\fR. +.PP +\&\fBBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % +m\*(C'\fR). This function uses less time and space than \fBBN_exp()\fR. Do not call this +function when \fBm\fR is even and any of the parameters have the +\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set. +.PP +\&\fBBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and +places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or +\&\fIb\fR. +.PP +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +temporary variables; see \fBBN_CTX_new\fR\|(3). +.PP +Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from +the arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For all functions, 1 is returned for success, 0 on error. The return +value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR). +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_CTX_new\fR\|(3), +\&\fBBN_add_word\fR\|(3), \fBBN_set_bit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_add_word.3 b/secure/lib/libcrypto/man/man3/BN_add_word.3 new file mode 100644 index 000000000000..e55cafb88322 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_add_word.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ADD_WORD 3" +.TH BN_ADD_WORD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic functions on BIGNUMs with integers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_add_word(BIGNUM *a, BN_ULONG w); +\& +\& int BN_sub_word(BIGNUM *a, BN_ULONG w); +\& +\& int BN_mul_word(BIGNUM *a, BN_ULONG w); +\& +\& BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +\& +\& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions perform arithmetic operations on BIGNUMs with unsigned +integers. They are much more efficient than the normal \s-1BIGNUM\s0 +arithmetic operations. +.PP +\&\fBBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). +.PP +\&\fBBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). +.PP +\&\fBBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=w\*(C'\fR). +.PP +\&\fBBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. +.PP +\&\fBBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%w\*(C'\fR). +.PP +For \fBBN_div_word()\fR and \fBBN_mod_word()\fR, \fBw\fR must not be 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_add_word()\fR, \fBBN_sub_word()\fR and \fBBN_mul_word()\fR return 1 for success, 0 +on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). +.PP +\&\fBBN_mod_word()\fR and \fBBN_div_word()\fR return \fBa\fR%\fBw\fR on success and +\&\fB(\s-1BN_ULONG\s0)\-1\fR if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_bn2bin.3 b/secure/lib/libcrypto/man/man3/BN_bn2bin.3 new file mode 100644 index 000000000000..d7d6f6b0502e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_bn2bin.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_BN2BIN 3" +.TH BN_BN2BIN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_bn2binpad, BN_bn2bin, BN_bin2bn, BN_bn2lebinpad, BN_lebin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_bn2bin(const BIGNUM *a, unsigned char *to); +\& int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +\& +\& int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +\& BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +\& +\& char *BN_bn2hex(const BIGNUM *a); +\& char *BN_bn2dec(const BIGNUM *a); +\& int BN_hex2bn(BIGNUM **a, const char *str); +\& int BN_dec2bn(BIGNUM **a, const char *str); +\& +\& int BN_print(BIO *fp, const BIGNUM *a); +\& int BN_print_fp(FILE *fp, const BIGNUM *a); +\& +\& int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +\& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form +and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of +memory. +.PP +\&\fBBN_bn2binpad()\fR also converts the absolute value of \fBa\fR into big-endian form +and stores it at \fBto\fR. \fBtolen\fR indicates the length of the output buffer +\&\fBto\fR. The result is padded with zeroes if necessary. If \fBtolen\fR is less than +BN_num_bytes(\fBa\fR) an error is returned. +.PP +\&\fBBN_bin2bn()\fR converts the positive integer in big-endian form of length +\&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is +\&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. +.PP +\&\fBBN_bn2lebinpad()\fR and \fBBN_lebin2bn()\fR are identical to \fBBN_bn2binpad()\fR and +\&\fBBN_bin2bn()\fR except the buffer is in little-endian format. +.PP +\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return printable strings containing the +hexadecimal and decimal encoding of \fBa\fR respectively. For negative +numbers, the string is prefaced with a leading '\-'. The string must be +freed later using \fBOPENSSL_free()\fR. +.PP +\&\fBBN_hex2bn()\fR takes as many characters as possible from the string \fBstr\fR, +including the leading character '\-' which means negative, to form a valid +hexadecimal number representation and converts them to a \fB\s-1BIGNUM\s0\fR and +stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. If +\&\fBa\fR is \s-1NULL,\s0 it only computes the length of valid representation. +A \*(L"negative zero\*(R" is converted to zero. +\&\fBBN_dec2bn()\fR is the same using the decimal system. +.PP +\&\fBBN_print()\fR and \fBBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, +with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR +\&\fBfp\fR. +.PP +\&\fBBN_bn2mpi()\fR and \fBBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format +that consists of the number's length in bytes represented as a 4\-byte +big-endian number, and the number itself in big-endian format, where +the most significant bit signals a negative number (the representation +of numbers with the \s-1MSB\s0 set is prefixed with null byte). +.PP +\&\fBBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR +must be large enough to hold the result. The size can be determined by +calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). +.PP +\&\fBBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to +a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR +if \fBret\fR is \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. +\&\fBBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. +.PP +\&\fBBN_bn2binpad()\fR returns the number of bytes written or \-1 if the supplied +buffer is too small. +.PP +\&\fBBN_bn2hex()\fR and \fBBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 +on error. \fBBN_hex2bn()\fR and \fBBN_dec2bn()\fR return the number of characters +used in parsing, or 0 on error, in which +case no new \fB\s-1BIGNUM\s0\fR will be created. +.PP +\&\fBBN_print_fp()\fR and \fBBN_print()\fR return 1 on success, 0 on write errors. +.PP +\&\fBBN_bn2mpi()\fR returns the length of the representation. \fBBN_mpi2bn()\fR +returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_zero\fR\|(3), +\&\fBASN1_INTEGER_to_BN\fR\|(3), +\&\fBBN_num_bytes\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_cmp.3 b/secure/lib/libcrypto/man/man3/BN_cmp.3 new file mode 100644 index 000000000000..ee74b8a15d7c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_cmp.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_CMP 3" +.TH BN_CMP 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- BIGNUM comparison and test functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_cmp(BIGNUM *a, BIGNUM *b); +\& int BN_ucmp(BIGNUM *a, BIGNUM *b); +\& +\& int BN_is_zero(BIGNUM *a); +\& int BN_is_one(BIGNUM *a); +\& int BN_is_word(BIGNUM *a, BN_ULONG w); +\& int BN_is_odd(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fBBN_ucmp()\fR compares their +absolute values. +.PP +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR and \fBBN_is_word()\fR test if \fBa\fR equals 0, 1, +or \fBw\fR respectively. \fBBN_is_odd()\fR tests if a is odd. +.PP +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR, \fBBN_is_word()\fR and \fBBN_is_odd()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if +\&\fBa\fR > \fBb\fR. \fBBN_ucmp()\fR is the same using the absolute values +of \fBa\fR and \fBb\fR. +.PP +\&\fBBN_is_zero()\fR, \fBBN_is_one()\fR \fBBN_is_word()\fR and \fBBN_is_odd()\fR return 1 if +the condition is true, 0 otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_copy.3 b/secure/lib/libcrypto/man/man3/BN_copy.3 new file mode 100644 index 000000000000..ec49b42ff771 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_copy.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_COPY 3" +.TH BN_COPY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_copy, BN_dup, BN_with_flags \- copy BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from); +\& +\& BIGNUM *BN_dup(const BIGNUM *from); +\& +\& void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fBBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR +containing the value \fBfrom\fR. +.PP +BN_with_flags creates a \fBtemporary\fR shallow copy of \fBb\fR in \fBdest\fR. It places +significant restrictions on the copied data. Applications that do no adhere to +these restrictions may encounter unexpected side effects or crashes. For that +reason use of this function is discouraged. Any flags provided in \fBflags\fR will +be set in \fBdest\fR in addition to any flags already set in \fBb\fR. For example this +might commonly be used to create a temporary copy of a \s-1BIGNUM\s0 with the +\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set for constant time operations. The temporary copy in +\&\fBdest\fR will share some internal state with \fBb\fR. For this reason the following +restrictions apply to the use of \fBdest\fR: +.IP "\(bu" 2 +\&\fBdest\fR should be a newly allocated \s-1BIGNUM\s0 obtained via a call to \fBBN_new()\fR. It +should not have been used for other purposes or initialised in any way. +.IP "\(bu" 2 +\&\fBdest\fR must only be used in \*(L"read-only\*(R" operations, i.e. typically those +functions where the relevant parameter is declared \*(L"const\*(R". +.IP "\(bu" 2 +\&\fBdest\fR must be used and freed before any further subsequent use of \fBb\fR +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fBBN_dup()\fR returns +the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained +by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_generate_prime.3 b/secure/lib/libcrypto/man/man3/BN_generate_prime.3 new file mode 100644 index 000000000000..8ac4b3f5d0b3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_generate_prime.3 @@ -0,0 +1,337 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_GENERATE_PRIME 3" +.TH BN_GENERATE_PRIME 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, BN_GENCB_new, BN_GENCB_free, BN_GENCB_set_old, BN_GENCB_set, BN_GENCB_get_arg, BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, +\& const BIGNUM *rem, BN_GENCB *cb); +\& +\& int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +\& +\& int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, +\& int do_trial_division, BN_GENCB *cb); +\& +\& int BN_GENCB_call(BN_GENCB *cb, int a, int b); +\& +\& BN_GENCB *BN_GENCB_new(void); +\& +\& void BN_GENCB_free(BN_GENCB *cb); +\& +\& void BN_GENCB_set_old(BN_GENCB *gencb, +\& void (*callback)(int, int, void *), void *cb_arg); +\& +\& void BN_GENCB_set(BN_GENCB *gencb, +\& int (*callback)(int, int, BN_GENCB *), void *cb_arg); +\& +\& void *BN_GENCB_get_arg(BN_GENCB *cb); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x00908000L +\& BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, +\& BIGNUM *rem, void (*callback)(int, int, void *), +\& void *cb_arg); +\& +\& int BN_is_prime(const BIGNUM *a, int checks, +\& void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg); +\& +\& int BN_is_prime_fasttest(const BIGNUM *a, int checks, +\& void (*callback)(int, int, void *), BN_CTX *ctx, +\& void *cb_arg, int do_trial_division); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_generate_prime_ex()\fR generates a pseudo-random prime number of +at least bit length \fBbits\fR. The returned number is probably prime +with a negligible error. +.PP +If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number. +.PP +If \fBcb\fR is not \fB\s-1NULL\s0\fR, it is used as follows: +.IP "\(bu" 2 +\&\fBBN_GENCB_call(cb, 0, i)\fR is called after generating the i\-th +potential prime number. +.IP "\(bu" 2 +While the number is being tested for primality, +\&\fBBN_GENCB_call(cb, 1, j)\fR is called as described below. +.IP "\(bu" 2 +When a prime has been found, \fBBN_GENCB_call(cb, 2, i)\fR is called. +.IP "\(bu" 2 +The callers of \fBBN_generate_prime_ex()\fR may call \fBBN_GENCB_call(cb, i, j)\fR with +other values as described in their respective man pages; see \*(L"\s-1SEE ALSO\*(R"\s0. +.PP +The prime may have to fulfill additional requirements for use in +Diffie-Hellman key exchange: +.PP +If \fBadd\fR is not \fB\s-1NULL\s0\fR, the prime will fulfill the condition p % \fBadd\fR +== \fBrem\fR (p % \fBadd\fR == 1 if \fBrem\fR == \fB\s-1NULL\s0\fR) in order to suit a given +generator. +.PP +If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so +that (p\-1)/2 is also prime). +.PP +The random generator must be seeded prior to calling \fBBN_generate_prime_ex()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR test if the number \fBp\fR is +prime. The following tests are performed until one of them shows that +\&\fBp\fR is composite; if \fBp\fR passes all these tests, it is considered +prime. +.PP +\&\fBBN_is_prime_fasttest_ex()\fR, when called with \fBdo_trial_division == 1\fR, +first attempts trial division by a number of small primes; +if no divisors are found by this test and \fBcb\fR is not \fB\s-1NULL\s0\fR, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +If \fBdo_trial_division == 0\fR, this test is skipped. +.PP +Both \fBBN_is_prime_ex()\fR and \fBBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin +probabilistic primality test with \fBnchecks\fR iterations. If +\&\fBnchecks == BN_prime_checks\fR, a number of iterations is used that +yields a false positive rate of at most 2^\-64 for random input. +The error rate depends on the size of the prime and goes down for bigger primes. +The rate is 2^\-80 starting at 308 bits, 2^\-112 at 852 bits, 2^\-128 at 1080 bits, +2^\-192 at 3747 bits and 2^\-256 at 6394 bits. +.PP +When the source of the prime is not random or not trusted, the number +of checks needs to be much higher to reach the same level of assurance: +It should equal half of the targeted security level in bits (rounded up to the +next integer if necessary). +For instance, to reach the 128 bit security level, \fBnchecks\fR should be set to +64. +.PP +If \fBcb\fR is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called +after the j\-th iteration (j = 0, 1, ...). \fBctx\fR is a +pre-allocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and +freeing the structure in a loop), or \fB\s-1NULL\s0\fR. +.PP +\&\fBBN_GENCB_call()\fR calls the callback function held in the \fB\s-1BN_GENCB\s0\fR structure +and passes the ints \fBa\fR and \fBb\fR as arguments. There are two types of +\&\fB\s-1BN_GENCB\s0\fR structure that are supported: \*(L"new\*(R" style and \*(L"old\*(R" style. New +programs should prefer the \*(L"new\*(R" style, whilst the \*(L"old\*(R" style is provided +for backwards compatibility purposes. +.PP +A \fB\s-1BN_GENCB\s0\fR structure should be created through a call to \fBBN_GENCB_new()\fR, +and freed through a call to \fBBN_GENCB_free()\fR. +.PP +For \*(L"new\*(R" style callbacks a \s-1BN_GENCB\s0 structure should be initialised with a +call to \fBBN_GENCB_set()\fR, where \fBgencb\fR is a \fB\s-1BN_GENCB\s0 *\fR, \fBcallback\fR is of +type \fBint (*callback)(int, int, \s-1BN_GENCB\s0 *)\fR and \fBcb_arg\fR is a \fBvoid *\fR. +\&\*(L"Old\*(R" style callbacks are the same except they are initialised with a call +to \fBBN_GENCB_set_old()\fR and \fBcallback\fR is of type +\&\fBvoid (*callback)(int, int, void *)\fR. +.PP +A callback is invoked through a call to \fBBN_GENCB_call\fR. This will check +the type of the callback and will invoke \fBcallback(a, b, gencb)\fR for new +style callbacks or \fBcallback(a, b, cb_arg)\fR for old style. +.PP +It is possible to obtain the argument associated with a \s-1BN_GENCB\s0 structure +(set via a call to BN_GENCB_set or BN_GENCB_set_old) using BN_GENCB_get_arg. +.PP +\&\fBBN_generate_prime()\fR (deprecated) works in the same way as +\&\fBBN_generate_prime_ex()\fR but expects an old-style callback function +directly in the \fBcallback\fR parameter, and an argument to pass to it in +the \fBcb_arg\fR. \fBBN_is_prime()\fR and \fBBN_is_prime_fasttest()\fR +can similarly be compared to \fBBN_is_prime_ex()\fR and +\&\fBBN_is_prime_fasttest_ex()\fR, respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_generate_prime_ex()\fR return 1 on success or 0 on error. +.PP +\&\fBBN_is_prime_ex()\fR, \fBBN_is_prime_fasttest_ex()\fR, \fBBN_is_prime()\fR and +\&\fBBN_is_prime_fasttest()\fR return 0 if the number is composite, 1 if it is +prime with an error probability of less than 0.25^\fBnchecks\fR, and +\&\-1 on error. +.PP +\&\fBBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. +.PP +BN_GENCB_new returns a pointer to a \s-1BN_GENCB\s0 structure on success, or \fB\s-1NULL\s0\fR +otherwise. +.PP +BN_GENCB_get_arg returns the argument previously associated with a \s-1BN_GENCB\s0 +structure. +.PP +Callback functions should return 1 on success or 0 on error. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "REMOVED FUNCTIONALITY" +.IX Header "REMOVED FUNCTIONALITY" +As of OpenSSL 1.1.0 it is no longer possible to create a \s-1BN_GENCB\s0 structure +directly, as in: +.PP +.Vb 1 +\& BN_GENCB callback; +.Ve +.PP +Instead applications should create a \s-1BN_GENCB\s0 structure using BN_GENCB_new: +.PP +.Vb 6 +\& BN_GENCB *callback; +\& callback = BN_GENCB_new(); +\& if (!callback) +\& /* error */ +\& ... +\& BN_GENCB_free(callback); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_generate_parameters\fR\|(3), \fBDSA_generate_parameters\fR\|(3), +\&\fBRSA_generate_key\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBN_GENCB_new()\fR, \fBBN_GENCB_free()\fR, +and \fBBN_GENCB_get_arg()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 b/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 new file mode 100644 index 000000000000..13e5b9628ca4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_mod_inverse.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_INVERSE 3" +.TH BN_MOD_INVERSE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_inverse \- compute inverse modulo n +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR +places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0 +a new \fB\s-1BIGNUM\s0\fR is created. +.PP +\&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary +variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and +\&\s-1NULL\s0 on error. The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 new file mode 100644 index 000000000000..c6047fb4bb22 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_mod_mul_montgomery.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_MUL_MONTGOMERY 3" +.TH BN_MOD_MUL_MONTGOMERY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_MONT_CTX *BN_MONT_CTX_new(void); +\& void BN_MONT_CTX_free(BN_MONT_CTX *mont); +\& +\& int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx); +\& BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +\& +\& int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_MONT_CTX *mont, BN_CTX *ctx); +\& +\& int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +\& +\& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement Montgomery multiplication. They are used +automatically when \fBBN_mod_exp\fR\|(3) is called with suitable input, +but they may be useful when several operations are to be performed +using the same modulus. +.PP +\&\fBBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. +.PP +\&\fBBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR +by precomputing its inverse and a value R. +.PP +\&\fBBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. +.PP +\&\fBBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if +it was created by \fBBN_MONT_CTX_new()\fR, also the structure itself. +If \fBmont\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places +the result in \fIr\fR. +.PP +\&\fBBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. +.PP +\&\fBBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. +Note that \fIa\fR must be non-negative and smaller than the modulus. +.PP +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +temporary variables. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 +on error. +.PP +\&\fBBN_MONT_CTX_free()\fR has no return value. +.PP +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +The inputs must be reduced modulo \fBm\fR, otherwise the result will be +outside the expected range. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_MONT_CTX_init()\fR was removed in OpenSSL 1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 new file mode 100644 index 000000000000..5356ad44fb21 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_mod_mul_reciprocal.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_MOD_MUL_RECIPROCAL 3" +.TH BN_MOD_MUL_RECIPROCAL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using reciprocal +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BN_RECP_CTX *BN_RECP_CTX_new(void); +\& void BN_RECP_CTX_free(BN_RECP_CTX *recp); +\& +\& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); +\& +\& int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp, +\& BN_CTX *ctx); +\& +\& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_RECP_CTX *recp, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_mod_mul_reciprocal()\fR can be used to perform an efficient +\&\fBBN_mod_mul\fR\|(3) operation when the operation will be performed +repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR +using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a +previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. +.PP +\&\fBBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. +.PP +\&\fBBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it +was created by \fBBN_RECP_CTX_new()\fR, also the structure itself. +If \fBrecp\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing +1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an +integer. The result and the number of bits it was shifted left will +later be stored in \fBrecp\fR. +.PP +\&\fBBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient +in \fBdv\fR and the remainder in \fBrem\fR. +.PP +The \fB\s-1BN_RECP_CTX\s0\fR structure cannot be shared between threads. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 +on error. +.PP +\&\fBBN_RECP_CTX_free()\fR has no return value. +.PP +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBBN_add\fR\|(3), +\&\fBBN_CTX_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_RECP_CTX_init()\fR was removed in OpenSSL 1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_new.3 b/secure/lib/libcrypto/man/man3/BN_new.3 new file mode 100644 index 000000000000..73f640116006 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_new.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_NEW 3" +.TH BN_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_new, BN_secure_new, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIGNUM *BN_new(void); +\& +\& BIGNUM *BN_secure_new(void); +\& +\& void BN_clear(BIGNUM *a); +\& +\& void BN_free(BIGNUM *a); +\& +\& void BN_clear_free(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_new()\fR allocates and initializes a \fB\s-1BIGNUM\s0\fR structure. +\&\fBBN_secure_new()\fR does the same except that the secure heap +\&\fBOPENSSL_secure_malloc\fR\|(3) is used to store the value. +.PP +\&\fBBN_clear()\fR is used to destroy sensitive data such as keys when they +are no longer needed. It erases the memory used by \fBa\fR and sets it +to the value 0. +If \fBa\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created +by \fBBN_new()\fR, also the structure itself. \fBBN_clear_free()\fR additionally +overwrites the data before the memory is returned to the system. +If \fBa\fR is \s-1NULL,\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_new()\fR and \fBBN_secure_new()\fR +return a pointer to the \fB\s-1BIGNUM\s0\fR initialised to the value 0. +If the allocation fails, +they return \fB\s-1NULL\s0\fR and set an error code that can be obtained +by \fBERR_get_error\fR\|(3). +.PP +\&\fBBN_clear()\fR, \fBBN_free()\fR and \fBBN_clear_free()\fR have no return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBOPENSSL_secure_malloc\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBBN_init()\fR was removed in OpenSSL 1.1.0; use \fBBN_new()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_num_bytes.3 b/secure/lib/libcrypto/man/man3/BN_num_bytes.3 new file mode 100644 index 000000000000..9973d0e9d129 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_num_bytes.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_NUM_BYTES 3" +.TH BN_NUM_BYTES 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_num_bits, BN_num_bytes, BN_num_bits_word \- get BIGNUM size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_num_bytes(const BIGNUM *a); +\& +\& int BN_num_bits(const BIGNUM *a); +\& +\& int BN_num_bits_word(BN_ULONG w); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_num_bytes()\fR returns the size of a \fB\s-1BIGNUM\s0\fR in bytes. +.PP +\&\fBBN_num_bits_word()\fR returns the number of significant bits in a word. +If we take 0x00000432 as an example, it returns 11, not 16, not 32. +Basically, except for a zero, it returns \fIfloor(log2(w))+1\fR. +.PP +\&\fBBN_num_bits()\fR returns the number of significant bits in a \fB\s-1BIGNUM\s0\fR, +following the same principle as \fBBN_num_bits_word()\fR. +.PP +\&\fBBN_num_bytes()\fR is a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The size. +.SH "NOTES" +.IX Header "NOTES" +Some have tried using \fBBN_num_bits()\fR on individual numbers in \s-1RSA\s0 keys, +\&\s-1DH\s0 keys and \s-1DSA\s0 keys, and found that they don't always come up with +the number of bits they expected (something like 512, 1024, 2048, +\&...). This is because generating a number with some specific number +of bits doesn't always set the highest bits, thereby making the number +of \fIsignificant\fR bits a little lower. If you want to know the \*(L"key +size\*(R" of such a key, either use functions like \fBRSA_size()\fR, \fBDH_size()\fR +and \fBDSA_size()\fR, or use \fBBN_num_bytes()\fR and multiply with 8 (although +there's no real guarantee that will match the \*(L"key size\*(R", just a lot +more probability). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_size\fR\|(3), \fBDSA_size\fR\|(3), +\&\fBRSA_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_rand.3 b/secure/lib/libcrypto/man/man3/BN_rand.3 new file mode 100644 index 000000000000..1574ada4fd00 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_rand.3 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_RAND 3" +.TH BN_RAND 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_rand, BN_priv_rand, BN_pseudo_rand, BN_rand_range, BN_priv_rand_range, BN_pseudo_rand_range \&\- generate pseudo\-random number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& +\& int BN_rand_range(BIGNUM *rnd, BIGNUM *range); +\& +\& int BN_priv_rand_range(BIGNUM *rnd, BIGNUM *range); +\& +\& int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_rand()\fR generates a cryptographically strong pseudo-random number of +\&\fBbits\fR in length and stores it in \fBrnd\fR. +If \fBbits\fR is less than zero, or too small to +accommodate the requirements specified by the \fBtop\fR and \fBbottom\fR +parameters, an error is returned. +The \fBtop\fR parameters specifies +requirements on the most significant bit of the generated number. +If it is \fB\s-1BN_RAND_TOP_ANY\s0\fR, there is no constraint. +If it is \fB\s-1BN_RAND_TOP_ONE\s0\fR, the top bit must be one. +If it is \fB\s-1BN_RAND_TOP_TWO\s0\fR, the two most significant bits of +the number will be set to 1, so that the product of two such random +numbers will always have 2*\fBbits\fR length. +If \fBbottom\fR is \fB\s-1BN_RAND_BOTTOM_ODD\s0\fR, the number will be odd; if it +is \fB\s-1BN_RAND_BOTTOM_ANY\s0\fR it can be odd or even. +If \fBbits\fR is 1 then \fBtop\fR cannot also be \fB\s-1BN_RAND_FLG_TOPTWO\s0\fR. +.PP +\&\fBBN_rand_range()\fR generates a cryptographically strong pseudo-random +number \fBrnd\fR in the range 0 <= \fBrnd\fR < \fBrange\fR. +.PP +\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR have the same semantics as +\&\fBBN_rand()\fR and \fBBN_rand_range()\fR respectively. They are intended to be +used for generating values that should remain private, and mirror the +same difference between \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +Always check the error return value of these functions and do not take +randomness for granted: an error occurs if the \s-1CSPRNG\s0 has not been +seeded with enough randomness to ensure an unpredictable byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return 1 on success, 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_priv_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +Starting with OpenSSL release 1.1.0, \fBBN_pseudo_rand()\fR has been identical +to \fBBN_rand()\fR and \fBBN_pseudo_rand_range()\fR has been identical to +\&\fBBN_rand_range()\fR. +The \*(L"pseudo\*(R" functions should not be used and may be deprecated in +a future release. +.IP "\(bu" 2 +The +\&\fBBN_priv_rand()\fR and \fBBN_priv_rand_range()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_security_bits.3 b/secure/lib/libcrypto/man/man3/BN_security_bits.3 new file mode 100644 index 000000000000..dbf4672d92f3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_security_bits.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SECURITY_BITS 3" +.TH BN_SECURITY_BITS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_security_bits \- returns bits of security based on given numbers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_security_bits(int L, int N); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_security_bits()\fR returns the number of bits of security provided by a +specific algorithm and a particular key size. The bits of security is +defined in \s-1NIST SP800\-57.\s0 Currently, \fBBN_security_bits()\fR support two types +of asymmetric algorithms: the \s-1FFC\s0 (Finite Field Cryptography) and \s-1IFC\s0 +(Integer Factorization Cryptography). For \s-1FFC,\s0 e.g., \s-1DSA\s0 and \s-1DH,\s0 both +parameters \fBL\fR and \fBN\fR are used to decide the bits of security, where +\&\fBL\fR is the size of the public key and \fBN\fR is the size of the private +key. For \s-1IFC,\s0 e.g., \s-1RSA,\s0 only \fBL\fR is used and it's commonly considered +to be the key size (modulus). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Number of security bits. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1ECC\s0 (Elliptic Curve Cryptography) is not covered by the \fBBN_security_bits()\fR +function. The symmetric algorithms are not covered neither. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_security_bits\fR\|(3), \fBDSA_security_bits\fR\|(3), \fBRSA_security_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBN_security_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_set_bit.3 b/secure/lib/libcrypto/man/man3/BN_set_bit.3 new file mode 100644 index 000000000000..af8baa21ad98 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_set_bit.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SET_BIT 3" +.TH BN_SET_BIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int BN_set_bit(BIGNUM *a, int n); +\& int BN_clear_bit(BIGNUM *a, int n); +\& +\& int BN_is_bit_set(const BIGNUM *a, int n); +\& +\& int BN_mask_bits(BIGNUM *a, int n); +\& +\& int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +\& int BN_lshift1(BIGNUM *r, BIGNUM *a); +\& +\& int BN_rshift(BIGNUM *r, BIGNUM *a, int n); +\& int BN_rshift1(BIGNUM *r, BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<>n)\*(C'\fR). An error occurs if \fBa\fR already is +shorter than \fBn\fR bits. +.PP +\&\fBBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_lshift1()\fR shifts +\&\fBa\fR left by one and places the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR). +.PP +\&\fBBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fBBN_rshift1()\fR shifts +\&\fBa\fR right by one and places the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR). +.PP +For the shift functions, \fBr\fR and \fBa\fR may be the same variable. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise. +.PP +All other functions return 1 for success, 0 on error. The error codes +can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_num_bytes\fR\|(3), \fBBN_add\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_swap.3 b/secure/lib/libcrypto/man/man3/BN_swap.3 new file mode 100644 index 000000000000..f3021437d408 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_swap.3 @@ -0,0 +1,163 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_SWAP 3" +.TH BN_SWAP 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_swap \- exchange BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_swap(BIGNUM *a, BIGNUM *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_swap()\fR does not return a value. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BN_zero.3 b/secure/lib/libcrypto/man/man3/BN_zero.3 new file mode 100644 index 000000000000..12e39b7dae57 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BN_zero.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BN_ZERO 3" +.TH BN_ZERO 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- BIGNUM assignment operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void BN_zero(BIGNUM *a); +\& int BN_one(BIGNUM *a); +\& +\& const BIGNUM *BN_value_one(void); +\& +\& int BN_set_word(BIGNUM *a, BN_ULONG w); +\& unsigned BN_ULONG BN_get_word(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1BN_ULONG\s0\fR is a macro that will be an unsigned integral type optimized +for the most efficient implementation on the local platform. +.PP +\&\fBBN_zero()\fR, \fBBN_one()\fR and \fBBN_set_word()\fR set \fBa\fR to the values 0, 1 and +\&\fBw\fR respectively. \fBBN_zero()\fR and \fBBN_one()\fR are macros. +.PP +\&\fBBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant +is useful for use in comparisons and assignment. +.PP +\&\fBBN_get_word()\fR returns \fBa\fR, if it can be represented as a \fB\s-1BN_ULONG\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBN_get_word()\fR returns the value \fBa\fR, or all-bits-set if \fBa\fR cannot +be represented as a single integer. +.PP +\&\fBBN_one()\fR and \fBBN_set_word()\fR return 1 on success, 0 otherwise. +\&\fBBN_value_one()\fR returns the constant. +\&\fBBN_zero()\fR never fails and returns no value. +.SH "BUGS" +.IX Header "BUGS" +If a \fB\s-1BIGNUM\s0\fR is equal to the value of all-bits-set, it will collide +with the error condition returned by \fBBN_get_word()\fR which uses that +as an error value. +.PP +\&\fB\s-1BN_ULONG\s0\fR should probably be a typedef. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_bn2bin\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL 0.9.8, \fBBN_zero()\fR was changed to not return a value; previous +versions returned an int. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 b/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 new file mode 100644 index 000000000000..0c28684ed933 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/BUF_MEM_new.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BUF_MEM_NEW 3" +.TH BUF_MEM_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +BUF_MEM_new, BUF_MEM_new_ex, BUF_MEM_free, BUF_MEM_grow, BUF_MEM_grow_clean, BUF_reverse \&\- simple character array structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BUF_MEM *BUF_MEM_new(void); +\& +\& BUF_MEM *BUF_MEM_new_ex(unsigned long flags); +\& +\& void BUF_MEM_free(BUF_MEM *a); +\& +\& int BUF_MEM_grow(BUF_MEM *str, int len); +\& size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); +\& +\& void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The buffer library handles simple character arrays. Buffers are used for +various purposes in the library, most notably memory BIOs. +.PP +\&\fBBUF_MEM_new()\fR allocates a new buffer of zero size. +.PP +\&\fBBUF_MEM_new_ex()\fR allocates a buffer with the specified flags. +The flag \fB\s-1BUF_MEM_FLAG_SECURE\s0\fR specifies that the \fBdata\fR pointer +should be allocated on the secure heap; see \fBCRYPTO_secure_malloc\fR\|(3). +.PP +\&\fBBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed +before freeing up in case the buffer contains sensitive data. +.PP +\&\fBBUF_MEM_grow()\fR changes the size of an already existing buffer to +\&\fBlen\fR. Any data already in the buffer is preserved if it increases in +size. +.PP +\&\fBBUF_MEM_grow_clean()\fR is similar to \fBBUF_MEM_grow()\fR but it sets any free'd +or additionally-allocated memory to zero. +.PP +\&\fBBUF_reverse()\fR reverses \fBsize\fR bytes at \fBin\fR into \fBout\fR. If \fBin\fR +is \s-1NULL,\s0 the array is reversed in-place. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. +.PP +\&\fBBUF_MEM_free()\fR has no return value. +.PP +\&\fBBUF_MEM_grow()\fR and \fBBUF_MEM_grow_clean()\fR return +zero on error or the new size (i.e., \fBlen\fR). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBbio\fR\|(7), +\&\fBCRYPTO_secure_malloc\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +The \fBBUF_MEM_new_ex()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 b/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 new file mode 100644 index 000000000000..26194ada00bc --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_add0_cert.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD0_CERT 3" +.TH CMS_ADD0_CERT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls \&\- CMS certificate and CRL utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +\& int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +\& STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); +\& +\& int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +\& int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +\& STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fBcert\fR to \fBcms\fR. +must be of type signed data or enveloped data. +.PP +\&\fBCMS_get1_certs()\fR returns all certificates in \fBcms\fR. +.PP +\&\fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fBCMS_get1_crls()\fR +returns any CRLs in \fBcms\fR. +.SH "NOTES" +.IX Header "NOTES" +The CMS_ContentInfo structure \fBcms\fR must be of type signed data or enveloped +data or an error will be returned. +.PP +For signed data certificates and CRLs are added to the \fBcertificates\fR and +\&\fBcrls\fR fields of SignedData structure. For enveloped data they are added to +\&\fBOriginatorInfo\fR. +.PP +As the \fB0\fR implies \fBCMS_add0_cert()\fR adds \fBcert\fR internally to \fBcms\fR and it +must not be freed up after the call as opposed to \fBCMS_add1_cert()\fR where \fBcert\fR +must be freed up. +.PP +The same certificate or \s-1CRL\s0 must not be added to the same cms structure more +than once. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR and \fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR return +1 for success and 0 for failure. +.PP +\&\fBCMS_get1_certs()\fR and \fBCMS_get1_crls()\fR return the \s-1STACK\s0 of certificates or CRLs +or \s-1NULL\s0 if there are none or an error occurs. The only error which will occur +in practice is if the \fBcms\fR type is invalid. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 new file mode 100644 index 000000000000..6b75788e97c9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_add1_recipient_cert.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD1_RECIPIENT_CERT 3" +.TH CMS_ADD1_RECIPIENT_CERT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add1_recipient_cert, CMS_add0_recipient_key \- add recipients to a CMS enveloped data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, +\& X509 *recip, unsigned int flags); +\& +\& CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, +\& unsigned char *key, size_t keylen, +\& unsigned char *id, size_t idlen, +\& ASN1_GENERALIZEDTIME *date, +\& ASN1_OBJECT *otherTypeId, +\& ASN1_TYPE *otherType); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_add1_recipient_cert()\fR adds recipient \fBrecip\fR to CMS_ContentInfo enveloped +data structure \fBcms\fR as a KeyTransRecipientInfo structure. +.PP +\&\fBCMS_add0_recipient_key()\fR adds symmetric key \fBkey\fR of length \fBkeylen\fR using +wrapping algorithm \fBnid\fR, identifier \fBid\fR of length \fBidlen\fR and optional +values \fBdate\fR, \fBotherTypeId\fR and \fBotherType\fR to CMS_ContentInfo enveloped +data structure \fBcms\fR as a KEKRecipientInfo structure. +.PP +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fBCMS_encrypt()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of this function is to provide finer control over a \s-1CMS\s0 +enveloped data structure where the simpler \fBCMS_encrypt()\fR function defaults are +not appropriate. For example if one or more KEKRecipientInfo structures +need to be added. New attributes can also be added using the returned +CMS_RecipientInfo structure and the \s-1CMS\s0 attribute utility functions. +.PP +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. +.PP +Currently only \s-1AES\s0 based key wrapping algorithms are supported for \fBnid\fR, +specifically: NID_id_aes128_wrap, NID_id_aes192_wrap and NID_id_aes256_wrap. +If \fBnid\fR is set to \fBNID_undef\fR then an \s-1AES\s0 wrap algorithm will be used +consistent with \fBkeylen\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_add1_recipient_cert()\fR and \fBCMS_add0_recipient_key()\fR return an internal +pointer to the CMS_RecipientInfo structure just added or \s-1NULL\s0 if an error +occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3), +\&\fBCMS_final\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 b/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 new file mode 100644 index 000000000000..0d046f4b02f9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_add1_signer.3 @@ -0,0 +1,238 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ADD1_SIGNER 3" +.TH CMS_ADD1_SIGNER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, +\& EVP_PKEY *pkey, const EVP_MD *md, +\& unsigned int flags); +\& +\& int CMS_SignerInfo_sign(CMS_SignerInfo *si); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData +structure \fBcms\fR. +.PP +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fBCMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a +valid CMS_ContentInfo SignedData structure. +.PP +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo +structure is not complete and must be finalized either by streaming (if +applicable) or a call to \fBCMS_final()\fR. +.PP +The \fBCMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo +structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags +are both set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of \fBCMS_add1_signer()\fR is to provide finer control +over a \s-1CMS\s0 signed data structure where the simpler \fBCMS_sign()\fR function defaults +are not appropriate. For example if multiple signers or non default digest +algorithms are needed. New attributes can also be added using the returned +CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the +\&\s-1CMS\s0 signed receipt request functions. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the CMS_ContentInfo structure: to add a signer to an existing +structure. An error occurs if a matching digest value cannot be found to copy. +The returned CMS_ContentInfo structure will be valid and finalized when this +flag is set. +.PP +If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the +CMS_SignerInfo structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fBCMS_SignerInfo_sign()\fR is +needed to finalize it. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is +not loaded. +.PP +\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added, this can be used to set additional attributes +before it is finalized. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_final\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_compress.3 b/secure/lib/libcrypto/man/man3/CMS_compress.3 new file mode 100644 index 000000000000..916df4b6e643 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_compress.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_COMPRESS 3" +.TH CMS_COMPRESS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_compress \- create a CMS CompressedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_compress()\fR creates and returns a \s-1CMS\s0 CompressedData structure. \fBcomp_nid\fR +is the compression algorithm to use or \fBNID_undef\fR to use the default +algorithm (zlib compression). \fBin\fR is the content to be compressed. +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The only currently supported compression algorithm is zlib using the \s-1NID\s0 +NID_zlib_compression. +.PP +If zlib support is not compiled into OpenSSL then \fBCMS_compress()\fR will return +an error. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then +\&\fB\s-1CMS_TEXT\s0\fR is ignored. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +The compressed data is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +practice and is not supported by \fBSMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_CMS()\fR. +.PP +Additional compression parameters such as the zlib compression level cannot +currently be set. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_compress()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_uncompress\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_decrypt.3 b/secure/lib/libcrypto/man/man3/CMS_decrypt.3 new file mode 100644 index 000000000000..ee4d4cf4c646 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_decrypt.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_DECRYPT 3" +.TH CMS_DECRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_decrypt \- decrypt content from a CMS envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, +\& BIO *dcont, BIO *out, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_decrypt()\fR extracts and decrypts the content from a \s-1CMS\s0 EnvelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.PP +The \fBdcont\fR parameter is used in the rare case where the encrypted content +is detached. It will normally be set to \s-1NULL.\s0 +.SH "NOTES" +.IX Header "NOTES" +Although the recipients certificate is not needed to decrypt the data it is +needed to locate the appropriate (of possible several) recipients in the \s-1CMS\s0 +structure. +.PP +If \fBcert\fR is set to \s-1NULL\s0 all possible recipients are tried. This case however +is problematic. To thwart the \s-1MMA\s0 attack (Bleichenbacher's attack on +\&\s-1PKCS\s0 #1 v1.5 \s-1RSA\s0 padding) all recipients are tried whether they succeed or +not. If no recipient succeeds then a random symmetric key is used to decrypt +the content: this will typically output garbage and may (but is not guaranteed +to) ultimately return a padding error only. If \fBCMS_decrypt()\fR just returned an +error when all recipient encrypted keys failed to decrypt an attacker could +use this in a timing attack. If the special flag \fB\s-1CMS_DEBUG_DECRYPT\s0\fR is set +then the above behaviour is modified and an error \fBis\fR returned if no +recipient encrypted key can be decrypted \fBwithout\fR generating a random +content encryption key. Applications should use this flag with +\&\fBextreme caution\fR especially in automated gateways as it can leave them +open to attack. +.PP +It is possible to determine the correct recipient key by other means (for +example looking them up in a database) and setting them in the \s-1CMS\s0 structure +in advance using the \s-1CMS\s0 utility functions such as \fBCMS_set1_pkey()\fR. In this +case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL.\s0 +.PP +To process KEKRecipientInfo types \fBCMS_set1_key()\fR or \fBCMS_RecipientInfo_set0_key()\fR +and \fBCMS_RecipientInfo_decrypt()\fR should be called before \fBCMS_decrypt()\fR and +\&\fBcert\fR and \fBpkey\fR set to \s-1NULL.\s0 +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and the need to hold all data in memory as +mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decrypt()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_encrypt.3 b/secure/lib/libcrypto/man/man3/CMS_encrypt.3 new file mode 100644 index 000000000000..cc5034b10dd3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_encrypt.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_ENCRYPT 3" +.TH CMS_ENCRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_encrypt \- create a CMS envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, +\& const EVP_CIPHER *cipher, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_encrypt()\fR creates and returns a \s-1CMS\s0 EnvelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this +function. +.PP +\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +because most clients will support it. +.PP +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. +.PP +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fBCMS_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set then +\&\fB\s-1CMS_TEXT\s0\fR is ignored. +.PP +OpenSSL will by default identify recipient certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if all recipient certificates do not +have a subject key identifier extension. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.PP +If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +returned to which additional recipients and attributes can be added before +finalization. +.PP +The data being encrypted is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in +practice and is not supported by \fBSMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_CMS()\fR. +.PP +The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info +structure. KEKRecipientInfo is also supported using the flag \fB\s-1CMS_PARTIAL\s0\fR +and \fBCMS_add0_recipient_key()\fR. +.PP +The parameter \fBcerts\fR may be \s-1NULL\s0 if \fB\s-1CMS_PARTIAL\s0\fR is set and recipients +added later using \fBCMS_add1_recipient_cert()\fR or \fBCMS_add0_recipient_key()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_encrypt()\fR returns either a CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag was first supported in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_final.3 b/secure/lib/libcrypto/man/man3/CMS_final.3 new file mode 100644 index 000000000000..dd660c28d62a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_final.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_FINAL 3" +.TH CMS_FINAL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_final \- finalise a CMS_ContentInfo structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_final()\fR finalises the structure \fBcms\fR. Its purpose is to perform any +operations necessary on \fBcms\fR (digest computation for example) and set the +appropriate fields. The parameter \fBdata\fR contains the content to be +processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after +processing: this is only used with detached data and will usually be set to +\&\s-1NULL.\s0 +.SH "NOTES" +.IX Header "NOTES" +This function will normally be called when the \fB\s-1CMS_PARTIAL\s0\fR flag is used. It +should only be used when streaming is not performed because the streaming +I/O functions perform finalisation operations internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_final()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 new file mode 100644 index 000000000000..dba1f218c199 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_get0_RecipientInfos.3 @@ -0,0 +1,265 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_RECIPIENTINFOS 3" +.TH CMS_GET0_RECIPIENTINFOS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id, CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt \&\- CMS envelopedData RecipientInfo routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +\& int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +\& +\& int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, +\& ASN1_OCTET_STRING **keyid, +\& X509_NAME **issuer, +\& ASN1_INTEGER **sno); +\& int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +\& int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +\& +\& int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, +\& ASN1_OCTET_STRING **pid, +\& ASN1_GENERALIZEDTIME **pdate, +\& ASN1_OBJECT **potherid, +\& ASN1_TYPE **pothertype); +\& int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, +\& const unsigned char *id, size_t idlen); +\& int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, +\& unsigned char *key, size_t keylen); +\& +\& int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +\& int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBCMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo +structures associated with a \s-1CMS\s0 EnvelopedData structure. +.PP +\&\fBCMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR. +It will currently return \s-1CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE, +CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS,\s0 or \s-1CMS_RECIPINFO_OTHER.\s0 +.PP +\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient +identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which +must be of type \s-1CMS_RECIPINFO_TRANS.\s0 Either the keyidentifier will be set in +\&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR. +.PP +\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the +CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0 +It returns zero if the comparison is successful and non zero if not. +.PP +\&\fBCMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with +the CMS_RecipientInfo structure \fBri\fR, which must be of type +\&\s-1CMS_RECIPINFO_TRANS.\s0 +.PP +\&\fBCMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the +CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK.\s0 Any +of the remaining parameters can be \s-1NULL\s0 if the application is not interested in +the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written +to the corresponding parameter. The keyEncryptionAlgorithm field is written to +\&\fBpalg\fR, the \fBkeyIdentifier\fR field is written to \fBpid\fR, the \fBdate\fR field if +present is written to \fBpdate\fR, if the \fBother\fR field is present the components +\&\fBkeyAttrId\fR and \fBkeyAttr\fR are written to parameters \fBpotherid\fR and +\&\fBpothertype\fR. +.PP +\&\fBCMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR +parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR, +which must be of type \s-1CMS_RECIPINFO_KEK.\s0 It returns zero if the comparison is +successful and non zero if not. +.PP +\&\fBCMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length +\&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type +\&\s-1CMS_RECIPINFO_KEK.\s0 +.PP +\&\fBCMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure +\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure +first. +.PP +\&\fBCMS_RecipientInfo_encrypt()\fR attempts to encrypt CMS_RecipientInfo structure +\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure +first and the content encryption key must be available: for example by a +previous call to \fBCMS_RecipientInfo_decrypt()\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of these functions is to enable an application to lookup +recipient keys using any appropriate technique when the simpler method +of \fBCMS_decrypt()\fR is not appropriate. +.PP +In typical usage and application will retrieve all CMS_RecipientInfo structures +using \fBCMS_get0_RecipientInfos()\fR and check the type of each using +\&\fBCMS_RecipientInfo_type()\fR. Depending on the type the CMS_RecipientInfo structure +can be ignored or its key identifier data retrieved using an appropriate +function. Then if the corresponding secret or private key can be obtained by +any appropriate means it can then associated with the structure and +\&\fBCMS_RecipientInfo_decrypt()\fR called. If successful \fBCMS_decrypt()\fR can be called +with a \s-1NULL\s0 key to decrypt the enveloped content. +.PP +The \fBCMS_RecipientInfo_encrypt()\fR can be used to add a new recipient to an +existing enveloped data structure. Typically an application will first decrypt +an appropriate CMS_RecipientInfo structure to make the content encrypt key +available, it will then add a new recipient using a function such as +\&\fBCMS_add1_recipient_cert()\fR and finally encrypt the content encryption key +using \fBCMS_RecipientInfo_encrypt()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_get0_RecipientInfos()\fR returns all CMS_RecipientInfo structures, or \s-1NULL\s0 if +an error occurs. +.PP +\&\fBCMS_RecipientInfo_ktri_get0_signer_id()\fR, \fBCMS_RecipientInfo_set0_pkey()\fR, +\&\fBCMS_RecipientInfo_kekri_get0_id()\fR, \fBCMS_RecipientInfo_set0_key()\fR and +\&\fBCMS_RecipientInfo_decrypt()\fR return 1 for success or 0 if an error occurs. +\&\fBCMS_RecipientInfo_encrypt()\fR return 1 for success or 0 if an error occurs. +.PP +\&\fBCMS_RecipientInfo_ktri_cert_cmp()\fR and \fBCMS_RecipientInfo_kekri_cmp()\fR return 0 +for a successful comparison and non zero otherwise. +.PP +Any error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 new file mode 100644 index 000000000000..22d4b12d0785 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_get0_SignerInfos.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_SIGNERINFOS 3" +.TH CMS_GET0_SIGNERINFOS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_SignerInfo_set1_signer_cert, CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp \&\- CMS signedData signer functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); +\& +\& int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, +\& X509_NAME **issuer, ASN1_INTEGER **sno); +\& ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +\& int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +\& void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBCMS_get0_SignerInfos()\fR returns all the CMS_SignerInfo structures +associated with a \s-1CMS\s0 signedData structure. +.PP +\&\fBCMS_SignerInfo_get0_signer_id()\fR retrieves the certificate signer identifier +associated with a specific CMS_SignerInfo structure \fBsi\fR. Either the +keyidentifier will be set in \fBkeyid\fR or \fBboth\fR issuer name and serial number +in \fBissuer\fR and \fBsno\fR. +.PP +\&\fBCMS_SignerInfo_get0_signature()\fR retrieves the signature associated with +\&\fBsi\fR in a pointer to an \s-1ASN1_OCTET_STRING\s0 structure. This pointer returned +corresponds to the internal signature value if \fBsi\fR so it may be read or +modified. +.PP +\&\fBCMS_SignerInfo_cert_cmp()\fR compares the certificate \fBcert\fR against the signer +identifier \fBsi\fR. It returns zero if the comparison is successful and non zero +if not. +.PP +\&\fBCMS_SignerInfo_set1_signer_cert()\fR sets the signers certificate of \fBsi\fR to +\&\fBsigner\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of these functions is to enable an application to lookup +signers certificates using any appropriate technique when the simpler method +of \fBCMS_verify()\fR is not appropriate. +.PP +In typical usage and application will retrieve all CMS_SignerInfo structures +using \fBCMS_get0_SignerInfo()\fR and retrieve the identifier information using +\&\s-1CMS.\s0 It will then obtain the signer certificate by some unspecified means +(or return and error if it cannot be found) and set it using +\&\fBCMS_SignerInfo_set1_signer_cert()\fR. +.PP +Once all signer certificates have been set \fBCMS_verify()\fR can be used. +.PP +Although \fBCMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if +there are no signers this is not a problem in practice because the only +error which can occur is if the \fBcms\fR structure is not of type signedData +due to application error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_get0_SignerInfos()\fR returns all CMS_SignerInfo structures, or \s-1NULL\s0 there +are no signers or an error occurs. +.PP +\&\fBCMS_SignerInfo_get0_signer_id()\fR returns 1 for success and 0 for failure. +.PP +\&\fBCMS_SignerInfo_cert_cmp()\fR returns 0 for a successful comparison and non +zero otherwise. +.PP +\&\fBCMS_SignerInfo_set1_signer_cert()\fR does not return a value. +.PP +Any error can be obtained from \fBERR_get_error\fR\|(3) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_get0_type.3 b/secure/lib/libcrypto/man/man3/CMS_get0_type.3 new file mode 100644 index 000000000000..1d5a063bac5b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_get0_type.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET0_TYPE 3" +.TH CMS_GET0_TYPE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content \- get and set CMS content types and content +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); +\& int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +\& const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); +\& ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_get0_type()\fR returns the content type of a CMS_ContentInfo structure as +an \s-1ASN1_OBJECT\s0 pointer. An application can then decide how to process the +CMS_ContentInfo structure based on this value. +.PP +\&\fBCMS_set1_eContentType()\fR sets the embedded content type of a CMS_ContentInfo +structure. It should be called with \s-1CMS\s0 functions (such as CMS_sign, CMS_encrypt) +with the \fB\s-1CMS_PARTIAL\s0\fR +flag and \fBbefore\fR the structure is finalised, otherwise the results are +undefined. +.PP +\&\s-1ASN1_OBJECT\s0 *\fBCMS_get0_eContentType()\fR returns a pointer to the embedded +content type. +.PP +\&\fBCMS_get0_content()\fR returns a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR pointer +containing the embedded content. +.SH "NOTES" +.IX Header "NOTES" +As the \fB0\fR implies \fBCMS_get0_type()\fR, \fBCMS_get0_eContentType()\fR and +\&\fBCMS_get0_content()\fR return internal pointers which should \fBnot\fR be freed up. +\&\fBCMS_set1_eContentType()\fR copies the supplied \s-1OID\s0 and it \fBshould\fR be freed up +after use. +.PP +The \fB\s-1ASN1_OBJECT\s0\fR values returned can be converted to an integer \fB\s-1NID\s0\fR value +using \fBOBJ_obj2nid()\fR. For the currently supported content types the following +values are returned: +.PP +.Vb 6 +\& NID_pkcs7_data +\& NID_pkcs7_signed +\& NID_pkcs7_digest +\& NID_id_smime_ct_compressedData: +\& NID_pkcs7_encrypted +\& NID_pkcs7_enveloped +.Ve +.PP +The return value of \fBCMS_get0_content()\fR is a pointer to the \fB\s-1ASN1_OCTET_STRING\s0\fR +content pointer. That means that for example: +.PP +.Vb 1 +\& ASN1_OCTET_STRING **pconf = CMS_get0_content(cms); +.Ve +.PP +\&\fB*pconf\fR could be \s-1NULL\s0 if there is no embedded content. Applications can +access, modify or create the embedded content in a \fBCMS_ContentInfo\fR structure +using this function. Applications usually will not need to modify the +embedded content as it is normally set by higher level functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_get0_type()\fR and \fBCMS_get0_eContentType()\fR return an \s-1ASN1_OBJECT\s0 structure. +.PP +\&\fBCMS_set1_eContentType()\fR returns 1 for success or 0 if an error occurred. The +error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 new file mode 100644 index 000000000000..f28fb192ae87 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_get1_ReceiptRequest.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_GET1_RECEIPTREQUEST 3" +.TH CMS_GET1_RECEIPTREQUEST 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_ReceiptRequest_create0, CMS_add1_ReceiptRequest, CMS_get1_ReceiptRequest, CMS_ReceiptRequest_get0_values \- CMS signed receipt request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, +\& int allorfirst, +\& STACK_OF(GENERAL_NAMES) *receiptList, +\& STACK_OF(GENERAL_NAMES) *receiptsTo); +\& int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +\& int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +\& void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, +\& int *pallorfirst, +\& STACK_OF(GENERAL_NAMES) **plist, +\& STACK_OF(GENERAL_NAMES) **prto); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The +\&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set +to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL.\s0 If \fBreceiptList\fR is \s-1NULL\s0 +the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of +the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBreceiptList\fR +option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the +\&\fBreceiptsTo\fR field value. +.PP +The \fBCMS_add1_ReceiptRequest()\fR function adds a signed receipt request \fBrr\fR +to SignerInfo structure \fBsi\fR. +.PP +int \fBCMS_get1_ReceiptRequest()\fR looks for a signed receipt request in \fBsi\fR, if +any is found it is decoded and written to \fBprr\fR. +.PP +\&\fBCMS_ReceiptRequest_get0_values()\fR retrieves the values of a receipt request. +The signedContentIdentifier is copied to \fBpcid\fR. If the \fBallOrFirstTier\fR +option of \fBreceiptsFrom\fR is used its value is copied to \fBpallorfirst\fR +otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsTo\fR +parameter is copied to \fBprto\fR. +.SH "NOTES" +.IX Header "NOTES" +For more details of the meaning of the fields see \s-1RFC2634.\s0 +.PP +The contents of a signed receipt should only be considered meaningful if the +corresponding CMS_ContentInfo structure can be successfully verified using +\&\fBCMS_verify()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or +\&\s-1NULL\s0 if an error occurred. +.PP +\&\fBCMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fBCMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and +decoded. It returns 0 if a signed receipt request is not present and \-1 if +it is present but malformed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_sign_receipt\fR\|(3), \fBCMS_verify\fR\|(3) +\&\fBCMS_verify_receipt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_sign.3 b/secure/lib/libcrypto/man/man3/CMS_sign.3 new file mode 100644 index 000000000000..b633d6b2e828 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_sign.3 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_SIGN 3" +.TH CMS_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_sign \- create a CMS SignedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& BIO *data, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_sign()\fR creates and returns a \s-1CMS\s0 SignedData structure. \fBsigncert\fR is +the certificate to sign with, \fBpkey\fR is the corresponding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the \s-1CMS\s0 +structure (for example any intermediate CAs in the chain). Any or all of +these parameters can be \fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below. +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The data being signed is included in the CMS_ContentInfo structure, unless +\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is used for +CMS_ContentInfo detached signatures which are used in S/MIME plaintext signed +messages for example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1CMS_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is +not loaded. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If the flags \fB\s-1CMS_STREAM\s0\fR is set then the returned \fBCMS_ContentInfo\fR +structure is just initialized ready to perform the signing operation. The +signing is however \fBnot\fR performed and the data to be signed is not read from +the \fBdata\fR parameter. Signing is deferred until after the data has been +written. In this way data can be signed in a single pass. +.PP +If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is +output to which additional signers and capabilities can be added before +finalization. +.PP +If the flag \fB\s-1CMS_STREAM\s0\fR is set the returned \fBCMS_ContentInfo\fR structure is +\&\fBnot\fR complete and outputting its contents via a function that does not +properly finalize the \fBCMS_ContentInfo\fR structure will give unpredictable +results. +.PP +Several functions including \fBSMIME_write_CMS()\fR, \fBi2d_CMS_bio_stream()\fR, +\&\fBPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_CMS()\fR. +.PP +If a signer is specified it will use the default digest for the signing +algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +.PP +If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only \s-1CMS\s0 structure is +output. +.PP +The function \fBCMS_sign()\fR is a basic \s-1CMS\s0 signing function whose output will be +suitable for many purposes. For finer control of the output format the +\&\fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be \fB\s-1NULL\s0\fR and the +\&\fB\s-1CMS_PARTIAL\s0\fR flag set. Then one or more signers can be added using the +function \fBCMS_sign_add1_signer()\fR, non default digests can be used and custom +attributes added. \fBCMS_final()\fR must then be called to finalize the +structure if streaming is not enabled. +.SH "BUGS" +.IX Header "BUGS" +Some attributes such as counter signatures are not supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_sign()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1CMS_STREAM\s0\fR flag is only supported for detached data in OpenSSL 0.9.8, +it is supported for embedded data in OpenSSL 1.0.0 and later. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 new file mode 100644 index 000000000000..01ae08974664 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_sign_receipt.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_SIGN_RECEIPT 3" +.TH CMS_SIGN_RECEIPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_sign_receipt \- create a CMS signed receipt +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, +\& EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_sign_receipt()\fR creates and returns a \s-1CMS\s0 signed receipt structure. \fBsi\fR is +the \fBCMS_SignerInfo\fR structure containing the signed receipt request. +\&\fBsigncert\fR is the certificate to sign with, \fBpkey\fR is the corresponding +private key. \fBcerts\fR is an optional additional set of certificates to include +in the \s-1CMS\s0 structure (for example any intermediate CAs in the chain). +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +This functions behaves in a similar way to \fBCMS_sign()\fR except the flag values +\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_NOATTR\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR +are not supported since they do not make sense in the context of signed +receipts. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_sign_receipt()\fR returns either a valid CMS_ContentInfo structure or \s-1NULL\s0 if +an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_verify_receipt\fR\|(3), +\&\fBCMS_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_uncompress.3 b/secure/lib/libcrypto/man/man3/CMS_uncompress.3 new file mode 100644 index 000000000000..eac1a921aee4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_uncompress.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_UNCOMPRESS 3" +.TH CMS_UNCOMPRESS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_uncompress \- uncompress a CMS CompressedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_uncompress()\fR extracts and uncompresses the content from a \s-1CMS\s0 +CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.PP +The \fBdcont\fR parameter is used in the rare case where the compressed content +is detached. It will normally be set to \s-1NULL.\s0 +.SH "NOTES" +.IX Header "NOTES" +The only currently supported compression algorithm is zlib: if the structure +indicates the use of any other algorithm an error is returned. +.PP +If zlib support is not compiled into OpenSSL then \fBCMS_uncompress()\fR will always +return an error. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_uncompress()\fR returns either 1 for success or 0 for failure. The error can +be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and the need to hold all data in memory as +mentioned in \fBCMS_verify()\fR also applies to \fBCMS_decompress()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_compress\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_verify.3 b/secure/lib/libcrypto/man/man3/CMS_verify.3 new file mode 100644 index 000000000000..1031b46acf8a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_verify.3 @@ -0,0 +1,261 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_VERIFY 3" +.TH CMS_VERIFY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_verify, CMS_get0_signers \- verify a CMS SignedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store, +\& BIO *indata, BIO *out, unsigned int flags); +\& +\& STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_verify()\fR verifies a \s-1CMS\s0 SignedData structure. \fBcms\fR is the CMS_ContentInfo +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signing certificate(s). \fBstore\fR is a trusted certificate store used for +chain verification. \fBindata\fR is the detached content if the content is not +present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL.\s0 +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fBCMS_get0_signers()\fR retrieves the signing certificate(s) from \fBcms\fR, it must +be called after a successful \fBCMS_verify()\fR operation. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBcms\fR. The type of \fBcms\fR must +be SignedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. +.PP +An attempt is made to locate all the signing certificate(s), first looking in +the \fBcerts\fR parameter (if it is not \s-1NULL\s0) and then looking in any +certificates contained in the \fBcms\fR structure itself. If any signing +certificate cannot be located the operation fails. +.PP +Each signing certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If \s-1CRL\s0 checking is enabled in \fBstore\fR any internal +CRLs are used in addition to attempting to look them up in \fBstore\fR. If any +chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR if it is not \s-1NULL\s0) +and the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter to change the default verify behaviour. +.PP +If \fB\s-1CMS_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signing certificate(s). This means that all the +signing certificates must be in the \fBcerts\fR parameter. +.PP +If \fB\s-1CMS_NOCRL\s0\fR is set and \s-1CRL\s0 checking is enabled in \fBstore\fR then any +CRLs in the message itself are ignored. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1CMS_NO_SIGNER_CERT_VERIFY\s0\fR is set the signing certificates are not +verified. +.PP +If \fB\s-1CMS_NO_ATTR_VERIFY\s0\fR is set the signed attributes signature is not +verified. +.PP +If \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR is set then the content digest is not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1CMS_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +In some cases the standard techniques for looking up and validating +certificates are not appropriate: for example an application may wish to +lookup certificates in a database or perform customised verification. This +can be achieved by setting and verifying the signers certificates manually +using the signed data utility functions. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \fB\s-1CMS_NO_CONTENT_VERIFY\s0\fR will totally disable all content verification +and any modified content will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_verify()\fR returns 1 for a successful verification and zero if an error +occurred. +.PP +\&\fBCMS_get0_signers()\fR returns all signers or \s-1NULL\s0 if an error occurred. +.PP +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signing certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing means that the signed content must all +be held in memory if it is not detached. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 new file mode 100644 index 000000000000..0e90ff6de902 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CMS_verify_receipt.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_VERIFY_RECEIPT 3" +.TH CMS_VERIFY_RECEIPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CMS_verify_receipt \- verify a CMS signed receipt +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, +\& STACK_OF(X509) *certs, X509_STORE *store, +\& unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCMS_verify_receipt()\fR verifies a \s-1CMS\s0 signed receipt. \fBrcms\fR is the signed +receipt to verify. \fBocms\fR is the original SignedData structure containing the +receipt request. \fBcerts\fR is a set of certificates in which to search for the +signing certificate. \fBstore\fR is a trusted certificate store (used for chain +verification). +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.SH "NOTES" +.IX Header "NOTES" +This functions behaves in a similar way to \fBCMS_verify()\fR except the flag values +\&\fB\s-1CMS_DETACHED\s0\fR, \fB\s-1CMS_BINARY\s0\fR, \fB\s-1CMS_TEXT\s0\fR and \fB\s-1CMS_STREAM\s0\fR are not +supported since they do not make sense in the context of signed receipts. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCMS_verify_receipt()\fR returns 1 for a successful verification and zero if an +error occurred. +.PP +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBCMS_sign_receipt\fR\|(3), +\&\fBCMS_verify\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CONF_modules_free.3 b/secure/lib/libcrypto/man/man3/CONF_modules_free.3 new file mode 100644 index 000000000000..96020613e9e6 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CONF_modules_free.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONF_MODULES_FREE 3" +.TH CONF_MODULES_FREE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CONF_modules_free, CONF_modules_finish, CONF_modules_unload \- OpenSSL configuration cleanup functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void CONF_modules_finish(void); +\& void CONF_modules_unload(int all); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void CONF_modules_free(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCONF_modules_free()\fR closes down and frees up all memory allocated by all +configuration modules. Normally, in versions of OpenSSL prior to 1.1.0, +applications called +\&\fBCONF_modules_free()\fR at exit to tidy up any configuration performed. +.PP +\&\fBCONF_modules_finish()\fR calls each configuration modules \fBfinish\fR handler +to free up any configuration that module may have performed. +.PP +\&\fBCONF_modules_unload()\fR finishes and unloads configuration modules. If +\&\fBall\fR is set to \fB0\fR only modules loaded from DSOs will be unloads. If +\&\fBall\fR is \fB1\fR all modules, including builtin modules will be unloaded. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3), +\&\fBCONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBCONF_modules_free()\fR was deprecated in OpenSSL 1.1.0; do not use it. +For more information see \fBOPENSSL_init_crypto\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 new file mode 100644 index 000000000000..f5b5d22a7381 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CONF_modules_load_file.3 @@ -0,0 +1,282 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CONF_MODULES_LOAD_FILE 3" +.TH CONF_MODULES_LOAD_FILE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CONF_modules_load_file, CONF_modules_load \- OpenSSL configuration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CONF_modules_load_file(const char *filename, const char *appname, +\& unsigned long flags); +\& int CONF_modules_load(const CONF *cnf, const char *appname, +\& unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBCONF_modules_load_file()\fR configures OpenSSL using file +\&\fBfilename\fR and application name \fBappname\fR. If \fBfilename\fR is \s-1NULL\s0 +the standard OpenSSL configuration file is used. If \fBappname\fR is +\&\s-1NULL\s0 the standard OpenSSL application name \fBopenssl_conf\fR is used. +The behaviour can be customized using \fBflags\fR. +.PP +\&\fBCONF_modules_load()\fR is identical to \fBCONF_modules_load_file()\fR except it +reads configuration information from \fBcnf\fR. +.SH "NOTES" +.IX Header "NOTES" +The following \fBflags\fR are currently recognized: +.PP +If \fB\s-1CONF_MFLAGS_IGNORE_ERRORS\s0\fR is set errors returned by individual +configuration modules are ignored. If not set the first module error is +considered fatal and no further modules are loaded. +.PP +Normally any modules errors will add error information to the error queue. If +\&\fB\s-1CONF_MFLAGS_SILENT\s0\fR is set no error information is added. +.PP +If \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR is set the function unconditionally +returns success. +This is used by default in \fBOPENSSL_init_crypto\fR\|(3) to ignore any errors in +the default system-wide configuration file, as having all OpenSSL applications +fail to start when there are potentially minor issues in the file is too risky. +Applications calling \fBCONF_modules_load_file\fR explicitly should not generally +set this flag. +.PP +If \fB\s-1CONF_MFLAGS_NO_DSO\s0\fR is set configuration module loading from DSOs is +disabled. +.PP +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR if set will make \fBCONF_load_modules_file()\fR +ignore missing configuration files. Normally a missing configuration file +return an error. +.PP +\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR if set and \fBappname\fR is not \s-1NULL\s0 will use the +default section pointed to by \fBopenssl_conf\fR if \fBappname\fR does not exist. +.PP +By using \fBCONF_modules_load_file()\fR with appropriate flags an application can +customise application configuration to best suit its needs. In some cases the +use of a configuration file is optional and its absence is not an error: in +this case \fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR would be set. +.PP +Errors during configuration may also be handled differently by different +applications. For example in some cases an error may simply print out a warning +message and the application continue. In other cases an application might +consider a configuration file error as fatal and exit immediately. +.PP +Applications can use the \fBCONF_modules_load()\fR function if they wish to load a +configuration file themselves and have finer control over how errors are +treated. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 for success and a zero or negative value for +failure. If module errors are not ignored the return code will reflect the +return value of the failing module (this will always be zero or negative). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Load a configuration file and print out any errors and exit (missing file +considered fatal): +.PP +.Vb 5 +\& if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { +\& fprintf(stderr, "FATAL: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +.Ve +.PP +Load default configuration file using the section indicated by \*(L"myapp\*(R", +tolerate missing files, but exit on other errors: +.PP +.Vb 6 +\& if (CONF_modules_load_file(NULL, "myapp", +\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +\& fprintf(stderr, "FATAL: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& exit(1); +\& } +.Ve +.PP +Load custom configuration file and section, only print warnings on error, +missing configuration file ignored: +.PP +.Vb 5 +\& if (CONF_modules_load_file("/something/app.cnf", "myapp", +\& CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { +\& fprintf(stderr, "WARNING: error loading configuration file\en"); +\& ERR_print_errors_fp(stderr); +\& } +.Ve +.PP +Load and parse configuration file manually, custom error handling: +.PP +.Vb 3 +\& FILE *fp; +\& CONF *cnf = NULL; +\& long eline; +\& +\& fp = fopen("/somepath/app.cnf", "r"); +\& if (fp == NULL) { +\& fprintf(stderr, "Error opening configuration file\en"); +\& /* Other missing configuration file behaviour */ +\& } else { +\& cnf = NCONF_new(NULL); +\& if (NCONF_load_fp(cnf, fp, &eline) == 0) { +\& fprintf(stderr, "Error on line %ld of configuration file\en", eline); +\& ERR_print_errors_fp(stderr); +\& /* Other malformed configuration file behaviour */ +\& } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { +\& fprintf(stderr, "Error configuring application\en"); +\& ERR_print_errors_fp(stderr); +\& /* Other configuration error behaviour */ +\& } +\& fclose(fp); +\& NCONF_free(cnf); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 b/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 new file mode 100644 index 000000000000..6e638d566043 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CRYPTO_THREAD_run_once.3 @@ -0,0 +1,283 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_THREAD_RUN_ONCE 3" +.TH CRYPTO_THREAD_RUN_ONCE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_THREAD_run_once, CRYPTO_THREAD_lock_new, CRYPTO_THREAD_read_lock, CRYPTO_THREAD_write_lock, CRYPTO_THREAD_unlock, CRYPTO_THREAD_lock_free, CRYPTO_atomic_add \- OpenSSL thread support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CRYPTO_ONCE CRYPTO_ONCE_STATIC_INIT; +\& int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); +\& +\& CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +\& int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +\& int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +\& int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +\& void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); +\& +\& int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL can be safely used in multi-threaded applications provided that +support for the underlying \s-1OS\s0 threading \s-1API\s0 is built-in. Currently, OpenSSL +supports the pthread and Windows APIs. OpenSSL can also be built without +any multi-threading support, for example on platforms that don't provide +any threading support or that provide a threading \s-1API\s0 that is not yet +supported by OpenSSL. +.PP +The following multi-threading function are provided: +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_run_once()\fR can be used to perform one-time initialization. +The \fBonce\fR argument must be a pointer to a static object of type +\&\fB\s-1CRYPTO_ONCE\s0\fR that was statically initialized to the value +\&\fB\s-1CRYPTO_ONCE_STATIC_INIT\s0\fR. +The \fBinit\fR argument is a pointer to a function that performs the desired +exactly once initialization. +In particular, this can be used to allocate locks in a thread-safe manner, +which can then be used with the locking functions below. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_lock_new()\fR allocates, initializes and returns a new read/write +lock. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_read_lock()\fR locks the provided \fBlock\fR for reading. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_write_lock()\fR locks the provided \fBlock\fR for writing. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_unlock()\fR unlocks the previously locked \fBlock\fR. +.IP "\(bu" 2 +\&\fBCRYPTO_THREAD_lock_free()\fR frees the provided \fBlock\fR. +.IP "\(bu" 2 +\&\fBCRYPTO_atomic_add()\fR atomically adds \fBamount\fR to \fBval\fR and returns the +result of the operation in \fBret\fR. \fBlock\fR will be locked, unless atomic +operations are supported on the specific platform. Because of this, if a +variable is modified by \fBCRYPTO_atomic_add()\fR then \fBCRYPTO_atomic_add()\fR must +be the only way that the variable is modified. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCRYPTO_THREAD_run_once()\fR returns 1 on success, or 0 on error. +.PP +\&\fBCRYPTO_THREAD_lock_new()\fR returns the allocated lock, or \s-1NULL\s0 on error. +.PP +\&\fBCRYPTO_THREAD_lock_free()\fR returns no value. +.PP +The other functions return 1 on success, or 0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the CRYPTO_THREAD_* types and functions in the +openssl/crypto.h header are dependent on some of the types customarily +made available by including windows.h. The application developer is +likely to require control over when the latter is included, commonly as +one of the first included headers. Therefore it is defined as an +application developer's responsibility to include windows.h prior to +crypto.h where use of CRYPTO_THREAD_* types and functions is required. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example safely initializes and uses a lock. +.PP +.Vb 4 +\& #ifdef _WIN32 +\& # include +\& #endif +\& #include +\& +\& static CRYPTO_ONCE once = CRYPTO_ONCE_STATIC_INIT; +\& static CRYPTO_RWLOCK *lock; +\& +\& static void myinit(void) +\& { +\& lock = CRYPTO_THREAD_lock_new(); +\& } +\& +\& static int mylock(void) +\& { +\& if (!CRYPTO_THREAD_run_once(&once, void init) || lock == NULL) +\& return 0; +\& return CRYPTO_THREAD_write_lock(lock); +\& } +\& +\& static int myunlock(void) +\& { +\& return CRYPTO_THREAD_unlock(lock); +\& } +\& +\& int serialized(void) +\& { +\& int ret = 0; +\& +\& if (mylock()) { +\& /* Your code here, do not return without releasing the lock! */ +\& ret = ... ; +\& } +\& myunlock(); +\& return ret; +\& } +.Ve +.PP +Finalization of locks is an advanced topic, not covered in this example. +This can only be done at process exit or when a dynamically loaded library is +no longer in use and is unloaded. +The simplest solution is to just \*(L"leak\*(R" the lock in applications and not +repeatedly load/unload shared libraries that allocate locks. +.SH "NOTES" +.IX Header "NOTES" +You can find out if OpenSSL was configured with thread support: +.PP +.Vb 6 +\& #include +\& #if defined(OPENSSL_THREADS) +\& /* thread support enabled */ +\& #else +\& /* no thread support */ +\& #endif +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 b/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 new file mode 100644 index 000000000000..503fa928855f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CRYPTO_get_ex_new_index.3 @@ -0,0 +1,298 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_GET_EX_NEW_INDEX 3" +.TH CRYPTO_GET_EX_NEW_INDEX 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_EX_new, CRYPTO_EX_free, CRYPTO_EX_dup, CRYPTO_free_ex_index, CRYPTO_get_ex_new_index, CRYPTO_set_ex_data, CRYPTO_get_ex_data, CRYPTO_free_ex_data, CRYPTO_new_ex_data \&\- functions supporting application\-specific data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_get_ex_new_index(int class_index, +\& long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +\& +\& typedef void CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, +\& void *from_d, int idx, long argl, void *argp); +\& +\& int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +\& +\& int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); +\& +\& void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); +\& +\& void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *r); +\& +\& int CRYPTO_free_ex_index(int class_index, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application-specific data attached to them, +known as \*(L"exdata.\*(R" +The specific structures are: +.PP +.Vb 10 +\& APP +\& BIO +\& DH +\& DRBG +\& DSA +\& EC_KEY +\& ENGINE +\& RSA +\& SSL +\& SSL_CTX +\& SSL_SESSION +\& UI +\& UI_METHOD +\& X509 +\& X509_STORE +\& X509_STORE_CTX +.Ve +.PP +Each is identified by an \fBCRYPTO_EX_INDEX_xxx\fR define in the \fBcrypto.h\fR +header file. In addition, \fB\s-1CRYPTO_EX_INDEX_APP\s0\fR is reserved for +applications to use this facility for their own structures. +.PP +The \s-1API\s0 described here is used by OpenSSL to manipulate exdata for specific +structures. Since the application data can be anything at all it is passed +and retrieved as a \fBvoid *\fR type. +.PP +The \fB\s-1CRYPTO_EX_DATA\s0\fR type is opaque. To initialize the exdata part of +a structure, call \fBCRYPTO_new_ex_data()\fR. This is only necessary for +\&\fB\s-1CRYPTO_EX_INDEX_APP\s0\fR objects. +.PP +Exdata types are identified by an \fBindex\fR, an integer guaranteed to be +unique within structures for the lifetime of the program. Applications +using exdata typically call \fBCRYPTO_get_ex_new_index\fR at startup, and +store the result in a global variable, or write a wrapper function to +provide lazy evaluation. The \fBclass_index\fR should be one of the +\&\fBCRYPTO_EX_INDEX_xxx\fR values. The \fBargl\fR and \fBargp\fR parameters are saved +to be passed to the callbacks but are otherwise not used. In order to +transparently manipulate exdata, three callbacks must be provided. The +semantics of those callbacks are described below. +.PP +When copying or releasing objects with exdata, the callback functions +are called in increasing order of their \fBindex\fR value. +.PP +If a dynamic library can be unloaded, it should call \fBCRYPTO_free_ex_index()\fR +when this is done. +This will replace the callbacks with no-ops +so that applications don't crash. Any existing exdata will be leaked. +.PP +To set or get the exdata on an object, the appropriate type-specific +routine must be used. This is because the containing structure is opaque +and the \fB\s-1CRYPTO_EX_DATA\s0\fR field is not accessible. In both \s-1API\s0's, the +\&\fBidx\fR parameter should be an already-created index value. +.PP +When setting exdata, the pointer specified with a particular index is saved, +and returned on a subsequent \*(L"get\*(R" call. If the application is going to +release the data, it must make sure to set a \fB\s-1NULL\s0\fR value at the index, +to avoid likely double-free crashes. +.PP +The function \fBCRYPTO_free_ex_data\fR is used to free all exdata attached +to a structure. The appropriate type-specific routine must be used. +The \fBclass_index\fR identifies the structure type, the \fBobj\fR is +a pointer to the actual structure, and \fBr\fR is a pointer to the +structure's exdata field. +.SS "Callback Functions" +.IX Subsection "Callback Functions" +This section describes how the callback functions are used. Applications +that are defining their own exdata using \fB\s-1CYPRTO_EX_INDEX_APP\s0\fR must +call them as described here. +.PP +When a structure is initially allocated (such as \fBRSA_new()\fR) then the +\&\fBnew_func()\fR is called for every defined index. There is no requirement +that the entire parent, or containing, structure has been set up. +The \fBnew_func()\fR is typically used only to allocate memory to store the +exdata, and perhaps an \*(L"initialized\*(R" flag within that memory. +The exdata value should be set by calling \fBCRYPTO_set_ex_data()\fR. +.PP +When a structure is free'd (such as \fBSSL_CTX_free()\fR) then the +\&\fBfree_func()\fR is called for every defined index. Again, the state of the +parent structure is not guaranteed. The \fBfree_func()\fR may be called with a +\&\s-1NULL\s0 pointer. +.PP +Both \fBnew_func()\fR and \fBfree_func()\fR take the same parameters. +The \fBparent\fR is the pointer to the structure that contains the exdata. +The \fBptr\fR is the current exdata item; for \fBnew_func()\fR this will typically +be \s-1NULL.\s0 The \fBr\fR parameter is a pointer to the exdata field of the object. +The \fBidx\fR is the index and is the value returned when the callbacks were +initially registered via \fBCRYPTO_get_ex_new_index()\fR and can be used if +the same callback handles different types of exdata. +.PP +\&\fBdup_func()\fR is called when a structure is being copied. This is only done +for \fB\s-1SSL\s0\fR, \fB\s-1SSL_SESSION\s0\fR, \fB\s-1EC_KEY\s0\fR objects and \fB\s-1BIO\s0\fR chains via +\&\fBBIO_dup_chain()\fR. The \fBto\fR and \fBfrom\fR parameters +are pointers to the destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures, +respectively. The \fBfrom_d\fR parameter needs to be cast to a \fBvoid **pptr\fR +as the \s-1API\s0 has currently the wrong signature; that will be changed in a +future version. The \fB*pptr\fR is a pointer to the source exdata. +When the \fBdup_func()\fR returns, the value in \fB*pptr\fR is copied to the +destination ex_data. If the pointer contained in \fB*pptr\fR is not modified +by the \fBdup_func()\fR, then both \fBto\fR and \fBfrom\fR will point to the same data. +The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are as described for the other +two callbacks. If the \fBdup_func()\fR returns \fB0\fR the whole \fBCRYPTO_dup_ex_data()\fR +will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCRYPTO_get_ex_new_index()\fR returns a new index or \-1 on failure. +.PP +\&\fBCRYPTO_free_ex_index()\fR and +\&\fBCRYPTO_set_ex_data()\fR return 1 on success or 0 on failure. +.PP +\&\fBCRYPTO_get_ex_data()\fR returns the application data or \s-1NULL\s0 on failure; +note that \s-1NULL\s0 may be a valid value. +.PP +\&\fBdup_func()\fR should return 0 for failure and 1 for success. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 b/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 new file mode 100644 index 000000000000..2474f4b6ab57 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CRYPTO_memcmp.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CRYPTO_MEMCMP 3" +.TH CRYPTO_MEMCMP 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_memcmp \- Constant time memory comparison +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_memcmp(const void *a, const void *b, size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The CRYPTO_memcmp function compares the \fBlen\fR bytes pointed to by \fBa\fR and \fBb\fR +for equality. +It takes an amount of time dependent on \fBlen\fR, but independent of the +contents of the memory regions pointed to by \fBa\fR and \fBb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCRYPTO_memcmp()\fR returns 0 if the memory regions are equal and non-zero +otherwise. +.SH "NOTES" +.IX Header "NOTES" +Unlike \fBmemcmp\fR\|(2), this function cannot be used to order the two memory regions +as the return value when they differ is undefined, other than being non-zero. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 b/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 new file mode 100644 index 000000000000..a1ffd4a69cb3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CTLOG_STORE_get0_log_by_id.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_STORE_GET0_LOG_BY_ID 3" +.TH CTLOG_STORE_GET0_LOG_BY_ID 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_STORE_get0_log_by_id \- Get a Certificate Transparency log from a CTLOG_STORE +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, +\& const uint8_t *log_id, +\& size_t log_id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A Signed Certificate Timestamp (\s-1SCT\s0) identifies the Certificate Transparency +(\s-1CT\s0) log that issued it using the log's LogID (see \s-1RFC 6962,\s0 Section 3.2). +Therefore, it is useful to be able to look up more information about a log +(e.g. its public key) using this LogID. +.PP +\&\fBCTLOG_STORE_get0_log_by_id()\fR provides a way to do this. It will find a \s-1CTLOG\s0 +in a \s-1CTLOG_STORE\s0 that has a given LogID. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCTLOG_STORE_get0_log_by_id\fR returns a \s-1CTLOG\s0 with the given LogID, if it +exists in the given \s-1CTLOG_STORE,\s0 otherwise it returns \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBCTLOG_STORE_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBCTLOG_STORE_get0_log_by_id()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 b/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 new file mode 100644 index 000000000000..99743eb0c91c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CTLOG_STORE_new.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_STORE_NEW 3" +.TH CTLOG_STORE_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_STORE_new, CTLOG_STORE_free, CTLOG_STORE_load_default_file, CTLOG_STORE_load_file \- Create and populate a Certificate Transparency log list +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CTLOG_STORE *CTLOG_STORE_new(void); +\& void CTLOG_STORE_free(CTLOG_STORE *store); +\& +\& int CTLOG_STORE_load_default_file(CTLOG_STORE *store); +\& int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1CTLOG_STORE\s0 is a container for a list of CTLOGs (Certificate Transparency +logs). The list can be loaded from one or more files and then searched by LogID +(see \s-1RFC 6962,\s0 Section 3.2, for the definition of a LogID). +.PP +\&\fBCTLOG_STORE_new()\fR creates an empty list of \s-1CT\s0 logs. This is then populated +by \fBCTLOG_STORE_load_default_file()\fR or \fBCTLOG_STORE_load_file()\fR. +\&\fBCTLOG_STORE_load_default_file()\fR loads from the default file, which is named +\&\*(L"ct_log_list.cnf\*(R" in \s-1OPENSSLDIR\s0 (see the output of version). This can be +overridden using an environment variable named \*(L"\s-1CTLOG_FILE\*(R".\s0 +\&\fBCTLOG_STORE_load_file()\fR loads from a caller-specified file path instead. +Both of these functions append any loaded \s-1CT\s0 logs to the \s-1CTLOG_STORE.\s0 +.PP +The expected format of the file is: +.PP +.Vb 1 +\& enabled_logs=foo,bar +\& +\& [foo] +\& description = Log 1 +\& key = +\& +\& [bar] +\& description = Log 2 +\& key = +.Ve +.PP +Once a \s-1CTLOG_STORE\s0 is no longer required, it should be passed to +\&\fBCTLOG_STORE_free()\fR. This will delete all of the CTLOGs stored within, along +with the \s-1CTLOG_STORE\s0 itself. +.SH "NOTES" +.IX Header "NOTES" +If there are any invalid \s-1CT\s0 logs in a file, they are skipped and the remaining +valid logs will still be added to the \s-1CTLOG_STORE. A CT\s0 log will be considered +invalid if it is missing a \*(L"key\*(R" or \*(L"description\*(R" field. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Both \fBCTLOG_STORE_load_default_file\fR and \fBCTLOG_STORE_load_file\fR return 1 if +all \s-1CT\s0 logs in the file are successfully parsed and loaded, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBCTLOG_STORE_get0_log_by_id\fR\|(3), +\&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CTLOG_new.3 b/secure/lib/libcrypto/man/man3/CTLOG_new.3 new file mode 100644 index 000000000000..4eb73ff5abcd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CTLOG_new.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CTLOG_NEW 3" +.TH CTLOG_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CTLOG_new, CTLOG_new_from_base64, CTLOG_free, CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key \- encapsulates information about a Certificate Transparency log +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); +\& int CTLOG_new_from_base64(CTLOG ** ct_log, +\& const char *pkey_base64, const char *name); +\& void CTLOG_free(CTLOG *log); +\& const char *CTLOG_get0_name(const CTLOG *log); +\& void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, +\& size_t *log_id_len); +\& EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBCTLOG_new()\fR returns a new \s-1CTLOG\s0 that represents the Certificate Transparency +(\s-1CT\s0) log with the given public key. A name must also be provided that can be +used to help users identify this log. Ownership of the public key is +transferred. +.PP +\&\fBCTLOG_new_from_base64()\fR also creates a new \s-1CTLOG,\s0 but takes the public key in +base64\-encoded \s-1DER\s0 form and sets the ct_log pointer to point to the new \s-1CTLOG.\s0 +The base64 will be decoded and the public key parsed. +.PP +Regardless of whether \fBCTLOG_new()\fR or \fBCTLOG_new_from_base64()\fR is used, it is the +caller's responsibility to pass the \s-1CTLOG\s0 to \fBCTLOG_free()\fR once it is no longer +needed. This will delete it and, if created by \fBCTLOG_new()\fR, the \s-1EVP_PKEY\s0 that +was passed to it. +.PP +\&\fBCTLOG_get0_name()\fR returns the name of the log, as provided when the \s-1CTLOG\s0 was +created. Ownership of the string remains with the \s-1CTLOG.\s0 +.PP +\&\fBCTLOG_get0_log_id()\fR sets *log_id to point to a string containing that log's +LogID (see \s-1RFC 6962\s0). It sets *log_id_len to the length of that LogID. For a +v1 \s-1CT\s0 log, the LogID will be a \s-1SHA\-256\s0 hash (i.e. 32 bytes long). Ownership of +the string remains with the \s-1CTLOG.\s0 +.PP +\&\fBCTLOG_get0_public_key()\fR returns the public key of the \s-1CT\s0 log. Ownership of the +\&\s-1EVP_PKEY\s0 remains with the \s-1CTLOG.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCTLOG_new()\fR will return \s-1NULL\s0 if an error occurs. +.PP +\&\fBCTLOG_new_from_base64()\fR will return 1 on success, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 b/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 new file mode 100644 index 000000000000..70e7d6fb4bf0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/CT_POLICY_EVAL_CTX_new.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CT_POLICY_EVAL_CTX_NEW 3" +.TH CT_POLICY_EVAL_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free, CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert, CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer, CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE, CT_POLICY_EVAL_CTX_get_time, CT_POLICY_EVAL_CTX_set_time \- Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); +\& void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); +\& X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); +\& int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); +\& X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); +\& int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); +\& const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); +\& void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, +\& CTLOG_STORE *log_store); +\& uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); +\& void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1CT_POLICY_EVAL_CTX\s0\fR is used by functions that evaluate whether Signed +Certificate Timestamps (SCTs) fulfil a Certificate Transparency (\s-1CT\s0) policy. +This policy may be, for example, that at least one valid \s-1SCT\s0 is available. To +determine this, an \s-1SCT\s0's timestamp and signature must be verified. +This requires: +.IP "\(bu" 2 +the public key of the log that issued the \s-1SCT\s0 +.IP "\(bu" 2 +the certificate that the \s-1SCT\s0 was issued for +.IP "\(bu" 2 +the issuer certificate (if the \s-1SCT\s0 was issued for a pre-certificate) +.IP "\(bu" 2 +the current time +.PP +The above requirements are met using the setters described below. +.PP +\&\fBCT_POLICY_EVAL_CTX_new()\fR creates an empty policy evaluation context. This +should then be populated using: +.IP "\(bu" 2 +\&\fBCT_POLICY_EVAL_CTX_set1_cert()\fR to provide the certificate the SCTs were issued for +.Sp +Increments the reference count of the certificate. +.IP "\(bu" 2 +\&\fBCT_POLICY_EVAL_CTX_set1_issuer()\fR to provide the issuer certificate +.Sp +Increments the reference count of the certificate. +.IP "\(bu" 2 +\&\fBCT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE()\fR to provide a list of logs that are trusted as sources of SCTs +.Sp +Holds a pointer to the \s-1CTLOG_STORE,\s0 so the \s-1CTLOG_STORE\s0 must outlive the +\&\s-1CT_POLICY_EVAL_CTX.\s0 +.IP "\(bu" 2 +\&\fBCT_POLICY_EVAL_CTX_set_time()\fR to set the time SCTs should be compared with to determine if they are valid +.Sp +The \s-1SCT\s0 timestamp will be compared to this time to check whether the \s-1SCT\s0 was +issued in the future. \s-1RFC6962\s0 states that \*(L"\s-1TLS\s0 clients \s-1MUST\s0 reject SCTs whose +timestamp is in the future\*(R". By default, this will be set to 5 minutes in the +future (e.g. (\fBtime()\fR + 300) * 1000), to allow for clock drift. +.Sp +The time should be in milliseconds since the Unix epoch. +.PP +Each setter has a matching getter for accessing the current value. +.PP +When no longer required, the \fB\s-1CT_POLICY_EVAL_CTX\s0\fR should be passed to +\&\fBCT_POLICY_EVAL_CTX_free()\fR to delete it. +.SH "NOTES" +.IX Header "NOTES" +The issuer certificate only needs to be provided if at least one of the SCTs +was issued for a pre-certificate. This will be the case for SCTs embedded in a +certificate (i.e. those in an X.509 extension), but may not be the case for SCTs +found in the \s-1TLS SCT\s0 extension or \s-1OCSP\s0 response. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCT_POLICY_EVAL_CTX_new()\fR will return \s-1NULL\s0 if malloc fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 b/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 new file mode 100644 index 000000000000..b6675168dff7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DEFINE_STACK_OF.3 @@ -0,0 +1,404 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DEFINE_STACK_OF 3" +.TH DEFINE_STACK_OF 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DEFINE_STACK_OF, DEFINE_STACK_OF_CONST, DEFINE_SPECIAL_STACK_OF, DEFINE_SPECIAL_STACK_OF_CONST, sk_TYPE_num, sk_TYPE_value, sk_TYPE_new, sk_TYPE_new_null, sk_TYPE_reserve, sk_TYPE_free, sk_TYPE_zero, sk_TYPE_delete, sk_TYPE_delete_ptr, sk_TYPE_push, sk_TYPE_unshift, sk_TYPE_pop, sk_TYPE_shift, sk_TYPE_pop_free, sk_TYPE_insert, sk_TYPE_set, sk_TYPE_find, sk_TYPE_find_ex, sk_TYPE_sort, sk_TYPE_is_sorted, sk_TYPE_dup, sk_TYPE_deep_copy, sk_TYPE_set_cmp_func, sk_TYPE_new_reserve \&\- stack container +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(TYPE) +\& DEFINE_STACK_OF(TYPE) +\& DEFINE_STACK_OF_CONST(TYPE) +\& DEFINE_SPECIAL_STACK_OF(FUNCTYPE, TYPE) +\& DEFINE_SPECIAL_STACK_OF_CONST(FUNCTYPE, TYPE) +\& +\& typedef int (*sk_TYPE_compfunc)(const TYPE *const *a, const TYPE *const *b); +\& typedef TYPE * (*sk_TYPE_copyfunc)(const TYPE *a); +\& typedef void (*sk_TYPE_freefunc)(TYPE *a); +\& +\& int sk_TYPE_num(const STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_value(const STACK_OF(TYPE) *sk, int idx); +\& STACK_OF(TYPE) *sk_TYPE_new(sk_TYPE_compfunc compare); +\& STACK_OF(TYPE) *sk_TYPE_new_null(void); +\& int sk_TYPE_reserve(STACK_OF(TYPE) *sk, int n); +\& void sk_TYPE_free(const STACK_OF(TYPE) *sk); +\& void sk_TYPE_zero(const STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_delete(STACK_OF(TYPE) *sk, int i); +\& TYPE *sk_TYPE_delete_ptr(STACK_OF(TYPE) *sk, TYPE *ptr); +\& int sk_TYPE_push(STACK_OF(TYPE) *sk, const TYPE *ptr); +\& int sk_TYPE_unshift(STACK_OF(TYPE) *sk, const TYPE *ptr); +\& TYPE *sk_TYPE_pop(STACK_OF(TYPE) *sk); +\& TYPE *sk_TYPE_shift(STACK_OF(TYPE) *sk); +\& void sk_TYPE_pop_free(STACK_OF(TYPE) *sk, sk_TYPE_freefunc freefunc); +\& int sk_TYPE_insert(STACK_OF(TYPE) *sk, TYPE *ptr, int idx); +\& TYPE *sk_TYPE_set(STACK_OF(TYPE) *sk, int idx, const TYPE *ptr); +\& int sk_TYPE_find(STACK_OF(TYPE) *sk, TYPE *ptr); +\& int sk_TYPE_find_ex(STACK_OF(TYPE) *sk, TYPE *ptr); +\& void sk_TYPE_sort(const STACK_OF(TYPE) *sk); +\& int sk_TYPE_is_sorted(const STACK_OF(TYPE) *sk); +\& STACK_OF(TYPE) *sk_TYPE_dup(const STACK_OF(TYPE) *sk); +\& STACK_OF(TYPE) *sk_TYPE_deep_copy(const STACK_OF(TYPE) *sk, +\& sk_TYPE_copyfunc copyfunc, +\& sk_TYPE_freefunc freefunc); +\& sk_TYPE_compfunc (*sk_TYPE_set_cmp_func(STACK_OF(TYPE) *sk, +\& sk_TYPE_compfunc compare)); +\& STACK_OF(TYPE) *sk_TYPE_new_reserve(sk_TYPE_compfunc compare, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Applications can create and use their own stacks by placing any of the macros +described below in a header file. These macros define typesafe inline +functions that wrap around the utility \fBOPENSSL_sk_\fR \s-1API.\s0 +In the description here, \fI\s-1TYPE\s0\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. +.PP +\&\s-1\fBSTACK_OF\s0()\fR returns the name for a stack of the specified \fB\s-1TYPE\s0\fR. +\&\s-1\fBDEFINE_STACK_OF\s0()\fR creates set of functions for a stack of \fB\s-1TYPE\s0\fR. This +will mean that type \fB\s-1TYPE\s0\fR is stored in each stack, the type is referenced by +\&\s-1STACK_OF\s0(\s-1TYPE\s0) and each function name begins with \fIsk_TYPE_\fR. For example: +.PP +.Vb 1 +\& TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fBDEFINE_STACK_OF_CONST\s0()\fR is identical to \s-1\fBDEFINE_STACK_OF\s0()\fR except +each element is constant. For example: +.PP +.Vb 1 +\& const TYPE *sk_TYPE_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR defines a stack of \fB\s-1TYPE\s0\fR but +each function uses \fB\s-1FUNCNAME\s0\fR in the function name. For example: +.PP +.Vb 1 +\& TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\s-1\fBDEFINE_SPECIAL_STACK_OF_CONST\s0()\fR is similar except that each element is +constant: +.PP +.Vb 1 +\& const TYPE *sk_FUNCNAME_value(STACK_OF(TYPE) *sk, int idx); +.Ve +.PP +\&\fBsk_TYPE_num()\fR returns the number of elements in \fBsk\fR or \-1 if \fBsk\fR is +\&\fB\s-1NULL\s0\fR. +.PP +\&\fBsk_TYPE_value()\fR returns element \fBidx\fR in \fBsk\fR, where \fBidx\fR starts at +zero. If \fBidx\fR is out of range then \fB\s-1NULL\s0\fR is returned. +.PP +\&\fBsk_TYPE_new()\fR allocates a new empty stack using comparison function \fBcompare\fR. +If \fBcompare\fR is \fB\s-1NULL\s0\fR then no comparison function is used. This function is +equivalent to sk_TYPE_new_reserve(compare, 0). +.PP +\&\fBsk_TYPE_new_null()\fR allocates a new empty stack with no comparison function. This +function is equivalent to sk_TYPE_new_reserve(\s-1NULL, 0\s0). +.PP +\&\fBsk_TYPE_reserve()\fR allocates additional memory in the \fBsk\fR structure +such that the next \fBn\fR calls to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR +or \fBsk_TYPE_unshift()\fR will not fail or cause memory to be allocated +or reallocated. If \fBn\fR is zero, any excess space allocated in the +\&\fBsk\fR structure is freed. On error \fBsk\fR is unchanged. +.PP +\&\fBsk_TYPE_new_reserve()\fR allocates a new stack. The new stack will have additional +memory allocated to hold \fBn\fR elements if \fBn\fR is positive. The next \fBn\fR calls +to \fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR or \fBsk_TYPE_unshift()\fR will not fail or cause +memory to be allocated or reallocated. If \fBn\fR is zero or less than zero, no +memory is allocated. \fBsk_TYPE_new_reserve()\fR also sets the comparison function +\&\fBcompare\fR to the newly created stack. If \fBcompare\fR is \fB\s-1NULL\s0\fR then no +comparison function is used. +.PP +\&\fBsk_TYPE_set_cmp_func()\fR sets the comparison function of \fBsk\fR to \fBcompare\fR. +The previous comparison function is returned or \fB\s-1NULL\s0\fR if there was +no previous comparison function. +.PP +\&\fBsk_TYPE_free()\fR frees up the \fBsk\fR structure. It does \fBnot\fR free up any +elements of \fBsk\fR. After this call \fBsk\fR is no longer valid. +.PP +\&\fBsk_TYPE_zero()\fR sets the number of elements in \fBsk\fR to zero. It does not free +\&\fBsk\fR so after this call \fBsk\fR is still valid. +.PP +\&\fBsk_TYPE_pop_free()\fR frees up all elements of \fBsk\fR and \fBsk\fR itself. The +free function \fBfreefunc()\fR is called on each element to free it. +.PP +\&\fBsk_TYPE_delete()\fR deletes element \fBi\fR from \fBsk\fR. It returns the deleted +element or \fB\s-1NULL\s0\fR if \fBi\fR is out of range. +.PP +\&\fBsk_TYPE_delete_ptr()\fR deletes element matching \fBptr\fR from \fBsk\fR. It returns +the deleted element or \fB\s-1NULL\s0\fR if no element matching \fBptr\fR was found. +.PP +\&\fBsk_TYPE_insert()\fR inserts \fBptr\fR into \fBsk\fR at position \fBidx\fR. Any existing +elements at or after \fBidx\fR are moved downwards. If \fBidx\fR is out of range +the new element is appended to \fBsk\fR. \fBsk_TYPE_insert()\fR either returns the +number of elements in \fBsk\fR after the new element is inserted or zero if +an error (such as memory allocation failure) occurred. +.PP +\&\fBsk_TYPE_push()\fR appends \fBptr\fR to \fBsk\fR it is equivalent to: +.PP +.Vb 1 +\& sk_TYPE_insert(sk, ptr, \-1); +.Ve +.PP +\&\fBsk_TYPE_unshift()\fR inserts \fBptr\fR at the start of \fBsk\fR it is equivalent to: +.PP +.Vb 1 +\& sk_TYPE_insert(sk, ptr, 0); +.Ve +.PP +\&\fBsk_TYPE_pop()\fR returns and removes the last element from \fBsk\fR. +.PP +\&\fBsk_TYPE_shift()\fR returns and removes the first element from \fBsk\fR. +.PP +\&\fBsk_TYPE_set()\fR sets element \fBidx\fR of \fBsk\fR to \fBptr\fR replacing the current +element. The new element value is returned or \fB\s-1NULL\s0\fR if an error occurred: +this will only happen if \fBsk\fR is \fB\s-1NULL\s0\fR or \fBidx\fR is out of range. +.PP +\&\fBsk_TYPE_find()\fR searches \fBsk\fR for the element \fBptr\fR. In the case +where no comparison function has been specified, the function performs +a linear search for a pointer equal to \fBptr\fR. The index of the first +matching element is returned or \fB\-1\fR if there is no match. In the case +where a comparison function has been specified, \fBsk\fR is sorted then +\&\fBsk_TYPE_find()\fR returns the index of a matching element or \fB\-1\fR if there +is no match. Note that, in this case, the matching element returned is +not guaranteed to be the first; the comparison function will usually +compare the values pointed to rather than the pointers themselves and +the order of elements in \fBsk\fR could change. +.PP +\&\fBsk_TYPE_find_ex()\fR operates like \fBsk_TYPE_find()\fR except when a comparison +function has been specified and no matching element is found. Instead +of returning \fB\-1\fR, \fBsk_TYPE_find_ex()\fR returns the index of the element +either before or after the location where \fBptr\fR would be if it were +present in \fBsk\fR. +.PP +\&\fBsk_TYPE_sort()\fR sorts \fBsk\fR using the supplied comparison function. +.PP +\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if \fBsk\fR is sorted and \fB0\fR otherwise. +.PP +\&\fBsk_TYPE_dup()\fR returns a copy of \fBsk\fR. Note the pointers in the copy +are identical to the original. +.PP +\&\fBsk_TYPE_deep_copy()\fR returns a new stack where each element has been copied. +Copying is performed by the supplied \fBcopyfunc()\fR and freeing by \fBfreefunc()\fR. The +function \fBfreefunc()\fR is only called if an error occurs. +.SH "NOTES" +.IX Header "NOTES" +Care should be taken when accessing stacks in multi-threaded environments. +Any operation which increases the size of a stack such as \fBsk_TYPE_insert()\fR or +\&\fBsk_push()\fR can \*(L"grow\*(R" the size of an internal array and cause race conditions +if the same stack is accessed in a different thread. Operations such as +\&\fBsk_find()\fR and \fBsk_sort()\fR can also reorder the stack. +.PP +Any comparison function supplied should use a metric suitable +for use in a binary search operation. That is it should return zero, a +positive or negative value if \fBa\fR is equal to, greater than +or less than \fBb\fR respectively. +.PP +Care should be taken when checking the return values of the functions +\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR. They return an index to the +matching element. In particular \fB0\fR indicates a matching first element. +A failed search is indicated by a \fB\-1\fR return value. +.PP +\&\s-1\fBSTACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF\s0()\fR, \s-1\fBDEFINE_STACK_OF_CONST\s0()\fR, and +\&\s-1\fBDEFINE_SPECIAL_STACK_OF\s0()\fR are implemented as macros. +.PP +The underlying utility \fBOPENSSL_sk_\fR \s-1API\s0 should not be used directly. +It defines these functions: \fBOPENSSL_sk_deep_copy()\fR, +\&\fBOPENSSL_sk_delete()\fR, \fBOPENSSL_sk_delete_ptr()\fR, \fBOPENSSL_sk_dup()\fR, +\&\fBOPENSSL_sk_find()\fR, \fBOPENSSL_sk_find_ex()\fR, \fBOPENSSL_sk_free()\fR, +\&\fBOPENSSL_sk_insert()\fR, \fBOPENSSL_sk_is_sorted()\fR, \fBOPENSSL_sk_new()\fR, +\&\fBOPENSSL_sk_new_null()\fR, \fBOPENSSL_sk_num()\fR, \fBOPENSSL_sk_pop()\fR, +\&\fBOPENSSL_sk_pop_free()\fR, \fBOPENSSL_sk_push()\fR, \fBOPENSSL_sk_reserve()\fR, +\&\fBOPENSSL_sk_set()\fR, \fBOPENSSL_sk_set_cmp_func()\fR, \fBOPENSSL_sk_shift()\fR, +\&\fBOPENSSL_sk_sort()\fR, \fBOPENSSL_sk_unshift()\fR, \fBOPENSSL_sk_value()\fR, +\&\fBOPENSSL_sk_zero()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBsk_TYPE_num()\fR returns the number of elements in the stack or \fB\-1\fR if the +passed stack is \fB\s-1NULL\s0\fR. +.PP +\&\fBsk_TYPE_value()\fR returns a pointer to a stack element or \fB\s-1NULL\s0\fR if the +index is out of range. +.PP +\&\fBsk_TYPE_new()\fR, \fBsk_TYPE_new_null()\fR and \fBsk_TYPE_new_reserve()\fR return an empty +stack or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBsk_TYPE_reserve()\fR returns \fB1\fR on successful allocation of the required memory +or \fB0\fR on error. +.PP +\&\fBsk_TYPE_set_cmp_func()\fR returns the old comparison function or \fB\s-1NULL\s0\fR if +there was no old comparison function. +.PP +\&\fBsk_TYPE_free()\fR, \fBsk_TYPE_zero()\fR, \fBsk_TYPE_pop_free()\fR and \fBsk_TYPE_sort()\fR do +not return values. +.PP +\&\fBsk_TYPE_pop()\fR, \fBsk_TYPE_shift()\fR, \fBsk_TYPE_delete()\fR and \fBsk_TYPE_delete_ptr()\fR +return a pointer to the deleted element or \fB\s-1NULL\s0\fR on error. +.PP +\&\fBsk_TYPE_insert()\fR, \fBsk_TYPE_push()\fR and \fBsk_TYPE_unshift()\fR return the total +number of elements in the stack and 0 if an error occurred. +.PP +\&\fBsk_TYPE_set()\fR returns a pointer to the replacement element or \fB\s-1NULL\s0\fR on +error. +.PP +\&\fBsk_TYPE_find()\fR and \fBsk_TYPE_find_ex()\fR return an index to the found element +or \fB\-1\fR on error. +.PP +\&\fBsk_TYPE_is_sorted()\fR returns \fB1\fR if the stack is sorted and \fB0\fR if it is +not. +.PP +\&\fBsk_TYPE_dup()\fR and \fBsk_TYPE_deep_copy()\fR return a pointer to the copy of the +stack. +.SH "HISTORY" +.IX Header "HISTORY" +Before OpenSSL 1.1.0, this was implemented via macros and not inline functions +and was not a public \s-1API.\s0 +.PP +\&\fBsk_TYPE_reserve()\fR and \fBsk_TYPE_new_reserve()\fR were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DES_random_key.3 b/secure/lib/libcrypto/man/man3/DES_random_key.3 new file mode 100644 index 000000000000..0dd0ece6dd4d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DES_random_key.3 @@ -0,0 +1,444 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DES_RANDOM_KEY 3" +.TH DES_RANDOM_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt, DES_crypt \- DES encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DES_random_key(DES_cblock *ret); +\& +\& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +\& void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +\& +\& void DES_set_odd_parity(DES_cblock *key); +\& int DES_is_weak_key(const_DES_cblock *key); +\& +\& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks, int enc); +\& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, int enc); +\& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, int enc); +\& +\& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int enc); +\& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec, int enc); +\& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec); +\& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int enc); +\& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int *num, int enc); +\& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& int *num); +\& +\& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& const_DES_cblock *inw, const_DES_cblock *outw, int enc); +\& +\& void DES_ede2_cbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int enc); +\& void DES_ede2_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, +\& int *num, int enc); +\& void DES_ede2_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int *num); +\& +\& void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int enc); +\& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num, int enc); +\& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num); +\& +\& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, +\& long length, DES_key_schedule *schedule, +\& const_DES_cblock *ivec); +\& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], +\& long length, int out_count, DES_cblock *seed); +\& void DES_string_to_key(const char *str, DES_cblock *key); +\& void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +\& +\& char *DES_fcrypt(const char *buf, const char *salt, char *ret); +\& char *DES_crypt(const char *buf, const char *salt); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library contains a fast implementation of the \s-1DES\s0 encryption +algorithm. +.PP +There are two phases to the use of \s-1DES\s0 encryption. The first is the +generation of a \fIDES_key_schedule\fR from a key, the second is the +actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type +consists of 8 bytes with odd parity. The least significant bit in +each byte is the parity bit. The key schedule is an expanded form of +the key; it is used to speed the encryption process. +.PP +\&\fBDES_random_key()\fR generates a random key. The random generator must be +seeded when calling this function. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +If the function fails, 0 is returned. +.PP +Before a \s-1DES\s0 key can be used, it must be converted into the +architecture dependent \fIDES_key_schedule\fR via the +\&\fBDES_set_key_checked()\fR or \fBDES_set_key_unchecked()\fR function. +.PP +\&\fBDES_set_key_checked()\fR will check that the key passed is of odd parity +and is not a weak or semi-weak key. If the parity is wrong, then \-1 +is returned. If the key is a weak key, then \-2 is returned. If an +error is returned, the key schedule is not generated. +.PP +\&\fBDES_set_key()\fR works like +\&\fBDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero, +otherwise like \fBDES_set_key_unchecked()\fR. These functions are available +for compatibility; it is recommended to use a function that does not +depend on a global variable. +.PP +\&\fBDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. +.PP +\&\fBDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it +is ok. +.PP +The following routines mostly operate on an input and output stream of +\&\fIDES_cblock\fRs. +.PP +\&\fBDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or +decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR +(\s-1ECB\s0) mode. It always transforms the input data, pointed to by +\&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. +If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR +(cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the +key_schedule specified by the \fIschedule\fR argument, previously set via +\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now +ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input +and output may overlap. \fBDES_ecb_encrypt()\fR does not return a value. +.PP +\&\fBDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using +three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting +the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and +then encrypting with \fIks3\fR. This routine greatly reduces the chances +of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, +\&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption +using \s-1ECB\s0 mode and \fIks1\fR as the key. +.PP +The macro \fBDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES +encryption by using \fIks1\fR for the final encryption. +.PP +\&\fBDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR +(\s-1CBC\s0) mode of \s-1DES.\s0 If the \fIencrypt\fR argument is non-zero, the +routine cipher-block-chain encrypts the cleartext data pointed to by +the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR +argument, using the key schedule provided by the \fIschedule\fR argument, +and initialization vector provided by the \fIivec\fR argument. If the +\&\fIlength\fR argument is not an integral multiple of eight bytes, the +last block is copied to a temporary area and zero filled. The output +is always an integral multiple of eight bytes. +.PP +\&\fBDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0 It uses \fIinw\fR and +\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret +(unlike the iv) and are as such, part of the key. So the key is sort +of 24 bytes. This is much better than \s-1CBC DES.\s0 +.PP +\&\fBDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with +three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is +\&\f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0 +.PP +The \fBDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by +reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. +This form of Triple-DES is used by the \s-1RSAREF\s0 library. +.PP +\&\fBDES_pcbc_encrypt()\fR encrypts/decrypts using the propagating cipher block +chaining mode used by Kerberos v4. Its parameters are the same as +\&\fBDES_ncbc_encrypt()\fR. +.PP +\&\fBDES_cfb_encrypt()\fR encrypts/decrypts using cipher feedback mode. This +method takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the \fIivec\fR variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only +suggested for use when sending a small number of characters. +.PP +\&\fBDES_cfb64_encrypt()\fR +implements \s-1CFB\s0 mode of \s-1DES\s0 with 64\-bit feedback. Why is this +useful you ask? Because this routine will allow you to encrypt an +arbitrary number of bytes, without 8 byte padding. Each call to this +routine will encrypt the input bytes to output and then update ivec +and num. num contains 'how far' we are though ivec. If this does +not make much sense, read more about \s-1CFB\s0 mode of \s-1DES.\s0 +.PP +\&\fBDES_ede3_cfb64_encrypt()\fR and \fBDES_ede2_cfb64_encrypt()\fR is the same as +\&\fBDES_cfb64_encrypt()\fR except that Triple-DES is used. +.PP +\&\fBDES_ofb_encrypt()\fR encrypts using output feedback mode. This method +takes an array of characters as input and outputs an array of +characters. It does not require any padding to 8 character groups. +Note: the \fIivec\fR variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only +suggested for use when sending a small number of characters. +.PP +\&\fBDES_ofb64_encrypt()\fR is the same as \fBDES_cfb64_encrypt()\fR using Output +Feed Back mode. +.PP +\&\fBDES_ede3_ofb64_encrypt()\fR and \fBDES_ede2_ofb64_encrypt()\fR is the same as +\&\fBDES_ofb64_encrypt()\fR, using Triple-DES. +.PP +The following functions are included in the \s-1DES\s0 library for +compatibility with the \s-1MIT\s0 Kerberos library. +.PP +\&\fBDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream +(via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned +and the complete 8 bytes are placed in \fIoutput\fR. This function is +used by Kerberos v4. Other applications should use +\&\fBEVP_DigestInit\fR\|(3) etc. instead. +.PP +\&\fBDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte +checksum from the input bytes. The algorithm can be iterated over the +input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is +non-NULL, the 8 bytes generated by each pass are written into +\&\fIoutput\fR. +.PP +The following are DES-based transformations: +.PP +\&\fBDES_fcrypt()\fR is a fast version of the Unix \fBcrypt\fR\|(3) function. This +version takes only a small amount of space relative to other fast +\&\fBcrypt()\fR implementations. This is different to the normal \fBcrypt()\fR in +that the third parameter is the buffer that the return value is +written into. It needs to be at least 14 bytes long. This function +is thread safe, unlike the normal \fBcrypt()\fR. +.PP +\&\fBDES_crypt()\fR is a faster replacement for the normal system \fBcrypt()\fR. +This function calls \fBDES_fcrypt()\fR with a static array passed as the +third parameter. This mostly emulates the normal non-thread-safe semantics +of \fBcrypt\fR\|(3). +The \fBsalt\fR must be two \s-1ASCII\s0 characters. +.PP +The values returned by \fBDES_fcrypt()\fR and \fBDES_crypt()\fR are terminated by \s-1NUL\s0 +character. +.PP +\&\fBDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from +buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) +using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual +data send down \fIfd\fR consists of 4 bytes (in network byte order) +containing the length of the following encrypted data. The encrypted +data then follows, padded with random data out to a multiple of 8 +bytes. +.SH "BUGS" +.IX Header "BUGS" +\&\fBDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fBDES_ncbc_encrypt()\fR +instead. +.PP +\&\fBDES_cfb_encrypt()\fR and \fBDES_ofb_encrypt()\fR operates on input of 8 bits. +What this means is that if you set numbits to 12, and length to 2, the +first 12 bits will come from the 1st input byte and the low half of +the second input byte. The second 12 bits will have the low 8 bits +taken from the 3rd input byte and the top 4 bits taken from the 4th +input byte. The same holds for output. This function has been +implemented this way because most people will be using a multiple of 8 +and because once you get into pulling bytes input bytes apart things +get ugly! +.PP +\&\fBDES_string_to_key()\fR is available for backward compatibility with the +\&\s-1MIT\s0 library. New applications should use a cryptographic hash function. +The same applies for \fBDES_string_to_2key()\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fBdes\fR library was written to be source code compatible with +the \s-1MIT\s0 Kerberos library. +.PP +Applications should use the higher level functions +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.PP +Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is +not suitable for most applications; see \fBdes_modes\fR\|(7). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDES_set_key()\fR, \fBDES_key_sched()\fR, \fBDES_set_key_checked()\fR and \fBDES_is_weak_key()\fR +return 0 on success or negative values on error. +.PP +\&\fBDES_cbc_cksum()\fR and \fBDES_quad_cksum()\fR return 4\-byte integer representing the +last 4 bytes of the checksum of the input. +.PP +\&\fBDES_fcrypt()\fR returns a pointer to the caller-provided buffer and \fBDES_crypt()\fR \- +to a static buffer on success; otherwise they return \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdes_modes\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The requirement that the \fBsalt\fR parameter to \fBDES_crypt()\fR and \fBDES_fcrypt()\fR +be two \s-1ASCII\s0 characters was first enforced in +OpenSSL 1.1.0. Previous versions tried to use the letter uppercase \fBA\fR +if both character were not present, and could crash when given non-ASCII +on some platforms. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DH_generate_key.3 b/secure/lib/libcrypto/man/man3/DH_generate_key.3 new file mode 100644 index 000000000000..3cd7a90e4669 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DH_generate_key.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GENERATE_KEY 3" +.TH DH_GENERATE_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_generate_key, DH_compute_key \- perform Diffie\-Hellman key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DH_generate_key(DH *dh); +\& +\& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_generate_key()\fR performs the first step of a Diffie-Hellman key +exchange by generating private and public \s-1DH\s0 values. By calling +\&\fBDH_compute_key()\fR, these are combined with the other party's public +value to compute the shared key. +.PP +\&\fBDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters +\&\fBdh\->p\fR and \fBdh\->g\fR. It generates a random private \s-1DH\s0 value +unless \fBdh\->priv_key\fR is already set, and computes the +corresponding public value \fBdh\->pub_key\fR, which can then be +published. +.PP +\&\fBDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value +in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores +it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_generate_key()\fR returns 1 on success, 0 otherwise. +.PP +\&\fBDH_compute_key()\fR returns the size of the shared secret on success, \-1 +on error. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBDH_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 b/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 new file mode 100644 index 000000000000..eb64edd6639f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DH_generate_parameters.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GENERATE_PARAMETERS 3" +.TH DH_GENERATE_PARAMETERS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_generate_parameters_ex, DH_generate_parameters, DH_check, DH_check_params, DH_check_ex, DH_check_params_ex, DH_check_pub_key_ex \&\- generate and check Diffie\-Hellman parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, BN_GENCB *cb); +\& +\& int DH_check(DH *dh, int *codes); +\& int DH_check_params(DH *dh, int *codes); +\& +\& int DH_check_ex(const DH *dh); +\& int DH_check_params_ex(const DH *dh); +\& int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x00908000L +\& DH *DH_generate_parameters(int prime_len, int generator, +\& void (*callback)(int, int, void *), void *cb_arg); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can +be shared among a group of users, and stores them in the provided \fB\s-1DH\s0\fR +structure. The pseudo-random number generator must be +seeded before calling it. +The parameters generated by \fBDH_generate_parameters_ex()\fR should not be used in +signature schemes. +.PP +\&\fBprime_len\fR is the length in bits of the safe prime to be generated. +\&\fBgenerator\fR is a small number > 1, typically 2 or 5. +.PP +A callback function may be used to provide feedback about the progress +of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be +called as described in \fBBN_generate_prime\fR\|(3) while a random prime +number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR +is called. See \fBBN_generate_prime_ex\fR\|(3) for information on +the \fBBN_GENCB_call()\fR function. +.PP +\&\fBDH_generate_parameters()\fR is similar to \fBDH_generate_prime_ex()\fR but +expects an old-style callback function; see +\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. +.PP +\&\fBDH_check_params()\fR confirms that the \fBp\fR and \fBg\fR are likely enough to +be valid. +This is a lightweight check, if a more thorough check is needed, use +\&\fBDH_check()\fR. +The value of \fB*codes\fR is updated with any problems found. +If \fB*codes\fR is zero then no problems were found, otherwise the +following bits may be set: +.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_PRIME" +The parameter \fBp\fR has been determined to not being an odd prime. +Note that the lack of this bit doesn't guarantee that \fBp\fR is a +prime. +.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 +.IX Item "DH_NOT_SUITABLE_GENERATOR" +The generator \fBg\fR is not suitable. +Note that the lack of this bit doesn't guarantee that \fBg\fR is +suitable, unless \fBp\fR is known to be a strong prime. +.PP +\&\fBDH_check()\fR confirms that the Diffie-Hellman parameters \fBdh\fR are valid. The +value of \fB*codes\fR is updated with any problems found. If \fB*codes\fR is zero then +no problems were found, otherwise the following bits may be set: +.IP "\s-1DH_CHECK_P_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_PRIME" +The parameter \fBp\fR is not prime. +.IP "\s-1DH_CHECK_P_NOT_SAFE_PRIME\s0" 4 +.IX Item "DH_CHECK_P_NOT_SAFE_PRIME" +The parameter \fBp\fR is not a safe prime and no \fBq\fR value is present. +.IP "\s-1DH_UNABLE_TO_CHECK_GENERATOR\s0" 4 +.IX Item "DH_UNABLE_TO_CHECK_GENERATOR" +The generator \fBg\fR cannot be checked for suitability. +.IP "\s-1DH_NOT_SUITABLE_GENERATOR\s0" 4 +.IX Item "DH_NOT_SUITABLE_GENERATOR" +The generator \fBg\fR is not suitable. +.IP "\s-1DH_CHECK_Q_NOT_PRIME\s0" 4 +.IX Item "DH_CHECK_Q_NOT_PRIME" +The parameter \fBq\fR is not prime. +.IP "\s-1DH_CHECK_INVALID_Q_VALUE\s0" 4 +.IX Item "DH_CHECK_INVALID_Q_VALUE" +The parameter \fBq\fR is invalid. +.IP "\s-1DH_CHECK_INVALID_J_VALUE\s0" 4 +.IX Item "DH_CHECK_INVALID_J_VALUE" +The parameter \fBj\fR is invalid. +.PP +\&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR are similar to +\&\fBDH_check()\fR and \fBDH_check_params()\fR respectively, but the error reasons are added +to the thread's error queue instead of provided as return values from the +function. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_generate_parameters_ex()\fR, \fBDH_check()\fR and \fBDH_check_params()\fR return 1 +if the check could be performed, 0 otherwise. +.PP +\&\fBDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure or \s-1NULL\s0 if +the parameter generation fails. +.PP +\&\fBDH_check_ex()\fR, \fBDH_check_params()\fR and \fBDH_check_pub_key_ex()\fR return 1 if the +check is successful, 0 for failed. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDH_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBDH_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use +\&\fBDH_generate_parameters_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 b/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 new file mode 100644 index 000000000000..f16b880f6e6b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DH_get0_pqg.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GET0_PQG 3" +.TH DH_GET0_PQG 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, DH_get0_p, DH_get0_q, DH_get0_g, DH_get0_priv_key, DH_get0_pub_key, DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, DH_get_length, DH_set_length \- Routines for getting and setting data in a DH object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DH_get0_pqg(const DH *dh, +\& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +\& int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +\& void DH_get0_key(const DH *dh, +\& const BIGNUM **pub_key, const BIGNUM **priv_key); +\& int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +\& const BIGNUM *DH_get0_p(const DH *dh); +\& const BIGNUM *DH_get0_q(const DH *dh); +\& const BIGNUM *DH_get0_g(const DH *dh); +\& const BIGNUM *DH_get0_priv_key(const DH *dh); +\& const BIGNUM *DH_get0_pub_key(const DH *dh); +\& void DH_clear_flags(DH *dh, int flags); +\& int DH_test_flags(const DH *dh, int flags); +\& void DH_set_flags(DH *dh, int flags); +\& ENGINE *DH_get0_engine(DH *d); +\& long DH_get_length(const DH *dh); +\& int DH_set_length(DH *dh, long length); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1DH\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. Note that the \fBq\fR +parameter is optional. It also contains a public key (\fBpub_key\fR) and +(optionally) a private key (\fBpriv_key\fR). +.PP +The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDH_get0_pqg()\fR. +If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set +to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly. +Any of the out parameters \fBp\fR, \fBq\fR, and \fBg\fR can be \s-1NULL,\s0 in which case no +value will be returned for that parameter. +.PP +The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDH_set0_pqg()\fR and passing +the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling +this function transfers the memory management of the values to the \s-1DH\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. The \fBq\fR parameter may be \s-1NULL.\s0 +.PP +To get the public and private key values use the \fBDH_get0_key()\fR function. A +pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the +private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly. +Any of the out parameters \fBpub_key\fR and \fBpriv_key\fR can be \s-1NULL,\s0 in which case +no value will be returned for that parameter. +.PP +The public and private key values can be set using \fBDH_set0_key()\fR. Either +parameter may be \s-1NULL,\s0 which means the corresponding \s-1DH\s0 field is left +untouched. As with \fBDH_set0_pqg()\fR this function transfers the memory management +of the key values to the \s-1DH\s0 object, and therefore they should not be freed +directly after this function has been called. +.PP +Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be +retrieved separately by the corresponding function \fBDH_get0_p()\fR, \fBDH_get0_q()\fR, +\&\fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR, respectively. +.PP +\&\fBDH_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DH\s0 object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. \fBDH_test_flags()\fR tests to see whether the flags +passed in the \fBflags\fR parameter are currently set in the \s-1DH\s0 object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. \fBDH_clear_flags()\fR clears the specified flags +within the \s-1DH\s0 object. +.PP +\&\fBDH_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DH\s0 +object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.PP +The \fBDH_get_length()\fR and \fBDH_set_length()\fR functions get and set the optional +length parameter associated with this \s-1DH\s0 object. If the length is non-zero then +it is used, otherwise it is ignored. The \fBlength\fR parameter indicates the +length of the secret exponent (private key) in bits. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fBDH_get0_key()\fR are owned by the \s-1DH\s0 object used +in the call and may therefore \fInot\fR be passed to \fBDH_set0_key()\fR. If +needed, duplicate the received value using \fBBN_dup()\fR and pass the +duplicate. The same applies to \fBDH_get0_pqg()\fR and \fBDH_set0_pqg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_set0_pqg()\fR and \fBDH_set0_key()\fR return 1 on success or 0 on failure. +.PP +\&\fBDH_get0_p()\fR, \fBDH_get0_q()\fR, \fBDH_get0_g()\fR, \fBDH_get0_priv_key()\fR, and \fBDH_get0_pub_key()\fR +return the respective value, or \s-1NULL\s0 if it is unset. +.PP +\&\fBDH_test_flags()\fR returns the current state of the flags in the \s-1DH\s0 object. +.PP +\&\fBDH_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DH\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +has been set. +.PP +\&\fBDH_get_length()\fR returns the length of the secret exponent (private key) in bits, +or zero if no such length has been explicitly set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), +\&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 b/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 new file mode 100644 index 000000000000..f0a3f0b7718b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DH_get_1024_160.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_GET_1024_160 3" +.TH DH_GET_1024_160 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_get_1024_160, DH_get_2048_224, DH_get_2048_256, BN_get0_nist_prime_192, BN_get0_nist_prime_224, BN_get0_nist_prime_256, BN_get0_nist_prime_384, BN_get0_nist_prime_521, BN_get_rfc2409_prime_768, BN_get_rfc2409_prime_1024, BN_get_rfc3526_prime_1536, BN_get_rfc3526_prime_2048, BN_get_rfc3526_prime_3072, BN_get_rfc3526_prime_4096, BN_get_rfc3526_prime_6144, BN_get_rfc3526_prime_8192 \&\- Create standardized public primes or DH pairs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #include +\& DH *DH_get_1024_160(void) +\& DH *DH_get_2048_224(void) +\& DH *DH_get_2048_256(void) +\& +\& const BIGNUM *BN_get0_nist_prime_192(void) +\& const BIGNUM *BN_get0_nist_prime_224(void) +\& const BIGNUM *BN_get0_nist_prime_256(void) +\& const BIGNUM *BN_get0_nist_prime_384(void) +\& const BIGNUM *BN_get0_nist_prime_521(void) +\& +\& BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) +\& BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) +\& BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_get_1024_160()\fR, \fBDH_get_2048_224()\fR, and \fBDH_get_2048_256()\fR each return +a \s-1DH\s0 object for the \s-1IETF RFC 5114\s0 value. +.PP +\&\fBBN_get0_nist_prime_192()\fR, \fBBN_get0_nist_prime_224()\fR, \fBBN_get0_nist_prime_256()\fR, +\&\fBBN_get0_nist_prime_384()\fR, and \fBBN_get0_nist_prime_521()\fR functions return +a \s-1BIGNUM\s0 for the specific \s-1NIST\s0 prime curve (e.g., P\-256). +.PP +\&\fBBN_get_rfc2409_prime_768()\fR, \fBBN_get_rfc2409_prime_1024()\fR, +\&\fBBN_get_rfc3526_prime_1536()\fR, \fBBN_get_rfc3526_prime_2048()\fR, +\&\fBBN_get_rfc3526_prime_3072()\fR, \fBBN_get_rfc3526_prime_4096()\fR, +\&\fBBN_get_rfc3526_prime_6144()\fR, and \fBBN_get_rfc3526_prime_8192()\fR functions +return a \s-1BIGNUM\s0 for the specified size from \s-1IETF RFC 2409.\s0 If \fBbn\fR +is not \s-1NULL,\s0 the \s-1BIGNUM\s0 will be set into that location as well. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Defined above. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DH_meth_new.3 b/secure/lib/libcrypto/man/man3/DH_meth_new.3 new file mode 100644 index 000000000000..aed529ba21d7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DH_meth_new.3 @@ -0,0 +1,294 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_METH_NEW 3" +.TH DH_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_meth_new, DH_meth_free, DH_meth_dup, DH_meth_get0_name, DH_meth_set1_name, DH_meth_get_flags, DH_meth_set_flags, DH_meth_get0_app_data, DH_meth_set0_app_data, DH_meth_get_generate_key, DH_meth_set_generate_key, DH_meth_get_compute_key, DH_meth_set_compute_key, DH_meth_get_bn_mod_exp, DH_meth_set_bn_mod_exp, DH_meth_get_init, DH_meth_set_init, DH_meth_get_finish, DH_meth_set_finish, DH_meth_get_generate_params, DH_meth_set_generate_params \- Routines to build up DH methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH_METHOD *DH_meth_new(const char *name, int flags); +\& +\& void DH_meth_free(DH_METHOD *dhm); +\& +\& DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); +\& +\& const char *DH_meth_get0_name(const DH_METHOD *dhm); +\& int DH_meth_set1_name(DH_METHOD *dhm, const char *name); +\& +\& int DH_meth_get_flags(const DH_METHOD *dhm); +\& int DH_meth_set_flags(DH_METHOD *dhm, int flags); +\& +\& void *DH_meth_get0_app_data(const DH_METHOD *dhm); +\& int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); +\& +\& int (*DH_meth_get_generate_key(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key)(DH *)); +\& +\& int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) +\& (unsigned char *key, const BIGNUM *pub_key, DH *dh); +\& int DH_meth_set_compute_key(DH_METHOD *dhm, +\& int (*compute_key)(unsigned char *key, const BIGNUM *pub_key, DH *dh)); +\& +\& int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) +\& (const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, +\& int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *m_ctx)); +\& +\& int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); +\& +\& int (*DH_meth_get_finish(const DH_METHOD *dhm))(DH *); +\& int DH_meth_set_finish(DH_METHOD *dhm, int (*finish)(DH *)); +\& +\& int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) +\& (DH *, int, int, BN_GENCB *); +\& int DH_meth_set_generate_params(DH_METHOD *dhm, +\& int (*generate_params)(DH *, int, int, BN_GENCB *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1DH_METHOD\s0\fR type is a structure used for the provision of custom \s-1DH\s0 +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various \s-1DH\s0 capabilities. +.PP +\&\fBDH_meth_new()\fR creates a new \fB\s-1DH_METHOD\s0\fR structure. It should be given a +unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated +string, which will be duplicated and stored in the \fB\s-1DH_METHOD\s0\fR object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new \fB\s-1DH\s0\fR object based on this \fB\s-1DH_METHOD\s0\fR. Any +new \fB\s-1DH\s0\fR object will have those flags set by default. +.PP +\&\fBDH_meth_dup()\fR creates a duplicate copy of the \fB\s-1DH_METHOD\s0\fR object passed as a +parameter. This might be useful for creating a new \fB\s-1DH_METHOD\s0\fR based on an +existing one, but with some differences. +.PP +\&\fBDH_meth_free()\fR destroys a \fB\s-1DH_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fBDH_meth_get0_name()\fR will return a pointer to the name of this \s-1DH_METHOD.\s0 This +is a pointer to the internal name string and so should not be freed by the +caller. \fBDH_meth_set1_name()\fR sets the name of the \s-1DH_METHOD\s0 to \fBname\fR. The +string is duplicated and the copy is stored in the \s-1DH_METHOD\s0 structure, so the +caller remains responsible for freeing the memory associated with the name. +.PP +\&\fBDH_meth_get_flags()\fR returns the current value of the flags associated with this +\&\s-1DH_METHOD.\s0 \fBDH_meth_set_flags()\fR provides the ability to set these flags. +.PP +The functions \fBDH_meth_get0_app_data()\fR and \fBDH_meth_set0_app_data()\fR provide the +ability to associate implementation specific data with the \s-1DH_METHOD.\s0 It is +the application's responsibility to free this data before the \s-1DH_METHOD\s0 is +freed via a call to \fBDH_meth_free()\fR. +.PP +\&\fBDH_meth_get_generate_key()\fR and \fBDH_meth_set_generate_key()\fR get and set the +function used for generating a new \s-1DH\s0 key pair respectively. This function will +be called in response to the application calling \fBDH_generate_key()\fR. The +parameter for the function has the same meaning as for \fBDH_generate_key()\fR. +.PP +\&\fBDH_meth_get_compute_key()\fR and \fBDH_meth_set_compute_key()\fR get and set the +function used for computing a new \s-1DH\s0 shared secret respectively. This function +will be called in response to the application calling \fBDH_compute_key()\fR. The +parameters for the function have the same meaning as for \fBDH_compute_key()\fR. +.PP +\&\fBDH_meth_get_bn_mod_exp()\fR and \fBDH_meth_set_bn_mod_exp()\fR get and set the function +used for computing the following value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +This function will be called by the default OpenSSL function for +\&\fBDH_generate_key()\fR. The result is stored in the \fBr\fR parameter. This function +may be \s-1NULL\s0 unless using the default generate key function, in which case it +must be present. +.PP +\&\fBDH_meth_get_init()\fR and \fBDH_meth_set_init()\fR get and set the function used +for creating a new \s-1DH\s0 instance respectively. This function will be +called in response to the application calling \fBDH_new()\fR (if the current default +\&\s-1DH_METHOD\s0 is this one) or \fBDH_new_method()\fR. The \fBDH_new()\fR and \fBDH_new_method()\fR +functions will allocate the memory for the new \s-1DH\s0 object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be \s-1NULL.\s0 +.PP +\&\fBDH_meth_get_finish()\fR and \fBDH_meth_set_finish()\fR get and set the function used +for destroying an instance of a \s-1DH\s0 object respectively. This function will be +called in response to the application calling \fBDH_free()\fR. A pointer to the \s-1DH\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1DH\s0 implementation specific clean up. The memory for the \s-1DH\s0 itself should +not be freed by this function. This function may be \s-1NULL.\s0 +.PP +\&\fBDH_meth_get_generate_params()\fR and \fBDH_meth_set_generate_params()\fR get and set the +function used for generating \s-1DH\s0 parameters respectively. This function will be +called in response to the application calling \fBDH_generate_parameters_ex()\fR (or +\&\fBDH_generate_parameters()\fR). The parameters for the function have the same +meaning as for \fBDH_generate_parameters_ex()\fR. This function may be \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_meth_new()\fR and \fBDH_meth_dup()\fR return the newly allocated \s-1DH_METHOD\s0 object +or \s-1NULL\s0 on failure. +.PP +\&\fBDH_meth_get0_name()\fR and \fBDH_meth_get_flags()\fR return the name and flags +associated with the \s-1DH_METHOD\s0 respectively. +.PP +All other DH_meth_get_*() functions return the appropriate function pointer +that has been set in the \s-1DH_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been +set. +.PP +\&\fBDH_meth_set1_name()\fR and all DH_meth_set_*() functions return 1 on success or +0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_generate_parameters\fR\|(3), \fBDH_generate_key\fR\|(3), +\&\fBDH_set_method\fR\|(3), \fBDH_size\fR\|(3), \fBDH_get0_pqg\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DH_new.3 b/secure/lib/libcrypto/man/man3/DH_new.3 new file mode 100644 index 000000000000..2fd0721b86d0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DH_new.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_NEW 3" +.TH DH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_new, DH_free \- allocate and free DH objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH* DH_new(void); +\& +\& void DH_free(DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. +.PP +\&\fBDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are +erased before the memory is returned to the system. +If \fBdh\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns +a pointer to the newly allocated structure. +.PP +\&\fBDH_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDH_generate_parameters\fR\|(3), +\&\fBDH_generate_key\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 b/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 new file mode 100644 index 000000000000..4e85d2c0053c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DH_new_by_nid.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_NEW_BY_NID 3" +.TH DH_NEW_BY_NID 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_new_by_nid, DH_get_nid \- get or find DH named parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& #include +\& DH *DH_new_by_nid(int nid); +\& int *DH_get_nid(const DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_new_by_nid()\fR creates and returns a \s-1DH\s0 structure containing named parameters +\&\fBnid\fR. Currently \fBnid\fR must be \fBNID_ffdhe2048\fR, \fBNID_ffdhe3072\fR, +\&\fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR or \fBNID_ffdhe8192\fR. +.PP +\&\fBDH_get_nid()\fR determines if the parameters contained in \fBdh\fR match +any named set. It returns the \s-1NID\s0 corresponding to the matching parameters or +\&\fBNID_undef\fR if there is no match. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_new_by_nid()\fR returns a set of \s-1DH\s0 parameters or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBDH_get_nid()\fR returns the \s-1NID\s0 of the matching set of parameters or +\&\fBNID_undef\fR if there is no match. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DH_set_method.3 b/secure/lib/libcrypto/man/man3/DH_set_method.3 new file mode 100644 index 000000000000..3702353f11e9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DH_set_method.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_SET_METHOD 3" +.TH DH_SET_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSL \- select DH method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DH_set_default_method(const DH_METHOD *meth); +\& +\& const DH_METHOD *DH_get_default_method(void); +\& +\& int DH_set_method(DH *dh, const DH_METHOD *meth); +\& +\& DH *DH_new_method(ENGINE *engine); +\& +\& const DH_METHOD *DH_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DH API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as +returned by \fBDH_OpenSSL()\fR. +.PP +\&\fBDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set +as a default for \s-1DH,\s0 so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fBDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0 +However, the meaningfulness of this result is dependent on whether the \s-1ENGINE +API\s0 is being used, so this function is no longer recommended. +.PP +\&\fBDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. +This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method +was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the +change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 +implementations (eg. from an \s-1ENGINE\s0 module that supports embedded +hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 +for the key can have unexpected results. +.PP +\&\fBDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will +be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0 +operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by +\&\fBDH_set_default_method()\fR is used. +.PP +A new \s-1DH_METHOD\s0 object may be constructed using \fBDH_meth_new()\fR (see +\&\fBDH_meth_new\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_OpenSSL()\fR and \fBDH_get_default_method()\fR return pointers to the respective +\&\fB\s-1DH_METHOD\s0\fRs. +.PP +\&\fBDH_set_default_method()\fR returns no value. +.PP +\&\fBDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). +.PP +\&\fBDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by +\&\fBERR_get_error\fR\|(3) if the allocation fails. Otherwise it +returns a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDH_new\fR\|(3), \fBDH_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DH_size.3 b/secure/lib/libcrypto/man/man3/DH_size.3 new file mode 100644 index 000000000000..f47dbeb9e119 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DH_size.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DH_SIZE 3" +.TH DH_SIZE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DH_size, DH_bits, DH_security_bits \- get Diffie\-Hellman prime size and security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DH_size(const DH *dh); +\& +\& int DH_bits(const DH *dh); +\& +\& int DH_security_bits(const DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDH_size()\fR returns the Diffie-Hellman prime size in bytes. It can be used +to determine how much memory must be allocated for the shared secret +computed by \fBDH_compute_key\fR\|(3). +.PP +\&\fBDH_bits()\fR returns the number of significant bits. +.PP +\&\fBdh\fR and \fBdh\->p\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fBDH_security_bits()\fR returns the number of security bits of the given \fBdh\fR +key. See \fBBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDH_size()\fR returns the prime size of Diffie-Hellman in bytes. +.PP +\&\fBDH_bits()\fR returns the number of bits in the key. +.PP +\&\fBDH_security_bits()\fR returns the number of security bits. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDH_generate_key\fR\|(3), +\&\fBBN_num_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBDH_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 b/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 new file mode 100644 index 000000000000..1c40267fd187 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DSA_SIG_new.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIG_NEW 3" +.TH DSA_SIG_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_SIG_get0, DSA_SIG_set0, DSA_SIG_new, DSA_SIG_free \- allocate and free DSA signature objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_SIG *DSA_SIG_new(void); +\& void DSA_SIG_free(DSA_SIG *a); +\& void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +\& int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_SIG_new()\fR allocates an empty \fB\s-1DSA_SIG\s0\fR structure. +.PP +\&\fBDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The +values are erased before the memory is returned to the system. +.PP +\&\fBDSA_SIG_get0()\fR returns internal pointers to the \fBr\fR and \fBs\fR values contained +in \fBsig\fR. +.PP +The \fBr\fR and \fBs\fR values can be set by calling \fBDSA_SIG_set0()\fR and passing the +new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this +function transfers the memory management of the values to the \s-1DSA_SIG\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an +error code that can be obtained by +\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer +to the newly allocated structure. +.PP +\&\fBDSA_SIG_free()\fR returns no value. +.PP +\&\fBDSA_SIG_set0()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDSA_do_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DSA_do_sign.3 b/secure/lib/libcrypto/man/man3/DSA_do_sign.3 new file mode 100644 index 000000000000..c0221b8ea9be --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DSA_do_sign.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_DO_SIGN 3" +.TH DSA_DO_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_do_sign, DSA_do_verify \- raw DSA signature operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +\& +\& int DSA_do_verify(const unsigned char *dgst, int dgst_len, +\& DSA_SIG *sig, DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message +digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a +newly allocated \fB\s-1DSA_SIG\s0\fR structure. +.PP +\&\fBDSA_sign_setup\fR\|(3) may be used to precompute part +of the signing operation in case signature generation is +time-critical. +.PP +\&\fBDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given +message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public +key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fBDSA_do_verify()\fR +returns 1 for a valid signature, 0 for an incorrect signature and \-1 +on error. The error codes can be obtained by +\&\fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 b/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 new file mode 100644 index 000000000000..9b3852a3dc9e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DSA_dup_DH.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_DUP_DH 3" +.TH DSA_DUP_DH 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_dup_DH \- create a DH structure out of DSA structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH *DSA_dup_DH(const DSA *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q +is lost during that conversion, but the resulting \s-1DH\s0 parameters +contain its length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The +error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "NOTE" +.IX Header "NOTE" +Be careful to avoid small subgroup attacks when using this. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDH_new\fR\|(3), \fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DSA_generate_key.3 b/secure/lib/libcrypto/man/man3/DSA_generate_key.3 new file mode 100644 index 000000000000..10ed1b44efbd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DSA_generate_key.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GENERATE_KEY 3" +.TH DSA_GENERATE_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_generate_key \- generate DSA key pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_generate_key(DSA *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates +a new key pair and stores it in \fBa\->pub_key\fR and \fBa\->priv_key\fR. +.PP +The random generator must be seeded prior to calling \fBDSA_generate_key()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_generate_key()\fR returns 1 on success, 0 otherwise. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_generate_parameters_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 new file mode 100644 index 000000000000..15d56a2727a1 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DSA_generate_parameters.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GENERATE_PARAMETERS 3" +.TH DSA_GENERATE_PARAMETERS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_generate_parameters_ex, DSA_generate_parameters \- generate DSA parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_generate_parameters_ex(DSA *dsa, int bits, +\& const unsigned char *seed, int seed_len, +\& int *counter_ret, unsigned long *h_ret, +\& BN_GENCB *cb); +.Ve +.PP +Deprecated: +.PP +.Vb 5 +\& #if OPENSSL_API_COMPAT < 0x00908000L +\& DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, +\& int *counter_ret, unsigned long *h_ret, +\& void (*callback)(int, int, void *), void *cb_arg); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_generate_parameters_ex()\fR generates primes p and q and a generator g +for use in the \s-1DSA\s0 and stores the result in \fBdsa\fR. +.PP +\&\fBbits\fR is the length of the prime p to be generated. +For lengths under 2048 bits, the length of q is 160 bits; for lengths +greater than or equal to 2048 bits, the length of q is set to 256 bits. +.PP +If \fBseed\fR is \s-1NULL,\s0 the primes will be generated at random. +If \fBseed_len\fR is less than the length of q, an error is returned. +.PP +\&\fBDSA_generate_parameters_ex()\fR places the iteration count in +*\fBcounter_ret\fR and a counter used for finding a generator in +*\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR. +.PP +A callback function may be used to provide feedback about the progress +of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it will be +called as shown below. For information on the \s-1BN_GENCB\s0 structure and the +BN_GENCB_call function discussed below, refer to +\&\fBBN_generate_prime\fR\|(3). +.PP +\&\fBDSA_generate_prime()\fR is similar to \fBDSA_generate_prime_ex()\fR but +expects an old-style callback function; see +\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. +.IP "\(bu" 2 +When a candidate for q is generated, \fBBN_GENCB_call(cb, 0, m++)\fR is called +(m is 0 for the first candidate). +.IP "\(bu" 2 +When a candidate for q has passed a test by trial division, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +While a candidate for q is tested by Miller-Rabin primality tests, +\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop +(once for each witness that confirms that the candidate may be prime); +i is the loop counter (starting at 0). +.IP "\(bu" 2 +When a prime q has been found, \fBBN_GENCB_call(cb, 2, 0)\fR and +\&\fBBN_GENCB_call(cb, 3, 0)\fR are called. +.IP "\(bu" 2 +Before a candidate for p (other than the first) is generated and tested, +\&\fBBN_GENCB_call(cb, 0, counter)\fR is called. +.IP "\(bu" 2 +When a candidate for p has passed the test by trial division, +\&\fBBN_GENCB_call(cb, 1, \-1)\fR is called. +While it is tested by the Miller-Rabin primality test, +\&\fBBN_GENCB_call(cb, 1, i)\fR is called in the outer loop +(once for each witness that confirms that the candidate may be prime). +i is the loop counter (starting at 0). +.IP "\(bu" 2 +When p has been found, \fBBN_GENCB_call(cb, 2, 1)\fR is called. +.IP "\(bu" 2 +When the generator has been found, \fBBN_GENCB_call(cb, 3, 1)\fR is called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_generate_parameters_ex()\fR returns a 1 on success, or 0 otherwise. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.PP +\&\fBDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure or +\&\fB\s-1NULL\s0\fR if the parameter generation fails. +.SH "BUGS" +.IX Header "BUGS" +Seed lengths greater than 20 are not supported. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_free\fR\|(3), \fBBN_generate_prime\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBDSA_generate_parameters()\fR was deprecated in OpenSSL 0.9.8; use +\&\fBDSA_generate_parameters_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 b/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 new file mode 100644 index 000000000000..fed19b74d731 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DSA_get0_pqg.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_GET0_PQG 3" +.TH DSA_GET0_PQG 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_get0_pqg, DSA_set0_pqg, DSA_get0_key, DSA_set0_key, DSA_get0_p, DSA_get0_q, DSA_get0_g, DSA_get0_pub_key, DSA_get0_priv_key, DSA_clear_flags, DSA_test_flags, DSA_set_flags, DSA_get0_engine \- Routines for getting and setting data in a DSA object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DSA_get0_pqg(const DSA *d, +\& const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +\& int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +\& void DSA_get0_key(const DSA *d, +\& const BIGNUM **pub_key, const BIGNUM **priv_key); +\& int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +\& const BIGNUM *DSA_get0_p(const DSA *d); +\& const BIGNUM *DSA_get0_q(const DSA *d); +\& const BIGNUM *DSA_get0_g(const DSA *d); +\& const BIGNUM *DSA_get0_pub_key(const DSA *d); +\& const BIGNUM *DSA_get0_priv_key(const DSA *d); +\& void DSA_clear_flags(DSA *d, int flags); +\& int DSA_test_flags(const DSA *d, int flags); +\& void DSA_set_flags(DSA *d, int flags); +\& ENGINE *DSA_get0_engine(DSA *d); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1DSA\s0 object contains the parameters \fBp\fR, \fBq\fR and \fBg\fR. It also contains a +public key (\fBpub_key\fR) and (optionally) a private key (\fBpriv_key\fR). +.PP +The \fBp\fR, \fBq\fR and \fBg\fR parameters can be obtained by calling \fBDSA_get0_pqg()\fR. +If the parameters have not yet been set then \fB*p\fR, \fB*q\fR and \fB*g\fR will be set +to \s-1NULL.\s0 Otherwise they are set to pointers to their respective values. These +point directly to the internal representations of the values and therefore +should not be freed directly. +.PP +The \fBp\fR, \fBq\fR and \fBg\fR values can be set by calling \fBDSA_set0_pqg()\fR and passing +the new values for \fBp\fR, \fBq\fR and \fBg\fR as parameters to the function. Calling +this function transfers the memory management of the values to the \s-1DSA\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.PP +To get the public and private key values use the \fBDSA_get0_key()\fR function. A +pointer to the public key will be stored in \fB*pub_key\fR, and a pointer to the +private key will be stored in \fB*priv_key\fR. Either may be \s-1NULL\s0 if they have not +been set yet, although if the private key has been set then the public key must +be. The values point to the internal representation of the public key and +private key values. This memory should not be freed directly. +.PP +The public and private key values can be set using \fBDSA_set0_key()\fR. The public +key must be non-NULL the first time this function is called on a given \s-1DSA\s0 +object. The private key may be \s-1NULL.\s0 On subsequent calls, either may be \s-1NULL,\s0 +which means the corresponding \s-1DSA\s0 field is left untouched. As for \fBDSA_set0_pqg()\fR +this function transfers the memory management of the key values to the \s-1DSA\s0 +object, and therefore they should not be freed directly after this function has +been called. +.PP +Any of the values \fBp\fR, \fBq\fR, \fBg\fR, \fBpriv_key\fR, and \fBpub_key\fR can also be +retrieved separately by the corresponding function \fBDSA_get0_p()\fR, \fBDSA_get0_q()\fR, +\&\fBDSA_get0_g()\fR, \fBDSA_get0_priv_key()\fR, and \fBDSA_get0_pub_key()\fR, respectively. +.PP +\&\fBDSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1DSA\s0 object. +Multiple flags can be passed in one go (bitwise ORed together). Any flags that +are already set are left set. \fBDSA_test_flags()\fR tests to see whether the flags +passed in the \fBflags\fR parameter are currently set in the \s-1DSA\s0 object. Multiple +flags can be tested in one go. All flags that are currently set are returned, or +zero if none of the flags are set. \fBDSA_clear_flags()\fR clears the specified flags +within the \s-1DSA\s0 object. +.PP +\&\fBDSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for this \s-1DSA\s0 +object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fBDSA_get0_key()\fR are owned by the \s-1DSA\s0 object used +in the call and may therefore \fInot\fR be passed to \fBDSA_set0_key()\fR. If +needed, duplicate the received value using \fBBN_dup()\fR and pass the +duplicate. The same applies to \fBDSA_get0_pqg()\fR and \fBDSA_set0_pqg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_set0_pqg()\fR and \fBDSA_set0_key()\fR return 1 on success or 0 on failure. +.PP +\&\fBDSA_test_flags()\fR returns the current state of the flags in the \s-1DSA\s0 object. +.PP +\&\fBDSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1DSA\s0 object or \s-1NULL\s0 if no \s-1ENGINE\s0 +has been set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), +\&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_meth_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DSA_meth_new.3 b/secure/lib/libcrypto/man/man3/DSA_meth_new.3 new file mode 100644 index 000000000000..0fb5e6c23422 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DSA_meth_new.3 @@ -0,0 +1,342 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_METH_NEW 3" +.TH DSA_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_meth_new, DSA_meth_free, DSA_meth_dup, DSA_meth_get0_name, DSA_meth_set1_name, DSA_meth_get_flags, DSA_meth_set_flags, DSA_meth_get0_app_data, DSA_meth_set0_app_data, DSA_meth_get_sign, DSA_meth_set_sign, DSA_meth_get_sign_setup, DSA_meth_set_sign_setup, DSA_meth_get_verify, DSA_meth_set_verify, DSA_meth_get_mod_exp, DSA_meth_set_mod_exp, DSA_meth_get_bn_mod_exp, DSA_meth_set_bn_mod_exp, DSA_meth_get_init, DSA_meth_set_init, DSA_meth_get_finish, DSA_meth_set_finish, DSA_meth_get_paramgen, DSA_meth_set_paramgen, DSA_meth_get_keygen, DSA_meth_set_keygen \- Routines to build up DSA methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA_METHOD *DSA_meth_new(const char *name, int flags); +\& +\& void DSA_meth_free(DSA_METHOD *dsam); +\& +\& DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); +\& +\& const char *DSA_meth_get0_name(const DSA_METHOD *dsam); +\& int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); +\& +\& int DSA_meth_get_flags(const DSA_METHOD *dsam); +\& int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); +\& +\& void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); +\& int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); +\& +\& DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))(const unsigned char *, +\& int, DSA *); +\& int DSA_meth_set_sign(DSA_METHOD *dsam, DSA_SIG *(*sign)(const unsigned char *, +\& int, DSA *)); +\& +\& int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))(DSA *, BN_CTX *,$ +\& BIGNUM **, BIGNUM **); +\& int DSA_meth_set_sign_setup(DSA_METHOD *dsam, int (*sign_setup)(DSA *, BN_CTX *, +\& BIGNUM **, BIGNUM **)); +\& +\& int (*DSA_meth_get_verify(const DSA_METHOD *dsam))(const unsigned char *, +\& int, DSA_SIG *, DSA *); +\& int DSA_meth_set_verify(DSA_METHOD *dsam, int (*verify)(const unsigned char *, +\& int, DSA_SIG *, DSA *)); +\& +\& int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *rr, BIGNUM *a1, +\& BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, +\& BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *in_mont); +\& int DSA_meth_set_mod_exp(DSA_METHOD *dsam, int (*mod_exp)(DSA *dsa, BIGNUM *rr, +\& BIGNUM *a1, BIGNUM *p1, +\& BIGNUM *a2, BIGNUM *p2, +\& BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *mont)); +\& +\& int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))(DSA *dsa, BIGNUM *r, BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *mont); +\& int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, int (*bn_mod_exp)(DSA *dsa, +\& BIGNUM *r, +\& BIGNUM *a, +\& const BIGNUM *p, +\& const BIGNUM *m, +\& BN_CTX *ctx, +\& BN_MONT_CTX *mont)); +\& +\& int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); +\& +\& int (*DSA_meth_get_finish(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish)(DSA *)); +\& +\& int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))(DSA *, int, +\& const unsigned char *, +\& int, int *, unsigned long *, +\& BN_GENCB *); +\& int DSA_meth_set_paramgen(DSA_METHOD *dsam, +\& int (*paramgen)(DSA *, int, const unsigned char *, +\& int, int *, unsigned long *, BN_GENCB *)); +\& +\& int (*DSA_meth_get_keygen(const DSA_METHOD *dsam))(DSA *); +\& int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen)(DSA *)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1DSA_METHOD\s0\fR type is a structure used for the provision of custom \s-1DSA\s0 +implementations. It provides a set of functions used by OpenSSL for the +implementation of the various \s-1DSA\s0 capabilities. See the dsa page for more +information. +.PP +\&\fBDSA_meth_new()\fR creates a new \fB\s-1DSA_METHOD\s0\fR structure. It should be given a +unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a \s-1NULL\s0 terminated +string, which will be duplicated and stored in the \fB\s-1DSA_METHOD\s0\fR object. It is +the callers responsibility to free the original string. The flags will be used +during the construction of a new \fB\s-1DSA\s0\fR object based on this \fB\s-1DSA_METHOD\s0\fR. Any +new \fB\s-1DSA\s0\fR object will have those flags set by default. +.PP +\&\fBDSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1DSA_METHOD\s0\fR object passed as a +parameter. This might be useful for creating a new \fB\s-1DSA_METHOD\s0\fR based on an +existing one, but with some differences. +.PP +\&\fBDSA_meth_free()\fR destroys a \fB\s-1DSA_METHOD\s0\fR structure and frees up any memory +associated with it. +.PP +\&\fBDSA_meth_get0_name()\fR will return a pointer to the name of this \s-1DSA_METHOD.\s0 This +is a pointer to the internal name string and so should not be freed by the +caller. \fBDSA_meth_set1_name()\fR sets the name of the \s-1DSA_METHOD\s0 to \fBname\fR. The +string is duplicated and the copy is stored in the \s-1DSA_METHOD\s0 structure, so the +caller remains responsible for freeing the memory associated with the name. +.PP +\&\fBDSA_meth_get_flags()\fR returns the current value of the flags associated with this +\&\s-1DSA_METHOD.\s0 \fBDSA_meth_set_flags()\fR provides the ability to set these flags. +.PP +The functions \fBDSA_meth_get0_app_data()\fR and \fBDSA_meth_set0_app_data()\fR provide the +ability to associate implementation specific data with the \s-1DSA_METHOD.\s0 It is +the application's responsibility to free this data before the \s-1DSA_METHOD\s0 is +freed via a call to \fBDSA_meth_free()\fR. +.PP +\&\fBDSA_meth_get_sign()\fR and \fBDSA_meth_set_sign()\fR get and set the function used for +creating a \s-1DSA\s0 signature respectively. This function will be +called in response to the application calling \fBDSA_do_sign()\fR (or \fBDSA_sign()\fR). The +parameters for the function have the same meaning as for \fBDSA_do_sign()\fR. +.PP +\&\fBDSA_meth_get_sign_setup()\fR and \fBDSA_meth_set_sign_setup()\fR get and set the function +used for precalculating the \s-1DSA\s0 signature values \fBk^\-1\fR and \fBr\fR. This function +will be called in response to the application calling \fBDSA_sign_setup()\fR. The +parameters for the function have the same meaning as for \fBDSA_sign_setup()\fR. +.PP +\&\fBDSA_meth_get_verify()\fR and \fBDSA_meth_set_verify()\fR get and set the function used +for verifying a \s-1DSA\s0 signature respectively. This function will be called in +response to the application calling \fBDSA_do_verify()\fR (or \fBDSA_verify()\fR). The +parameters for the function have the same meaning as for \fBDSA_do_verify()\fR. +.PP +\&\fBDSA_meth_get_mod_exp()\fR and \fBDSA_meth_set_mod_exp()\fR get and set the function used +for computing the following value: +.PP +.Vb 1 +\& rr = a1^p1 * a2^p2 mod m +.Ve +.PP +This function will be called by the default OpenSSL method during verification +of a \s-1DSA\s0 signature. The result is stored in the \fBrr\fR parameter. This function +may be \s-1NULL.\s0 +.PP +\&\fBDSA_meth_get_bn_mod_exp()\fR and \fBDSA_meth_set_bn_mod_exp()\fR get and set the function +used for computing the following value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +This function will be called by the default OpenSSL function for +\&\fBDSA_sign_setup()\fR. The result is stored in the \fBr\fR parameter. This function +may be \s-1NULL.\s0 +.PP +\&\fBDSA_meth_get_init()\fR and \fBDSA_meth_set_init()\fR get and set the function used +for creating a new \s-1DSA\s0 instance respectively. This function will be +called in response to the application calling \fBDSA_new()\fR (if the current default +\&\s-1DSA_METHOD\s0 is this one) or \fBDSA_new_method()\fR. The \fBDSA_new()\fR and \fBDSA_new_method()\fR +functions will allocate the memory for the new \s-1DSA\s0 object, and a pointer to this +newly allocated structure will be passed as a parameter to the function. This +function may be \s-1NULL.\s0 +.PP +\&\fBDSA_meth_get_finish()\fR and \fBDSA_meth_set_finish()\fR get and set the function used +for destroying an instance of a \s-1DSA\s0 object respectively. This function will be +called in response to the application calling \fBDSA_free()\fR. A pointer to the \s-1DSA\s0 +to be destroyed is passed as a parameter. The destroy function should be used +for \s-1DSA\s0 implementation specific clean up. The memory for the \s-1DSA\s0 itself should +not be freed by this function. This function may be \s-1NULL.\s0 +.PP +\&\fBDSA_meth_get_paramgen()\fR and \fBDSA_meth_set_paramgen()\fR get and set the function +used for generating \s-1DSA\s0 parameters respectively. This function will be called in +response to the application calling \fBDSA_generate_parameters_ex()\fR (or +\&\fBDSA_generate_parameters()\fR). The parameters for the function have the same +meaning as for \fBDSA_generate_parameters_ex()\fR. +.PP +\&\fBDSA_meth_get_keygen()\fR and \fBDSA_meth_set_keygen()\fR get and set the function +used for generating a new \s-1DSA\s0 key pair respectively. This function will be +called in response to the application calling \fBDSA_generate_key()\fR. The parameter +for the function has the same meaning as for \fBDSA_generate_key()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_meth_new()\fR and \fBDSA_meth_dup()\fR return the newly allocated \s-1DSA_METHOD\s0 object +or \s-1NULL\s0 on failure. +.PP +\&\fBDSA_meth_get0_name()\fR and \fBDSA_meth_get_flags()\fR return the name and flags +associated with the \s-1DSA_METHOD\s0 respectively. +.PP +All other DSA_meth_get_*() functions return the appropriate function pointer +that has been set in the \s-1DSA_METHOD,\s0 or \s-1NULL\s0 if no such pointer has yet been +set. +.PP +\&\fBDSA_meth_set1_name()\fR and all DSA_meth_set_*() functions return 1 on success or +0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_generate_parameters\fR\|(3), \fBDSA_generate_key\fR\|(3), +\&\fBDSA_dup_DH\fR\|(3), \fBDSA_do_sign\fR\|(3), \fBDSA_set_method\fR\|(3), \fBDSA_SIG_new\fR\|(3), +\&\fBDSA_sign\fR\|(3), \fBDSA_size\fR\|(3), \fBDSA_get0_pqg\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DSA_new.3 b/secure/lib/libcrypto/man/man3/DSA_new.3 new file mode 100644 index 000000000000..031b13f4bfb9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DSA_new.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_NEW 3" +.TH DSA_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_new, DSA_free \- allocate and free DSA objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DSA* DSA_new(void); +\& +\& void DSA_free(DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to +calling DSA_new_method(\s-1NULL\s0). +.PP +\&\fBDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are +erased before the memory is returned to the system. +If \fBdsa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by +\&\fBERR_get_error\fR\|(3). Otherwise it returns a pointer +to the newly allocated structure. +.PP +\&\fBDSA_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBDSA_generate_parameters\fR\|(3), +\&\fBDSA_generate_key\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DSA_set_method.3 b/secure/lib/libcrypto/man/man3/DSA_set_method.3 new file mode 100644 index 000000000000..df3e03928363 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DSA_set_method.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SET_METHOD 3" +.TH DSA_SET_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_set_default_method, DSA_get_default_method, DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void DSA_set_default_method(const DSA_METHOD *meth); +\& +\& const DSA_METHOD *DSA_get_default_method(void); +\& +\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); +\& +\& DSA *DSA_new_method(ENGINE *engine); +\& +\& DSA_METHOD *DSA_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DSA API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fBDSA_OpenSSL()\fR. +.PP +\&\fBDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1DSA,\s0 so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fBDSA_get_default_method()\fR returns a pointer to the current default +\&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on +whether the \s-1ENGINE API\s0 is being used, so this function is no longer +recommended. +.PP +\&\fBDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the +previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1DSA\s0 keys that only +work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected +results. See DSA_meth_new for information on constructing custom \s-1DSA_METHOD\s0 +objects; +.PP +\&\fBDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR +will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine +for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 +controlled by \fBDSA_set_default_method()\fR is used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_OpenSSL()\fR and \fBDSA_get_default_method()\fR return pointers to the respective +\&\fB\s-1DSA_METHOD\s0\fRs. +.PP +\&\fBDSA_set_default_method()\fR returns no value. +.PP +\&\fBDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). +.PP +\&\fBDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be +obtained by \fBERR_get_error\fR\|(3) if the allocation +fails. Otherwise it returns a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBDSA_new\fR\|(3), \fBDSA_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DSA_sign.3 b/secure/lib/libcrypto/man/man3/DSA_sign.3 new file mode 100644 index 000000000000..573016019693 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DSA_sign.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIGN 3" +.TH DSA_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_sign(int type, const unsigned char *dgst, int len, +\& unsigned char *sigret, unsigned int *siglen, DSA *dsa); +\& +\& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, BIGNUM **rp); +\& +\& int DSA_verify(int type, const unsigned char *dgst, int len, +\& unsigned char *sigbuf, int siglen, DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message +digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0 +encoding at \fBsigret\fR. The length of the signature is places in +*\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. +.PP +\&\fBDSA_sign_setup()\fR is defined only for backward binary compatibility and +should not be used. +Since OpenSSL 1.1.0 the \s-1DSA\s0 type is opaque and the output of +\&\fBDSA_sign_setup()\fR cannot be used anyway: calling this function will only +cause overhead, and does not affect the actual signature +(pre\-)computation. +.PP +\&\fBDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +matches a given message digest \fBdgst\fR of size \fBlen\fR. +\&\fBdsa\fR is the signer's public key. +.PP +The \fBtype\fR parameter is ignored. +.PP +The random generator must be seeded when \fBDSA_sign()\fR (or \fBDSA_sign_setup()\fR) +is called. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_sign()\fR and \fBDSA_sign_setup()\fR return 1 on success, 0 on error. +\&\fBDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect +signature and \-1 on error. The error codes can be obtained by +\&\fBERR_get_error\fR\|(3). +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186\s0 (Digital Signature +Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBDSA_do_sign\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DSA_size.3 b/secure/lib/libcrypto/man/man3/DSA_size.3 new file mode 100644 index 000000000000..486383b20f50 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DSA_size.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DSA_SIZE 3" +.TH DSA_SIZE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DSA_size, DSA_bits, DSA_security_bits \- get DSA signature size, key bits or security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int DSA_size(const DSA *dsa); +\& int DSA_bits(const DSA *dsa); +\& int DSA_security_bits(const DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBDSA_size()\fR returns the maximum size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature +for key \fBdsa\fR in bytes. It can be used to determine how much memory must +be allocated for a \s-1DSA\s0 signature. +.PP +\&\fBdsa\->q\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fBDSA_bits()\fR returns the number of bits in key \fBdsa\fR: this is the number +of bits in the \fBp\fR parameter. +.PP +\&\fBDSA_security_bits()\fR returns the number of security bits of the given \fBdsa\fR +key. See \fBBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBDSA_size()\fR returns the signature size in bytes. +.PP +\&\fBDSA_bits()\fR returns the number of bits in the key. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBDSA_new\fR\|(3), \fBDSA_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 b/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 new file mode 100644 index 000000000000..c66b8b2bc059 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DTLS_get_data_mtu.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLS_GET_DATA_MTU 3" +.TH DTLS_GET_DATA_MTU 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DTLS_get_data_mtu \- Get maximum data payload size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t DTLS_get_data_mtu(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function obtains the maximum data payload size for the established +\&\s-1DTLS\s0 connection \fBssl\fR, based on the \s-1DTLS\s0 record \s-1MTU\s0 and the overhead +of the \s-1DTLS\s0 record header, encryption and authentication currently in use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns the maximum data payload size on success, or 0 on failure. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBDTLS_get_data_mtu()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 b/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 new file mode 100644 index 000000000000..6fd51298d135 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DTLS_set_timer_cb.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLS_SET_TIMER_CB 3" +.TH DTLS_SET_TIMER_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DTLS_timer_cb, DTLS_set_timer_cb \&\- Set callback for controlling DTLS timer duration +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); +\& +\& void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function sets an optional callback function for controlling the +timeout interval on the \s-1DTLS\s0 protocol. The callback function will be +called by \s-1DTLS\s0 for every new \s-1DTLS\s0 packet that is sent. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns void. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBDTLS_set_timer_cb()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 b/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 new file mode 100644 index 000000000000..44b330e3523f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/DTLSv1_listen.3 @@ -0,0 +1,262 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DTLSV1_LISTEN 3" +.TH DTLSV1_LISTEN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_stateless, DTLSv1_listen \&\- Statelessly listen for incoming connections +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_stateless(SSL *s); +\& int DTLSv1_listen(SSL *ssl, BIO_ADDR *peer); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_stateless()\fR statelessly listens for new incoming TLSv1.3 connections. +\&\fBDTLSv1_listen()\fR statelessly listens for new incoming \s-1DTLS\s0 connections. If a +ClientHello is received that does not contain a cookie, then they respond with a +request for a new ClientHello that does contain a cookie. If a ClientHello is +received with a cookie that is verified then the function returns in order to +enable the handshake to be completed (for example by using \fBSSL_accept()\fR). +.SH "NOTES" +.IX Header "NOTES" +Some transport protocols (such as \s-1UDP\s0) can be susceptible to amplification +attacks. Unlike \s-1TCP\s0 there is no initial connection setup in \s-1UDP\s0 that +validates that the client can actually receive messages on its advertised source +address. An attacker could forge its source \s-1IP\s0 address and then send handshake +initiation messages to the server. The server would then send its response to +the forged source \s-1IP.\s0 If the response messages are larger than the original +message then the amplification attack has succeeded. +.PP +If \s-1DTLS\s0 is used over \s-1UDP\s0 (or any datagram based protocol that does not validate +the source \s-1IP\s0) then it is susceptible to this type of attack. TLSv1.3 is +designed to operate over a stream-based transport protocol (such as \s-1TCP\s0). +If \s-1TCP\s0 is being used then there is no need to use \fBSSL_stateless()\fR. However some +stream-based transport protocols (e.g. \s-1QUIC\s0) may not validate the source +address. In this case a TLSv1.3 application would be susceptible to this attack. +.PP +As a countermeasure to this issue TLSv1.3 and \s-1DTLS\s0 include a stateless cookie +mechanism. The idea is that when a client attempts to connect to a server it +sends a ClientHello message. The server responds with a HelloRetryRequest (in +TLSv1.3) or a HelloVerifyRequest (in \s-1DTLS\s0) which contains a unique cookie. The +client then resends the ClientHello, but this time includes the cookie in the +message thus proving that the client is capable of receiving messages sent to +that address. All of this can be done by the server without allocating any +state, and thus without consuming expensive resources. +.PP +OpenSSL implements this capability via the \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR +functions. The \fBssl\fR parameter should be a newly allocated \s-1SSL\s0 object with its +read and write BIOs set, in the same way as might be done for a call to +\&\fBSSL_accept()\fR. Typically, for \s-1DTLS,\s0 the read \s-1BIO\s0 will be in an \*(L"unconnected\*(R" +state and thus capable of receiving messages from any peer. +.PP +When a ClientHello is received that contains a cookie that has been verified, +then these functions will return with the \fBssl\fR parameter updated into a state +where the handshake can be continued by a call to (for example) \fBSSL_accept()\fR. +Additionally, for \fBDTLSv1_listen()\fR, the \fB\s-1BIO_ADDR\s0\fR pointed to by \fBpeer\fR will be +filled in with details of the peer that sent the ClientHello. If the underlying +\&\s-1BIO\s0 is unable to obtain the \fB\s-1BIO_ADDR\s0\fR of the peer (for example because the \s-1BIO\s0 +does not support this), then \fB*peer\fR will be cleared and the family set to +\&\s-1AF_UNSPEC.\s0 Typically user code is expected to \*(L"connect\*(R" the underlying socket to +the peer and continue the handshake in a connected state. +.PP +Prior to calling \fBDTLSv1_listen()\fR user code must ensure that cookie generation +and verification callbacks have been set up using +\&\fBSSL_CTX_set_cookie_generate_cb()\fR and \fBSSL_CTX_set_cookie_verify_cb()\fR +respectively. For \fBSSL_stateless()\fR, \fBSSL_CTX_set_stateless_cookie_generate_cb()\fR +and \fBSSL_CTX_set_stateless_cookie_verify_cb()\fR must be used instead. +.PP +Since \fBDTLSv1_listen()\fR operates entirely statelessly whilst processing incoming +ClientHellos it is unable to process fragmented messages (since this would +require the allocation of state). An implication of this is that \fBDTLSv1_listen()\fR +\&\fBonly\fR supports ClientHellos that fit inside a single datagram. +.PP +For \fBSSL_stateless()\fR if an entire ClientHello message cannot be read without the +\&\*(L"read\*(R" \s-1BIO\s0 becoming empty then the \fBSSL_stateless()\fR call will fail. It is the +application's responsibility to ensure that data read from the \*(L"read\*(R" \s-1BIO\s0 during +a single \fBSSL_stateless()\fR call is all from the same peer. +.PP +\&\fBSSL_stateless()\fR will fail (with a 0 return value) if some \s-1TLS\s0 version less than +TLSv1.3 is used. +.PP +Both \fBSSL_stateless()\fR and \fBDTLSv1_listen()\fR will clear the error queue when they +start. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For \fBSSL_stateless()\fR a return value of 1 indicates success and the \fBssl\fR object +will be set up ready to continue the handshake. A return value of 0 or \-1 +indicates failure. If the value is 0 then a HelloRetryRequest was sent. A value +of \-1 indicates any other error. User code may retry the \fBSSL_stateless()\fR call. +.PP +For \fBDTLSv1_listen()\fR a return value of >= 1 indicates success. The \fBssl\fR object +will be set up ready to continue the handshake. the \fBpeer\fR value will also be +filled in. +.PP +A return value of 0 indicates a non-fatal error. This could (for +example) be because of non-blocking \s-1IO,\s0 or some invalid message having been +received from a peer. Errors may be placed on the OpenSSL error queue with +further information if appropriate. Typically user code is expected to retry the +call to \fBDTLSv1_listen()\fR in the event of a non-fatal error. +.PP +A return value of <0 indicates a fatal error. This could (for example) be +because of a failure to allocate sufficient memory for the operation. +.PP +For \fBDTLSv1_listen()\fR, prior to OpenSSL 1.1.0, fatal and non-fatal errors both +produce return codes <= 0 (in typical implementations user code treats all +errors as non-fatal), whilst return codes >0 indicate success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_stateless()\fR function was added in OpenSSL 1.1.1. +.PP +The \fBDTLSv1_listen()\fR return codes were clarified in OpenSSL 1.1.0. +The type of \*(L"peer\*(R" also changed in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 b/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 new file mode 100644 index 000000000000..b8d56d38ca5a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ECDSA_SIG_new.3 @@ -0,0 +1,347 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECDSA_SIG_NEW 3" +.TH ECDSA_SIG_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, ECDSA_do_sign_ex \- low level elliptic curve digital signature algorithm (ECDSA) functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ECDSA_SIG *ECDSA_SIG_new(void); +\& void ECDSA_SIG_free(ECDSA_SIG *sig); +\& void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +\& const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); +\& const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); +\& int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); +\& int ECDSA_size(const EC_KEY *eckey); +\& +\& int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, +\& unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); +\& ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, +\& EC_KEY *eckey); +\& +\& int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, +\& const unsigned char *sig, int siglen, EC_KEY *eckey); +\& int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, +\& const ECDSA_SIG *sig, EC_KEY* eckey); +\& +\& ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, +\& const BIGNUM *kinv, const BIGNUM *rp, +\& EC_KEY *eckey); +\& int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); +\& int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, +\& unsigned char *sig, unsigned int *siglen, +\& const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Note: these functions provide a low level interface to \s-1ECDSA.\s0 Most +applications should use the higher level \fB\s-1EVP\s0\fR interface such as +\&\fBEVP_DigestSignInit\fR\|(3) or \fBEVP_DigestVerifyInit\fR\|(3) instead. +.PP +\&\fB\s-1ECDSA_SIG\s0\fR is an opaque structure consisting of two BIGNUMs for the +\&\fBr\fR and \fBs\fR value of an \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0). +.PP +\&\fBECDSA_SIG_new()\fR allocates an empty \fB\s-1ECDSA_SIG\s0\fR structure. Note: before +OpenSSL 1.1.0 the: the \fBr\fR and \fBs\fR components were initialised. +.PP +\&\fBECDSA_SIG_free()\fR frees the \fB\s-1ECDSA_SIG\s0\fR structure \fBsig\fR. +.PP +\&\fBECDSA_SIG_get0()\fR returns internal pointers the \fBr\fR and \fBs\fR values contained +in \fBsig\fR and stores them in \fB*pr\fR and \fB*ps\fR, respectively. +The pointer \fBpr\fR or \fBps\fR can be \s-1NULL,\s0 in which case the corresponding value +is not returned. +.PP +The values \fBr\fR, \fBs\fR can also be retrieved separately by the corresponding +function \fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR, respectively. +.PP +The \fBr\fR and \fBs\fR values can be set by calling \fBECDSA_SIG_set0()\fR and passing the +new values for \fBr\fR and \fBs\fR as parameters to the function. Calling this +function transfers the memory management of the values to the \s-1ECDSA_SIG\s0 object, +and therefore the values that have been passed in should not be freed directly +after this function has been called. +.PP +See \fBi2d_ECDSA_SIG\fR\|(3) and \fBd2i_ECDSA_SIG\fR\|(3) for information about encoding +and decoding \s-1ECDSA\s0 signatures to/from \s-1DER.\s0 +.PP +\&\fBECDSA_size()\fR returns the maximum length of a \s-1DER\s0 encoded \s-1ECDSA\s0 signature +created with the private \s-1EC\s0 key \fBeckey\fR. +.PP +\&\fBECDSA_sign()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value +\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR. The \s-1DER\s0 encoded signatures is +stored in \fBsig\fR and its length is returned in \fBsig_len\fR. Note: \fBsig\fR must +point to ECDSA_size(eckey) bytes of memory. The parameter \fBtype\fR is currently +ignored. \fBECDSA_sign()\fR is wrapper function for \fBECDSA_sign_ex()\fR with \fBkinv\fR +and \fBrp\fR set to \s-1NULL.\s0 +.PP +\&\fBECDSA_do_sign()\fR is similar to \fBECDSA_sign()\fR except the signature is returned +as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). \fBECDSA_do_sign()\fR +is a wrapper function for \fBECDSA_do_sign_ex()\fR with \fBkinv\fR and \fBrp\fR set to +\&\s-1NULL.\s0 +.PP +\&\fBECDSA_verify()\fR verifies that the signature in \fBsig\fR of size \fBsiglen\fR is a +valid \s-1ECDSA\s0 signature of the hash value \fBdgst\fR of size \fBdgstlen\fR using the +public key \fBeckey\fR. The parameter \fBtype\fR is ignored. +.PP +\&\fBECDSA_do_verify()\fR is similar to \fBECDSA_verify()\fR except the signature is +presented in the form of a pointer to an \fB\s-1ECDSA_SIG\s0\fR structure. +.PP +The remaining functions utilise the internal \fBkinv\fR and \fBr\fR values used +during signature computation. Most applications will never need to call these +and some external \s-1ECDSA ENGINE\s0 implementations may not support them at all if +either \fBkinv\fR or \fBr\fR is not \fB\s-1NULL\s0\fR. +.PP +\&\fBECDSA_sign_setup()\fR may be used to precompute parts of the signing operation. +\&\fBeckey\fR is the private \s-1EC\s0 key and \fBctx\fR is a pointer to \fB\s-1BN_CTX\s0\fR structure +(or \s-1NULL\s0). The precomputed values or returned in \fBkinv\fR and \fBrp\fR and can be +used in a later call to \fBECDSA_sign_ex()\fR or \fBECDSA_do_sign_ex()\fR. +.PP +\&\fBECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes hash value +\&\fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional pre-computed values +\&\fBkinv\fR and \fBrp\fR. The \s-1DER\s0 encoded signature is stored in \fBsig\fR and its +length is returned in \fBsig_len\fR. Note: \fBsig\fR must point to ECDSA_size(eckey) +bytes of memory. The parameter \fBtype\fR is ignored. +.PP +\&\fBECDSA_do_sign_ex()\fR is similar to \fBECDSA_sign_ex()\fR except the signature is +returned as a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 on error). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails. +.PP +\&\fBECDSA_SIG_set0()\fR returns 1 on success or 0 on failure. +.PP +\&\fBECDSA_SIG_get0_r()\fR and \fBECDSA_SIG_get0_s()\fR return the corresponding value, +or \s-1NULL\s0 if it is unset. +.PP +\&\fBECDSA_size()\fR returns the maximum length signature or 0 on error. +.PP +\&\fBECDSA_sign()\fR, \fBECDSA_sign_ex()\fR and \fBECDSA_sign_setup()\fR return 1 if successful +or 0 on error. +.PP +\&\fBECDSA_do_sign()\fR and \fBECDSA_do_sign_ex()\fR return a pointer to an allocated +\&\fB\s-1ECDSA_SIG\s0\fR structure or \s-1NULL\s0 on error. +.PP +\&\fBECDSA_verify()\fR and \fBECDSA_do_verify()\fR return 1 for a valid +signature, 0 for an invalid signature and \-1 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Creating an \s-1ECDSA\s0 signature of a given \s-1SHA\-256\s0 hash value using the +named curve prime256v1 (aka P\-256). +.PP +First step: create an \s-1EC_KEY\s0 object (note: this part is \fBnot\fR \s-1ECDSA\s0 +specific) +.PP +.Vb 3 +\& int ret; +\& ECDSA_SIG *sig; +\& EC_KEY *eckey; +\& +\& eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +\& if (eckey == NULL) +\& /* error */ +\& if (EC_KEY_generate_key(eckey) == 0) +\& /* error */ +.Ve +.PP +Second step: compute the \s-1ECDSA\s0 signature of a \s-1SHA\-256\s0 hash value +using \fBECDSA_do_sign()\fR: +.PP +.Vb 3 +\& sig = ECDSA_do_sign(digest, 32, eckey); +\& if (sig == NULL) +\& /* error */ +.Ve +.PP +or using \fBECDSA_sign()\fR: +.PP +.Vb 2 +\& unsigned char *buffer, *pp; +\& int buf_len; +\& +\& buf_len = ECDSA_size(eckey); +\& buffer = OPENSSL_malloc(buf_len); +\& pp = buffer; +\& if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) +\& /* error */ +.Ve +.PP +Third step: verify the created \s-1ECDSA\s0 signature using \fBECDSA_do_verify()\fR: +.PP +.Vb 1 +\& ret = ECDSA_do_verify(digest, 32, sig, eckey); +.Ve +.PP +or using \fBECDSA_verify()\fR: +.PP +.Vb 1 +\& ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); +.Ve +.PP +and finally evaluate the return value: +.PP +.Vb 6 +\& if (ret == 1) +\& /* signature ok */ +\& else if (ret == 0) +\& /* incorrect signature */ +\& else +\& /* error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS 186\-2\s0 +(Digital Signature Standard, \s-1DSS\s0) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEC_KEY_new\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBi2d_ECDSA_SIG\fR\|(3), +\&\fBd2i_ECDSA_SIG\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 b/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 new file mode 100644 index 000000000000..6ad90ecb3c47 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ECPKParameters_print.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ECPKPARAMETERS_PRINT 3" +.TH ECPKPARAMETERS_PRINT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ECPKParameters_print, ECPKParameters_print_fp \- Functions for decoding and encoding ASN1 representations of elliptic curve entities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +\& int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The ECPKParameters represent the public parameters for an +\&\fB\s-1EC_GROUP\s0\fR structure, which represents a curve. +.PP +The \fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR functions print +a human-readable output of the public parameters of the \s-1EC_GROUP\s0 to \fBbp\fR +or \fBfp\fR. The output lines are indented by \fBoff\fR spaces. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBECPKParameters_print()\fR and \fBECPKParameters_print_fp()\fR +return 1 for success and 0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 b/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 new file mode 100644 index 000000000000..be5f0668c35c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EC_GFp_simple_method.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GFP_SIMPLE_METHOD 3" +.TH EC_GFP_SIMPLE_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type \- Functions for obtaining EC_METHOD objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EC_METHOD *EC_GFp_simple_method(void); +\& const EC_METHOD *EC_GFp_mont_method(void); +\& const EC_METHOD *EC_GFp_nist_method(void); +\& const EC_METHOD *EC_GFp_nistp224_method(void); +\& const EC_METHOD *EC_GFp_nistp256_method(void); +\& const EC_METHOD *EC_GFp_nistp521_method(void); +\& +\& const EC_METHOD *EC_GF2m_simple_method(void); +\& +\& int EC_METHOD_get_field_type(const EC_METHOD *meth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Elliptic Curve library provides a number of different implementations through a single common interface. +When constructing a curve using EC_GROUP_new (see \fBEC_GROUP_new\fR\|(3)) an +implementation method must be provided. The functions described here all return a const pointer to an +\&\fB\s-1EC_METHOD\s0\fR structure that can be passed to \s-1EC_GROUP_NEW.\s0 It is important that the correct implementation +type for the form of curve selected is used. +.PP +For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method. +.PP +For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All +other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the +use of montgomery multiplication (see \fBBN_mod_mul_montgomery\fR\|(3)). EC_GFp_nist_method +offers an implementation optimised for use with \s-1NIST\s0 recommended curves (\s-1NIST\s0 curves are available through +EC_GROUP_new_by_curve_name as described in \fBEC_GROUP_new\fR\|(3)). +.PP +The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit +optimised implementations for the \s-1NIST P224, P256\s0 and P521 curves respectively. Note, however, that these +implementations are not available on all platforms. +.PP +EC_METHOD_get_field_type identifies what type of field the \s-1EC_METHOD\s0 structure supports, which will be either +F2^m or Fp. If the field type is Fp then the value \fBNID_X9_62_prime_field\fR is returned. If the field type is +F2^m then the value \fBNID_X9_62_characteristic_two_field\fR is returned. These values are defined in the +obj_mac.h header file. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an \s-1EC_METHOD\s0 structure. +.PP +EC_METHOD_get_field_type returns an integer that identifies the type of field the \s-1EC_METHOD\s0 structure supports. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3), +\&\fBBN_mod_mul_montgomery\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 b/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 new file mode 100644 index 000000000000..cc369cbcdd2d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EC_GROUP_copy.3 @@ -0,0 +1,331 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GROUP_COPY 3" +.TH EC_GROUP_COPY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GROUP_get0_order, EC_GROUP_order_bits, EC_GROUP_get0_cofactor, EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis \&\- Functions for manipulating EC_GROUP objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); +\& EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); +\& +\& const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); +\& +\& int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, +\& const BIGNUM *order, const BIGNUM *cofactor); +\& const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); +\& +\& int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); +\& const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); +\& int EC_GROUP_order_bits(const EC_GROUP *group); +\& int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); +\& const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); +\& +\& void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); +\& int EC_GROUP_get_curve_name(const EC_GROUP *group); +\& +\& void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +\& int EC_GROUP_get_asn1_flag(const EC_GROUP *group); +\& +\& void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); +\& point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); +\& +\& unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +\& size_t EC_GROUP_get_seed_len(const EC_GROUP *); +\& size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); +\& +\& int EC_GROUP_get_degree(const EC_GROUP *group); +\& +\& int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); +\& +\& int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); +\& +\& int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); +\& +\& int EC_GROUP_get_basis_type(const EC_GROUP *); +\& int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +\& int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, +\& unsigned int *k2, unsigned int *k3); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +EC_GROUP_copy copies the curve \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR must use the same \s-1EC_METHOD.\s0 +.PP +EC_GROUP_dup creates a new \s-1EC_GROUP\s0 object and copies the content from \fBsrc\fR to the newly created +\&\s-1EC_GROUP\s0 object. +.PP +EC_GROUP_method_of obtains the \s-1EC_METHOD\s0 of \fBgroup\fR. +.PP +EC_GROUP_set_generator sets curve parameters that must be agreed by all participants using the curve. These +parameters include the \fBgenerator\fR, the \fBorder\fR and the \fBcofactor\fR. The \fBgenerator\fR is a well defined point on the +curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and +n\-1 where n is the \fBorder\fR. The \fBorder\fR multiplied by the \fBcofactor\fR gives the number of points on the curve. +.PP +EC_GROUP_get0_generator returns the generator for the identified \fBgroup\fR. +.PP +The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided \fBorder\fR and \fBcofactor\fR parameters +with the respective order and cofactors for the \fBgroup\fR. +.PP +The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the \s-1NID\s0 for the curve respectively +(see \fBEC_GROUP_new\fR\|(3)). If a curve does not have a \s-1NID\s0 associated with it, then EC_GROUP_get_curve_name +will return 0. +.PP +The asn1_flag value is used to determine whether the curve encoding uses +explicit parameters or a named curve using an \s-1ASN1 OID:\s0 many applications only +support the latter form. If asn1_flag is \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR then the +named curve form is used and the parameters must have a corresponding +named curve \s-1NID\s0 set. If asn1_flags is \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR the +parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and +EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. +Note: \fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR was added in OpenSSL 1.1.0, for +previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL +1.1.0 the default form was to use explicit parameters (meaning that +applications would have to explicitly set the named curve form) in OpenSSL +1.1.0 and later the named curve form is the default. +.PP +The point_conversion_form for a curve controls how \s-1EC_POINT\s0 data is encoded as \s-1ASN1\s0 as defined in X9.62 (\s-1ECDSA\s0). +point_conversion_form_t is an enum defined as follows: +.PP +.Vb 10 +\& typedef enum { +\& /** the point is encoded as z||x, where the octet z specifies +\& * which solution of the quadratic equation y is */ +\& POINT_CONVERSION_COMPRESSED = 2, +\& /** the point is encoded as z||x||y, where z is the octet 0x04 */ +\& POINT_CONVERSION_UNCOMPRESSED = 4, +\& /** the point is encoded as z||x||y, where the octet z specifies +\& * which solution of the quadratic equation y is */ +\& POINT_CONVERSION_HYBRID = 6 +\& } point_conversion_form_t; +.Ve +.PP +For \s-1POINT_CONVERSION_UNCOMPRESSED\s0 the point is encoded as an octet signifying the \s-1UNCOMPRESSED\s0 form has been used followed by +the octets for x, followed by the octets for y. +.PP +For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For +\&\s-1POINT_CONVERSION_COMPRESSED\s0 the point is encoded as an octet signifying that the \s-1COMPRESSED\s0 form has been used \s-1AND\s0 which of +the two possible solutions for y has been used, followed by the octets for x. +.PP +For \s-1POINT_CONVERSION_HYBRID\s0 the point is encoded as an octet signifying the \s-1HYBRID\s0 form has been used \s-1AND\s0 which of the two +possible solutions for y has been used, followed by the octets for x, followed by the octets for y. +.PP +The functions EC_GROUP_set_point_conversion_form and EC_GROUP_get_point_conversion_form set and get the point_conversion_form +for the curve respectively. +.PP +\&\s-1ANSI X9.62\s0 (\s-1ECDSA\s0 standard) defines a method of generating the curve parameter b from a random number. This provides advantages +in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. +If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL \s-1EC\s0 library +does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed. This returns a pointer to a memory block +containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len. A number of the +builtin curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using +EC_GROUP_set_seed and passing a pointer to a memory block, along with the length of the seed. Again, the \s-1EC\s0 library will not use +this seed value, although it will be preserved in any \s-1ASN1\s0 based communications. +.PP +EC_GROUP_get_degree gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be +the value m. +.PP +The function EC_GROUP_check_discriminant calculates the discriminant for the curve and verifies that it is valid. +For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is +simply b. In either case for the curve to be valid the discriminant must be non zero. +.PP +The function EC_GROUP_check performs a number of checks on a curve to verify that it is valid. Checks performed include +verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has +the correct order. +.PP +EC_GROUP_cmp compares \fBa\fR and \fBb\fR to determine whether they represent the same curve or not. +.PP +The functions EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis should only be called for curves +defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial +function f(x). This function is either a trinomial of the form: +.PP +f(x) = x^m + x^k + 1 with m > k >= 1 +.PP +or a pentanomial of the form: +.PP +f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 +.PP +The function EC_GROUP_get_basis_type returns a \s-1NID\s0 identifying whether a trinomial or pentanomial is in use for the field. The +function EC_GROUP_get_trinomial_basis must only be called where f(x) is of the trinomial form, and returns the value of \fBk\fR. Similarly +the function EC_GROUP_get_pentanomial_basis must only be called where f(x) is of the pentanomial form, and returns the values of \fBk1\fR, +\&\fBk2\fR and \fBk3\fR respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following functions return 1 on success or 0 on error: EC_GROUP_copy, EC_GROUP_set_generator, EC_GROUP_check, +EC_GROUP_check_discriminant, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis. +.PP +EC_GROUP_dup returns a pointer to the duplicated curve, or \s-1NULL\s0 on error. +.PP +EC_GROUP_method_of returns the \s-1EC_METHOD\s0 implementation in use for the given curve or \s-1NULL\s0 on error. +.PP +EC_GROUP_get0_generator returns the generator for the given curve or \s-1NULL\s0 on error. +.PP +EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_get_curve_name, EC_GROUP_get_asn1_flag, EC_GROUP_get_point_conversion_form +and EC_GROUP_get_degree return the order, cofactor, curve name (\s-1NID\s0), \s-1ASN1\s0 flag, point_conversion_form and degree for the +specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0. +.PP +\&\fBEC_GROUP_get0_order()\fR returns an internal pointer to the group order. +\&\fBEC_GROUP_order_bits()\fR returns the number of bits in the group order. +\&\fBEC_GROUP_get0_cofactor()\fR returns an internal pointer to the group cofactor. +.PP +EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or \s-1NULL\s0 if the seed is not +specified. EC_GROUP_get_seed_len returns the length of the seed or 0 if the seed is not specified. +.PP +EC_GROUP_set_seed returns the length of the seed that has been set. If the supplied seed is \s-1NULL,\s0 or the supplied seed length is +0, the return value will be 1. On error 0 is returned. +.PP +EC_GROUP_cmp returns 0 if the curves are equal, 1 if they are not equal, or \-1 on error. +.PP +EC_GROUP_get_basis_type returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in ) for a +trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 b/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 new file mode 100644 index 000000000000..2fc979596884 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EC_GROUP_new.3 @@ -0,0 +1,261 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_GROUP_NEW 3" +.TH EC_GROUP_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, EC_GROUP_new, EC_GROUP_new_from_ecparameters, EC_GROUP_new_from_ecpkparameters, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve, EC_GROUP_get_curve, EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, EC_get_builtin_curves \- Functions for creating and destroying EC_GROUP objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); +\& EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) +\& EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) +\& void EC_GROUP_free(EC_GROUP *group); +\& void EC_GROUP_clear_free(EC_GROUP *group); +\& +\& EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& EC_GROUP *EC_GROUP_new_by_curve_name(int nid); +\& +\& int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, +\& const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, +\& BN_CTX *ctx); +\& int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, +\& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, +\& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, +\& const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +\& int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, +\& BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& +\& ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, ECPARAMETERS *params) +\& ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, ECPKPARAMETERS *params) +\& +\& size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the +prime field Fp. The elements of Fp are the integers 0 to p\-1, where p is a prime number. This gives us a revised +elliptic curve equation as follows: +.PP +y^2 mod p = x^3 +ax + b mod p +.PP +The second form is those defined over a binary field F2^m where the elements of the field are integers of length at +most m bits. For this form the elliptic curve equation is modified to: +.PP +y^2 + xy = x^3 + ax^2 + b (where b != 0) +.PP +Operations in a binary field are performed relative to an \fBirreducible polynomial\fR. All such curves with OpenSSL +use a trinomial or a pentanomial for this parameter. +.PP +A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by \fBmeth\fR (see +\&\fBEC_GFp_simple_method\fR\|(3)). It is then necessary to call \fBEC_GROUP_set_curve()\fR to set the curve parameters. +\&\fBEC_GROUP_new_from_ecparameters()\fR will create a group from the +specified \fBparams\fR and +\&\fBEC_GROUP_new_from_ecpkparameters()\fR will create a group from the specific \s-1PK\s0 \fBparams\fR. +.PP +\&\fBEC_GROUP_set_curve()\fR sets the curve parameters \fBp\fR, \fBa\fR and \fBb\fR. For a curve over Fp \fBb\fR +is the prime for the field. For a curve over F2^m \fBp\fR represents the irreducible polynomial \- each bit +represents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether +the polynomial is a trinomial or a pentanomial. +.PP +\&\fBEC_group_get_curve()\fR obtains the previously set curve parameters. +.PP +\&\fBEC_GROUP_set_curve_GFp()\fR and \fBEC_GROUP_set_curve_GF2m()\fR are synonyms for \fBEC_GROUP_set_curve()\fR. They are defined for +backwards compatibility only and should not be used. +.PP +\&\fBEC_GROUP_get_curve_GFp()\fR and \fBEC_GROUP_get_curve_GF2m()\fR are synonyms for \fBEC_GROUP_get_curve()\fR. They are defined for +backwards compatibility only and should not be used. +.PP +The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and then the +EC_GROUP_set_curve function. An appropriate default implementation method will be used. +.PP +Whilst the library can be used to create any curve using the functions described above, there are also a number of +predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function +EC_get_builtin_curves. The parameter \fBr\fR should be an array of EC_builtin_curve structures of size \fBnitems\fR. The function +will populate the \fBr\fR array with information about the builtin curves. If \fBnitems\fR is less than the total number of +curves available, then the first \fBnitems\fR curves will be returned. Otherwise the total number of curves will be +provided. The return value is the total number of curves available (whether that number has been populated in \fBr\fR or +not). Passing a \s-1NULL\s0 \fBr\fR, or setting \fBnitems\fR to 0 will do nothing other than return the total number of curves available. +The EC_builtin_curve structure is defined as follows: +.PP +.Vb 4 +\& typedef struct { +\& int nid; +\& const char *comment; +\& } EC_builtin_curve; +.Ve +.PP +Each EC_builtin_curve item has a unique integer id (\fBnid\fR), and a human readable comment string describing the curve. +.PP +In order to construct a builtin curve use the function EC_GROUP_new_by_curve_name and provide the \fBnid\fR of the curve to +be constructed. +.PP +EC_GROUP_free frees the memory associated with the \s-1EC_GROUP.\s0 +If \fBgroup\fR is \s-1NULL\s0 nothing is done. +.PP +EC_GROUP_clear_free destroys any sensitive data held within the \s-1EC_GROUP\s0 and then frees its memory. +If \fBgroup\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All EC_GROUP_new* functions return a pointer to the newly constructed group, or \s-1NULL\s0 on error. +.PP +EC_get_builtin_curves returns the number of builtin curves that are available. +.PP +EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 b/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 new file mode 100644 index 000000000000..7c23945de85f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EC_KEY_get_enc_flags.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_KEY_GET_ENC_FLAGS 3" +.TH EC_KEY_GET_ENC_FLAGS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_KEY_get_enc_flags, EC_KEY_set_enc_flags \&\- Get and set flags for encoding EC_KEY structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); +\& void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The format of the external representation of the public key written by +\&\fBi2d_ECPrivateKey()\fR (such as whether it is stored in a compressed form or not) is +described by the point_conversion_form. See \fBEC_GROUP_copy\fR\|(3) +for a description of point_conversion_form. +.PP +When reading a private key encoded without an associated public key (e.g. if +\&\s-1EC_PKEY_NO_PUBKEY\s0 has been used \- see below), then \fBd2i_ECPrivateKey()\fR generates +the missing public key automatically. Private keys encoded without parameters +(e.g. if \s-1EC_PKEY_NO_PARAMETERS\s0 has been used \- see below) cannot be loaded using +\&\fBd2i_ECPrivateKey()\fR. +.PP +The functions \fBEC_KEY_get_enc_flags()\fR and \fBEC_KEY_set_enc_flags()\fR get and set the +value of the encoding flags for the \fBkey\fR. There are two encoding flags +currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY.\s0 These flags +define the behaviour of how the \fBkey\fR is converted into \s-1ASN1\s0 in a call to +\&\fBi2d_ECPrivateKey()\fR. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for +the curve are not encoded along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s0 is +set then the public key is not encoded along with the private key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEC_KEY_get_enc_flags()\fR returns the value of the current encoding flags for the +\&\s-1EC_KEY.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3), +\&\fBd2i_ECPrivateKey\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EC_KEY_new.3 b/secure/lib/libcrypto/man/man3/EC_KEY_new.3 new file mode 100644 index 000000000000..fab02e549f2b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EC_KEY_new.3 @@ -0,0 +1,309 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_KEY_NEW 3" +.TH EC_KEY_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_KEY_get_method, EC_KEY_set_method, EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_engine, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates, EC_KEY_oct2key, EC_KEY_key2buf, EC_KEY_oct2priv, EC_KEY_priv2oct, EC_KEY_priv2buf \- Functions for creating, destroying and manipulating EC_KEY objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_KEY *EC_KEY_new(void); +\& int EC_KEY_get_flags(const EC_KEY *key); +\& void EC_KEY_set_flags(EC_KEY *key, int flags); +\& void EC_KEY_clear_flags(EC_KEY *key, int flags); +\& EC_KEY *EC_KEY_new_by_curve_name(int nid); +\& void EC_KEY_free(EC_KEY *key); +\& EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); +\& EC_KEY *EC_KEY_dup(const EC_KEY *src); +\& int EC_KEY_up_ref(EC_KEY *key); +\& ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey); +\& const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); +\& int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); +\& const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); +\& int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); +\& const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); +\& int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); +\& point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +\& void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); +\& void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); +\& int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); +\& int EC_KEY_generate_key(EC_KEY *key); +\& int EC_KEY_check_key(const EC_KEY *key); +\& int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); +\& const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +\& int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +\& +\& int EC_KEY_oct2key(EC_KEY *eckey, const unsigned char *buf, size_t len, BN_CTX *ctx); +\& size_t EC_KEY_key2buf(const EC_KEY *eckey, point_conversion_form_t form, +\& unsigned char **pbuf, BN_CTX *ctx); +\& +\& int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len); +\& size_t EC_KEY_priv2oct(const EC_KEY *eckey, unsigned char *buf, size_t len); +\& +\& size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \s-1EC_KEY\s0 represents a public key and, optionally, the associated private +key. A new \s-1EC_KEY\s0 with no associated curve can be constructed by calling +\&\fBEC_KEY_new()\fR. The reference count for the newly created \s-1EC_KEY\s0 is initially +set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling +\&\fBEC_KEY_set_group()\fR. +.PP +Alternatively a new \s-1EC_KEY\s0 can be constructed by calling +\&\fBEC_KEY_new_by_curve_name()\fR and supplying the nid of the associated curve. See +\&\fBEC_GROUP_new\fR\|(3) for a description of curve names. This function simply +wraps calls to \fBEC_KEY_new()\fR and \fBEC_GROUP_new_by_curve_name()\fR. +.PP +Calling \fBEC_KEY_free()\fR decrements the reference count for the \s-1EC_KEY\s0 object, +and if it has dropped to zero then frees the memory associated with it. If +\&\fBkey\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBEC_KEY_copy()\fR copies the contents of the \s-1EC_KEY\s0 in \fBsrc\fR into \fBdest\fR. +.PP +\&\fBEC_KEY_dup()\fR creates a new \s-1EC_KEY\s0 object and copies \fBec_key\fR into it. +.PP +\&\fBEC_KEY_up_ref()\fR increments the reference count associated with the \s-1EC_KEY\s0 +object. +.PP +\&\fBEC_KEY_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for +this \s-1EC_KEY\s0 object. +.PP +\&\fBEC_KEY_generate_key()\fR generates a new public and private key for the supplied +\&\fBeckey\fR object. \fBeckey\fR must have an \s-1EC_GROUP\s0 object associated with it +before calling this function. The private key is a random integer (0 < priv_key +< order, where \fIorder\fR is the order of the \s-1EC_GROUP\s0 object). The public key is +an \s-1EC_POINT\s0 on the curve calculated by multiplying the generator for the +curve by the private key. +.PP +\&\fBEC_KEY_check_key()\fR performs various sanity checks on the \s-1EC_KEY\s0 object to +confirm that it is valid. +.PP +\&\fBEC_KEY_set_public_key_affine_coordinates()\fR sets the public key for \fBkey\fR based +on its affine co-ordinates; i.e., it constructs an \s-1EC_POINT\s0 object based on +the supplied \fBx\fR and \fBy\fR values and sets the public key to be this +\&\s-1EC_POINT.\s0 It also performs certain sanity checks on the key to confirm +that it is valid. +.PP +The functions \fBEC_KEY_get0_group()\fR, \fBEC_KEY_set_group()\fR, +\&\fBEC_KEY_get0_private_key()\fR, \fBEC_KEY_set_private_key()\fR, \fBEC_KEY_get0_public_key()\fR, +and \fBEC_KEY_set_public_key()\fR get and set the \s-1EC_GROUP\s0 object, the private key, +and the \s-1EC_POINT\s0 public key for the \fBkey\fR respectively. +.PP +The functions \fBEC_KEY_get_conv_form()\fR and \fBEC_KEY_set_conv_form()\fR get and set the +point_conversion_form for the \fBkey\fR. For a description of +point_conversion_forms please see \fBEC_POINT_new\fR\|(3). +.PP +\&\fBEC_KEY_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1EC_KEY\s0 +object. Any flags that are already set are left set. The flags currently +defined are \s-1EC_FLAG_NON_FIPS_ALLOW\s0 and \s-1EC_FLAG_FIPS_CHECKED.\s0 In +addition there is the flag \s-1EC_FLAG_COFACTOR_ECDH\s0 which is specific to \s-1ECDH.\s0 +\&\fBEC_KEY_get_flags()\fR returns the current flags that are set for this \s-1EC_KEY.\s0 +\&\fBEC_KEY_clear_flags()\fR clears the flags indicated by the \fBflags\fR parameter; all +other flags are left in their existing state. +.PP +\&\fBEC_KEY_set_asn1_flag()\fR sets the asn1_flag on the underlying \s-1EC_GROUP\s0 object +(if set). Refer to \fBEC_GROUP_copy\fR\|(3) for further information on the +asn1_flag. +.PP +\&\fBEC_KEY_precompute_mult()\fR stores multiples of the underlying \s-1EC_GROUP\s0 generator +for faster point multiplication. See also \fBEC_POINT_add\fR\|(3). +.PP +\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_key2buf()\fR are identical to the functions +\&\fBEC_POINT_oct2point()\fR and \fBEC_KEY_point2buf()\fR except they use the public key +\&\s-1EC_POINT\s0 in \fBeckey\fR. +.PP +\&\fBEC_KEY_oct2priv()\fR and \fBEC_KEY_priv2oct()\fR convert between the private key +component of \fBeckey\fR and octet form. The octet form consists of the content +octets of the \fBprivateKey\fR \s-1OCTET STRING\s0 in an \fBECPrivateKey\fR \s-1ASN.1\s0 structure. +.PP +The function \fBEC_KEY_priv2oct()\fR must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but +will just return the required buffer length. +.PP +The function \fBEC_KEY_priv2buf()\fR allocates a buffer of suitable length and writes +an \s-1EC_KEY\s0 to it in octet format. The allocated buffer is written to \fB*pbuf\fR +and its length is returned. The caller must free up the allocated buffer with a +call to \fBOPENSSL_free()\fR. Since the allocated buffer value is written to \fB*pbuf\fR +the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. +.PP +\&\fBEC_KEY_priv2buf()\fR converts an \s-1EC_KEY\s0 private key into an allocated buffer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEC_KEY_new()\fR, \fBEC_KEY_new_by_curve_name()\fR and \fBEC_KEY_dup()\fR return a pointer to +the newly created \s-1EC_KEY\s0 object, or \s-1NULL\s0 on error. +.PP +\&\fBEC_KEY_get_flags()\fR returns the flags associated with the \s-1EC_KEY\s0 object as an +integer. +.PP +\&\fBEC_KEY_copy()\fR returns a pointer to the destination key, or \s-1NULL\s0 on error. +.PP +\&\fBEC_KEY_get0_engine()\fR returns a pointer to an \s-1ENGINE,\s0 or \s-1NULL\s0 if it wasn't set. +.PP +\&\fBEC_KEY_up_ref()\fR, \fBEC_KEY_set_group()\fR, \fBEC_KEY_set_private_key()\fR, +\&\fBEC_KEY_set_public_key()\fR, \fBEC_KEY_precompute_mult()\fR, \fBEC_KEY_generate_key()\fR, +\&\fBEC_KEY_check_key()\fR, \fBEC_KEY_set_public_key_affine_coordinates()\fR, +\&\fBEC_KEY_oct2key()\fR and \fBEC_KEY_oct2priv()\fR return 1 on success or 0 on error. +.PP +\&\fBEC_KEY_get0_group()\fR returns the \s-1EC_GROUP\s0 associated with the \s-1EC_KEY.\s0 +.PP +\&\fBEC_KEY_get0_private_key()\fR returns the private key associated with the \s-1EC_KEY.\s0 +.PP +\&\fBEC_KEY_get_conv_form()\fR return the point_conversion_form for the \s-1EC_KEY.\s0 +.PP +\&\fBEC_KEY_key2buf()\fR, \fBEC_KEY_priv2oct()\fR and \fBEC_KEY_priv2buf()\fR return the length +of the buffer or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), +\&\fBEC_GROUP_copy\fR\|(3), \fBEC_POINT_new\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), +\&\fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EC_POINT_add.3 b/secure/lib/libcrypto/man/man3/EC_POINT_add.3 new file mode 100644 index 000000000000..7f215809be92 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EC_POINT_add.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_POINT_ADD 3" +.TH EC_POINT_ADD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult \- Functions for performing mathematical operations and tests on EC_POINT objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, +\& const EC_POINT *b, BN_CTX *ctx); +\& int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); +\& int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); +\& int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); +\& int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); +\& int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); +\& int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +\& int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, +\& EC_POINT *points[], BN_CTX *ctx); +\& int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, +\& const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); +\& int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, +\& const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); +\& int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +\& int EC_GROUP_have_precompute_mult(const EC_GROUP *group); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +EC_POINT_add adds the two points \fBa\fR and \fBb\fR and places the result in \fBr\fR. Similarly EC_POINT_dbl doubles the point \fBa\fR and places the +result in \fBr\fR. In both cases it is valid for \fBr\fR to be one of \fBa\fR or \fBb\fR. +.PP +EC_POINT_invert calculates the inverse of the supplied point \fBa\fR. The result is placed back in \fBa\fR. +.PP +The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not. +.PP +EC_POINT_is_on_curve tests whether the supplied point is on the curve or not. +.PP +EC_POINT_cmp compares the two supplied points and tests whether or not they are equal. +.PP +The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the \s-1EC_POINT\s0(s) into the affine +co-ordinate system. In the case of EC_POINTs_make_affine the value \fBnum\fR provides the number of points in the array \fBpoints\fR to be +forced. +.PP +EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * \fBn\fR + \fBq\fR * \fBm\fR and stores the result in \fBr\fR. +The value \fBn\fR may be \s-1NULL\s0 in which case the result is just \fBq\fR * \fBm\fR (variable point multiplication). Alternatively, both \fBq\fR and \fBm\fR may be \s-1NULL,\s0 and \fBn\fR non-NULL, in which case the result is just generator * \fBn\fR (fixed point multiplication). +When performing a single fixed or variable point multiplication, the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm\fR) is in the range [0, ec_group_order). +.PP +EC_POINTs_mul calculates the value generator * \fBn\fR + \fBq[0]\fR * \fBm[0]\fR + ... + \fBq[num\-1]\fR * \fBm[num\-1]\fR. As for EC_POINT_mul the value \fBn\fR may be \s-1NULL\s0 or \fBnum\fR may be zero. +When performing a fixed point multiplication (\fBn\fR is non-NULL and \fBnum\fR is 0) or a variable point multiplication (\fBn\fR is \s-1NULL\s0 and \fBnum\fR is 1), the underlying implementation uses a constant time algorithm, when the input scalar (either \fBn\fR or \fBm[0]\fR) is in the range [0, ec_group_order). +.PP +The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst +EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See \fBEC_GROUP_copy\fR\|(3) for information +about the generator. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, +EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult. +.PP +EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise. +.PP +EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or \-1 on error. +.PP +EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or \-1 on error. +.PP +EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_new\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EC_POINT_new.3 b/secure/lib/libcrypto/man/man3/EC_POINT_new.3 new file mode 100644 index 000000000000..fd5139878a17 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EC_POINT_new.3 @@ -0,0 +1,339 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EC_POINT_NEW 3" +.TH EC_POINT_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates, EC_POINT_get_affine_coordinates, EC_POINT_set_compressed_coordinates, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, EC_POINT_hex2point \&\- Functions for creating, destroying and manipulating EC_POINT objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EC_POINT *EC_POINT_new(const EC_GROUP *group); +\& void EC_POINT_free(EC_POINT *point); +\& void EC_POINT_clear_free(EC_POINT *point); +\& int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); +\& EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); +\& const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); +\& int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); +\& int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& const BIGNUM *z, BN_CTX *ctx); +\& int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BIGNUM *z, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, +\& const BIGNUM *x, const BIGNUM *y, +\& BN_CTX *ctx); +\& int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, +\& const EC_POINT *p, +\& BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +\& int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, +\& EC_POINT *p, +\& const BIGNUM *x, int y_bit, +\& BN_CTX *ctx); +\& size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, +\& unsigned char *buf, size_t len, BN_CTX *ctx); +\& size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, +\& point_conversion_form_t form, +\& unsigned char **pbuf, BN_CTX *ctx); +\& int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, +\& const unsigned char *buf, size_t len, BN_CTX *ctx); +\& BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, BIGNUM *bn, +\& BN_CTX *ctx); +\& EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn, +\& EC_POINT *p, BN_CTX *ctx); +\& char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p, +\& point_conversion_form_t form, BN_CTX *ctx); +\& EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex, +\& EC_POINT *p, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \fB\s-1EC_POINT\s0\fR structure represents a point on a curve. A new point is +constructed by calling the function \fBEC_POINT_new()\fR and providing the +\&\fBgroup\fR object that the point relates to. +.PP +\&\fBEC_POINT_free()\fR frees the memory associated with the \fB\s-1EC_POINT\s0\fR. +if \fBpoint\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBEC_POINT_clear_free()\fR destroys any sensitive data held within the \s-1EC_POINT\s0 and +then frees its memory. If \fBpoint\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBEC_POINT_copy()\fR copies the point \fBsrc\fR into \fBdst\fR. Both \fBsrc\fR and \fBdst\fR +must use the same \fB\s-1EC_METHOD\s0\fR. +.PP +\&\fBEC_POINT_dup()\fR creates a new \fB\s-1EC_POINT\s0\fR object and copies the content from +\&\fBsrc\fR to the newly created \fB\s-1EC_POINT\s0\fR object. +.PP +\&\fBEC_POINT_method_of()\fR obtains the \fB\s-1EC_METHOD\s0\fR associated with \fBpoint\fR. +.PP +A valid point on a curve is the special point at infinity. A point is set to +be at infinity by calling \fBEC_POINT_set_to_infinity()\fR. +.PP +The affine co-ordinates for a point describe a point in terms of its x and y +position. The function \fBEC_POINT_set_affine_coordinates()\fR sets the \fBx\fR and \fBy\fR +co-ordinates for the point \fBp\fR defined over the curve given in \fBgroup\fR. The +function \fBEC_POINT_get_affine_coordinates()\fR sets \fBx\fR and \fBy\fR, either of which +may be \s-1NULL,\s0 to the corresponding coordinates of \fBp\fR. +.PP +The functions \fBEC_POINT_set_affine_coordinates_GFp()\fR and +\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR are synonyms for +\&\fBEC_POINT_set_affine_coordinates()\fR. They are defined for backwards compatibility +only and should not be used. +.PP +The functions \fBEC_POINT_get_affine_coordinates_GFp()\fR and +\&\fBEC_POINT_get_affine_coordinates_GF2m()\fR are synonyms for +\&\fBEC_POINT_get_affine_coordinates()\fR. They are defined for backwards compatibility +only and should not be used. +.PP +As well as the affine co-ordinates, a point can alternatively be described in +terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian +projective co-ordinates are expressed as three values x, y and z. Working in +this co-ordinate system provides more efficient point multiplication +operations. A mapping exists between Jacobian projective co-ordinates and +affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written +as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian +projective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped +to (x, y, 1). To set or get the projective co-ordinates use +\&\fBEC_POINT_set_Jprojective_coordinates_GFp()\fR and +\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR respectively. +.PP +Points can also be described in terms of their compressed co-ordinates. For a +point (x, y), for any given value for x such that the point is on the curve +there will only ever be two possible values for y. Therefore a point can be set +using the \fBEC_POINT_set_compressed_coordinates()\fR function where \fBx\fR is the x +co-ordinate and \fBy_bit\fR is a value 0 or 1 to identify which of the two +possible values for y should be used. +.PP +The functions \fBEC_POINT_set_compressed_coordinates_GFp()\fR and +\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR are synonyms for +\&\fBEC_POINT_set_compressed_coordinates()\fR. They are defined for backwards +compatibility only and should not be used. +.PP +In addition \fB\s-1EC_POINT\s0\fR can be converted to and from various external +representations. The octet form is the binary encoding of the \fBECPoint\fR +structure (as defined in \s-1RFC5480\s0 and used in certificates and \s-1TLS\s0 records): +only the content octets are present, the \fB\s-1OCTET STRING\s0\fR tag and length are +not included. \fB\s-1BIGNUM\s0\fR form is the octet form interpreted as a big endian +integer converted to a \fB\s-1BIGNUM\s0\fR structure. Hexadecimal form is the octet +form converted to a \s-1NULL\s0 terminated character string where each character +is one of the printable values 0\-9 or A\-F (or a\-f). +.PP +The functions \fBEC_POINT_point2oct()\fR, \fBEC_POINT_oct2point()\fR, \fBEC_POINT_point2bn()\fR, +\&\fBEC_POINT_bn2point()\fR, \fBEC_POINT_point2hex()\fR and \fBEC_POINT_hex2point()\fR convert from +and to EC_POINTs for the formats: octet, \s-1BIGNUM\s0 and hexadecimal respectively. +.PP +The function \fBEC_POINT_point2oct()\fR must be supplied with a buffer long enough to +store the octet form. The return value provides the number of octets stored. +Calling the function with a \s-1NULL\s0 buffer will not perform the conversion but +will still return the required buffer length. +.PP +The function \fBEC_POINT_point2buf()\fR allocates a buffer of suitable length and +writes an \s-1EC_POINT\s0 to it in octet format. The allocated buffer is written to +\&\fB*pbuf\fR and its length is returned. The caller must free up the allocated +buffer with a call to \fBOPENSSL_free()\fR. Since the allocated buffer value is +written to \fB*pbuf\fR the \fBpbuf\fR parameter \fB\s-1MUST NOT\s0\fR be \fB\s-1NULL\s0\fR. +.PP +The function \fBEC_POINT_point2hex()\fR will allocate sufficient memory to store the +hexadecimal string. It is the caller's responsibility to free this memory with +a subsequent call to \fBOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEC_POINT_new()\fR and \fBEC_POINT_dup()\fR return the newly allocated \s-1EC_POINT\s0 or \s-1NULL\s0 +on error. +.PP +The following functions return 1 on success or 0 on error: \fBEC_POINT_copy()\fR, +\&\fBEC_POINT_set_to_infinity()\fR, \fBEC_POINT_set_Jprojective_coordinates_GFp()\fR, +\&\fBEC_POINT_get_Jprojective_coordinates_GFp()\fR, +\&\fBEC_POINT_set_affine_coordinates_GFp()\fR, \fBEC_POINT_get_affine_coordinates_GFp()\fR, +\&\fBEC_POINT_set_compressed_coordinates_GFp()\fR, +\&\fBEC_POINT_set_affine_coordinates_GF2m()\fR, \fBEC_POINT_get_affine_coordinates_GF2m()\fR, +\&\fBEC_POINT_set_compressed_coordinates_GF2m()\fR and \fBEC_POINT_oct2point()\fR. +.PP +EC_POINT_method_of returns the \s-1EC_METHOD\s0 associated with the supplied \s-1EC_POINT.\s0 +.PP +\&\fBEC_POINT_point2oct()\fR and \fBEC_POINT_point2buf()\fR return the length of the required +buffer or 0 on error. +.PP +\&\fBEC_POINT_point2bn()\fR returns the pointer to the \s-1BIGNUM\s0 supplied, or \s-1NULL\s0 on +error. +.PP +\&\fBEC_POINT_bn2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +error. +.PP +\&\fBEC_POINT_point2hex()\fR returns a pointer to the hex string, or \s-1NULL\s0 on error. +.PP +\&\fBEC_POINT_hex2point()\fR returns the pointer to the \s-1EC_POINT\s0 supplied, or \s-1NULL\s0 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), \fBEC_GROUP_new\fR\|(3), \fBEC_GROUP_copy\fR\|(3), +\&\fBEC_POINT_add\fR\|(3), \fBEC_KEY_new\fR\|(3), +\&\fBEC_GFp_simple_method\fR\|(3), \fBd2i_ECPKParameters\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ENGINE_add.3 b/secure/lib/libcrypto/man/man3/ENGINE_add.3 new file mode 100644 index 000000000000..197b02a51967 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ENGINE_add.3 @@ -0,0 +1,767 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ENGINE_ADD 3" +.TH ENGINE_ADD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ENGINE_get_DH, ENGINE_get_DSA, ENGINE_by_id, ENGINE_get_cipher_engine, ENGINE_get_default_DH, ENGINE_get_default_DSA, ENGINE_get_default_RAND, ENGINE_get_default_RSA, ENGINE_get_digest_engine, ENGINE_get_first, ENGINE_get_last, ENGINE_get_next, ENGINE_get_prev, ENGINE_new, ENGINE_get_ciphers, ENGINE_get_ctrl_function, ENGINE_get_digests, ENGINE_get_destroy_function, ENGINE_get_finish_function, ENGINE_get_init_function, ENGINE_get_load_privkey_function, ENGINE_get_load_pubkey_function, ENGINE_load_private_key, ENGINE_load_public_key, ENGINE_get_RAND, ENGINE_get_RSA, ENGINE_get_id, ENGINE_get_name, ENGINE_get_cmd_defns, ENGINE_get_cipher, ENGINE_get_digest, ENGINE_add, ENGINE_cmd_is_executable, ENGINE_ctrl, ENGINE_ctrl_cmd, ENGINE_ctrl_cmd_string, ENGINE_finish, ENGINE_free, ENGINE_get_flags, ENGINE_init, ENGINE_register_DH, ENGINE_register_DSA, ENGINE_register_RAND, ENGINE_register_RSA, ENGINE_register_all_complete, ENGINE_register_ciphers, ENGINE_register_complete, ENGINE_register_digests, ENGINE_remove, ENGINE_set_DH, ENGINE_set_DSA, ENGINE_set_RAND, ENGINE_set_RSA, ENGINE_set_ciphers, ENGINE_set_cmd_defns, ENGINE_set_ctrl_function, ENGINE_set_default, ENGINE_set_default_DH, ENGINE_set_default_DSA, ENGINE_set_default_RAND, ENGINE_set_default_RSA, ENGINE_set_default_ciphers, ENGINE_set_default_digests, ENGINE_set_default_string, ENGINE_set_destroy_function, ENGINE_set_digests, ENGINE_set_finish_function, ENGINE_set_flags, ENGINE_set_id, ENGINE_set_init_function, ENGINE_set_load_privkey_function, ENGINE_set_load_pubkey_function, ENGINE_set_name, ENGINE_up_ref, ENGINE_get_table_flags, ENGINE_cleanup, ENGINE_load_builtin_engines, ENGINE_register_all_DH, ENGINE_register_all_DSA, ENGINE_register_all_RAND, ENGINE_register_all_RSA, ENGINE_register_all_ciphers, ENGINE_register_all_digests, ENGINE_set_table_flags, ENGINE_unregister_DH, ENGINE_unregister_DSA, ENGINE_unregister_RAND, ENGINE_unregister_RSA, ENGINE_unregister_ciphers, ENGINE_unregister_digests \&\- ENGINE cryptographic module support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ENGINE *ENGINE_get_first(void); +\& ENGINE *ENGINE_get_last(void); +\& ENGINE *ENGINE_get_next(ENGINE *e); +\& ENGINE *ENGINE_get_prev(ENGINE *e); +\& +\& int ENGINE_add(ENGINE *e); +\& int ENGINE_remove(ENGINE *e); +\& +\& ENGINE *ENGINE_by_id(const char *id); +\& +\& int ENGINE_init(ENGINE *e); +\& int ENGINE_finish(ENGINE *e); +\& +\& void ENGINE_load_builtin_engines(void); +\& +\& ENGINE *ENGINE_get_default_RSA(void); +\& ENGINE *ENGINE_get_default_DSA(void); +\& ENGINE *ENGINE_get_default_DH(void); +\& ENGINE *ENGINE_get_default_RAND(void); +\& ENGINE *ENGINE_get_cipher_engine(int nid); +\& ENGINE *ENGINE_get_digest_engine(int nid); +\& +\& int ENGINE_set_default_RSA(ENGINE *e); +\& int ENGINE_set_default_DSA(ENGINE *e); +\& int ENGINE_set_default_DH(ENGINE *e); +\& int ENGINE_set_default_RAND(ENGINE *e); +\& int ENGINE_set_default_ciphers(ENGINE *e); +\& int ENGINE_set_default_digests(ENGINE *e); +\& int ENGINE_set_default_string(ENGINE *e, const char *list); +\& +\& int ENGINE_set_default(ENGINE *e, unsigned int flags); +\& +\& unsigned int ENGINE_get_table_flags(void); +\& void ENGINE_set_table_flags(unsigned int flags); +\& +\& int ENGINE_register_RSA(ENGINE *e); +\& void ENGINE_unregister_RSA(ENGINE *e); +\& void ENGINE_register_all_RSA(void); +\& int ENGINE_register_DSA(ENGINE *e); +\& void ENGINE_unregister_DSA(ENGINE *e); +\& void ENGINE_register_all_DSA(void); +\& int ENGINE_register_DH(ENGINE *e); +\& void ENGINE_unregister_DH(ENGINE *e); +\& void ENGINE_register_all_DH(void); +\& int ENGINE_register_RAND(ENGINE *e); +\& void ENGINE_unregister_RAND(ENGINE *e); +\& void ENGINE_register_all_RAND(void); +\& int ENGINE_register_ciphers(ENGINE *e); +\& void ENGINE_unregister_ciphers(ENGINE *e); +\& void ENGINE_register_all_ciphers(void); +\& int ENGINE_register_digests(ENGINE *e); +\& void ENGINE_unregister_digests(ENGINE *e); +\& void ENGINE_register_all_digests(void); +\& int ENGINE_register_complete(ENGINE *e); +\& int ENGINE_register_all_complete(void); +\& +\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); +\& int ENGINE_cmd_is_executable(ENGINE *e, int cmd); +\& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, +\& long i, void *p, void (*f)(void), int cmd_optional); +\& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, +\& int cmd_optional); +\& +\& ENGINE *ENGINE_new(void); +\& int ENGINE_free(ENGINE *e); +\& int ENGINE_up_ref(ENGINE *e); +\& +\& int ENGINE_set_id(ENGINE *e, const char *id); +\& int ENGINE_set_name(ENGINE *e, const char *name); +\& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +\& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +\& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +\& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +\& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +\& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +\& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +\& int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +\& int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); +\& int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +\& int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +\& int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +\& int ENGINE_set_flags(ENGINE *e, int flags); +\& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +\& +\& const char *ENGINE_get_id(const ENGINE *e); +\& const char *ENGINE_get_name(const ENGINE *e); +\& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +\& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +\& const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +\& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +\& ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +\& ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +\& ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +\& const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +\& const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +\& int ENGINE_get_flags(const ENGINE *e); +\& const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +\& +\& EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +\& EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void ENGINE_cleanup(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions create, manipulate, and use cryptographic modules in the +form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for +implementations of cryptographic algorithms, and support a +reference-counted mechanism to allow them to be dynamically loaded in and +out of the running application. +.PP +The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR +implementation includes the following abstractions; +.PP +.Vb 6 +\& RSA_METHOD \- for providing alternative RSA implementations +\& DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD, +\& \- similarly for other OpenSSL APIs +\& EVP_CIPHER \- potentially multiple cipher algorithms (indexed by \*(Aqnid\*(Aq) +\& EVP_DIGEST \- potentially multiple hash algorithms (indexed by \*(Aqnid\*(Aq) +\& key\-loading \- loading public and/or private EVP_PKEY keys +.Ve +.SS "Reference counting and handles" +.IX Subsection "Reference counting and handles" +Due to the modular nature of the \s-1ENGINE API,\s0 pointers to ENGINEs need to be +treated as handles \- ie. not only as pointers, but also as references to +the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when +making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and +released) independently. +.PP +\&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in +which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is +inherently a \fBstructural\fR reference \- a structural reference is required +to use the pointer value at all, as this kind of reference is a guarantee +that the structure can not be deallocated until the reference is released. +.PP +However, a structural reference provides no guarantee that the \s-1ENGINE\s0 is +initialised and able to use any of its cryptographic +implementations. Indeed it's quite possible that most ENGINEs will not +initialise at all in typical environments, as ENGINEs are typically used to +support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a +\&\fBfunctional\fR reference. This kind of reference can be considered a +specialised form of structural reference, because each functional reference +implicitly contains a structural reference as well \- however to avoid +difficult-to-find programming bugs, it is recommended to treat the two +kinds of reference independently. If you have a functional reference to an +\&\s-1ENGINE,\s0 you have a guarantee that the \s-1ENGINE\s0 has been initialised and +is ready to perform cryptographic operations, and will remain initialised +until after you have released your reference. +.PP +\&\fIStructural references\fR +.PP +This basic type of reference is used for instantiating new ENGINEs, +iterating across OpenSSL's internal linked-list of loaded +ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structural +reference is sufficient if you only need to query or manipulate the data of +an \s-1ENGINE\s0 implementation rather than use its functionality. +.PP +The \fBENGINE_new()\fR function returns a structural reference to a new (empty) +\&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural +references such as; \fBENGINE_by_id()\fR, \fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, +\&\fBENGINE_get_next()\fR, \fBENGINE_get_prev()\fR. All structural references should be +released by a corresponding to call to the \fBENGINE_free()\fR function \- the +\&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when +the last structural reference is released. +.PP +It should also be noted that many \s-1ENGINE API\s0 function calls that accept a +structural reference will internally obtain another reference \- typically +this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after +the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to +OpenSSL's internal list is \fBENGINE_add()\fR \- if this function returns success, +then OpenSSL will have stored a new structural reference internally so the +caller is still responsible for freeing their own reference with +\&\fBENGINE_free()\fR when they are finished with it. In a similar way, some +functions will automatically release the structural reference passed to it +if part of the function's job is to do so. Eg. the \fBENGINE_get_next()\fR and +\&\fBENGINE_get_prev()\fR functions are used for iterating across the internal +\&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or +previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the +list, but in either case the structural reference passed to the function is +released on behalf of the caller. +.PP +To clarify a particular function's handling of references, one should +always consult that function's documentation \*(L"man\*(R" page, or failing that +the openssl/engine.h header file includes some hints. +.PP +\&\fIFunctional references\fR +.PP +As mentioned, functional references exist when the cryptographic +functionality of an \s-1ENGINE\s0 is required to be available. A functional +reference can be obtained in one of two ways; from an existing structural +reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default +operational \s-1ENGINE\s0 for a given cryptographic purpose. +.PP +To obtain a functional reference from an existing structural reference, +call the \fBENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not +already operational and couldn't be successfully initialised (eg. lack of +system drivers, no special hardware attached, etc), otherwise it will +return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will +have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional +references are released by calling \fBENGINE_finish()\fR (which removes the +implicit structural reference as well). +.PP +The second way to get a functional reference is by asking OpenSSL for a +default implementation for a given task, eg. by \fBENGINE_get_default_RSA()\fR, +\&\fBENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next +section, though they are not usually required by application programmers as +they are used automatically when creating and using the relevant +algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc. +.SS "Default implementations" +.IX Subsection "Default implementations" +For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table +of state to control which implementations are available for a given +abstraction and which should be used by default. These implementations are +registered in the tables and indexed by an 'nid' value, because +abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct +algorithms and modes, and ENGINEs can support arbitrarily many of them. +In the case of other abstractions like \s-1RSA, DSA,\s0 etc, there is only one +\&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid' +index. +.PP +When a default \s-1ENGINE\s0 is requested for a given abstraction/algorithm/mode, (eg. +when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be made to the +\&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a +functional reference to an initialised \s-1ENGINE\s0 whose implementation should be +used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller +will operate with a \s-1NULL ENGINE\s0 handle \- this usually equates to using the +conventional software implementation. In the latter case, OpenSSL will from +then on behave the way it used to before the \s-1ENGINE API\s0 existed. +.PP +Each state table has a flag to note whether it has processed this +\&\*(L"get_default\*(R" query since the table was last modified, because to process +this question it must iterate across all the registered ENGINEs in the +table trying to initialise each of them in turn, in case one of them is +operational. If it returns a functional reference to an \s-1ENGINE,\s0 it will +also cache another reference to speed up processing future queries (without +needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 +response if no \s-1ENGINE\s0 was available so that future queries won't repeat the +same iteration unless the state table changes. This behaviour can also be +changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using +\&\fBENGINE_set_table_flags()\fR), no attempted initialisations will take place, +instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the +\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. +\&\fBENGINE_set_default_RSA()\fR does the same job as \fBENGINE_register_RSA()\fR except +that it also sets the state table's cached response for the \*(L"get_default\*(R" +query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are +indexed by 'nid', these flags and cached-responses are distinct for each 'nid' +value. +.SS "Application requirements" +.IX Subsection "Application requirements" +This section will explain the basic things an application programmer should +support to make the most useful elements of the \s-1ENGINE\s0 functionality +available to the user. The first thing to consider is whether the +programmer wishes to make alternative \s-1ENGINE\s0 modules available to the +application and user. OpenSSL maintains an internal linked list of +\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is +empty and in fact if an application does not call any \s-1ENGINE API\s0 calls and +it uses static linking against openssl, then the resulting application +binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first +consideration is whether any/all available \s-1ENGINE\s0 implementations should be +made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R" +functions. +.PP +The fact that ENGINEs are made visible to OpenSSL (and thus are linked into +the program and loaded into memory at run-time) does not mean they are +\&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour +is something for the application to control. Some applications +will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used +if any is to be used at all. Others may prefer to load all support and have +OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to +successfully initialise \- ie. to assume that this corresponds to +acceleration hardware attached to the machine or some such thing. There are +probably numerous other ways in which applications may prefer to handle +things, so we will simply illustrate the consequences as they apply to a +couple of simple cases and leave developers to consider these and the +source code to openssl's builtin utilities as guides. +.PP +If no \s-1ENGINE API\s0 functions are called within an application, then OpenSSL +will not allocate any internal resources. Prior to OpenSSL 1.1.0, however, +if any ENGINEs are loaded, even if not registered or used, it was necessary to +call \fBENGINE_cleanup()\fR before the program exits. +.PP +\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR +.PP +Here we'll assume an application has been configured by its user or admin +to want to use the \*(L"\s-1ACME\*(R" ENGINE\s0 if it is available in the version of +OpenSSL the application was compiled with. If it is available, it should be +used by default for all \s-1RSA, DSA,\s0 and symmetric cipher operations, otherwise +OpenSSL should use its builtin software as per usual. The following code +illustrates how to approach this; +.PP +.Vb 10 +\& ENGINE *e; +\& const char *engine_id = "ACME"; +\& ENGINE_load_builtin_engines(); +\& e = ENGINE_by_id(engine_id); +\& if (!e) +\& /* the engine isn\*(Aqt available */ +\& return; +\& if (!ENGINE_init(e)) { +\& /* the engine couldn\*(Aqt initialise, release \*(Aqe\*(Aq */ +\& ENGINE_free(e); +\& return; +\& } +\& if (!ENGINE_set_default_RSA(e)) +\& /* +\& * This should only happen when \*(Aqe\*(Aq can\*(Aqt initialise, but the previous +\& * statement suggests it did. +\& */ +\& abort(); +\& ENGINE_set_default_DSA(e); +\& ENGINE_set_default_ciphers(e); +\& /* Release the functional reference from ENGINE_init() */ +\& ENGINE_finish(e); +\& /* Release the structural reference from ENGINE_by_id() */ +\& ENGINE_free(e); +.Ve +.PP +\&\fIAutomatically using builtin \s-1ENGINE\s0 implementations\fR +.PP +Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations +bundled with OpenSSL, such that for any cryptographic algorithm required by +OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialised, +it should be used. The following code illustrates how this can work; +.PP +.Vb 4 +\& /* Load all bundled ENGINEs into memory and make them visible */ +\& ENGINE_load_builtin_engines(); +\& /* Register all of them for every algorithm they collectively implement */ +\& ENGINE_register_all_complete(); +.Ve +.PP +That's all that's required. Eg. the next time OpenSSL tries to set up an +\&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to +\&\fBENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the +default for \s-1RSA\s0 use from then on. +.SS "Advanced configuration support" +.IX Subsection "Advanced configuration support" +There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each +\&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration +\&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on +OpenSSL. This mechanism is entirely based on the use of name-value pairs +and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if +applications want to provide a transparent way for users to provide +arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also +possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0 +implementations for the names, descriptions, and input flags of their +available \*(L"control commands\*(R", providing a more flexible configuration +scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she +is using (in the case of specialised hardware, this goes without saying) +then applications may not need to concern themselves with discovering the +supported control commands and simply prefer to pass settings into ENGINEs +exactly as they are provided by the user. +.PP +Before illustrating how control commands work, it is worth mentioning what +they are typically used for. Broadly speaking there are two uses for +control commands; the first is to provide the necessary details to the +implementation (which may know nothing at all specific to the host system) +so that it can be initialised for use. This could include the path to any +driver or config files it needs to load, required network addresses, +smart-card identifiers, passwords to initialise protected devices, +logging information, etc etc. This class of commands typically needs to be +passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before +calling \fBENGINE_init()\fR. The other class of commands consist of settings or +operations that tweak certain behaviour or cause certain operations to take +place, and these commands may work either before or after \fBENGINE_init()\fR, or +in some cases both. \s-1ENGINE\s0 implementations should provide indications of +this in the descriptions attached to builtin control commands and/or in +external product documentation. +.PP +\&\fIIssuing control commands to an \s-1ENGINE\s0\fR +.PP +Let's illustrate by example; a function for which the caller supplies the +name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before +initialisation, and another table for use after initialisation. Note that +the string-pairs used for control commands consist of a command \*(L"name\*(R" +followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some +cases but the name can not. This function should initialise the \s-1ENGINE\s0 +(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) +and set it as the default for everything except \s-1RAND\s0 and then return a +boolean success or failure. +.PP +.Vb 10 +\& int generic_load_engine_fn(const char *engine_id, +\& const char **pre_cmds, int pre_num, +\& const char **post_cmds, int post_num) +\& { +\& ENGINE *e = ENGINE_by_id(engine_id); +\& if (!e) return 0; +\& while (pre_num\-\-) { +\& if (!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, +\& pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); +\& ENGINE_free(e); +\& return 0; +\& } +\& pre_cmds += 2; +\& } +\& if (!ENGINE_init(e)) { +\& fprintf(stderr, "Failed initialisation\en"); +\& ENGINE_free(e); +\& return 0; +\& } +\& /* +\& * ENGINE_init() returned a functional reference, so free the structural +\& * reference from ENGINE_by_id(). +\& */ +\& ENGINE_free(e); +\& while (post_num\-\-) { +\& if (!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s \- %s:%s)\en", engine_id, +\& post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); +\& ENGINE_finish(e); +\& return 0; +\& } +\& post_cmds += 2; +\& } +\& ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND); +\& /* Success */ +\& return 1; +\& } +.Ve +.PP +Note that \fBENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can +relax the semantics of the function \- if set non-zero it will only return +failure if the \s-1ENGINE\s0 supported the given command name but failed while +executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply +return success without doing anything. In this case we assume the user is +only supplying commands specific to the given \s-1ENGINE\s0 so we set this to +\&\s-1FALSE.\s0 +.PP +\&\fIDiscovering supported control commands\fR +.PP +It is possible to discover at run-time the names, numerical-ids, descriptions +and input parameters of the control commands supported by an \s-1ENGINE\s0 using a +structural reference. Note that some control commands are defined by OpenSSL +itself and it will intercept and handle these control commands on behalf of the +\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fBctrl()\fR handler is not used for the control command. +openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands +implemented by ENGINEs should be numbered from. Any command value lower than +this symbol is considered a \*(L"generic\*(R" command is handled directly by the +OpenSSL core routines. +.PP +It is using these \*(L"core\*(R" control commands that one can discover the control +commands implemented by a given \s-1ENGINE,\s0 specifically the commands: +.PP +.Vb 9 +\& ENGINE_HAS_CTRL_FUNCTION +\& ENGINE_CTRL_GET_FIRST_CMD_TYPE +\& ENGINE_CTRL_GET_NEXT_CMD_TYPE +\& ENGINE_CTRL_GET_CMD_FROM_NAME +\& ENGINE_CTRL_GET_NAME_LEN_FROM_CMD +\& ENGINE_CTRL_GET_NAME_FROM_CMD +\& ENGINE_CTRL_GET_DESC_LEN_FROM_CMD +\& ENGINE_CTRL_GET_DESC_FROM_CMD +\& ENGINE_CTRL_GET_CMD_FLAGS +.Ve +.PP +Whilst these commands are automatically processed by the OpenSSL framework code, +they use various properties exposed by each \s-1ENGINE\s0 to process these +queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect how this behaves; +it can supply a \fBctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in +the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. +If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will +simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fBctrl()\fR +handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to +reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the +OpenSSL framework code will work with the following rules: +.PP +.Vb 9 +\& if no ctrl() handler supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero), +\& all other commands fail. +\& if a ctrl() handler was supplied but no array of control commands; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands fail. +\& if a ctrl() handler and array of control commands was supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands proceed processing ... +.Ve +.PP +If the \s-1ENGINE\s0's array of control commands is empty then all other commands will +fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of +the first command supported by the \s-1ENGINE, ENGINE_GET_NEXT_CMD_TYPE\s0 takes the +identifier of a command supported by the \s-1ENGINE\s0 and returns the next command +identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string +name for a command and returns the corresponding identifier or fails if no such +command name exists, and the remaining commands take a command identifier and +return properties of the corresponding commands. All except +\&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description, +or populate a supplied character buffer with a copy of the command name or +description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following +possible values: +.PP +.Vb 4 +\& ENGINE_CMD_FLAG_NUMERIC +\& ENGINE_CMD_FLAG_STRING +\& ENGINE_CMD_FLAG_NO_INPUT +\& ENGINE_CMD_FLAG_INTERNAL +.Ve +.PP +If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely +informational to the caller \- this flag will prevent the command being usable +for any higher-level \s-1ENGINE\s0 functions such as \fBENGINE_ctrl_cmd_string()\fR. +\&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration +by applications, administrations, users, etc. These can support arbitrary +operations via \fBENGINE_ctrl()\fR, including passing to and/or from the control +commands data of any arbitrary type. These commands are supported in the +discovery mechanisms simply to allow applications to determine if an \s-1ENGINE\s0 +supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" +might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R"\s0 \- +and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific +extension). +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_ENGINES\s0\fR" 4 +.IX Item "OPENSSL_ENGINES" +The path to the engines directory. +Ignored in set-user-ID and set-group-ID programs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBENGINE_get_first()\fR, \fBENGINE_get_last()\fR, \fBENGINE_get_next()\fR and \fBENGINE_get_prev()\fR +return a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBENGINE_add()\fR and \fBENGINE_remove()\fR return 1 on success or 0 on error. +.PP +\&\fBENGINE_by_id()\fR returns a valid \fB\s-1ENGINE\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBENGINE_init()\fR and \fBENGINE_finish()\fR return 1 on success or 0 on error. +.PP +All \fBENGINE_get_default_TYPE()\fR functions, \fBENGINE_get_cipher_engine()\fR and +\&\fBENGINE_get_digest_engine()\fR return a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 +if an error occurred. +.PP +All \fBENGINE_set_default_TYPE()\fR functions return 1 on success or 0 on error. +.PP +\&\fBENGINE_set_default()\fR returns 1 on success or 0 on error. +.PP +\&\fBENGINE_get_table_flags()\fR returns an unsigned integer value representing the +global table flags which are used to control the registration behaviour of +\&\fB\s-1ENGINE\s0\fR implementations. +.PP +All \fBENGINE_register_TYPE()\fR functions return 1 on success or 0 on error. +.PP +\&\fBENGINE_register_complete()\fR and \fBENGINE_register_all_complete()\fR return 1 on success +or 0 on error. +.PP +\&\fBENGINE_ctrl()\fR returns a positive value on success or others on error. +.PP +\&\fBENGINE_cmd_is_executable()\fR returns 1 if \fBcmd\fR is executable or 0 otherwise. +.PP +\&\fBENGINE_ctrl_cmd()\fR and \fBENGINE_ctrl_cmd_string()\fR return 1 on success or 0 on error. +.PP +\&\fBENGINE_new()\fR returns a valid \fB\s-1ENGINE\s0\fR structure on success or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBENGINE_free()\fR returns 1 on success or 0 on error. +.PP +\&\fBENGINE_up_ref()\fR returns 1 on success or 0 on error. +.PP +\&\fBENGINE_set_id()\fR and \fBENGINE_set_name()\fR return 1 on success or 0 on error. +.PP +All other \fBENGINE_set_*\fR functions return 1 on success or 0 on error. +.PP +\&\fBENGINE_get_id()\fR and \fBENGINE_get_name()\fR return a string representing the identifier +and the name of the \s-1ENGINE\s0 \fBe\fR respectively. +.PP +\&\fBENGINE_get_RSA()\fR, \fBENGINE_get_DSA()\fR, \fBENGINE_get_DH()\fR and \fBENGINE_get_RAND()\fR +return corresponding method structures for each algorithms. +.PP +\&\fBENGINE_get_destroy_function()\fR, \fBENGINE_get_init_function()\fR, +\&\fBENGINE_get_finish_function()\fR, \fBENGINE_get_ctrl_function()\fR, +\&\fBENGINE_get_load_privkey_function()\fR, \fBENGINE_get_load_pubkey_function()\fR, +\&\fBENGINE_get_ciphers()\fR and \fBENGINE_get_digests()\fR return corresponding function +pointers of the callbacks. +.PP +\&\fBENGINE_get_cipher()\fR returns a valid \fB\s-1EVP_CIPHER\s0\fR structure on success or \s-1NULL\s0 +if an error occurred. +.PP +\&\fBENGINE_get_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure on success or \s-1NULL\s0 if an +error occurred. +.PP +\&\fBENGINE_get_flags()\fR returns an integer representing the \s-1ENGINE\s0 flags which are +used to control various behaviours of an \s-1ENGINE.\s0 +.PP +\&\fBENGINE_get_cmd_defns()\fR returns an \fB\s-1ENGINE_CMD_DEFN\s0\fR structure or \s-1NULL\s0 if it's +not set. +.PP +\&\fBENGINE_load_private_key()\fR and \fBENGINE_load_public_key()\fR return a valid \fB\s-1EVP_PKEY\s0\fR +structure on success or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_crypto\fR\|(3), \fBRSA_new_method\fR\|(3), \fBDSA_new\fR\|(3), \fBDH_new\fR\|(3), +\&\fBRAND_bytes\fR\|(3), \fBconfig\fR\|(5) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBENGINE_cleanup()\fR was deprecated in OpenSSL 1.1.0 by the automatic cleanup +done by \fBOPENSSL_cleanup()\fR +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 new file mode 100644 index 000000000000..fc5445cc8a35 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ERR_GET_LIB.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_GET_LIB 3" +.TH ERR_GET_LIB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON, ERR_FATAL_ERROR \&\- get information from error codes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ERR_GET_LIB(unsigned long e); +\& +\& int ERR_GET_FUNC(unsigned long e); +\& +\& int ERR_GET_REASON(unsigned long e); +\& +\& int ERR_FATAL_ERROR(unsigned long e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The error code returned by \fBERR_get_error()\fR consists of a library +number, function code and reason code. \s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR +and \s-1\fBERR_GET_REASON\s0()\fR can be used to extract these. +.PP +\&\s-1\fBERR_FATAL_ERROR\s0()\fR indicates whether a given error code is a fatal error. +.PP +The library number and function code describe where the error +occurred, the reason code is the information about what went wrong. +.PP +Each sub-library of OpenSSL has a unique library number; function and +reason codes are unique within each sub-library. Note that different +libraries may use the same value to signal different functions and +reasons. +.PP +\&\fB\s-1ERR_R_...\s0\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally +unique. However, when checking for sub-library specific reason codes, +be sure to also compare the library number. +.PP +\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR, \s-1\fBERR_GET_REASON\s0()\fR, and \s-1\fBERR_FATAL_ERROR\s0()\fR + are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The library number, function code, reason code, and whether the error +is fatal, respectively. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fBERR_GET_LIB\s0()\fR, \s-1\fBERR_GET_FUNC\s0()\fR and \s-1\fBERR_GET_REASON\s0()\fR are available in +all versions of OpenSSL. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ERR_clear_error.3 b/secure/lib/libcrypto/man/man3/ERR_clear_error.3 new file mode 100644 index 000000000000..0e99443deae4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ERR_clear_error.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_CLEAR_ERROR 3" +.TH ERR_CLEAR_ERROR 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_clear_error \- clear the error queue +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_clear_error(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_clear_error()\fR empties the current thread's error queue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_clear_error()\fR has no return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ERR_error_string.3 b/secure/lib/libcrypto/man/man3/ERR_error_string.3 new file mode 100644 index 000000000000..728539c2b58d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ERR_error_string.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_ERROR_STRING 3" +.TH ERR_ERROR_STRING 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_error_string, ERR_error_string_n, ERR_lib_error_string, ERR_func_error_string, ERR_reason_error_string \- obtain human\-readable error message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& char *ERR_error_string(unsigned long e, char *buf); +\& void ERR_error_string_n(unsigned long e, char *buf, size_t len); +\& +\& const char *ERR_lib_error_string(unsigned long e); +\& const char *ERR_func_error_string(unsigned long e); +\& const char *ERR_reason_error_string(unsigned long e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_error_string()\fR generates a human-readable string representing the +error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 256 +bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a +static buffer. +Note that this function is not thread-safe and does no checks on the size +of the buffer; use \fBERR_error_string_n()\fR instead. +.PP +\&\fBERR_error_string_n()\fR is a variant of \fBERR_error_string()\fR that writes +at most \fIlen\fR characters (including the terminating 0) +and truncates the string if necessary. +For \fBERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. +.PP +The string will have the following format: +.PP +.Vb 1 +\& error:[error code]:[library name]:[function name]:[reason string] +.Ve +.PP +\&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR, +\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text. +.PP +\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and +\&\fBERR_reason_error_string()\fR return the library name, function +name and reason string respectively. +.PP +If there is no text string registered for the given error code, +the error string will contain the numeric code. +.PP +\&\fBERR_print_errors\fR\|(3) can be used to print +all error codes currently in the queue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_error_string()\fR returns a pointer to a static buffer containing the +string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise. +.PP +\&\fBERR_lib_error_string()\fR, \fBERR_func_error_string()\fR and +\&\fBERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if +none is registered for the error code. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBERR_print_errors\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ERR_get_error.3 b/secure/lib/libcrypto/man/man3/ERR_get_error.3 new file mode 100644 index 000000000000..d55b4e471859 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ERR_get_error.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_GET_ERROR 3" +.TH ERR_GET_ERROR 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data \- obtain error code and data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned long ERR_get_error(void); +\& unsigned long ERR_peek_error(void); +\& unsigned long ERR_peek_last_error(void); +\& +\& unsigned long ERR_get_error_line(const char **file, int *line); +\& unsigned long ERR_peek_error_line(const char **file, int *line); +\& unsigned long ERR_peek_last_error_line(const char **file, int *line); +\& +\& unsigned long ERR_get_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +\& unsigned long ERR_peek_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +\& unsigned long ERR_peek_last_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_get_error()\fR returns the earliest error code from the thread's error +queue and removes the entry. This function can be called repeatedly +until there are no more error codes to return. +.PP +\&\fBERR_peek_error()\fR returns the earliest error code from the thread's +error queue without modifying it. +.PP +\&\fBERR_peek_last_error()\fR returns the latest error code from the thread's +error queue without modifying it. +.PP +See \s-1\fBERR_GET_LIB\s0\fR\|(3) for obtaining information about +location and reason of the error, and +\&\fBERR_error_string\fR\|(3) for human-readable error +messages. +.PP +\&\fBERR_get_error_line()\fR, \fBERR_peek_error_line()\fR and +\&\fBERR_peek_last_error_line()\fR are the same as the above, but they +additionally store the file name and line number where +the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. +.PP +\&\fBERR_get_error_line_data()\fR, \fBERR_peek_error_line_data()\fR and +\&\fBERR_peek_last_error_line_data()\fR store additional data and flags +associated with the error code in *\fBdata\fR +and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string +if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. +.PP +An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers +returned by these functions) with \fBOPENSSL_free()\fR as freeing is handled +automatically by the error library. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The error code, or 0 if there is no error in the queue. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_error_string\fR\|(3), +\&\s-1\fBERR_GET_LIB\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 new file mode 100644 index 000000000000..8936aa76f2b9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ERR_load_crypto_strings.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_LOAD_CRYPTO_STRINGS 3" +.TH ERR_LOAD_CRYPTO_STRINGS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- load and free error strings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +Deprecated: +.PP +.Vb 1 +\& #include +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void ERR_load_crypto_strings(void); +\& void ERR_free_strings(void); +\& #endif +\& +\& #include +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void SSL_load_error_strings(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_load_crypto_strings()\fR registers the error strings for all +\&\fBlibcrypto\fR functions. \fBSSL_load_error_strings()\fR does the same, +but also registers the \fBlibssl\fR error strings. +.PP +In versions prior to OpenSSL 1.1.0, +\&\fBERR_free_strings()\fR releases any resources created by the above functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR and +\&\fBERR_free_strings()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_error_string\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBERR_load_crypto_strings()\fR, \fBSSL_load_error_strings()\fR, and +\&\fBERR_free_strings()\fR functions were deprecated in OpenSSL 1.1.0 by +\&\fBOPENSSL_init_crypto()\fR and \fBOPENSSL_init_ssl()\fR and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ERR_load_strings.3 b/secure/lib/libcrypto/man/man3/ERR_load_strings.3 new file mode 100644 index 000000000000..a0980ad5c12b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ERR_load_strings.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_LOAD_STRINGS 3" +.TH ERR_LOAD_STRINGS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_load_strings, ERR_PACK, ERR_get_next_error_library \- load arbitrary error strings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_load_strings(int lib, ERR_STRING_DATA str[]); +\& +\& int ERR_get_next_error_library(void); +\& +\& unsigned long ERR_PACK(int lib, int func, int reason); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_load_strings()\fR registers error strings for library number \fBlib\fR. +.PP +\&\fBstr\fR is an array of error string data: +.PP +.Vb 5 +\& typedef struct ERR_string_data_st +\& { +\& unsigned long error; +\& char *string; +\& } ERR_STRING_DATA; +.Ve +.PP +The error code is generated from the library number and a function and +reason code: \fBerror\fR = \s-1ERR_PACK\s0(\fBlib\fR, \fBfunc\fR, \fBreason\fR). +\&\s-1\fBERR_PACK\s0()\fR is a macro. +.PP +The last entry in the array is {0,0}. +.PP +\&\fBERR_get_next_error_library()\fR can be used to assign library numbers +to user libraries at runtime. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_load_strings()\fR returns no value. \s-1\fBERR_PACK\s0()\fR return the error code. +\&\fBERR_get_next_error_library()\fR returns zero on failure, otherwise a new +library number. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_load_strings\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ERR_print_errors.3 b/secure/lib/libcrypto/man/man3/ERR_print_errors.3 new file mode 100644 index 000000000000..6edc96eb6a4c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ERR_print_errors.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_PRINT_ERRORS 3" +.TH ERR_PRINT_ERRORS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_print_errors, ERR_print_errors_fp, ERR_print_errors_cb \&\- print error messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_print_errors(BIO *bp); +\& void ERR_print_errors_fp(FILE *fp); +\& void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_print_errors()\fR is a convenience function that prints the error +strings for all errors that OpenSSL has recorded to \fBbp\fR, thus +emptying the error queue. +.PP +\&\fBERR_print_errors_fp()\fR is the same, except that the output goes to a +\&\fB\s-1FILE\s0\fR. +.PP +\&\fBERR_print_errors_cb()\fR is the same, except that the callback function, +\&\fBcb\fR, is called for each error line with the string, length, and userdata +\&\fBu\fR as the callback parameters. +.PP +The error strings will have the following format: +.PP +.Vb 1 +\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] +.Ve +.PP +\&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR, +\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional +text message\fR if one was set for the respective error code. +.PP +If there is no text string registered for the given error code, +the error string will contain the numeric code. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_print_errors()\fR and \fBERR_print_errors_fp()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_error_string\fR\|(3), +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ERR_put_error.3 b/secure/lib/libcrypto/man/man3/ERR_put_error.3 new file mode 100644 index 000000000000..e0e26bbd7cbe --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ERR_put_error.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_PUT_ERROR 3" +.TH ERR_PUT_ERROR 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_put_error, ERR_add_error_data, ERR_add_error_vdata \- record an error +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void ERR_put_error(int lib, int func, int reason, const char *file, int line); +\& +\& void ERR_add_error_data(int num, ...); +\& void ERR_add_error_vdata(int num, va_list arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_put_error()\fR adds an error code to the thread's error queue. It +signals that the error of reason code \fBreason\fR occurred in function +\&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR. +This function is usually called by a macro. +.PP +\&\fBERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string +arguments with the error code added last. +\&\fBERR_add_error_vdata()\fR is similar except the argument is a \fBva_list\fR. +.PP +\&\fBERR_load_strings\fR\|(3) can be used to register +error strings so that the application can a generate human-readable +error messages for the error code. +.SS "Reporting errors" +.IX Subsection "Reporting errors" +Each sub-library has a specific macro \fBXXXerr()\fR that is used to report +errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second +argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived +from the function names; reason codes consist of textual error +descriptions. For example, the function \fBssl3_read_bytes()\fR reports a +\&\*(L"handshake failure\*(R" as follows: +.PP +.Vb 1 +\& SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); +.Ve +.PP +Function and reason codes should consist of upper case characters, +numbers and underscores only. The error file generation script translates +function codes into function names by looking in the header files +for an appropriate function name, if none is found it just uses +the capitalized form such as \*(L"\s-1SSL3_READ_BYTES\*(R"\s0 in the above example. +.PP +The trailing section of a reason code (after the \*(L"_R_\*(R") is translated +into lower case and underscores changed to spaces. +.PP +Although a library will normally report errors using its own specific +XXXerr macro, another library's macro can be used. This is normally +only done when a library wants to include \s-1ASN1\s0 code which must use +the \fBASN1err()\fR macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_put_error()\fR and \fBERR_add_error_data()\fR return +no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_load_strings\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ERR_remove_state.3 b/secure/lib/libcrypto/man/man3/ERR_remove_state.3 new file mode 100644 index 000000000000..b70c5d5652f7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ERR_remove_state.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_REMOVE_STATE 3" +.TH ERR_REMOVE_STATE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_remove_thread_state, ERR_remove_state \- DEPRECATED +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10000000L +\& void ERR_remove_state(unsigned long tid); +\& #endif +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void ERR_remove_thread_state(void *tid); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_remove_state()\fR frees the error queue associated with the specified +thread, identified by \fBtid\fR. +\&\fBERR_remove_thread_state()\fR does the same thing, except the identifier is +an opaque pointer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_remove_state()\fR and \fBERR_remove_thread_state()\fR return no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +L\fBOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBERR_remove_state()\fR was deprecated in OpenSSL 1.0.0 and +\&\fBERR_remove_thread_state()\fR was deprecated in OpenSSL 1.1.0; these functions +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/ERR_set_mark.3 b/secure/lib/libcrypto/man/man3/ERR_set_mark.3 new file mode 100644 index 000000000000..8edb3254f881 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/ERR_set_mark.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ERR_SET_MARK 3" +.TH ERR_SET_MARK 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ERR_set_mark, ERR_pop_to_mark \- set marks and pop errors until mark +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int ERR_set_mark(void); +\& +\& int ERR_pop_to_mark(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBERR_set_mark()\fR sets a mark on the current topmost error record if there +is one. +.PP +\&\fBERR_pop_to_mark()\fR will pop the top of the error stack until a mark is found. +The mark is then removed. If there is no mark, the whole stack is removed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBERR_set_mark()\fR returns 0 if the error stack is empty, otherwise 1. +.PP +\&\fBERR_pop_to_mark()\fR returns 0 if there was no mark in the error stack, which +implies that the stack became empty, otherwise 1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 new file mode 100644 index 000000000000..1b5a33460acb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_BytesToKey.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BYTESTOKEY 3" +.TH EVP_BYTESTOKEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_BytesToKey \- password based encryption routine +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, +\& const unsigned char *salt, +\& const unsigned char *data, int datal, int count, +\& unsigned char *key, unsigned char *iv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is +the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. +The \fBsalt\fR parameter is used as a salt in the derivation: it should point to +an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing +\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the +iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR +and \fBiv\fR respectively. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBdata\fR parameter. +.PP +Increasing the \fBcount\fR parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.PP +If the total key and \s-1IV\s0 length is less than the digest length and +\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 +otherwise a non standard extension is used to derive the extra data. +.PP +Newer applications should use a more modern algorithm such as \s-1PBKDF2\s0 as +defined in PKCS#5v2.1 and provided by \s-1PKCS5_PBKDF2_HMAC.\s0 +.SH "KEY DERIVATION ALGORITHM" +.IX Header "KEY DERIVATION ALGORITHM" +The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until +enough data is available for the key and \s-1IV.\s0 D_i is defined as: +.PP +.Vb 1 +\& D_i = HASH^count(D_(i\-1) || data || salt) +.Ve +.PP +where || denotes concatenation, D_0 is empty, \s-1HASH\s0 is the digest +algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data) +is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. +.PP +The initial bytes are used for the key and the subsequent bytes for +the \s-1IV.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If \fBdata\fR is \s-1NULL,\s0 then \fBEVP_BytesToKey()\fR returns the number of bytes +needed to store the derived key. +Otherwise, \fBEVP_BytesToKey()\fR returns the size of the derived key in bytes, +or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 b/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 new file mode 100644 index 000000000000..4941cc7e80c0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_CIPHER_CTX_get_cipher_data.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CIPHER_CTX_GET_CIPHER_DATA 3" +.TH EVP_CIPHER_CTX_GET_CIPHER_DATA 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_CTX_get_cipher_data, EVP_CIPHER_CTX_set_cipher_data \- Routines to inspect and modify EVP_CIPHER_CTX objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +\& void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the cipher +data relevant to \s-1EVP_CIPHER_CTX.\s0 The contents of this data is specific to the +particular implementation of the cipher. For example this data can be used by +engines to store engine specific information. The data is automatically +allocated and freed by OpenSSL, so applications and engines should not normally +free this directly (but see below). +.PP +The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function allows an application or engine to +replace the cipher data with new data. A pointer to any existing cipher data is +returned from this function. If the old data is no longer required then it +should be freed through a call to \fBOPENSSL_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBEVP_CIPHER_CTX_get_cipher_data()\fR function returns a pointer to the current +cipher data for the \s-1EVP_CIPHER_CTX.\s0 +.PP +The \fBEVP_CIPHER_CTX_set_cipher_data()\fR function returns a pointer to the old +cipher data for the \s-1EVP_CIPHER_CTX.\s0 +.SH "HISTORY" +.IX Header "HISTORY" +The \fBEVP_CIPHER_CTX_get_cipher_data()\fR and \fBEVP_CIPHER_CTX_set_cipher_data()\fR +functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 b/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 new file mode 100644 index 000000000000..4da560cc7a79 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_CIPHER_meth_new.3 @@ -0,0 +1,343 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CIPHER_METH_NEW 3" +.TH EVP_CIPHER_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_meth_new, EVP_CIPHER_meth_dup, EVP_CIPHER_meth_free, EVP_CIPHER_meth_set_iv_length, EVP_CIPHER_meth_set_flags, EVP_CIPHER_meth_set_impl_ctx_size, EVP_CIPHER_meth_set_init, EVP_CIPHER_meth_set_do_cipher, EVP_CIPHER_meth_set_cleanup, EVP_CIPHER_meth_set_set_asn1_params, EVP_CIPHER_meth_set_get_asn1_params, EVP_CIPHER_meth_set_ctrl, EVP_CIPHER_meth_get_init, EVP_CIPHER_meth_get_do_cipher, EVP_CIPHER_meth_get_cleanup, EVP_CIPHER_meth_get_set_asn1_params, EVP_CIPHER_meth_get_get_asn1_params, EVP_CIPHER_meth_get_ctrl \- Routines to build up EVP_CIPHER methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +\& EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +\& void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); +\& +\& int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +\& int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +\& int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +\& int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, +\& int (*init)(EVP_CIPHER_CTX *ctx, +\& const unsigned char *key, +\& const unsigned char *iv, +\& int enc)); +\& int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, +\& int (*do_cipher)(EVP_CIPHER_CTX *ctx, +\& unsigned char *out, +\& const unsigned char *in, +\& size_t inl)); +\& int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, +\& int (*cleanup)(EVP_CIPHER_CTX *)); +\& int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, +\& int (*set_asn1_parameters)(EVP_CIPHER_CTX *, +\& ASN1_TYPE *)); +\& int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, +\& int (*get_asn1_parameters)(EVP_CIPHER_CTX *, +\& ASN1_TYPE *)); +\& int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, +\& int (*ctrl)(EVP_CIPHER_CTX *, int type, +\& int arg, void *ptr)); +\& +\& int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +\& const unsigned char *key, +\& const unsigned char *iv, +\& int enc); +\& int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +\& unsigned char *out, +\& const unsigned char *in, +\& size_t inl); +\& int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +\& int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& ASN1_TYPE *); +\& int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& ASN1_TYPE *); +\& int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +\& int type, int arg, +\& void *ptr); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_CIPHER\s0\fR type is a structure for symmetric cipher method +implementation. +.PP +\&\fBEVP_CIPHER_meth_new()\fR creates a new \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fBEVP_CIPHER_meth_dup()\fR creates a copy of \fBcipher\fR. +.PP +\&\fBEVP_CIPHER_meth_free()\fR destroys a \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fBEVP_CIPHER_meth_set_iv_length()\fR sets the length of the \s-1IV.\s0 +This is only needed when the implemented cipher mode requires it. +.PP +\&\fBEVP_CIPHER_meth_set_flags()\fR sets the flags to describe optional +behaviours in the particular \fBcipher\fR. +With the exception of cipher modes, of which only one may be present, +several flags can be or'd together. +The available flags are: +.IP "\s-1EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE\s0" 4 +.IX Item "EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE" +The cipher mode. +.IP "\s-1EVP_CIPH_VARIABLE_LENGTH\s0" 4 +.IX Item "EVP_CIPH_VARIABLE_LENGTH" +This cipher is of variable length. +.IP "\s-1EVP_CIPH_CUSTOM_IV\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_IV" +Storing and initialising the \s-1IV\s0 is left entirely to the +implementation. +.IP "\s-1EVP_CIPH_ALWAYS_CALL_INIT\s0" 4 +.IX Item "EVP_CIPH_ALWAYS_CALL_INIT" +Set this if the implementation's \fBinit()\fR function should be called even +if \fBkey\fR is \fB\s-1NULL\s0\fR. +.IP "\s-1EVP_CIPH_CTRL_INIT\s0" 4 +.IX Item "EVP_CIPH_CTRL_INIT" +Set this to have the implementation's \fBctrl()\fR function called with +command code \fB\s-1EVP_CTRL_INIT\s0\fR early in its setup. +.IP "\s-1EVP_CIPH_CUSTOM_KEY_LENGTH\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_KEY_LENGTH" +Checking and setting the key length after creating the \fB\s-1EVP_CIPHER\s0\fR +is left to the implementation. +Whenever someone uses \fBEVP_CIPHER_CTX_set_key_length()\fR on a +\&\fB\s-1EVP_CIPHER\s0\fR with this flag set, the implementation's \fBctrl()\fR function +will be called with the control code \fB\s-1EVP_CTRL_SET_KEY_LENGTH\s0\fR and +the key length in \fBarg\fR. +.IP "\s-1EVP_CIPH_NO_PADDING\s0" 4 +.IX Item "EVP_CIPH_NO_PADDING" +Don't use standard block padding. +.IP "\s-1EVP_CIPH_RAND_KEY\s0" 4 +.IX Item "EVP_CIPH_RAND_KEY" +Making a key with random content is left to the implementation. +This is done by calling the implementation's \fBctrl()\fR function with the +control code \fB\s-1EVP_CTRL_RAND_KEY\s0\fR and the pointer to the key memory +storage in \fBptr\fR. +.IP "\s-1EVP_CIPH_CUSTOM_COPY\s0" 4 +.IX Item "EVP_CIPH_CUSTOM_COPY" +Set this to have the implementation's \fBctrl()\fR function called with +command code \fB\s-1EVP_CTRL_COPY\s0\fR at the end of \fBEVP_CIPHER_CTX_copy()\fR. +The intended use is for further things to deal with after the +implementation specific data block has been copied. +The destination \fB\s-1EVP_CIPHER_CTX\s0\fR is passed to the control with the +\&\fBptr\fR parameter. +The implementation specific data block is reached with +\&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. +.IP "\s-1EVP_CIPH_FLAG_DEFAULT_ASN1\s0" 4 +.IX Item "EVP_CIPH_FLAG_DEFAULT_ASN1" +Use the default \s-1EVP\s0 routines to pass \s-1IV\s0 to and from \s-1ASN.1.\s0 +.IP "\s-1EVP_CIPH_FLAG_LENGTH_BITS\s0" 4 +.IX Item "EVP_CIPH_FLAG_LENGTH_BITS" +Signals that the length of the input buffer for encryption / +decryption is to be understood as the number of bits instead of +bytes for this implementation. +This is only useful for \s-1CFB1\s0 ciphers. +.IP "\s-1EVP_CIPH_FLAG_CUSTOM_CIPHER\s0" 4 +.IX Item "EVP_CIPH_FLAG_CUSTOM_CIPHER" +This indicates that the implementation takes care of everything, +including padding, buffering and finalization. +The \s-1EVP\s0 routines will simply give them control and do nothing more. +.IP "\s-1EVP_CIPH_FLAG_AEAD_CIPHER\s0" 4 +.IX Item "EVP_CIPH_FLAG_AEAD_CIPHER" +This indicates that this is an \s-1AEAD\s0 cipher implementation. +.IP "\s-1EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK\s0" 4 +.IX Item "EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK" +Allow interleaving of crypto blocks, a particular optimization only applicable +to certain \s-1TLS\s0 ciphers. +.PP +\&\fBEVP_CIPHER_meth_set_impl_ctx_size()\fR sets the size of the \s-1EVP_CIPHER\s0's +implementation context so that it can be automatically allocated. +.PP +\&\fBEVP_CIPHER_meth_set_init()\fR sets the cipher init function for +\&\fBcipher\fR. +The cipher init function is called by \fBEVP_CipherInit()\fR, +\&\fBEVP_CipherInit_ex()\fR, \fBEVP_EncryptInit()\fR, \fBEVP_EncryptInit_ex()\fR, +\&\fBEVP_DecryptInit()\fR, \fBEVP_DecryptInit_ex()\fR. +.PP +\&\fBEVP_CIPHER_meth_set_do_cipher()\fR sets the cipher function for +\&\fBcipher\fR. +The cipher function is called by \fBEVP_CipherUpdate()\fR, +\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR, \fBEVP_CipherFinal()\fR, +\&\fBEVP_EncryptFinal()\fR, \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal()\fR and +\&\fBEVP_DecryptFinal_ex()\fR. +.PP +\&\fBEVP_CIPHER_meth_set_cleanup()\fR sets the function for \fBcipher\fR to do +extra cleanup before the method's private data structure is cleaned +out and freed. +Note that the cleanup function is passed a \fB\s-1EVP_CIPHER_CTX\s0 *\fR, the +private data structure is then available with +\&\fBEVP_CIPHER_CTX_get_cipher_data()\fR. +This cleanup function is called by \fBEVP_CIPHER_CTX_reset()\fR and +\&\fBEVP_CIPHER_CTX_free()\fR. +.PP +\&\fBEVP_CIPHER_meth_set_set_asn1_params()\fR sets the function for \fBcipher\fR +to set the AlgorithmIdentifier \*(L"parameter\*(R" based on the passed cipher. +This function is called by \fBEVP_CIPHER_param_to_asn1()\fR. +\&\fBEVP_CIPHER_meth_set_get_asn1_params()\fR sets the function for \fBcipher\fR +that sets the cipher parameters based on an \s-1ASN.1\s0 AlgorithmIdentifier +\&\*(L"parameter\*(R". +Both these functions are needed when there is a need for custom data +(more or other than the cipher \s-1IV\s0). +They are called by \fBEVP_CIPHER_param_to_asn1()\fR and +\&\fBEVP_CIPHER_asn1_to_param()\fR respectively if defined. +.PP +\&\fBEVP_CIPHER_meth_set_ctrl()\fR sets the control function for \fBcipher\fR. +.PP +\&\fBEVP_CIPHER_meth_get_init()\fR, \fBEVP_CIPHER_meth_get_do_cipher()\fR, +\&\fBEVP_CIPHER_meth_get_cleanup()\fR, \fBEVP_CIPHER_meth_get_set_asn1_params()\fR, +\&\fBEVP_CIPHER_meth_get_get_asn1_params()\fR and \fBEVP_CIPHER_meth_get_ctrl()\fR +are all used to retrieve the method data given with the +EVP_CIPHER_meth_set_*() functions above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_CIPHER_meth_new()\fR and \fBEVP_CIPHER_meth_dup()\fR return a pointer to a +newly created \fB\s-1EVP_CIPHER\s0\fR, or \s-1NULL\s0 on failure. +All EVP_CIPHER_meth_set_*() functions return 1. +All EVP_CIPHER_meth_get_*() functions return pointers to their +respective \fBcipher\fR function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +EVP_EncryptInit +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 b/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 new file mode 100644 index 000000000000..4b9e41e3d316 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_DigestInit.3 @@ -0,0 +1,446 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTINIT 3" +.TH EVP_DIGESTINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_MD_CTX_md_data, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, EVP_MD_CTX_set_pkey_ctx \- EVP digest routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_MD_CTX *EVP_MD_CTX_new(void); +\& int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); +\& void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +\& void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +\& int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +\& +\& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +\& int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len); +\& +\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +\& +\& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +\& +\& int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); +\& +\& int EVP_MD_type(const EVP_MD *md); +\& int EVP_MD_pkey_type(const EVP_MD *md); +\& int EVP_MD_size(const EVP_MD *md); +\& int EVP_MD_block_size(const EVP_MD *md); +\& +\& const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +\& int EVP_MD_CTX_size(const EVP_MD *ctx); +\& int EVP_MD_CTX_block_size(const EVP_MD *ctx); +\& int EVP_MD_CTX_type(const EVP_MD *ctx); +\& void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); +\& +\& const EVP_MD *EVP_md_null(void); +\& +\& const EVP_MD *EVP_get_digestbyname(const char *name); +\& const EVP_MD *EVP_get_digestbynid(int type); +\& const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); +\& +\& void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 digest routines are a high level interface to message digests, +and should be used instead of the cipher-specific functions. +.IP "\fBEVP_MD_CTX_new()\fR" 4 +.IX Item "EVP_MD_CTX_new()" +Allocates and returns a digest context. +.IP "\fBEVP_MD_CTX_reset()\fR" 4 +.IX Item "EVP_MD_CTX_reset()" +Resets the digest context \fBctx\fR. This can be used to reuse an already +existing context. +.IP "\fBEVP_MD_CTX_free()\fR" 4 +.IX Item "EVP_MD_CTX_free()" +Cleans up digest context \fBctx\fR and frees up the space allocated to it. +.IP "\fBEVP_MD_CTX_ctrl()\fR" 4 +.IX Item "EVP_MD_CTX_ctrl()" +Performs digest-specific control actions on context \fBctx\fR. +.IP "\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR, \fBEVP_MD_CTX_test_flags()\fR" 4 +.IX Item "EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()" +Sets, clears and tests \fBctx\fR flags. See \*(L"\s-1FLAGS\*(R"\s0 below for more information. +.IP "\fBEVP_DigestInit_ex()\fR" 4 +.IX Item "EVP_DigestInit_ex()" +Sets up digest context \fBctx\fR to use a digest \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. +\&\fBtype\fR will typically be supplied by a function such as \fBEVP_sha1()\fR. If +\&\fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. +.IP "\fBEVP_DigestUpdate()\fR" 4 +.IX Item "EVP_DigestUpdate()" +Hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This +function can be called several times on the same \fBctx\fR to hash additional +data. +.IP "\fBEVP_DigestFinal_ex()\fR" 4 +.IX Item "EVP_DigestFinal_ex()" +Retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR +parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the +length of the digest) will be written to the integer at \fBs\fR, at most +\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. After calling \fBEVP_DigestFinal_ex()\fR +no additional calls to \fBEVP_DigestUpdate()\fR can be made, but +\&\fBEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. +.IP "\fBEVP_DigestFinalXOF()\fR" 4 +.IX Item "EVP_DigestFinalXOF()" +Interfaces to extendable-output functions, XOFs, such as \s-1SHAKE128\s0 and \s-1SHAKE256.\s0 +It retrieves the digest value from \fBctx\fR and places it in \fBlen\fR\-sized md. +After calling this function no additional calls to \fBEVP_DigestUpdate()\fR can be +made, but \fBEVP_DigestInit_ex()\fR can be called to initialize a new operation. +.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 +.IX Item "EVP_MD_CTX_copy_ex()" +Can be used to copy the message digest state from \fBin\fR to \fBout\fR. This is +useful if large amounts of data are to be hashed which only differ in the last +few bytes. +.IP "\fBEVP_DigestInit()\fR" 4 +.IX Item "EVP_DigestInit()" +Behaves in the same way as \fBEVP_DigestInit_ex()\fR except it always uses the +default digest implementation. +.IP "\fBEVP_DigestFinal()\fR" 4 +.IX Item "EVP_DigestFinal()" +Similar to \fBEVP_DigestFinal_ex()\fR except the digest context \fBctx\fR is +automatically cleaned up. +.IP "\fBEVP_MD_CTX_copy()\fR" 4 +.IX Item "EVP_MD_CTX_copy()" +Similar to \fBEVP_MD_CTX_copy_ex()\fR except the destination \fBout\fR does not have to +be initialized. +.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_CTX_size()\fR" 4 +.IX Item "EVP_MD_size(), EVP_MD_CTX_size()" +Return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an +\&\fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the hash. +.IP "\fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 +.IX Item "EVP_MD_block_size(), EVP_MD_CTX_block_size()" +Return the block size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an +\&\fB\s-1EVP_MD_CTX\s0\fR structure. +.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_CTX_type()\fR" 4 +.IX Item "EVP_MD_type(), EVP_MD_CTX_type()" +Return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 representing the given message digest +when passed an \fB\s-1EVP_MD\s0\fR structure. For example, \f(CW\*(C`EVP_MD_type(EVP_sha1())\*(C'\fR +returns \fBNID_sha1\fR. This function is normally used when setting \s-1ASN1\s0 OIDs. +.IP "\fBEVP_MD_CTX_md_data()\fR" 4 +.IX Item "EVP_MD_CTX_md_data()" +Return the digest method private data for the passed \fB\s-1EVP_MD_CTX\s0\fR. +The space is allocated by OpenSSL and has the size originally set with +\&\fBEVP_MD_meth_set_app_datasize()\fR. +.IP "\fBEVP_MD_CTX_md()\fR" 4 +.IX Item "EVP_MD_CTX_md()" +Returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed \fB\s-1EVP_MD_CTX\s0\fR. +.IP "\fBEVP_MD_pkey_type()\fR" 4 +.IX Item "EVP_MD_pkey_type()" +Returns the \s-1NID\s0 of the public key signing algorithm associated with this +digest. For example \fBEVP_sha1()\fR is associated with \s-1RSA\s0 so this will return +\&\fBNID_sha1WithRSAEncryption\fR. Since digests and signature algorithms are no +longer linked this function is only retained for compatibility reasons. +.IP "\fBEVP_md_null()\fR" 4 +.IX Item "EVP_md_null()" +A \*(L"null\*(R" message digest that does nothing: i.e. the hash it returns is of zero +length. +.IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 +.IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" +Returns an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \fB\s-1NID\s0\fR or an +\&\fB\s-1ASN1_OBJECT\s0\fR structure respectively. +.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_set_pkey_ctx()" +Assigns an \fB\s-1EVP_PKEY_CTX\s0\fR to \fB\s-1EVP_MD_CTX\s0\fR. This is usually used to provide +a customzied \fB\s-1EVP_PKEY_CTX\s0\fR to \fBEVP_DigestSignInit\fR\|(3) or +\&\fBEVP_DigestVerifyInit\fR\|(3). The \fBpctx\fR passed to this function should be freed +by the caller. A \s-1NULL\s0 \fBpctx\fR pointer is also allowed to clear the \fB\s-1EVP_PKEY_CTX\s0\fR +assigned to \fBctx\fR. In such case, freeing the cleared \fB\s-1EVP_PKEY_CTX\s0\fR or not +depends on how the \fB\s-1EVP_PKEY_CTX\s0\fR is created. +.SH "FLAGS" +.IX Header "FLAGS" +\&\fBEVP_MD_CTX_set_flags()\fR, \fBEVP_MD_CTX_clear_flags()\fR and \fBEVP_MD_CTX_test_flags()\fR +can be used the manipulate and test these \fB\s-1EVP_MD_CTX\s0\fR flags: +.IP "\s-1EVP_MD_CTX_FLAG_ONESHOT\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_ONESHOT" +This flag instructs the digest to optimize for one update only, if possible. +.IP "\s-1EVP_MD_CTX_FLAG_NO_INIT\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_NO_INIT" +This flag instructs \fBEVP_DigestInit()\fR and similar not to initialise the +implementation specific data. +.IP "\s-1EVP_MD_CTX_FLAG_FINALISE\s0" 4 +.IX Item "EVP_MD_CTX_FLAG_FINALISE" +Some functions such as EVP_DigestSign only finalise copies of internal +contexts so additional data can be included after the finalisation call. +This is inefficient if this functionality is not required, and can be +disabled with this flag. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.IP "\fBEVP_DigestInit_ex()\fR, \fBEVP_DigestUpdate()\fR, \fBEVP_DigestFinal_ex()\fR" 4 +.IX Item "EVP_DigestInit_ex(), EVP_DigestUpdate(), EVP_DigestFinal_ex()" +Returns 1 for +success and 0 for failure. +.IP "\fBEVP_MD_CTX_ctrl()\fR" 4 +.IX Item "EVP_MD_CTX_ctrl()" +Returns 1 if successful or 0 for failure. +.IP "\fBEVP_MD_CTX_copy_ex()\fR" 4 +.IX Item "EVP_MD_CTX_copy_ex()" +Returns 1 if successful or 0 for failure. +.IP "\fBEVP_MD_type()\fR, \fBEVP_MD_pkey_type()\fR, \fBEVP_MD_type()\fR" 4 +.IX Item "EVP_MD_type(), EVP_MD_pkey_type(), EVP_MD_type()" +Returns the \s-1NID\s0 of the corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none +exists. +.IP "\fBEVP_MD_size()\fR, \fBEVP_MD_block_size()\fR, \fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR" 4 +.IX Item "EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size()" +Returns the digest or block size in bytes. +.IP "\fBEVP_md_null()\fR" 4 +.IX Item "EVP_md_null()" +Returns a pointer to the \fB\s-1EVP_MD\s0\fR structure of the \*(L"null\*(R" message digest. +.IP "\fBEVP_get_digestbyname()\fR, \fBEVP_get_digestbynid()\fR, \fBEVP_get_digestbyobj()\fR" 4 +.IX Item "EVP_get_digestbyname(), EVP_get_digestbynid(), EVP_get_digestbyobj()" +Returns either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs. +.IP "\fBEVP_MD_CTX_set_pkey_ctx()\fR" 4 +.IX Item "EVP_MD_CTX_set_pkey_ctx()" +This function has no return value. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the digest used and much more flexible. +.PP +New applications should use the \s-1SHA\-2\s0 (such as \fBEVP_sha256\fR\|(3)) or the \s-1SHA\-3\s0 +digest algorithms (such as \fBEVP_sha3_512\fR\|(3)). The other digest algorithms +are still in common use. +.PP +For most applications the \fBimpl\fR parameter to \fBEVP_DigestInit_ex()\fR will be +set to \s-1NULL\s0 to use the default digest implementation. +.PP +The functions \fBEVP_DigestInit()\fR, \fBEVP_DigestFinal()\fR and \fBEVP_MD_CTX_copy()\fR are +obsolete but are retained to maintain compatibility with existing code. New +applications should use \fBEVP_DigestInit_ex()\fR, \fBEVP_DigestFinal_ex()\fR and +\&\fBEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context +instead of initializing and cleaning it up on each call and allow non default +implementations of digests to be specified. +.PP +If digest contexts are not cleaned up after use, +memory leaks will occur. +.PP +\&\fBEVP_MD_CTX_size()\fR, \fBEVP_MD_CTX_block_size()\fR, \fBEVP_MD_CTX_type()\fR, +\&\fBEVP_get_digestbynid()\fR and \fBEVP_get_digestbyobj()\fR are defined as +macros. +.PP +\&\fBEVP_MD_CTX_ctrl()\fR sends commands to message digests for additional configuration +or control. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the +digest name passed on the command line. +.PP +.Vb 3 +\& #include +\& #include +\& #include +\& +\& int main(int argc, char *argv[]) +\& { +\& EVP_MD_CTX *mdctx; +\& const EVP_MD *md; +\& char mess1[] = "Test Message\en"; +\& char mess2[] = "Hello World\en"; +\& unsigned char md_value[EVP_MAX_MD_SIZE]; +\& unsigned int md_len, i; +\& +\& if (argv[1] == NULL) { +\& printf("Usage: mdtest digestname\en"); +\& exit(1); +\& } +\& +\& md = EVP_get_digestbyname(argv[1]); +\& if (md == NULL) { +\& printf("Unknown message digest %s\en", argv[1]); +\& exit(1); +\& } +\& +\& mdctx = EVP_MD_CTX_new(); +\& EVP_DigestInit_ex(mdctx, md, NULL); +\& EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); +\& EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); +\& EVP_DigestFinal_ex(mdctx, md_value, &md_len); +\& EVP_MD_CTX_free(mdctx); +\& +\& printf("Digest is: "); +\& for (i = 0; i < md_len; i++) +\& printf("%02x", md_value[i]); +\& printf("\en"); +\& +\& exit(0); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBdgst\fR\|(1), +\&\fBevp\fR\|(7) +.PP +The full list of digest algorithms are provided below. +.PP +\&\fBEVP_blake2b512\fR\|(3), +\&\fBEVP_md2\fR\|(3), +\&\fBEVP_md4\fR\|(3), +\&\fBEVP_md5\fR\|(3), +\&\fBEVP_mdc2\fR\|(3), +\&\fBEVP_ripemd160\fR\|(3), +\&\fBEVP_sha1\fR\|(3), +\&\fBEVP_sha224\fR\|(3), +\&\fBEVP_sha3_224\fR\|(3), +\&\fBEVP_sm3\fR\|(3), +\&\fBEVP_whirlpool\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBEVP_MD_CTX_create()\fR and \fBEVP_MD_CTX_destroy()\fR functions were renamed to +\&\fBEVP_MD_CTX_new()\fR and \fBEVP_MD_CTX_free()\fR in OpenSSL 1.1.0, respectively. +.PP +The link between digests and signing algorithms was fixed in OpenSSL 1.0 and +later, so now \fBEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA.\s0 +.PP +The \fBEVP_dss1()\fR function was removed in OpenSSL 1.1.0. +.PP +The \fBEVP_MD_CTX_set_pkey_ctx()\fR function was added in 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 new file mode 100644 index 000000000000..0524fd067ddd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_DigestSignInit.3 @@ -0,0 +1,285 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTSIGNINIT 3" +.TH EVP_DIGESTSIGNINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal, EVP_DigestSign \- EVP signing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +\& int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); +\& +\& int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, +\& size_t *siglen, const unsigned char *tbs, +\& size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital signatures. +.PP +\&\fBEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from +\&\s-1ENGINE\s0 \fBe\fR and private key \fBpkey\fR. \fBctx\fR must be created with +\&\fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the +\&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can +be used to set alternative signing options. Note that any existing value in +\&\fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed +directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before +being passed to \fBEVP_DigestSignInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created +inside \fBEVP_DigestSignInit()\fR and it will be freed automatically when the +\&\s-1EVP_MD_CTX\s0 is freed). +.PP +The digest \fBtype\fR may be \s-1NULL\s0 if the signing algorithm supports it. +.PP +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit()\fR if the passed \fBctx\fR +has already been assigned one via \fBEVP_MD_CTX_set_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). +.PP +Only \s-1EVP_PKEY\s0 types that support signing can be used with these functions. This +includes \s-1MAC\s0 algorithms where the \s-1MAC\s0 generation is considered as a form of +\&\*(L"signing\*(R". Built-in \s-1EVP_PKEY\s0 types supported by these functions are \s-1CMAC,\s0 +Poly1305, \s-1DSA, ECDSA, HMAC, RSA,\s0 SipHash, Ed25519 and Ed448. +.PP +Not all digests can be used for all key types. The following combinations apply. +.IP "\s-1DSA\s0" 4 +.IX Item "DSA" +Supports \s-1SHA1, SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 +.IP "\s-1ECDSA\s0" 4 +.IX Item "ECDSA" +Supports \s-1SHA1, SHA224, SHA256, SHA384, SHA512\s0 and \s-1SM3\s0 +.IP "\s-1RSA\s0 with no padding" 4 +.IX Item "RSA with no padding" +Supports no digests (the digest \fBtype\fR must be \s-1NULL\s0) +.IP "\s-1RSA\s0 with X931 padding" 4 +.IX Item "RSA with X931 padding" +Supports \s-1SHA1, SHA256, SHA384\s0 and \s-1SHA512\s0 +.IP "All other \s-1RSA\s0 padding types" 4 +.IX Item "All other RSA padding types" +Support \s-1SHA1, SHA224, SHA256, SHA384, SHA512, MD5, MD5_SHA1, MD2, MD4, MDC2, +SHA3\-224, SHA3\-256, SHA3\-384, SHA3\-512\s0 +.IP "Ed25519 and Ed448" 4 +.IX Item "Ed25519 and Ed448" +Support no digests (the digest \fBtype\fR must be \s-1NULL\s0) +.IP "\s-1HMAC\s0" 4 +.IX Item "HMAC" +Supports any digest +.IP "\s-1CMAC,\s0 Poly1305 and SipHash" 4 +.IX Item "CMAC, Poly1305 and SipHash" +Will ignore any digest provided. +.PP +If RSA-PSS is used and restrictions apply then the digest must match. +.PP +\&\fBEVP_DigestSignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +signature context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. This function is currently implemented +using a macro. +.PP +\&\fBEVP_DigestSignFinal()\fR signs the data in \fBctx\fR and places the signature in \fBsig\fR. +If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to +the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then before the call the +\&\fBsiglen\fR parameter should contain the length of the \fBsig\fR buffer. If the +call is successful the signature is written to \fBsig\fR and the amount of data +written to \fBsiglen\fR. +.PP +\&\fBEVP_DigestSign()\fR signs \fBtbslen\fR bytes of data at \fBtbs\fR and places the +signature in \fBsig\fR and its length in \fBsiglen\fR in a similar way to +\&\fBEVP_DigestSignFinal()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR, \fBEVP_DigestSignaFinal()\fR and +\&\fBEVP_DigestSign()\fR return 1 for success and 0 or a negative value for failure. In +particular, a return value of \-2 indicates the operation is not supported by the +public key algorithm. +.PP +The error codes can be obtained from \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +\&\fBEVP_DigestSign()\fR is a one shot operation which signs a single block of data +in one function. For algorithms that support streaming it is equivalent to +calling \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR. For algorithms which +do not support streaming (e.g. PureEdDSA) it is the only way to sign data. +.PP +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR +needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and +the use of clone digest is now discouraged. +.PP +For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +The call to \fBEVP_DigestSignFinal()\fR internally finalizes a copy of the digest +context. This means that calls to \fBEVP_DigestSignUpdate()\fR and +\&\fBEVP_DigestSignFinal()\fR can be called later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak +will occur. +.PP +The use of \fBEVP_PKEY_size()\fR with these functions is discouraged because some +signature operations may have a signature length which depends on the +parameters set. As a result \fBEVP_PKEY_size()\fR would have to return a value +which indicates the maximum possible signature for any set of parameters. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR +were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 new file mode 100644 index 000000000000..c303fd85df81 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_DigestVerifyInit.3 @@ -0,0 +1,243 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DIGESTVERIFYINIT 3" +.TH EVP_DIGESTVERIFYINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal, EVP_DigestVerify \- EVP signature verification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +\& const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +\& int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +\& int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, +\& size_t siglen); +\& int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, +\& size_t siglen, const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital signatures. +.PP +\&\fBEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBe\fR and public key \fBpkey\fR. \fBctx\fR must be created +with \fBEVP_MD_CTX_new()\fR before calling this function. If \fBpctx\fR is not \s-1NULL,\s0 the +\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this +can be used to set alternative verification options. Note that any existing +value in \fB*pctx\fR is overwritten. The \s-1EVP_PKEY_CTX\s0 value returned must not be freed +directly by the application if \fBctx\fR is not assigned an \s-1EVP_PKEY_CTX\s0 value before +being passed to \fBEVP_DigestVerifyInit()\fR (which means the \s-1EVP_PKEY_CTX\s0 is created +inside \fBEVP_DigestVerifyInit()\fR and it will be freed automatically when the +\&\s-1EVP_MD_CTX\s0 is freed). +.PP +No \fB\s-1EVP_PKEY_CTX\s0\fR will be created by \fBEVP_DigestSignInit()\fR if the passed \fBctx\fR +has already been assigned one via \fBEVP_MD_CTX_set_ctx\fR\|(3). See also \s-1\fBSM2\s0\fR\|(7). +.PP +\&\fBEVP_DigestVerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +verification context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. This function is currently implemented +using a macro. +.PP +\&\fBEVP_DigestVerifyFinal()\fR verifies the data in \fBctx\fR against the signature in +\&\fBsig\fR of length \fBsiglen\fR. +.PP +\&\fBEVP_DigestVerify()\fR verifies \fBtbslen\fR bytes at \fBtbs\fR against the signature +in \fBsig\fR of length \fBsiglen\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_DigestVerifyInit()\fR and \fBEVP_DigestVerifyUpdate()\fR return 1 for success and 0 +for failure. +.PP +\&\fBEVP_DigestVerifyFinal()\fR and \fBEVP_DigestVerify()\fR return 1 for success; any other +value indicates failure. A return value of zero indicates that the signature +did not verify successfully (that is, \fBtbs\fR did not match the original data or +the signature had an invalid form), while other values indicate a more serious +error (and sometimes also indicate an invalid signature form). +.PP +The error codes can be obtained from \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +\&\fBEVP_DigestVerify()\fR is a one shot operation which verifies a single block of +data in one function. For algorithms that support streaming it is equivalent +to calling \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR. For +algorithms which do not support streaming (e.g. PureEdDSA) it is the only way +to verify data. +.PP +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fBEVP_dss1()\fR +needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and +the use of clone digest is now discouraged. +.PP +For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +The call to \fBEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest +context. This means that \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can +be called later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBEVP_DigestVerifyInit()\fR, \fBEVP_DigestVerifyUpdate()\fR and \fBEVP_DigestVerifyFinal()\fR +were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 b/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 new file mode 100644 index 000000000000..f23ef7efaf0c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_EncodeInit.3 @@ -0,0 +1,290 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ENCODEINIT 3" +.TH EVP_ENCODEINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ENCODE_CTX_new, EVP_ENCODE_CTX_free, EVP_ENCODE_CTX_copy, EVP_ENCODE_CTX_num, EVP_EncodeInit, EVP_EncodeUpdate, EVP_EncodeFinal, EVP_EncodeBlock, EVP_DecodeInit, EVP_DecodeUpdate, EVP_DecodeFinal, EVP_DecodeBlock \- EVP base 64 encode/decode routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +\& void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +\& int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); +\& int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); +\& void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +\& int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +\& const unsigned char *in, int inl); +\& void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +\& int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); +\& +\& void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +\& int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +\& const unsigned char *in, int inl); +\& int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +\& int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 encode routines provide a high level interface to base 64 encoding and +decoding. Base 64 encoding converts binary data into a printable form that uses +the characters A\-Z, a\-z, 0\-9, \*(L"+\*(R" and \*(L"/\*(R" to represent the data. For every 3 +bytes of binary data provided 4 bytes of base 64 encoded data will be produced +plus some occasional newlines (see below). If the input data length is not a +multiple of 3 then the output data will be padded at the end using the \*(L"=\*(R" +character. +.PP +\&\fBEVP_ENCODE_CTX_new()\fR allocates, initializes and returns a context to be used for +the encode/decode functions. +.PP +\&\fBEVP_ENCODE_CTX_free()\fR cleans up an encode/decode context \fBctx\fR and frees up the +space allocated to it. +.PP +Encoding of binary data is performed in blocks of 48 input bytes (or less for +the final block). For each 48 byte input block encoded 64 bytes of base 64 data +is output plus an additional newline character (i.e. 65 bytes in total). The +final block (which may be less than 48 bytes) will output 4 bytes for every 3 +bytes of input. If the data length is not divisible by 3 then a full 4 bytes is +still output for the final 1 or 2 bytes of input. Similarly a newline character +will also be output. +.PP +\&\fBEVP_EncodeInit()\fR initialises \fBctx\fR for the start of a new encoding operation. +.PP +\&\fBEVP_EncodeUpdate()\fR encode \fBinl\fR bytes of data found in the buffer pointed to by +\&\fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes output +is stored in \fB*outl\fR. It is the caller's responsibility to ensure that the +buffer at \fBout\fR is sufficiently large to accommodate the output data. Only full +blocks of data (48 bytes) will be immediately processed and output by this +function. Any remainder is held in the \fBctx\fR object and will be processed by a +subsequent call to \fBEVP_EncodeUpdate()\fR or \fBEVP_EncodeFinal()\fR. To calculate the +required size of the output buffer add together the value of \fBinl\fR with the +amount of unprocessed data held in \fBctx\fR and divide the result by 48 (ignore +any remainder). This gives the number of blocks of data that will be processed. +Ensure the output buffer contains 65 bytes of storage for each block, plus an +additional byte for a \s-1NUL\s0 terminator. \fBEVP_EncodeUpdate()\fR may be called +repeatedly to process large amounts of input data. In the event of an error +\&\fBEVP_EncodeUpdate()\fR will set \fB*outl\fR to 0 and return 0. On success 1 will be +returned. +.PP +\&\fBEVP_EncodeFinal()\fR must be called at the end of an encoding operation. It will +process any partial block of data remaining in the \fBctx\fR object. The output +data will be stored in \fBout\fR and the length of the data written will be stored +in \fB*outl\fR. It is the caller's responsibility to ensure that \fBout\fR is +sufficiently large to accommodate the output data which will never be more than +65 bytes plus an additional \s-1NUL\s0 terminator (i.e. 66 bytes in total). +.PP +\&\fBEVP_ENCODE_CTX_copy()\fR can be used to copy a context \fBsctx\fR to a context +\&\fBdctx\fR. \fBdctx\fR must be initialized before calling this function. +.PP +\&\fBEVP_ENCODE_CTX_num()\fR will return the number of as yet unprocessed bytes still to +be encoded or decoded that are pending in the \fBctx\fR object. +.PP +\&\fBEVP_EncodeBlock()\fR encodes a full block of input data in \fBf\fR and of length +\&\fBdlen\fR and stores it in \fBt\fR. For every 3 bytes of input provided 4 bytes of +output data will be produced. If \fBdlen\fR is not divisible by 3 then the block is +encoded as a final block of data and the output is padded such that it is always +divisible by 4. Additionally a \s-1NUL\s0 terminator character will be added. For +example if 16 bytes of input data is provided then 24 bytes of encoded data is +created plus 1 byte for a \s-1NUL\s0 terminator (i.e. 25 bytes in total). The length of +the data generated \fIwithout\fR the \s-1NUL\s0 terminator is returned from the function. +.PP +\&\fBEVP_DecodeInit()\fR initialises \fBctx\fR for the start of a new decoding operation. +.PP +\&\fBEVP_DecodeUpdate()\fR decodes \fBinl\fR characters of data found in the buffer pointed +to by \fBin\fR. The output is stored in the buffer \fBout\fR and the number of bytes +output is stored in \fB*outl\fR. It is the caller's responsibility to ensure that +the buffer at \fBout\fR is sufficiently large to accommodate the output data. This +function will attempt to decode as much data as possible in 4 byte chunks. Any +whitespace, newline or carriage return characters are ignored. Any partial chunk +of unprocessed data (1, 2 or 3 bytes) that remains at the end will be held in +the \fBctx\fR object and processed by a subsequent call to \fBEVP_DecodeUpdate()\fR. If +any illegal base 64 characters are encountered or if the base 64 padding +character \*(L"=\*(R" is encountered in the middle of the data then the function returns +\&\-1 to indicate an error. A return value of 0 or 1 indicates successful +processing of the data. A return value of 0 additionally indicates that the last +input data characters processed included the base 64 padding character \*(L"=\*(R" and +therefore no more non-padding character data is expected to be processed. For +every 4 valid base 64 bytes processed (ignoring whitespace, carriage returns and +line feeds), 3 bytes of binary output data will be produced (or less at the end +of the data where the padding character \*(L"=\*(R" has been used). +.PP +\&\fBEVP_DecodeFinal()\fR must be called at the end of a decoding operation. If there +is any unprocessed data still in \fBctx\fR then the input data must not have been +a multiple of 4 and therefore an error has occurred. The function will return \-1 +in this case. Otherwise the function returns 1 on success. +.PP +\&\fBEVP_DecodeBlock()\fR will decode the block of \fBn\fR characters of base 64 data +contained in \fBf\fR and store the result in \fBt\fR. Any leading whitespace will be +trimmed as will any trailing whitespace, newlines, carriage returns or \s-1EOF\s0 +characters. After such trimming the length of the data in \fBf\fR must be divisible +by 4. For every 4 input bytes exactly 3 output bytes will be produced. The +output will be padded with 0 bits if necessary to ensure that the output is +always 3 bytes for every 4 input bytes. This function will return the length of +the data decoded or \-1 on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_ENCODE_CTX_new()\fR returns a pointer to the newly allocated \s-1EVP_ENCODE_CTX\s0 +object or \s-1NULL\s0 on error. +.PP +\&\fBEVP_ENCODE_CTX_num()\fR returns the number of bytes pending encoding or decoding in +\&\fBctx\fR. +.PP +\&\fBEVP_EncodeUpdate()\fR returns 0 on error or 1 on success. +.PP +\&\fBEVP_EncodeBlock()\fR returns the number of bytes encoded excluding the \s-1NUL\s0 +terminator. +.PP +\&\fBEVP_DecodeUpdate()\fR returns \-1 on error and 0 or 1 on success. If 0 is returned +then no more non-padding base 64 characters are expected. +.PP +\&\fBEVP_DecodeFinal()\fR returns \-1 on error or 1 on success. +.PP +\&\fBEVP_DecodeBlock()\fR returns the length of the data decoded or \-1 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 new file mode 100644 index 000000000000..f803c2de7549 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_EncryptInit.3 @@ -0,0 +1,711 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ENCRYPTINIT 3" +.TH EVP_ENCRYPTINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_reset, EVP_CIPHER_CTX_free, EVP_EncryptInit_ex, EVP_EncryptUpdate, EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, EVP_EncryptInit, EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding, EVP_enc_null \&\- EVP cipher routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +\& int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); +\& void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx); +\& +\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv); +\& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +\& +\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv); +\& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); +\& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, const unsigned char *in, int inl); +\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv); +\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +\& +\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv); +\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& const unsigned char *key, const unsigned char *iv, int enc); +\& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +\& +\& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); +\& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +\& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +\& int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); +\& +\& const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +\& const EVP_CIPHER *EVP_get_cipherbynid(int nid); +\& const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); +\& +\& int EVP_CIPHER_nid(const EVP_CIPHER *e); +\& int EVP_CIPHER_block_size(const EVP_CIPHER *e); +\& int EVP_CIPHER_key_length(const EVP_CIPHER *e); +\& int EVP_CIPHER_iv_length(const EVP_CIPHER *e); +\& unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e); +\& unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e); +\& int EVP_CIPHER_type(const EVP_CIPHER *ctx); +\& +\& const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +\& void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +\& void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); +\& int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx); +\& int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx); +\& +\& int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +\& int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 cipher routines are a high level interface to certain +symmetric ciphers. +.PP +\&\fBEVP_CIPHER_CTX_new()\fR creates a cipher context. +.PP +\&\fBEVP_CIPHER_CTX_free()\fR clears all information from a cipher context +and free up any allocated memory associate with it, including \fBctx\fR +itself. This function should be called after all operations using a +cipher are complete so sensitive information does not remain in +memory. +.PP +\&\fBEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption +with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created +before calling this function. \fBtype\fR is normally supplied +by a function such as \fBEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the +default implementation is used. \fBkey\fR is the symmetric key to use +and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes +used for the key and \s-1IV\s0 depends on the cipher. It is possible to set +all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply +the remaining parameters in subsequent calls, all of which have \fBtype\fR +set to \s-1NULL.\s0 This is done when the default cipher parameters are not +appropriate. +.PP +\&\fBEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and +writes the encrypted version to \fBout\fR. This function can be called +multiple times to encrypt successive blocks of data. The amount +of data written depends on the block alignment of the encrypted data: +as a result the amount of data written may be anything from zero bytes +to (inl + cipher_block_size \- 1) so \fBout\fR should contain sufficient +room. The actual number of bytes written is placed in \fBoutl\fR. It also +checks if \fBin\fR and \fBout\fR are partially overlapping, and if they are +0 is returned to indicate failure. +.PP +If padding is enabled (the default) then \fBEVP_EncryptFinal_ex()\fR encrypts +the \*(L"final\*(R" data, that is any data that remains in a partial block. +It uses standard block padding (aka \s-1PKCS\s0 padding) as described in +the \s-1NOTES\s0 section, below. The encrypted +final data is written to \fBout\fR which should have sufficient space for +one cipher block. The number of bytes written is placed in \fBoutl\fR. After +this function is called the encryption operation is finished and no further +calls to \fBEVP_EncryptUpdate()\fR should be made. +.PP +If padding is disabled then \fBEVP_EncryptFinal_ex()\fR will not encrypt any more +data and it will return an error if any data remains in a partial block: +that is if the total data length is not a multiple of the block size. +.PP +\&\fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal_ex()\fR are the +corresponding decryption operations. \fBEVP_DecryptFinal()\fR will return an +error code if padding is enabled and the final block is not correctly +formatted. The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer \fBout\fR +passed to \fBEVP_DecryptUpdate()\fR should have sufficient room for +(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in +which case \fBinl\fR bytes is sufficient. +.PP +\&\fBEVP_CipherInit_ex()\fR, \fBEVP_CipherUpdate()\fR and \fBEVP_CipherFinal_ex()\fR are +functions that can be used for decryption or encryption. The operation +performed depends on the value of the \fBenc\fR parameter. It should be set +to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged +(the actual value of 'enc' being supplied in a previous call). +.PP +\&\fBEVP_CIPHER_CTX_reset()\fR clears all information from a cipher context +and free up any allocated memory associate with it, except the \fBctx\fR +itself. This function should be called anytime \fBctx\fR is to be reused +for another \fBEVP_CipherInit()\fR / \fBEVP_CipherUpdate()\fR / \fBEVP_CipherFinal()\fR +series of calls. +.PP +\&\fBEVP_EncryptInit()\fR, \fBEVP_DecryptInit()\fR and \fBEVP_CipherInit()\fR behave in a +similar way to \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR and +\&\fBEVP_CipherInit_ex()\fR except they always use the default cipher implementation. +.PP +\&\fBEVP_EncryptFinal()\fR, \fBEVP_DecryptFinal()\fR and \fBEVP_CipherFinal()\fR are +identical to \fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptFinal_ex()\fR and +\&\fBEVP_CipherFinal_ex()\fR. In previous releases they also cleaned up +the \fBctx\fR, but this is no longer done and \fBEVP_CIPHER_CTX_clean()\fR +must be called to free any context resources. +.PP +\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR +return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an +\&\s-1ASN1_OBJECT\s0 structure. +.PP +\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when +passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 +value is an internal value which may not have a corresponding \s-1OBJECT +IDENTIFIER.\s0 +.PP +\&\fBEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. This +function should be called after the context is set up for encryption +or decryption with \fBEVP_EncryptInit_ex()\fR, \fBEVP_DecryptInit_ex()\fR or +\&\fBEVP_CipherInit_ex()\fR. By default encryption operations are padded using +standard block padding and the padding is checked and removed when +decrypting. If the \fBpad\fR parameter is zero then no padding is +performed, the total amount of data encrypted or decrypted must then +be a multiple of the block size or an error will occur. +.PP +\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key +length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length +for all ciphers. Note: although \fBEVP_CIPHER_key_length()\fR is fixed for a +given cipher, the value of \fBEVP_CIPHER_CTX_key_length()\fR may be different +for variable key length ciphers. +.PP +\&\fBEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. +If the cipher is a fixed length cipher then attempting to set the key +length to any value other than the fixed value is an error. +.PP +\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. +It will return zero if the cipher does not use an \s-1IV.\s0 The constant +\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. +.PP +\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block +size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The constant \fB\s-1EVP_MAX_BLOCK_LENGTH\s0\fR is also the maximum block +length for all ciphers. +.PP +\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the type of the passed +cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT +IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and +128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object +identifier or does not have \s-1ASN1\s0 support this function will return +\&\fBNID_undef\fR. +.PP +\&\fBEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed +an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. +.PP +\&\fBEVP_CIPHER_mode()\fR and \fBEVP_CIPHER_CTX_mode()\fR return the block cipher mode: +\&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, +EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, +EVP_CIPH_WRAP_MODE\s0 or \s-1EVP_CIPH_OCB_MODE.\s0 If the cipher is a stream cipher then +\&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. +.PP +\&\fBEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based +on the passed cipher. This will typically include any parameters and an +\&\s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set when this call is made. This call +should be made before the cipher is actually \*(L"used\*(R" (before any +\&\fBEVP_EncryptUpdate()\fR, \fBEVP_DecryptUpdate()\fR calls for example). This function +may fail if the cipher does not have any \s-1ASN1\s0 support. +.PP +\&\fBEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 +AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher +In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length. +This function should be called after the base cipher type is set but before +the key is set. For example \fBEVP_CipherInit()\fR will be called with the \s-1IV\s0 and +key set to \s-1NULL,\s0 \fBEVP_CIPHER_asn1_to_param()\fR will be called and finally +\&\fBEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is +possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support +or the parameters cannot be set (for example the \s-1RC2\s0 effective key length +is not supported. +.PP +\&\fBEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined +and set. +.PP +\&\fBEVP_CIPHER_CTX_rand_key()\fR generates a random key of the appropriate length +based on the cipher context. The \s-1EVP_CIPHER\s0 can provide its own random key +generation routine to support keys of a specific form. \fBKey\fR must point to a +buffer at least as big as the value returned by \fBEVP_CIPHER_CTX_key_length()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_CIPHER_CTX_new()\fR returns a pointer to a newly created +\&\fB\s-1EVP_CIPHER_CTX\s0\fR for success and \fB\s-1NULL\s0\fR for failure. +.PP +\&\fBEVP_EncryptInit_ex()\fR, \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal_ex()\fR +return 1 for success and 0 for failure. +.PP +\&\fBEVP_DecryptInit_ex()\fR and \fBEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. +\&\fBEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. +.PP +\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherUpdate()\fR return 1 for success and 0 for failure. +\&\fBEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. +.PP +\&\fBEVP_CIPHER_CTX_reset()\fR returns 1 for success and 0 for failure. +.PP +\&\fBEVP_get_cipherbyname()\fR, \fBEVP_get_cipherbynid()\fR and \fBEVP_get_cipherbyobj()\fR +return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. +.PP +\&\fBEVP_CIPHER_nid()\fR and \fBEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0 +.PP +\&\fBEVP_CIPHER_block_size()\fR and \fBEVP_CIPHER_CTX_block_size()\fR return the block +size. +.PP +\&\fBEVP_CIPHER_key_length()\fR and \fBEVP_CIPHER_CTX_key_length()\fR return the key +length. +.PP +\&\fBEVP_CIPHER_CTX_set_padding()\fR always returns 1. +.PP +\&\fBEVP_CIPHER_iv_length()\fR and \fBEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +length or zero if the cipher does not use an \s-1IV.\s0 +.PP +\&\fBEVP_CIPHER_type()\fR and \fBEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's +\&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0 +.PP +\&\fBEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fBEVP_CIPHER_param_to_asn1()\fR and \fBEVP_CIPHER_asn1_to_param()\fR return greater +than zero for success and zero or a negative number on failure. +.PP +\&\fBEVP_CIPHER_CTX_rand_key()\fR returns 1 for success. +.SH "CIPHER LISTING" +.IX Header "CIPHER LISTING" +All algorithms have a fixed key length unless otherwise stated. +.PP +Refer to \*(L"\s-1SEE ALSO\*(R"\s0 for the full list of ciphers available through the \s-1EVP\s0 +interface. +.IP "\fBEVP_enc_null()\fR" 4 +.IX Item "EVP_enc_null()" +Null cipher: does nothing. +.SH "AEAD Interface" +.IX Header "AEAD Interface" +The \s-1EVP\s0 interface for Authenticated Encryption with Associated Data (\s-1AEAD\s0) +modes are subtly altered and several additional \fIctrl\fR operations are supported +depending on the mode specified. +.PP +To specify additional authenticated data (\s-1AAD\s0), a call to \fBEVP_CipherUpdate()\fR, +\&\fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR should be made with the output +parameter \fBout\fR set to \fB\s-1NULL\s0\fR. +.PP +When decrypting, the return value of \fBEVP_DecryptFinal()\fR or \fBEVP_CipherFinal()\fR +indicates whether the operation was successful. If it does not indicate success, +the authentication operation has failed and any output data \fB\s-1MUST NOT\s0\fR be used +as it is corrupted. +.SS "\s-1GCM\s0 and \s-1OCB\s0 Modes" +.IX Subsection "GCM and OCB Modes" +The following \fIctrl\fRs are supported in \s-1GCM\s0 and \s-1OCB\s0 modes. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the \s-1IV\s0 length. This call can only be made before specifying an \s-1IV.\s0 If +not called a default \s-1IV\s0 length is used. +.Sp +For \s-1GCM AES\s0 and \s-1OCB AES\s0 the default is 12 (i.e. 96 bits). For \s-1OCB\s0 mode the +maximum is 15. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" +Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. +This call can only be made when encrypting data and \fBafter\fR all data has been +processed (e.g. after an \fBEVP_EncryptFinal()\fR call). +.Sp +For \s-1OCB,\s0 \f(CW\*(C`taglen\*(C'\fR must either be 16 or the value previously set via +\&\fB\s-1EVP_CTRL_AEAD_SET_TAG\s0\fR. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. +The tag length can only be set before specifying an \s-1IV.\s0 +\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 inclusive. +.Sp +For \s-1GCM,\s0 this call is only valid when decrypting data. +.Sp +For \s-1OCB,\s0 this call is valid when decrypting data to set the expected tag, +and before encryption to set the desired tag length. +.Sp +In \s-1OCB\s0 mode, calling this before encryption with \f(CW\*(C`tag\*(C'\fR set to \f(CW\*(C`NULL\*(C'\fR sets the +tag length. If this is not called prior to encryption, a default tag length is +used. +.Sp +For \s-1OCB AES,\s0 the default tag length is 16 (i.e. 128 bits). It is also the +maximum tag length for \s-1OCB.\s0 +.SS "\s-1CCM\s0 Mode" +.IX Subsection "CCM Mode" +The \s-1EVP\s0 interface for \s-1CCM\s0 mode is similar to that of the \s-1GCM\s0 mode but with a +few additional requirements and different \fIctrl\fR values. +.PP +For \s-1CCM\s0 mode, the total plaintext or ciphertext length \fB\s-1MUST\s0\fR be passed to +\&\fBEVP_CipherUpdate()\fR, \fBEVP_EncryptUpdate()\fR or \fBEVP_DecryptUpdate()\fR with the output +and input parameters (\fBin\fR and \fBout\fR) set to \fB\s-1NULL\s0\fR and the length passed in +the \fBinl\fR parameter. +.PP +The following \fIctrl\fRs are supported in \s-1CCM\s0 mode. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +This call is made to set the expected \fB\s-1CCM\s0\fR tag value when decrypting or +the length of the tag (with the \f(CW\*(C`tag\*(C'\fR parameter set to \s-1NULL\s0) when encrypting. +The tag length is often referred to as \fBM\fR. If not set a default value is +used (12 for \s-1AES\s0). When decrypting, the tag needs to be set before passing +in data to be decrypted, but as in \s-1GCM\s0 and \s-1OCB\s0 mode, it can be set after +passing additional authenticated data (see \*(L"\s-1AEAD\s0 Interface\*(R"). +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_CCM_SET_L,\s0 ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL)" +Sets the \s-1CCM\s0 \fBL\fR value. If not set a default is used (8 for \s-1AES\s0). +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the \s-1CCM\s0 nonce (\s-1IV\s0) length. This call can only be made before specifying an +nonce value. The nonce length is given by \fB15 \- L\fR so it is 7 by default for +\&\s-1AES.\s0 +.SS "ChaCha20\-Poly1305" +.IX Subsection "ChaCha20-Poly1305" +The following \fIctrl\fRs are supported for the ChaCha20\-Poly1305 \s-1AEAD\s0 algorithm. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_IVLEN,\s0 ivlen, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)" +Sets the nonce length. This call can only be made before specifying the nonce. +If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum +nonce length is 12 bytes (i.e. 96\-bits). If a nonce of less than 12 bytes is set +then the nonce is automatically padded with leading 0 bytes to make it 12 bytes +in length. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_GET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag)" +Writes \f(CW\*(C`taglen\*(C'\fR bytes of the tag value to the buffer indicated by \f(CW\*(C`tag\*(C'\fR. +This call can only be made when encrypting data and \fBafter\fR all data has been +processed (e.g. after an \fBEVP_EncryptFinal()\fR call). +.Sp +\&\f(CW\*(C`taglen\*(C'\fR specified here must be 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR, i.e. 128\-bits) or +less. +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_AEAD_SET_TAG,\s0 taglen, tag)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag)" +Sets the expected tag to \f(CW\*(C`taglen\*(C'\fR bytes from \f(CW\*(C`tag\*(C'\fR. +The tag length can only be set before specifying an \s-1IV.\s0 +\&\f(CW\*(C`taglen\*(C'\fR must be between 1 and 16 (\fB\s-1POLY1305_BLOCK_SIZE\s0\fR) inclusive. +This call is only valid when decrypting data. +.SH "NOTES" +.IX Header "NOTES" +Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the cipher used and much more flexible. Additionally, the +\&\fB\s-1EVP\s0\fR interface will ensure the use of platform specific cryptographic +acceleration such as AES-NI (the low level interfaces do not provide the +guarantee). +.PP +\&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total +length of the encrypted data a multiple of the block size. Padding is always +added so if the data is already a multiple of the block size \fBn\fR will equal +the block size. For example if the block size is 8 and 11 bytes are to be +encrypted then 5 padding bytes of value 5 will be added. +.PP +When decrypting the final block is checked to see if it has the correct form. +.PP +Although the decryption operation can produce an error if padding is enabled, +it is not a strong test that the input data or key is correct. A random block +has better than 1 in 256 chance of being of the correct format and problems with +the input data earlier on will not produce a final decrypt error. +.PP +If padding is disabled then the decryption operation will always succeed if +the total amount of data decrypted is a multiple of the block size. +.PP +The functions \fBEVP_EncryptInit()\fR, \fBEVP_EncryptFinal()\fR, \fBEVP_DecryptInit()\fR, +\&\fBEVP_CipherInit()\fR and \fBEVP_CipherFinal()\fR are obsolete but are retained for +compatibility with existing code. New code should use \fBEVP_EncryptInit_ex()\fR, +\&\fBEVP_EncryptFinal_ex()\fR, \fBEVP_DecryptInit_ex()\fR, \fBEVP_DecryptFinal_ex()\fR, +\&\fBEVP_CipherInit_ex()\fR and \fBEVP_CipherFinal_ex()\fR because they can reuse an +existing context without allocating and freeing it up on each call. +.PP +\&\fBEVP_get_cipherbynid()\fR, and \fBEVP_get_cipherbyobj()\fR are implemented as macros. +.SH "BUGS" +.IX Header "BUGS" +\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR and \fB\s-1EVP_MAX_IV_LENGTH\s0\fR only refer to the internal +ciphers with default key lengths. If custom ciphers exceed these values the +results are unpredictable. This is because it has become standard practice to +define a generic key as a fixed unsigned char array containing +\&\fB\s-1EVP_MAX_KEY_LENGTH\s0\fR bytes. +.PP +The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested +for certain common S/MIME ciphers (\s-1RC2, DES,\s0 triple \s-1DES\s0) in \s-1CBC\s0 mode. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Encrypt a string using \s-1IDEA:\s0 +.PP +.Vb 10 +\& int do_crypt(char *outfile) +\& { +\& unsigned char outbuf[1024]; +\& int outlen, tmplen; +\& /* +\& * Bogus key and IV: we\*(Aqd normally set these from +\& * another source. +\& */ +\& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; +\& unsigned char iv[] = {1,2,3,4,5,6,7,8}; +\& char intext[] = "Some Crypto Text"; +\& EVP_CIPHER_CTX *ctx; +\& FILE *out; +\& +\& ctx = EVP_CIPHER_CTX_new(); +\& EVP_EncryptInit_ex(ctx, EVP_idea_cbc(), NULL, key, iv); +\& +\& if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } +\& /* +\& * Buffer passed to EVP_EncryptFinal() must be after data just +\& * encrypted to avoid overwriting it. +\& */ +\& if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { +\& /* Error */ +\& EVP_CIPHER_CTX_free(ctx); +\& return 0; +\& } +\& outlen += tmplen; +\& EVP_CIPHER_CTX_free(ctx); +\& /* +\& * Need binary mode for fopen because encrypted data is +\& * binary data. Also cannot use strlen() on it because +\& * it won\*(Aqt be NUL terminated and may contain embedded +\& * NULs. +\& */ +\& out = fopen(outfile, "wb"); +\& if (out == NULL) { +\& /* Error */ +\& return 0; +\& } +\& fwrite(outbuf, 1, outlen, out); +\& fclose(out); +\& return 1; +\& } +.Ve +.PP +The ciphertext from the above example can be decrypted using the \fBopenssl\fR +utility with the command line (shown on two lines for clarity): +.PP +.Vb 2 +\& openssl idea \-d \e +\& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 . diff --git a/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 b/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 new file mode 100644 index 000000000000..f47280629192 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_MD_meth_new.3 @@ -0,0 +1,292 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD_METH_NEW 3" +.TH EVP_MD_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_MD_meth_dup, EVP_MD_meth_new, EVP_MD_meth_free, EVP_MD_meth_set_input_blocksize, EVP_MD_meth_set_result_size, EVP_MD_meth_set_app_datasize, EVP_MD_meth_set_flags, EVP_MD_meth_set_init, EVP_MD_meth_set_update, EVP_MD_meth_set_final, EVP_MD_meth_set_copy, EVP_MD_meth_set_cleanup, EVP_MD_meth_set_ctrl, EVP_MD_meth_get_input_blocksize, EVP_MD_meth_get_result_size, EVP_MD_meth_get_app_datasize, EVP_MD_meth_get_flags, EVP_MD_meth_get_init, EVP_MD_meth_get_update, EVP_MD_meth_get_final, EVP_MD_meth_get_copy, EVP_MD_meth_get_cleanup, EVP_MD_meth_get_ctrl \&\- Routines to build up EVP_MD methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +\& void EVP_MD_meth_free(EVP_MD *md); +\& EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +\& +\& int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +\& int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +\& int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +\& int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +\& int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +\& int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, +\& const void *data, +\& size_t count)); +\& int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, +\& unsigned char *md)); +\& int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, +\& const EVP_MD_CTX *from)); +\& int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +\& int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, +\& int p1, void *p2)); +\& +\& int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +\& int EVP_MD_meth_get_result_size(const EVP_MD *md); +\& int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +\& unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +\& int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +\& int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, +\& const void *data, +\& size_t count); +\& int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, +\& unsigned char *md); +\& int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, +\& const EVP_MD_CTX *from); +\& int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +\& int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, +\& int p1, void *p2); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_MD\s0\fR type is a structure for digest method implementation. +It can also have associated public/private key signing and verifying +routines. +.PP +\&\fBEVP_MD_meth_new()\fR creates a new \fB\s-1EVP_MD\s0\fR structure. +.PP +\&\fBEVP_MD_meth_dup()\fR creates a copy of \fBmd\fR. +.PP +\&\fBEVP_MD_meth_free()\fR destroys a \fB\s-1EVP_MD\s0\fR structure. +.PP +\&\fBEVP_MD_meth_set_input_blocksize()\fR sets the internal input block size +for the method \fBmd\fR to \fBblocksize\fR bytes. +.PP +\&\fBEVP_MD_meth_set_result_size()\fR sets the size of the result that the +digest method in \fBmd\fR is expected to produce to \fBresultsize\fR bytes. +.PP +The digest method may have its own private data, which OpenSSL will +allocate for it. \fBEVP_MD_meth_set_app_datasize()\fR should be used to +set the size for it to \fBdatasize\fR. +.PP +\&\fBEVP_MD_meth_set_flags()\fR sets the flags to describe optional +behaviours in the particular \fBmd\fR. Several flags can be or'd +together. The available flags are: +.IP "\s-1EVP_MD_FLAG_ONESHOT\s0" 4 +.IX Item "EVP_MD_FLAG_ONESHOT" +This digest method can only handles one block of input. +.IP "\s-1EVP_MD_FLAG_DIGALGID_NULL\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_NULL" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter set to \s-1NULL\s0 by default. Use this for PKCS#1. \fINote: if +combined with \s-1EVP_MD_FLAG_DIGALGID_ABSENT,\s0 the latter will override.\fR +.IP "\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_ABSENT" +When setting up a DigestAlgorithmIdentifier, this flag will have the +parameter be left absent by default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR +.IP "\s-1EVP_MD_FLAG_DIGALGID_CUSTOM\s0" 4 +.IX Item "EVP_MD_FLAG_DIGALGID_CUSTOM" +Custom DigestAlgorithmIdentifier handling via ctrl, with +\&\fB\s-1EVP_MD_FLAG_DIGALGID_ABSENT\s0\fR as default. \fINote: if combined with +\&\s-1EVP_MD_FLAG_DIGALGID_NULL,\s0 the latter will be overridden.\fR +Currently unused. +.PP +\&\fBEVP_MD_meth_set_init()\fR sets the digest init function for \fBmd\fR. +The digest init function is called by \fBEVP_DigestInit()\fR, +\&\fBEVP_DigestInit_ex()\fR, EVP_SignInit, \fBEVP_SignInit_ex()\fR, \fBEVP_VerifyInit()\fR +and \fBEVP_VerifyInit_ex()\fR. +.PP +\&\fBEVP_MD_meth_set_update()\fR sets the digest update function for \fBmd\fR. +The digest update function is called by \fBEVP_DigestUpdate()\fR, +\&\fBEVP_SignUpdate()\fR. +.PP +\&\fBEVP_MD_meth_set_final()\fR sets the digest final function for \fBmd\fR. +The digest final function is called by \fBEVP_DigestFinal()\fR, +\&\fBEVP_DigestFinal_ex()\fR, \fBEVP_SignFinal()\fR and \fBEVP_VerifyFinal()\fR. +.PP +\&\fBEVP_MD_meth_set_copy()\fR sets the function for \fBmd\fR to do extra +computations after the method's private data structure has been copied +from one \fB\s-1EVP_MD_CTX\s0\fR to another. If all that's needed is to copy +the data, there is no need for this copy function. +Note that the copy function is passed two \fB\s-1EVP_MD_CTX\s0 *\fR, the private +data structure is then available with \fBEVP_MD_CTX_md_data()\fR. +This copy function is called by \fBEVP_MD_CTX_copy()\fR and +\&\fBEVP_MD_CTX_copy_ex()\fR. +.PP +\&\fBEVP_MD_meth_set_cleanup()\fR sets the function for \fBmd\fR to do extra +cleanup before the method's private data structure is cleaned out and +freed. +Note that the cleanup function is passed a \fB\s-1EVP_MD_CTX\s0 *\fR, the +private data structure is then available with \fBEVP_MD_CTX_md_data()\fR. +This cleanup function is called by \fBEVP_MD_CTX_reset()\fR and +\&\fBEVP_MD_CTX_free()\fR. +.PP +\&\fBEVP_MD_meth_set_ctrl()\fR sets the control function for \fBmd\fR. +.PP +\&\fBEVP_MD_meth_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, +\&\fBEVP_MD_meth_get_app_datasize()\fR, \fBEVP_MD_meth_get_flags()\fR, +\&\fBEVP_MD_meth_get_init()\fR, \fBEVP_MD_meth_get_update()\fR, +\&\fBEVP_MD_meth_get_final()\fR, \fBEVP_MD_meth_get_copy()\fR, +\&\fBEVP_MD_meth_get_cleanup()\fR and \fBEVP_MD_meth_get_ctrl()\fR are all used +to retrieve the method data given with the EVP_MD_meth_set_*() +functions above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_MD_meth_new()\fR and \fBEVP_MD_meth_dup()\fR return a pointer to a newly +created \fB\s-1EVP_MD\s0\fR, or \s-1NULL\s0 on failure. +All EVP_MD_meth_set_*() functions return 1. +\&\fBEVP_MD_get_input_blocksize()\fR, \fBEVP_MD_meth_get_result_size()\fR, +\&\fBEVP_MD_meth_get_app_datasize()\fR and \fBEVP_MD_meth_get_flags()\fR return the +indicated sizes or flags. +All other EVP_CIPHER_meth_get_*() functions return pointers to their +respective \fBmd\fR function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3), \fBEVP_SignInit\fR\|(3), \fBEVP_VerifyInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1EVP_MD\s0\fR structure was openly available in OpenSSL before version +1.1. The functions described here were added in OpenSSL 1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 b/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 new file mode 100644 index 000000000000..e67fe0dc5fe4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_OpenInit.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_OPENINIT 3" +.TH EVP_OPENINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- EVP envelope decryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_OpenInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char *ek, +\& int ekl, unsigned char *iv, EVP_PKEY *priv); +\& int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 envelope routines are a high level interface to envelope +decryption. They decrypt a public key encrypted symmetric key and +then decrypt data using it. +.PP +\&\fBEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption +with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length +\&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR. +The \s-1IV\s0 is supplied in the \fBiv\fR parameter. +.PP +\&\fBEVP_OpenUpdate()\fR and \fBEVP_OpenFinal()\fR have exactly the same properties +as the \fBEVP_DecryptUpdate()\fR and \fBEVP_DecryptFinal()\fR routines, as +documented on the \fBEVP_EncryptInit\fR\|(3) manual +page. +.SH "NOTES" +.IX Header "NOTES" +It is possible to call \fBEVP_OpenInit()\fR twice in the same way as +\&\fBEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 +and (after setting any cipher parameters) it should be called again +with \fBtype\fR set to \s-1NULL.\s0 +.PP +If the cipher passed in the \fBtype\fR parameter is a variable length +cipher then the key length will be set to the value of the recovered +key length. If the cipher is a fixed length cipher then the recovered +key length must match the fixed cipher length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the +recovered secret key size) if successful. +.PP +\&\fBEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. +.PP +\&\fBEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_SealInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 new file mode 100644 index 000000000000..5eb33834e091 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_ASN1_METHOD.3 @@ -0,0 +1,553 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ASN1_METHOD 3" +.TH EVP_PKEY_ASN1_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_ASN1_METHOD, EVP_PKEY_asn1_new, EVP_PKEY_asn1_copy, EVP_PKEY_asn1_free, EVP_PKEY_asn1_add0, EVP_PKEY_asn1_add_alias, EVP_PKEY_asn1_set_public, EVP_PKEY_asn1_set_private, EVP_PKEY_asn1_set_param, EVP_PKEY_asn1_set_free, EVP_PKEY_asn1_set_ctrl, EVP_PKEY_asn1_set_item, EVP_PKEY_asn1_set_siginf, EVP_PKEY_asn1_set_check, EVP_PKEY_asn1_set_public_check, EVP_PKEY_asn1_set_param_check, EVP_PKEY_asn1_set_security_bits, EVP_PKEY_asn1_set_set_priv_key, EVP_PKEY_asn1_set_set_pub_key, EVP_PKEY_asn1_set_get_priv_key, EVP_PKEY_asn1_set_get_pub_key, EVP_PKEY_get0_asn1 \&\- manipulating and registering EVP_PKEY_ASN1_METHOD structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; +\& +\& EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, +\& const char *pem_str, +\& const char *info); +\& void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, +\& const EVP_PKEY_ASN1_METHOD *src); +\& void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +\& int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +\& int EVP_PKEY_asn1_add_alias(int to, int from); +\& +\& void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pub_decode) (EVP_PKEY *pk, +\& X509_PUBKEY *pub), +\& int (*pub_encode) (X509_PUBKEY *pub, +\& const EVP_PKEY *pk), +\& int (*pub_cmp) (const EVP_PKEY *a, +\& const EVP_PKEY *b), +\& int (*pub_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx), +\& int (*pkey_size) (const EVP_PKEY *pk), +\& int (*pkey_bits) (const EVP_PKEY *pk)); +\& void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*priv_decode) (EVP_PKEY *pk, +\& const PKCS8_PRIV_KEY_INFO +\& *p8inf), +\& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, +\& const EVP_PKEY *pk), +\& int (*priv_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, +\& ASN1_PCTX *pctx)); +\& void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*param_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, +\& int derlen), +\& int (*param_encode) (const EVP_PKEY *pkey, +\& unsigned char **pder), +\& int (*param_missing) (const EVP_PKEY *pk), +\& int (*param_copy) (EVP_PKEY *to, +\& const EVP_PKEY *from), +\& int (*param_cmp) (const EVP_PKEY *a, +\& const EVP_PKEY *b), +\& int (*param_print) (BIO *out, +\& const EVP_PKEY *pkey, +\& int indent, +\& ASN1_PCTX *pctx)); +\& +\& void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, +\& void (*pkey_free) (EVP_PKEY *pkey)); +\& void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, +\& long arg1, void *arg2)); +\& void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*item_verify) (EVP_MD_CTX *ctx, +\& const ASN1_ITEM *it, +\& void *asn, +\& X509_ALGOR *a, +\& ASN1_BIT_STRING *sig, +\& EVP_PKEY *pkey), +\& int (*item_sign) (EVP_MD_CTX *ctx, +\& const ASN1_ITEM *it, +\& void *asn, +\& X509_ALGOR *alg1, +\& X509_ALGOR *alg2, +\& ASN1_BIT_STRING *sig)); +\& +\& void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*siginf_set) (X509_SIG_INFO *siginf, +\& const X509_ALGOR *alg, +\& const ASN1_STRING *sig)); +\& +\& void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_pub_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_param_check) (const EVP_PKEY *pk)); +\& +\& void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*pkey_security_bits) (const EVP_PKEY +\& *pk)); +\& +\& void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*set_priv_key) (EVP_PKEY *pk, +\& const unsigned char +\& *priv, +\& size_t len)); +\& +\& void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*set_pub_key) (EVP_PKEY *pk, +\& const unsigned char *pub, +\& size_t len)); +\& +\& void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*get_priv_key) (const EVP_PKEY *pk, +\& unsigned char *priv, +\& size_t *len)); +\& +\& void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, +\& int (*get_pub_key) (const EVP_PKEY *pk, +\& unsigned char *pub, +\& size_t *len)); +\& +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR is a structure which holds a set of \s-1ASN.1\s0 +conversion, printing and information methods for a specific public key +algorithm. +.PP +There are two places where the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are +stored: one is a built-in array representing the standard methods for +different algorithms, and the other one is a stack of user-defined +application-specific methods, which can be manipulated by using +\&\fBEVP_PKEY_asn1_add0\fR\|(3). +.SS "Methods" +.IX Subsection "Methods" +The methods are the underlying implementations of a particular public +key algorithm present by the \fB\s-1EVP_PKEY\s0\fR object. +.PP +.Vb 5 +\& int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); +\& int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); +\& int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); +\& int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fBpub_decode()\fR and \fBpub_encode()\fR methods are called to decode / +encode \fBX509_PUBKEY\fR \s-1ASN.1\s0 parameters to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \fBX509_PUBKEY_get0\fR\|(3) and \fBX509_PUBKEY_set\fR\|(3). +.PP +The \fBpub_cmp()\fR method is called when two public keys are to be +compared. +It \s-1MUST\s0 return 1 when the keys are equal, 0 otherwise. +It's called by \fBEVP_PKEY_cmp\fR\|(3). +.PP +The \fBpub_print()\fR method is called to print a public key in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBEVP_PKEY_print_public\fR\|(3). +.PP +.Vb 4 +\& int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); +\& int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); +\& int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fBpriv_decode()\fR and \fBpriv_encode()\fR methods are called to decode / +encode \fB\s-1PKCS8_PRIV_KEY_INFO\s0\fR form private key to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \s-1\fBEVP_PKCS82PKEY\s0\fR\|(3) and \s-1\fBEVP_PKEY2PKCS8\s0\fR\|(3). +.PP +The \fBpriv_print()\fR method is called to print a private key in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBEVP_PKEY_print_private\fR\|(3). +.PP +.Vb 3 +\& int (*pkey_size) (const EVP_PKEY *pk); +\& int (*pkey_bits) (const EVP_PKEY *pk); +\& int (*pkey_security_bits) (const EVP_PKEY *pk); +.Ve +.PP +The \fBpkey_size()\fR method returns the key size in bytes. +It's called by \fBEVP_PKEY_size\fR\|(3). +.PP +The \fBpkey_bits()\fR method returns the key size in bits. +It's called by \fBEVP_PKEY_bits\fR\|(3). +.PP +.Vb 8 +\& int (*param_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, int derlen); +\& int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); +\& int (*param_missing) (const EVP_PKEY *pk); +\& int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); +\& int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); +\& int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, +\& ASN1_PCTX *pctx); +.Ve +.PP +The \fBparam_decode()\fR and \fBparam_encode()\fR methods are called to decode / +encode \s-1DER\s0 formatted parameters to / from \fBpk\fR. +They \s-1MUST\s0 return 0 on error, 1 on success. +They're called by \fBPEM_read_bio_Parameters\fR\|(3) and the \fBfile:\fR +\&\s-1\fBOSSL_STORE_LOADER\s0\fR\|(3). +.PP +The \fBparam_missing()\fR method returns 0 if a key parameter is missing, +otherwise 1. +It's called by \fBEVP_PKEY_missing_parameters\fR\|(3). +.PP +The \fBparam_copy()\fR method copies key parameters from \fBfrom\fR to \fBto\fR. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBEVP_PKEY_copy_parameters\fR\|(3). +.PP +The \fBparam_cmp()\fR method compares the parameters of keys \fBa\fR and \fBb\fR. +It \s-1MUST\s0 return 1 when the keys are equal, 0 when not equal, or a +negative number on error. +It's called by \fBEVP_PKEY_cmp_parameters\fR\|(3). +.PP +The \fBparam_print()\fR method prints the private key parameters in humanly +readable text to \fBout\fR, indented \fBindent\fR spaces. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBEVP_PKEY_print_params\fR\|(3). +.PP +.Vb 3 +\& int (*sig_print) (BIO *out, +\& const X509_ALGOR *sigalg, const ASN1_STRING *sig, +\& int indent, ASN1_PCTX *pctx); +.Ve +.PP +The \fBsig_print()\fR method prints a signature in humanly readable text to +\&\fBout\fR, indented \fBindent\fR spaces. +\&\fBsigalg\fR contains the exact signature algorithm. +If the signature in \fBsig\fR doesn't correspond to what this method +expects, \fBX509_signature_dump()\fR must be used as a last resort. +It \s-1MUST\s0 return 0 on error, 1 on success. +It's called by \fBX509_signature_print\fR\|(3). +.PP +.Vb 1 +\& void (*pkey_free) (EVP_PKEY *pkey); +.Ve +.PP +The \fBpkey_free()\fR method helps freeing the internals of \fBpkey\fR. +It's called by \fBEVP_PKEY_free\fR\|(3), \fBEVP_PKEY_set_type\fR\|(3), +\&\fBEVP_PKEY_set_type_str\fR\|(3), and \fBEVP_PKEY_assign\fR\|(3). +.PP +.Vb 1 +\& int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); +.Ve +.PP +The \fBpkey_ctrl()\fR method adds extra algorithm specific control. +It's called by \fBEVP_PKEY_get_default_digest_nid\fR\|(3), +\&\fBEVP_PKEY_set1_tls_encodedpoint\fR\|(3), +\&\fBEVP_PKEY_get1_tls_encodedpoint\fR\|(3), \fBPKCS7_SIGNER_INFO_set\fR\|(3), +\&\fBPKCS7_RECIP_INFO_set\fR\|(3), ... +.PP +.Vb 3 +\& int (*old_priv_decode) (EVP_PKEY *pkey, +\& const unsigned char **pder, int derlen); +\& int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); +.Ve +.PP +The \fBold_priv_decode()\fR and \fBold_priv_encode()\fR methods decode / encode +they private key \fBpkey\fR from / to a \s-1DER\s0 formatted array. +These are exclusively used to help decoding / encoding older (pre +PKCS#8) \s-1PEM\s0 formatted encrypted private keys. +\&\fBold_priv_decode()\fR \s-1MUST\s0 return 0 on error, 1 on success. +\&\fBold_priv_encode()\fR \s-1MUST\s0 the return same kind of values as +\&\fBi2d_PrivateKey()\fR. +They're called by \fBd2i_PrivateKey\fR\|(3) and \fBi2d_PrivateKey\fR\|(3). +.PP +.Vb 5 +\& int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +\& X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); +\& int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +\& X509_ALGOR *alg1, X509_ALGOR *alg2, +\& ASN1_BIT_STRING *sig); +.Ve +.PP +The \fBitem_sign()\fR and \fBitem_verify()\fR methods make it possible to have +algorithm specific signatures and verification of them. +.PP +\&\fBitem_sign()\fR \s-1MUST\s0 return one of: +.IP "<=0" 4 +.IX Item "<=0" +error +.IP "1" 4 +.IX Item "1" +\&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the +signature length back. +.IP "2" 4 +.IX Item "2" +\&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production. +.IP "3" 4 +.IX Item "3" +\&\fBitem_sign()\fR set the algorithm identifier \fBalgor1\fR and \fBalgor2\fR, +OpenSSL internals should just sign using those algorithms. +.PP +\&\fBitem_verify()\fR \s-1MUST\s0 return one of: +.IP "<=0" 4 +.IX Item "<=0" +error +.IP "1" 4 +.IX Item "1" +\&\fBitem_sign()\fR did everything, OpenSSL internals just needs to pass the +signature length back. +.IP "2" 4 +.IX Item "2" +\&\fBitem_sign()\fR did nothing, OpenSSL internal standard routines are +expected to continue with the default signature production. +.PP +\&\fBitem_verify()\fR and \fBitem_sign()\fR are called by \fBASN1_item_verify\fR\|(3) and +\&\fBASN1_item_sign\fR\|(3), and by extension, \fBX509_verify\fR\|(3), +\&\fBX509_REQ_verify\fR\|(3), \fBX509_sign\fR\|(3), \fBX509_REQ_sign\fR\|(3), ... +.PP +.Vb 2 +\& int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg, +\& const ASN1_STRING *sig); +.Ve +.PP +The \fBsiginf_set()\fR method is used to set custom \fBX509_SIG_INFO\fR +parameters. +It \s-1MUST\s0 return 0 on error, or 1 on success. +It's called as part of \fBX509_check_purpose\fR\|(3), \fBX509_check_ca\fR\|(3) +and \fBX509_check_issued\fR\|(3). +.PP +.Vb 3 +\& int (*pkey_check) (const EVP_PKEY *pk); +\& int (*pkey_public_check) (const EVP_PKEY *pk); +\& int (*pkey_param_check) (const EVP_PKEY *pk); +.Ve +.PP +The \fBpkey_check()\fR, \fBpkey_public_check()\fR and \fBpkey_param_check()\fR methods are used +to check the validity of \fBpk\fR for key-pair, public component and parameters, +respectively. +They \s-1MUST\s0 return 0 for an invalid key, or 1 for a valid key. +They are called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and +\&\fBEVP_PKEY_param_check\fR\|(3) respectively. +.PP +.Vb 2 +\& int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len); +\& int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len); +.Ve +.PP +The \fBset_priv_key()\fR and \fBset_pub_key()\fR methods are used to set the raw private and +public key data for an \s-1EVP_PKEY.\s0 They \s-1MUST\s0 return 0 on error, or 1 on success. +They are called by \fBEVP_PKEY_new_raw_private_key\fR\|(3), and +\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) respectively. +.SS "Functions" +.IX Subsection "Functions" +\&\fBEVP_PKEY_asn1_new()\fR creates and returns a new \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR +object, and associates the given \fBid\fR, \fBflags\fR, \fBpem_str\fR and +\&\fBinfo\fR. +\&\fBid\fR is a \s-1NID,\s0 \fBpem_str\fR is the \s-1PEM\s0 type string, \fBinfo\fR is a +descriptive string. +The following \fBflags\fR are supported: +.PP +.Vb 1 +\& ASN1_PKEY_SIGPARAM_NULL +.Ve +.PP +If \fB\s-1ASN1_PKEY_SIGPARAM_NULL\s0\fR is set, then the signature algorithm +parameters are given the type \fBV_ASN1_NULL\fR by default, otherwise +they will be given the type \fBV_ASN1_UNDEF\fR (i.e. the parameter is +omitted). +See \fBX509_ALGOR_set0\fR\|(3) for more information. +.PP +\&\fBEVP_PKEY_asn1_copy()\fR copies an \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object from +\&\fBsrc\fR to \fBdst\fR. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fBEVP_PKEY_asn1_free()\fR frees an existing \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR pointed +by \fBameth\fR. +.PP +\&\fBEVP_PKEY_asn1_add0()\fR adds \fBameth\fR to the user defined stack of +methods unless another \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is +already there. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fBEVP_PKEY_asn1_add_alias()\fR creates an alias with the \s-1NID\s0 \fBto\fR for the +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 \fBfrom\fR unless another +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with the same \s-1NID\s0 is already added. +This function is not thread safe, it's recommended to only use this +when initializing the application. +.PP +\&\fBEVP_PKEY_asn1_set_public()\fR, \fBEVP_PKEY_asn1_set_private()\fR, +\&\fBEVP_PKEY_asn1_set_param()\fR, \fBEVP_PKEY_asn1_set_free()\fR, +\&\fBEVP_PKEY_asn1_set_ctrl()\fR, \fBEVP_PKEY_asn1_set_item()\fR, +\&\fBEVP_PKEY_asn1_set_siginf()\fR, \fBEVP_PKEY_asn1_set_check()\fR, +\&\fBEVP_PKEY_asn1_set_public_check()\fR, \fBEVP_PKEY_asn1_set_param_check()\fR, +\&\fBEVP_PKEY_asn1_set_security_bits()\fR, \fBEVP_PKEY_asn1_set_set_priv_key()\fR, +\&\fBEVP_PKEY_asn1_set_set_pub_key()\fR, \fBEVP_PKEY_asn1_set_get_priv_key()\fR and +\&\fBEVP_PKEY_asn1_set_get_pub_key()\fR set the diverse methods of the given +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object. +.PP +\&\fBEVP_PKEY_get0_asn1()\fR finds the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR associated +with the key \fBpkey\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_asn1_new()\fR returns \s-1NULL\s0 on error, or a pointer to an +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. +.PP +\&\fBEVP_PKEY_asn1_add0()\fR and \fBEVP_PKEY_asn1_add_alias()\fR return 0 on error, +or 1 on success. +.PP +\&\fBEVP_PKEY_get0_asn1()\fR returns \s-1NULL\s0 on error, or a pointer to a constant +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR object otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 new file mode 100644 index 000000000000..c580f29e51cc --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_ctrl.3 @@ -0,0 +1,526 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_CTRL 3" +.TH EVP_PKEY_CTX_CTRL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_CTX_ctrl_uint64, EVP_PKEY_CTX_md, EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_get_signature_md, EVP_PKEY_CTX_set_mac_key, EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_get_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_get_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_rsa_keygen_primes, EVP_PKEY_CTX_set_rsa_mgf1_md, EVP_PKEY_CTX_get_rsa_mgf1_md, EVP_PKEY_CTX_set_rsa_oaep_md, EVP_PKEY_CTX_get_rsa_oaep_md, EVP_PKEY_CTX_set0_rsa_oaep_label, EVP_PKEY_CTX_get0_rsa_oaep_label, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_subprime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, EVP_PKEY_CTX_set_dh_paramgen_type, EVP_PKEY_CTX_set_dh_rfc5114, EVP_PKEY_CTX_set_dhx_rfc5114, EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_dh_kdf_type, EVP_PKEY_CTX_get_dh_kdf_type, EVP_PKEY_CTX_set0_dh_kdf_oid, EVP_PKEY_CTX_get0_dh_kdf_oid, EVP_PKEY_CTX_set_dh_kdf_md, EVP_PKEY_CTX_get_dh_kdf_md, EVP_PKEY_CTX_set_dh_kdf_outlen, EVP_PKEY_CTX_get_dh_kdf_outlen, EVP_PKEY_CTX_set0_dh_kdf_ukm, EVP_PKEY_CTX_get0_dh_kdf_ukm, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc, EVP_PKEY_CTX_set_ecdh_cofactor_mode, EVP_PKEY_CTX_get_ecdh_cofactor_mode, EVP_PKEY_CTX_set_ecdh_kdf_type, EVP_PKEY_CTX_get_ecdh_kdf_type, EVP_PKEY_CTX_set_ecdh_kdf_md, EVP_PKEY_CTX_get_ecdh_kdf_md, EVP_PKEY_CTX_set_ecdh_kdf_outlen, EVP_PKEY_CTX_get_ecdh_kdf_outlen, EVP_PKEY_CTX_set0_ecdh_kdf_ukm, EVP_PKEY_CTX_get0_ecdh_kdf_ukm, EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len \&\- algorithm specific control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, +\& int cmd, int p1, void *p2); +\& int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, +\& int cmd, uint64_t value); +\& int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, +\& const char *value); +\& +\& int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md); +\& +\& int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd); +\& +\& int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, unsigned char *key, int len); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad); +\& int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad); +\& int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits); +\& int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +\& int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); +\& int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char *label, int len); +\& int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); +\& int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int type); +\& int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); +\& int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); +\& int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int rfc5114); +\& int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +\& int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid); +\& int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid); +\& int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +\& int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +\& +\& #include +\& +\& int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); +\& int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc); +\& int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); +\& int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +\& int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); +\& int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +\& int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); +\& int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len); +\& int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); +\& +\& int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, void *id, size_t id_len); +\& int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id); +\& int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBEVP_PKEY_CTX_ctrl()\fR sends a control operation to the context +\&\fBctx\fR. The key type used must match \fBkeytype\fR if it is not \-1. The parameter +\&\fBoptype\fR is a mask indicating which operations the control can be applied to. +The control command is indicated in \fBcmd\fR and any additional arguments in +\&\fBp1\fR and \fBp2\fR. +.PP +For \fBcmd\fR = \fB\s-1EVP_PKEY_CTRL_SET_MAC_KEY\s0\fR, \fBp1\fR is the length of the \s-1MAC\s0 key, +and \fBp2\fR is \s-1MAC\s0 key. This is used by Poly1305, SipHash, \s-1HMAC\s0 and \s-1CMAC.\s0 +.PP +Applications will not normally call \fBEVP_PKEY_CTX_ctrl()\fR directly but will +instead call one of the algorithm specific macros below. +.PP +The function \fBEVP_PKEY_CTX_ctrl_uint64()\fR is a wrapper that directly passes a +uint64 value as \fBp2\fR to \fBEVP_PKEY_CTX_ctrl()\fR. +.PP +The function \fBEVP_PKEY_CTX_ctrl_str()\fR allows an application to send an algorithm +specific control operation to a context \fBctx\fR in string form. This is +intended to be used for options specified on the command line or in text +files. The commands supported are documented in the openssl utility +command line pages for the option \fB\-pkeyopt\fR which is supported by the +\&\fBpkeyutl\fR, \fBgenpkey\fR and \fBreq\fR commands. +.PP +The function \fBEVP_PKEY_CTX_md()\fR sends a message digest control operation +to the context \fBctx\fR. The message digest is specified by its name \fBmd\fR. +.PP +All the remaining \*(L"functions\*(R" are implemented as macros. +.PP +The \fBEVP_PKEY_CTX_set_signature_md()\fR macro sets the message digest type used +in a signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. +.PP +The \fBEVP_PKEY_CTX_get_signature_md()\fR macro gets the message digest type used in a +signature. It can be used in the \s-1RSA, DSA\s0 and \s-1ECDSA\s0 algorithms. +.PP +Key generation typically involves setting up parameters to be used and +generating the private and public key data. Some algorithm implementations +allow private key data to be set explicitly using the \fBEVP_PKEY_CTX_set_mac_key()\fR +macro. In this case key generation is simply the process of setting up the +parameters for the key and then setting the raw key data to the value explicitly +provided by that macro. Normally applications would call +\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or similar functions instead of this macro. +.PP +The \fBEVP_PKEY_CTX_set_mac_key()\fR macro can be used with any of the algorithms +supported by the \fBEVP_PKEY_new_raw_private_key\fR\|(3) function. +.SS "\s-1RSA\s0 parameters" +.IX Subsection "RSA parameters" +The \fBEVP_PKEY_CTX_set_rsa_padding()\fR macro sets the \s-1RSA\s0 padding mode for \fBctx\fR. +The \fBpad\fR parameter can take the value \fB\s-1RSA_PKCS1_PADDING\s0\fR for PKCS#1 +padding, \fB\s-1RSA_SSLV23_PADDING\s0\fR for SSLv23 padding, \fB\s-1RSA_NO_PADDING\s0\fR for +no padding, \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR for \s-1OAEP\s0 padding (encrypt and +decrypt only), \fB\s-1RSA_X931_PADDING\s0\fR for X9.31 padding (signature operations +only) and \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR (sign and verify only). +.PP +Two \s-1RSA\s0 padding modes behave differently if \fBEVP_PKEY_CTX_set_signature_md()\fR +is used. If this macro is called for PKCS#1 padding the plaintext buffer is +an actual digest value and is encapsulated in a DigestInfo structure according +to PKCS#1 when signing and this structure is expected (and stripped off) when +verifying. If this control is not used with \s-1RSA\s0 and PKCS#1 padding then the +supplied data is used directly and not encapsulated. In the case of X9.31 +padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed +if this control is called. If it is not called then the first byte of the plaintext +buffer is expected to be the algorithm identifier byte. +.PP +The \fBEVP_PKEY_CTX_get_rsa_padding()\fR macro gets the \s-1RSA\s0 padding mode for \fBctx\fR. +.PP +The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to +\&\fBlen\fR. As its name implies it is only supported for \s-1PSS\s0 padding. Three special +values are supported: \fB\s-1RSA_PSS_SALTLEN_DIGEST\s0\fR sets the salt length to the +digest length, \fB\s-1RSA_PSS_SALTLEN_MAX\s0\fR sets the salt length to the maximum +permissible value. When verifying \fB\s-1RSA_PSS_SALTLEN_AUTO\s0\fR causes the salt length +to be automatically determined based on the \fB\s-1PSS\s0\fR block structure. If this +macro is not called maximum salt length is used when signing and auto detection +when verifying is used by default. +.PP +The \fBEVP_PKEY_CTX_get_rsa_pss_saltlen()\fR macro gets the \s-1RSA PSS\s0 salt length +for \fBctx\fR. The padding mode must have been set to \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR macro sets the \s-1RSA\s0 key length for +\&\s-1RSA\s0 key generation to \fBbits\fR. If not specified 1024 bits is used. +.PP +The \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macro sets the public exponent value +for \s-1RSA\s0 key generation to \fBpubexp\fR. Currently it should be an odd integer. The +\&\fBpubexp\fR pointer is used internally by this function so it should not be +modified or freed after the call. If not specified 65537 is used. +.PP +The \fBEVP_PKEY_CTX_set_rsa_keygen_primes()\fR macro sets the number of primes for +\&\s-1RSA\s0 key generation to \fBprimes\fR. If not specified 2 is used. +.PP +The \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macro sets the \s-1MGF1\s0 digest for \s-1RSA\s0 padding +schemes to \fBmd\fR. If not explicitly set the signing digest is used. The +padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR +or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_get_rsa_mgf1_md()\fR macro gets the \s-1MGF1\s0 digest for \fBctx\fR. +If not explicitly set the signing digest is used. The padding mode must have +been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR or \fB\s-1RSA_PKCS1_PSS_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set_rsa_oaep_md()\fR macro sets the message digest type used +in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_get_rsa_oaep_md()\fR macro gets the message digest type used +in \s-1RSA OAEP\s0 to \fBmd\fR. The padding mode must have been set to +\&\fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set0_rsa_oaep_label()\fR macro sets the \s-1RSA OAEP\s0 label to +\&\fBlabel\fR and its length to \fBlen\fR. If \fBlabel\fR is \s-1NULL\s0 or \fBlen\fR is 0, +the label is cleared. The library takes ownership of the label so the +caller should not free the original memory pointed to by \fBlabel\fR. +The padding mode must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. +.PP +The \fBEVP_PKEY_CTX_get0_rsa_oaep_label()\fR macro gets the \s-1RSA OAEP\s0 label to +\&\fBlabel\fR. The return value is the label length. The padding mode +must have been set to \fB\s-1RSA_PKCS1_OAEP_PADDING\s0\fR. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "\s-1DSA\s0 parameters" +.IX Subsection "DSA parameters" +The \fBEVP_PKEY_CTX_set_dsa_paramgen_bits()\fR macro sets the number of bits used +for \s-1DSA\s0 parameter generation to \fBbits\fR. If not specified 1024 is used. +.SS "\s-1DH\s0 parameters" +.IX Subsection "DH parameters" +The \fBEVP_PKEY_CTX_set_dh_paramgen_prime_len()\fR macro sets the length of the \s-1DH\s0 +prime parameter \fBp\fR for \s-1DH\s0 parameter generation. If this macro is not called +then 1024 is used. Only accepts lengths greater than or equal to 256. +.PP +The \fBEVP_PKEY_CTX_set_dh_paramgen_subprime_len()\fR macro sets the length of the \s-1DH\s0 +optional subprime parameter \fBq\fR for \s-1DH\s0 parameter generation. The default is +256 if the prime is at least 2048 bits long or 160 otherwise. The \s-1DH\s0 +paramgen type must have been set to x9.42. +.PP +The \fBEVP_PKEY_CTX_set_dh_paramgen_generator()\fR macro sets \s-1DH\s0 generator to \fBgen\fR +for \s-1DH\s0 parameter generation. If not specified 2 is used. +.PP +The \fBEVP_PKEY_CTX_set_dh_paramgen_type()\fR macro sets the key type for \s-1DH\s0 +parameter generation. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0 +The default is 0. +.PP +The \fBEVP_PKEY_CTX_set_dh_pad()\fR macro sets the \s-1DH\s0 padding mode. If \fBpad\fR is +1 the shared secret is padded with zeroes up to the size of the \s-1DH\s0 prime \fBp\fR. +If \fBpad\fR is zero (the default) then no padding is performed. +.PP +\&\fBEVP_PKEY_CTX_set_dh_nid()\fR sets the \s-1DH\s0 parameters to values corresponding to +\&\fBnid\fR as defined in \s-1RFC7919.\s0 The \fBnid\fR parameter must be \fBNID_ffdhe2048\fR, +\&\fBNID_ffdhe3072\fR, \fBNID_ffdhe4096\fR, \fBNID_ffdhe6144\fR, \fBNID_ffdhe8192\fR +or \fBNID_undef\fR to clear the stored value. This macro can be called during +parameter or key generation. +The nid parameter and the rfc5114 parameter are mutually exclusive. +.PP +The \fBEVP_PKEY_CTX_set_dh_rfc5114()\fR and \fBEVP_PKEY_CTX_set_dhx_rfc5114()\fR macros are +synonymous. They set the \s-1DH\s0 parameters to the values defined in \s-1RFC5114.\s0 The +\&\fBrfc5114\fR parameter must be 1, 2 or 3 corresponding to \s-1RFC5114\s0 sections +2.1, 2.2 and 2.3. or 0 to clear the stored value. This macro can be called +during parameter generation. The \fBctx\fR must have a key type of +\&\fB\s-1EVP_PKEY_DHX\s0\fR. +The rfc5114 parameter and the nid parameter are mutually exclusive. +.SS "\s-1DH\s0 key derivation function parameters" +.IX Subsection "DH key derivation function parameters" +Note that all of the following functions require that the \fBctx\fR parameter has +a private key type of \fB\s-1EVP_PKEY_DHX\s0\fR. When using key derivation, the output of +\&\fBEVP_PKEY_derive()\fR is the output of the \s-1KDF\s0 instead of the \s-1DH\s0 shared secret. +The \s-1KDF\s0 output is typically used as a Key Encryption Key (\s-1KEK\s0) that in turn +encrypts a Content Encryption Key (\s-1CEK\s0). +.PP +The \fBEVP_PKEY_CTX_set_dh_kdf_type()\fR macro sets the key derivation function type +to \fBkdf\fR for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR which uses the key derivation specified in \s-1RFC2631\s0 +(based on the keying algorithm described in X9.42). When using key derivation, +the \fBkdf_oid\fR, \fBkdf_md\fR and \fBkdf_outlen\fR parameters must also be specified. +.PP +The \fBEVP_PKEY_CTX_get_dh_kdf_type()\fR macro gets the key derivation function type +for \fBctx\fR used for \s-1DH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_DH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_DH_KDF_X9_42\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set0_dh_kdf_oid()\fR macro sets the key derivation function +object identifier to \fBoid\fR for \s-1DH\s0 key derivation. This \s-1OID\s0 should identify +the algorithm to be used with the Content Encryption Key. +The library takes ownership of the object identifier so the caller should not +free the original memory pointed to by \fBoid\fR. +.PP +The \fBEVP_PKEY_CTX_get0_dh_kdf_oid()\fR macro gets the key derivation function oid +for \fBctx\fR used for \s-1DH\s0 key derivation. The resulting pointer is owned by the +library and should not be freed by the caller. +.PP +The \fBEVP_PKEY_CTX_set_dh_kdf_md()\fR macro sets the key derivation function +message digest to \fBmd\fR for \s-1DH\s0 key derivation. Note that \s-1RFC2631\s0 specifies +that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +.PP +The \fBEVP_PKEY_CTX_get_dh_kdf_md()\fR macro gets the key derivation function +message digest for \fBctx\fR used for \s-1DH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_set_dh_kdf_outlen()\fR macro sets the key derivation function +output length to \fBlen\fR for \s-1DH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_get_dh_kdf_outlen()\fR macro gets the key derivation function +output length for \fBctx\fR used for \s-1DH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_set0_dh_kdf_ukm()\fR macro sets the user key material to +\&\fBukm\fR and its length to \fBlen\fR for \s-1DH\s0 key derivation. This parameter is optional +and corresponds to the partyAInfo field in \s-1RFC2631\s0 terms. The specification +requires that it is 512 bits long but this is not enforced by OpenSSL. +The library takes ownership of the user key material so the caller should not +free the original memory pointed to by \fBukm\fR. +.PP +The \fBEVP_PKEY_CTX_get0_dh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "\s-1EC\s0 parameters" +.IX Subsection "EC parameters" +The \fBEVP_PKEY_CTX_set_ec_paramgen_curve_nid()\fR sets the \s-1EC\s0 curve for \s-1EC\s0 parameter +generation to \fBnid\fR. For \s-1EC\s0 parameter generation this macro must be called +or an error occurs because there is no default curve. +This function can also be called to set the curve explicitly when +generating an \s-1EC\s0 key. +.PP +The \fBEVP_PKEY_CTX_set_ec_param_enc()\fR macro sets the \s-1EC\s0 parameter encoding to +\&\fBparam_enc\fR when generating \s-1EC\s0 parameters or an \s-1EC\s0 key. The encoding can be +\&\fB\s-1OPENSSL_EC_EXPLICIT_CURVE\s0\fR for explicit parameters (the default in versions +of OpenSSL before 1.1.0) or \fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR to use named curve form. +For maximum compatibility the named curve form should be used. Note: the +\&\fB\s-1OPENSSL_EC_NAMED_CURVE\s0\fR value was added in OpenSSL 1.1.0; previous +versions should use 0 instead. +.SS "\s-1ECDH\s0 parameters" +.IX Subsection "ECDH parameters" +The \fBEVP_PKEY_CTX_set_ecdh_cofactor_mode()\fR macro sets the cofactor mode to +\&\fBcofactor_mode\fR for \s-1ECDH\s0 key derivation. Possible values are 1 to enable +cofactor key derivation, 0 to disable it and \-1 to clear the stored cofactor +mode and fallback to the private key cofactor mode. +.PP +The \fBEVP_PKEY_CTX_get_ecdh_cofactor_mode()\fR macro returns the cofactor mode for +\&\fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are 1 when cofactor key +derivation is enabled and 0 otherwise. +.SS "\s-1ECDH\s0 key derivation function parameters" +.IX Subsection "ECDH key derivation function parameters" +The \fBEVP_PKEY_CTX_set_ecdh_kdf_type()\fR macro sets the key derivation function type +to \fBkdf\fR for \s-1ECDH\s0 key derivation. Possible values are \fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR +and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR which uses the key derivation specified in X9.63. +When using key derivation, the \fBkdf_md\fR and \fBkdf_outlen\fR parameters must +also be specified. +.PP +The \fBEVP_PKEY_CTX_get_ecdh_kdf_type()\fR macro returns the key derivation function +type for \fBctx\fR used for \s-1ECDH\s0 key derivation. Possible values are +\&\fB\s-1EVP_PKEY_ECDH_KDF_NONE\s0\fR and \fB\s-1EVP_PKEY_ECDH_KDF_X9_63\s0\fR. +.PP +The \fBEVP_PKEY_CTX_set_ecdh_kdf_md()\fR macro sets the key derivation function +message digest to \fBmd\fR for \s-1ECDH\s0 key derivation. Note that X9.63 specifies +that this digest should be \s-1SHA1\s0 but OpenSSL tolerates other digests. +.PP +The \fBEVP_PKEY_CTX_get_ecdh_kdf_md()\fR macro gets the key derivation function +message digest for \fBctx\fR used for \s-1ECDH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_set_ecdh_kdf_outlen()\fR macro sets the key derivation function +output length to \fBlen\fR for \s-1ECDH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_get_ecdh_kdf_outlen()\fR macro gets the key derivation function +output length for \fBctx\fR used for \s-1ECDH\s0 key derivation. +.PP +The \fBEVP_PKEY_CTX_set0_ecdh_kdf_ukm()\fR macro sets the user key material to \fBukm\fR +for \s-1ECDH\s0 key derivation. This parameter is optional and corresponds to the +shared info in X9.63 terms. The library takes ownership of the user key material +so the caller should not free the original memory pointed to by \fBukm\fR. +.PP +The \fBEVP_PKEY_CTX_get0_ecdh_kdf_ukm()\fR macro gets the user key material for \fBctx\fR. +The return value is the user key material length. The resulting pointer is owned +by the library and should not be freed by the caller. +.SS "Other parameters" +.IX Subsection "Other parameters" +The \fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR +macros are used to manipulate the special identifier field for specific signature +algorithms such as \s-1SM2.\s0 The \fBEVP_PKEY_CTX_set1_id()\fR sets an \s-1ID\s0 pointed by \fBid\fR with +the length \fBid_len\fR to the library. The library takes a copy of the id so that +the caller can safely free the original memory pointed to by \fBid\fR. The +\&\fBEVP_PKEY_CTX_get1_id_len()\fR macro returns the length of the \s-1ID\s0 set via a previous +call to \fBEVP_PKEY_CTX_set1_id()\fR. The length is usually used to allocate adequate +memory for further calls to \fBEVP_PKEY_CTX_get1_id()\fR. The \fBEVP_PKEY_CTX_get1_id()\fR +macro returns the previously set \s-1ID\s0 value to caller in \fBid\fR. The caller should +allocate adequate memory space for the \fBid\fR before calling \fBEVP_PKEY_CTX_get1_id()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_CTX_ctrl()\fR and its macros return a positive value for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBEVP_PKEY_CTX_set1_id()\fR, \fBEVP_PKEY_CTX_get1_id()\fR and \fBEVP_PKEY_CTX_get1_id_len()\fR +macros were added in 1.1.1, other functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 new file mode 100644 index 000000000000..cd32f4574c5b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_new.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_NEW 3" +.TH EVP_PKEY_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- public key algorithm context functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +\& EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +\& void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using +the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR. +.PP +The \fBEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context +using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used +when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example +during parameter generation of key generation for some algorithms. +.PP +\&\fBEVP_PKEY_CTX_dup()\fR duplicates the context \fBctx\fR. +.PP +\&\fBEVP_PKEY_CTX_free()\fR frees up the context \fBctx\fR. +If \fBctx\fR is \s-1NULL,\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used +by the OpenSSL high level public key \s-1API.\s0 Contexts \fB\s-1MUST NOT\s0\fR be shared between +threads: that is it is not permissible to use the same context simultaneously +in two threads. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_CTX_new()\fR, \fBEVP_PKEY_CTX_new_id()\fR, \fBEVP_PKEY_CTX_dup()\fR returns either +the newly allocated \fB\s-1EVP_PKEY_CTX\s0\fR structure of \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBEVP_PKEY_CTX_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 new file mode 100644 index 000000000000..77577bc356ff --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET1_PBE_PASS 3" +.TH EVP_PKEY_CTX_SET1_PBE_PASS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set1_pbe_pass \&\- generic KDF support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *pctx, unsigned char *pass, +\& int passlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are generic support functions for all \s-1KDF\s0 algorithms. +.PP +\&\fBEVP_PKEY_CTX_set1_pbe_pass()\fR sets the password to the \fBpasslen\fR first +bytes from \fBpass\fR. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +There is also support for string based control operations via +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBpassword\fR can be directly specified using the \fBtype\fR parameter +\&\*(L"pass\*(R" or given in hex encoding using the \*(L"hexpass\*(R" parameter. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 new file mode 100644 index 000000000000..15795d6ff545 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_hkdf_md.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_HKDF_MD 3" +.TH EVP_PKEY_CTX_SET_HKDF_MD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, EVP_PKEY_CTX_hkdf_mode \- HMAC\-based Extract\-and\-Expand key derivation algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); +\& +\& int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); +\& +\& int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, +\& int saltlen); +\& +\& int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *pctx, unsigned char *key, +\& int keylen); +\& +\& int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *pctx, unsigned char *info, +\& int infolen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_PKEY_HKDF\s0 algorithm implements the \s-1HKDF\s0 key derivation function. +\&\s-1HKDF\s0 follows the \*(L"extract-then-expand\*(R" paradigm, where the \s-1KDF\s0 logically +consists of two modules. The first stage takes the input keying material +and \*(L"extracts\*(R" from it a fixed-length pseudorandom key K. The second stage +\&\*(L"expands\*(R" the key K into several additional pseudorandom keys (the output +of the \s-1KDF\s0). +.PP +\&\fBEVP_PKEY_CTX_hkdf_mode()\fR sets the mode for the \s-1HKDF\s0 operation. There are three +modes that are currently defined: +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND" +This is the default mode. Calling \fBEVP_PKEY_derive\fR\|(3) on an \s-1EVP_PKEY_CTX\s0 set +up for \s-1HKDF\s0 will perform an extract followed by an expand operation in one go. +The derived key returned will be the result after the expand operation. The +intermediate fixed-length pseudorandom key K is not returned. +.Sp +In this mode the digest, key, salt and info values must be set before a key is +derived or an error occurs. +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY" +In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. +.Sp +The digest, key and salt values must be set before a key is derived or an +error occurs. +.IP "\s-1EVP_PKEY_HKDEF_MODE_EXPAND_ONLY\s0" 4 +.IX Item "EVP_PKEY_HKDEF_MODE_EXPAND_ONLY" +In this mode calling \fBEVP_PKEY_derive\fR\|(3) will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation. +.Sp +The digest, key and info values must be set before a key is derived or an +error occurs. +.PP +\&\fBEVP_PKEY_CTX_set_hkdf_md()\fR sets the message digest associated with the \s-1HKDF.\s0 +.PP +\&\fBEVP_PKEY_CTX_set1_hkdf_salt()\fR sets the salt to \fBsaltlen\fR bytes of the +buffer \fBsalt\fR. Any existing value is replaced. +.PP +\&\fBEVP_PKEY_CTX_set1_hkdf_key()\fR sets the key to \fBkeylen\fR bytes of the buffer +\&\fBkey\fR. Any existing value is replaced. +.PP +\&\fBEVP_PKEY_CTX_add1_hkdf_info()\fR sets the info value to \fBinfolen\fR bytes of the +buffer \fBinfo\fR. If a value is already set, it is appended to the existing +value. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +\&\s-1HKDF\s0 also supports string based control operations via +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest +algorithm to use. +The \fBtype\fR parameter \*(L"mode\*(R" uses the values \*(L"\s-1EXTRACT_AND_EXPAND\*(R", +\&\*(L"EXTRACT_ONLY\*(R"\s0 and \*(L"\s-1EXPAND_ONLY\*(R"\s0 to determine the mode to use. +The \fBtype\fR parameters \*(L"salt\*(R", \*(L"key\*(R" and \*(L"info\*(R" use the supplied \fBvalue\fR +parameter as a \fBseed\fR, \fBkey\fR or \fBinfo\fR value. +The names \*(L"hexsalt\*(R", \*(L"hexkey\*(R" and \*(L"hexinfo\*(R" are similar except they take a hex +string which is converted to binary. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.PP +A context for \s-1HKDF\s0 can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); +.Ve +.PP +The total length of the info buffer cannot exceed 1024 bytes in length: this +should be more than enough for any normal use of \s-1HKDF.\s0 +.PP +The output length of an \s-1HKDF\s0 expand operation is specified via the length +parameter to the \fBEVP_PKEY_derive\fR\|(3) function. +Since the \s-1HKDF\s0 output length is variable, passing a \fB\s-1NULL\s0\fR buffer as a means +to obtain the requisite length is not meaningful with \s-1HKDF\s0 in any mode that +performs an expand operation. Instead, the caller must allocate a buffer of the +desired length, and pass that buffer to \fBEVP_PKEY_derive\fR\|(3) along with (a +pointer initialized to) the desired length. Passing a \fB\s-1NULL\s0\fR buffer to obtain +the length is allowed when using \s-1EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY.\s0 +.PP +Optimised versions of \s-1HKDF\s0 can be implemented in an \s-1ENGINE.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R", +salt value \*(L"salt\*(R" and info value \*(L"label\*(R": +.PP +.Vb 4 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[10]; +\& size_t outlen = sizeof(out); +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); +\& +\& if (EVP_PKEY_derive_init(pctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_hkdf_key(pctx, "secret", 6) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_add1_hkdf_info(pctx, "label", 5) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) +\& /* Error */ +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 5869\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 new file mode 100644 index 000000000000..939d29cac16b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3" +.TH EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen \&\- EVP_PKEY RSA\-PSS algorithm support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx, +\& const EVP_MD *md); +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx, +\& const EVP_MD *md); +\& int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx, +\& int saltlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These are the functions that implement \s-1\fBRSA\-PSS\s0\fR\|(7). +.SS "Signing and Verification" +.IX Subsection "Signing and Verification" +The macro \fBEVP_PKEY_CTX_set_rsa_padding()\fR is supported but an error is +returned if an attempt is made to set the padding mode to anything other +than \fB\s-1PSS\s0\fR. It is otherwise similar to the \fB\s-1RSA\s0\fR version. +.PP +The \fBEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro is used to set the salt length. +If the key has usage restrictions then an error is returned if an attempt is +made to set the salt length below the minimum value. It is otherwise similar +to the \fB\s-1RSA\s0\fR operation except detection of the salt length (using +\&\s-1RSA_PSS_SALTLEN_AUTO\s0) is not supported for verification if the key has +usage restrictions. +.PP +The \fBEVP_PKEY_CTX_set_signature_md()\fR and \fBEVP_PKEY_CTX_set_rsa_mgf1_md()\fR macros +are used to set the digest and \s-1MGF1\s0 algorithms respectively. If the key has +usage restrictions then an error is returned if an attempt is made to set the +digest to anything other than the restricted value. Otherwise these are +similar to the \fB\s-1RSA\s0\fR versions. +.SS "Key Generation" +.IX Subsection "Key Generation" +As with \s-1RSA\s0 key generation the \fBEVP_PKEY_CTX_set_rsa_keygen_bits()\fR +and \fBEVP_PKEY_CTX_set_rsa_keygen_pubexp()\fR macros are supported for RSA-PSS: +they have exactly the same meaning as for the \s-1RSA\s0 algorithm. +.PP +Optional parameter restrictions can be specified when generating a \s-1PSS\s0 key. +If any restrictions are set (using the macros described below) then \fBall\fR +parameters are restricted. For example, setting a minimum salt length also +restricts the digest and \s-1MGF1\s0 algorithms. If any restrictions are in place +then they are reflected in the corresponding parameters of the public key +when (for example) a certificate request is signed. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md()\fR restricts the digest algorithm the +generated key can use to \fBmd\fR. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md()\fR restricts the \s-1MGF1\s0 algorithm the +generated key can use to \fBmd\fR. +.PP +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen()\fR restricts the minimum salt length +to \fBsaltlen\fR. +.SH "NOTES" +.IX Header "NOTES" +A context for the \fBRSA-PSS\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBRSA\-PSS\s0\fR\|(7), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 new file mode 100644 index 000000000000..0794685ff34e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_scrypt_N.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_SCRYPT_N 3" +.TH EVP_PKEY_CTX_SET_SCRYPT_N 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set1_scrypt_salt, EVP_PKEY_CTX_set_scrypt_N, EVP_PKEY_CTX_set_scrypt_r, EVP_PKEY_CTX_set_scrypt_p, EVP_PKEY_CTX_set_scrypt_maxmem_bytes \&\- EVP_PKEY scrypt KDF support functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt, +\& int saltlen); +\& +\& int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N); +\& +\& int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r); +\& +\& int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p); +\& +\& int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx, +\& uint64_t maxmem); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to set up the necessary data to use the +scrypt \s-1KDF.\s0 +For more information on scrypt, see \fBscrypt\fR\|(7). +.PP +\&\fBEVP_PKEY_CTX_set1_scrypt_salt()\fR sets the \fBsaltlen\fR bytes long salt +value. +.PP +\&\fBEVP_PKEY_CTX_set_scrypt_N()\fR, \fBEVP_PKEY_CTX_set_scrypt_r()\fR and +\&\fBEVP_PKEY_CTX_set_scrypt_p()\fR configure the work factors N, r and p. +.PP +\&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes()\fR sets how much \s-1RAM\s0 key +derivation may maximally use, given in bytes. +If \s-1RAM\s0 is exceeded because the load factors are chosen too high, the +key derivation will fail. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +scrypt also supports string based control operations via +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +Similarly, the \fBsalt\fR can either be specified using the \fBtype\fR +parameter \*(L"salt\*(R" or in hex encoding by using the \*(L"hexsalt\*(R" parameter. +The work factors \fBN\fR, \fBr\fR and \fBp\fR as well as \fBmaxmem_bytes\fR can be +set by using the parameters \*(L"N\*(R", \*(L"r\*(R", \*(L"p\*(R" and \*(L"maxmem_bytes\*(R", +respectively. +.SH "NOTES" +.IX Header "NOTES" +The scrypt \s-1KDF\s0 also uses \fBEVP_PKEY_CTX_set1_pbe_pass()\fR as well as +the value from the string controls \*(L"pass\*(R" and \*(L"hexpass\*(R". +See \fBEVP_PKEY_CTX_set1_pbe_pass\fR\|(3). +.PP +All the functions described here are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for +failure. +In particular a return value of \-2 indicates the operation is not +supported by the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBscrypt\fR\|(7), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 new file mode 100644 index 000000000000..7d09f0d1ab80 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CTX_SET_TLS1_PRF_MD 3" +.TH EVP_PKEY_CTX_SET_TLS1_PRF_MD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_CTX_set_tls1_prf_md, EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed \- TLS PRF key derivation algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); +\& int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx, +\& unsigned char *sec, int seclen); +\& int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, +\& unsigned char *seed, int seedlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1EVP_PKEY_TLS1_PRF\s0\fR algorithm implements the \s-1PRF\s0 key derivation function for +\&\s-1TLS.\s0 It has no associated private key and only implements key derivation +using \fBEVP_PKEY_derive\fR\|(3). +.PP +\&\fBEVP_PKEY_set_tls1_prf_md()\fR sets the message digest associated with the +\&\s-1TLS PRF.\s0 \fBEVP_md5_sha1()\fR is treated as a special case which uses the \s-1PRF\s0 +algorithm using both \fB\s-1MD5\s0\fR and \fB\s-1SHA1\s0\fR as used in \s-1TLS 1.0\s0 and 1.1. +.PP +\&\fBEVP_PKEY_CTX_set_tls1_prf_secret()\fR sets the secret value of the \s-1TLS PRF\s0 +to \fBseclen\fR bytes of the buffer \fBsec\fR. Any existing secret value is replaced +and any seed is reset. +.PP +\&\fBEVP_PKEY_CTX_add1_tls1_prf_seed()\fR sets the seed to \fBseedlen\fR bytes of \fBseed\fR. +If a seed is already set it is appended to the existing value. +.SH "STRING CTRLS" +.IX Header "STRING CTRLS" +The \s-1TLS PRF\s0 also supports string based control operations using +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3). +The \fBtype\fR parameter \*(L"md\*(R" uses the supplied \fBvalue\fR as the name of the digest +algorithm to use. +The \fBtype\fR parameters \*(L"secret\*(R" and \*(L"seed\*(R" use the supplied \fBvalue\fR parameter +as a secret or seed value. +The names \*(L"hexsecret\*(R" and \*(L"hexseed\*(R" are similar except they take a hex string +which is converted to binary. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented as macros. +.PP +A context for the \s-1TLS PRF\s0 can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); +.Ve +.PP +The digest, secret value and seed must be set before a key is derived or an +error occurs. +.PP +The total length of all seeds cannot exceed 1024 bytes in length: this should +be more than enough for any normal use of the \s-1TLS PRF.\s0 +.PP +The output length of the \s-1PRF\s0 is specified by the length parameter in the +\&\fBEVP_PKEY_derive()\fR function. Since the output length is variable, setting +the buffer to \fB\s-1NULL\s0\fR is not meaningful for the \s-1TLS PRF.\s0 +.PP +Optimised versions of the \s-1TLS PRF\s0 can be implemented in an \s-1ENGINE.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives 10 bytes using \s-1SHA\-256\s0 with the secret key \*(L"secret\*(R" +and seed value \*(L"seed\*(R": +.PP +.Vb 3 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[10]; +\& size_t outlen = sizeof(out); +\& +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); +\& if (EVP_PKEY_derive_init(pctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) +\& /* Error */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 new file mode 100644 index 000000000000..9dbb17aa8dae --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_asn1_get_count.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ASN1_GET_COUNT 3" +.TH EVP_PKEY_ASN1_GET_COUNT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_asn1_find, EVP_PKEY_asn1_find_str, EVP_PKEY_asn1_get_count, EVP_PKEY_asn1_get0, EVP_PKEY_asn1_get0_info \&\- enumerate public key ASN.1 methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_asn1_get_count(void); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +\& const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, +\& const char *str, int len); +\& int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, +\& int *ppkey_flags, const char **pinfo, +\& const char **ppem_str, +\& const EVP_PKEY_ASN1_METHOD *ameth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_asn1_count()\fR returns a count of the number of public key +\&\s-1ASN.1\s0 methods available: it includes standard methods and any methods +added by the application. +.PP +\&\fBEVP_PKEY_asn1_get0()\fR returns the public key \s-1ASN.1\s0 method \fBidx\fR. +The value of \fBidx\fR must be between zero and \fBEVP_PKEY_asn1_get_count()\fR +\&\- 1. +.PP +\&\fBEVP_PKEY_asn1_find()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1NID\s0 +\&\fBtype\fR. +If \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will look up an engine implementing a +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 \fBtype\fR and return that instead, +and also set \fB*pe\fR to point at the engine that implements it. +.PP +\&\fBEVP_PKEY_asn1_find_str()\fR looks up the \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR with \s-1PEM\s0 +type string \fBstr\fR. +Just like \fBEVP_PKEY_asn1_find()\fR, if \fBpe\fR isn't \fB\s-1NULL\s0\fR, then it will +look up an engine implementing a \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR for the \s-1NID\s0 +\&\fBtype\fR and return that instead, and also set \fB*pe\fR to point at the +engine that implements it. +.PP +\&\fBEVP_PKEY_asn1_get0_info()\fR returns the public key \s-1ID,\s0 base public key +\&\s-1ID\s0 (both NIDs), any flags, the method description and \s-1PEM\s0 type string +associated with the public key \s-1ASN.1\s0 method \fB*ameth\fR. +.PP +\&\fBEVP_PKEY_asn1_count()\fR, \fBEVP_PKEY_asn1_get0()\fR, \fBEVP_PKEY_asn1_find()\fR and +\&\fBEVP_PKEY_asn1_find_str()\fR are not thread safe, but as long as all +\&\fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR objects are added before the application gets +threaded, using them is safe. See \fBEVP_PKEY_asn1_add0\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_asn1_count()\fR returns the number of available public key methods. +.PP +\&\fBEVP_PKEY_asn1_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +out of range. +.PP +\&\fBEVP_PKEY_asn1_get0_info()\fR returns 0 on failure, 1 on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_asn1_new\fR\|(3), \fBEVP_PKEY_asn1_add0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 new file mode 100644 index 000000000000..6af3afbcc5ab --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_cmp.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_CMP 3" +.TH EVP_PKEY_CMP 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_copy_parameters, EVP_PKEY_missing_parameters, EVP_PKEY_cmp_parameters, EVP_PKEY_cmp \- public key parameter and comparison functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +\& int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +\& +\& int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); +\& int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key +parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm +doesn't use parameters. +.PP +The function \fBEVP_PKEY_copy_parameters()\fR copies the parameters from key +\&\fBfrom\fR to key \fBto\fR. An error is returned if the parameters are missing in +\&\fBfrom\fR or present in both \fBfrom\fR and \fBto\fR and mismatch. If the parameters +in \fBfrom\fR and \fBto\fR are both present and match this function has no effect. +.PP +The function \fBEVP_PKEY_cmp_parameters()\fR compares the parameters of keys +\&\fBa\fR and \fBb\fR. +.PP +The function \fBEVP_PKEY_cmp()\fR compares the public key components and parameters +(if present) of keys \fBa\fR and \fBb\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of the functions \fBEVP_PKEY_missing_parameters()\fR and +\&\fBEVP_PKEY_copy_parameters()\fR is to handle public keys in certificates where the +parameters are sometimes omitted from a public key if they are inherited from +the \s-1CA\s0 that signed it. +.PP +Since OpenSSL private keys contain public key components too the function +\&\fBEVP_PKEY_cmp()\fR can also be used to determine if a private key matches +a public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fBEVP_PKEY_missing_parameters()\fR returns 1 if the public key +parameters of \fBpkey\fR are missing and 0 if they are present or the algorithm +doesn't use parameters. +.PP +These functions \fBEVP_PKEY_copy_parameters()\fR returns 1 for success and 0 for +failure. +.PP +The function \fBEVP_PKEY_cmp_parameters()\fR and \fBEVP_PKEY_cmp()\fR return 1 if the +keys match, 0 if they don't match, \-1 if the key types are different and +\&\-2 if the operation is not supported. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 new file mode 100644 index 000000000000..faa00d9d6774 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_decrypt.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_DECRYPT 3" +.TH EVP_PKEY_DECRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_decrypt_init, EVP_PKEY_decrypt \- decrypt using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, +\& unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_decrypt_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a decryption operation. +.PP +The \fBEVP_PKEY_decrypt()\fR function performs a public key decryption operation +using \fBctx\fR. The data to be decrypted is specified using the \fBin\fR and +\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBoutlen\fR parameter should contain the length of the +\&\fBout\fR buffer, if the call is successful the decrypted data is written to +\&\fBout\fR and the amount of data written to \fBoutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_decrypt_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_decrypt()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_decrypt_init()\fR and \fBEVP_PKEY_decrypt()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys): +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *out, *in; +\& size_t outlen, inlen; +\& EVP_PKEY *key; +\& +\& /* +\& * NB: assumes key, eng, in, inlen are already set up +\& * and that key is an RSA private key +\& */ +\& ctx = EVP_PKEY_CTX_new(key, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_decrypt_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& +\& if (!out) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& /* Decrypted data is outlen bytes written to buffer out */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 new file mode 100644 index 000000000000..2aa43c002a60 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_derive.3 @@ -0,0 +1,234 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_DERIVE 3" +.TH EVP_PKEY_DERIVE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_derive_init, EVP_PKEY_derive_set_peer, EVP_PKEY_derive \- derive public key algorithm shared secret +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +\& int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_derive_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for shared secret derivation. +.PP +The \fBEVP_PKEY_derive_set_peer()\fR function sets the peer key: this will normally +be a public key. +.PP +The \fBEVP_PKEY_derive()\fR derives a shared secret using \fBctx\fR. +If \fBkey\fR is \fB\s-1NULL\s0\fR then the maximum size of the output buffer is written to +the \fBkeylen\fR parameter. If \fBkey\fR is not \fB\s-1NULL\s0\fR then before the call the +\&\fBkeylen\fR parameter should contain the length of the \fBkey\fR buffer, if the call +is successful the shared secret is written to \fBkey\fR and the amount of data +written to \fBkeylen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_derive_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_derive()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_derive_init()\fR and \fBEVP_PKEY_derive()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Derive shared secret (for example \s-1DH\s0 or \s-1EC\s0 keys): +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *skey; +\& size_t skeylen; +\& EVP_PKEY *pkey, *peerkey; +\& /* NB: assumes pkey, eng, peerkey have been already set up */ +\& +\& ctx = EVP_PKEY_CTX_new(pkey, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_derive_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) +\& /* Error */ +\& +\& skey = OPENSSL_malloc(skeylen); +\& +\& if (!skey) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) +\& /* Error */ +\& +\& /* Shared secret is skey bytes written to buffer skey */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 new file mode 100644 index 000000000000..bdf8d35b7e0b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_encrypt.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_ENCRYPT 3" +.TH EVP_PKEY_ENCRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_encrypt_init, EVP_PKEY_encrypt \- encrypt using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, +\& unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_encrypt_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for an encryption operation. +.PP +The \fBEVP_PKEY_encrypt()\fR function performs a public key encryption operation +using \fBctx\fR. The data to be encrypted is specified using the \fBin\fR and +\&\fBinlen\fR parameters. If \fBout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBoutlen\fR parameter. If \fBout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBoutlen\fR parameter should contain the length of the +\&\fBout\fR buffer, if the call is successful the encrypted data is written to +\&\fBout\fR and the amount of data written to \fBoutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_encrypt_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_encrypt()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_encrypt_init()\fR and \fBEVP_PKEY_encrypt()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fBPEM_read_PUBKEY\fR\|(3) or +\&\fBd2i_X509\fR\|(3) for means to load a public key. You may also simply +set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation: +.PP +.Vb 3 +\& #include +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& unsigned char *out, *in; +\& size_t outlen, inlen; +\& EVP_PKEY *key; +\& +\& /* +\& * NB: assumes eng, key, in, inlen are already set up, +\& * and that key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(key, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_encrypt_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& out = OPENSSL_malloc(outlen); +\& +\& if (!out) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) +\& /* Error */ +\& +\& /* Encrypted data is outlen bytes written to buffer out */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBENGINE_by_id\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 new file mode 100644 index 000000000000..777d60243707 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_get_default_digest_nid.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_GET_DEFAULT_DIGEST_NID 3" +.TH EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_get_default_digest_nid \- get default signature digest +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_get_default_digest_nid()\fR function sets \fBpnid\fR to the default +message digest \s-1NID\s0 for the public key signature operations associated with key +\&\fBpkey\fR. Note that some signature algorithms (i.e. Ed25519 and Ed448) do not use +a digest during signing. In this case \fBpnid\fR will be set to NID_undef. +.SH "NOTES" +.IX Header "NOTES" +For all current standard OpenSSL public key algorithms \s-1SHA1\s0 is returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBEVP_PKEY_get_default_digest_nid()\fR function returns 1 if the message digest +is advisory (that is other digests can be used) and 2 if it is mandatory (other +digests can not be used). It returns 0 or a negative value for failure. In +particular a return value of \-2 indicates the operation is not supported by the +public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +This function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 new file mode 100644 index 000000000000..d323f2a038f0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_keygen.3 @@ -0,0 +1,335 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_KEYGEN 3" +.TH EVP_PKEY_KEYGEN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data, EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check, EVP_PKEY_param_check \&\- key and parameter generation and check functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +\& +\& typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); +\& +\& void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +\& EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); +\& +\& int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); +\& +\& void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +\& void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); +\& +\& int EVP_PKEY_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_keygen_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a key generation operation. +.PP +The \fBEVP_PKEY_keygen()\fR function performs a key generation operation, the +generated key is written to \fBppkey\fR. +.PP +The functions \fBEVP_PKEY_paramgen_init()\fR and \fBEVP_PKEY_paramgen()\fR are similar +except parameters are generated. +.PP +The function \fBEVP_PKEY_set_cb()\fR sets the key or parameter generation callback +to \fBcb\fR. The function \fBEVP_PKEY_CTX_get_cb()\fR returns the key or parameter +generation callback. +.PP +The function \fBEVP_PKEY_CTX_get_keygen_info()\fR returns parameters associated +with the generation operation. If \fBidx\fR is \-1 the total number of +parameters available is returned. Any non negative value returns the value of +that parameter. \fBEVP_PKEY_CTX_gen_keygen_info()\fR with a non-negative value for +\&\fBidx\fR should only be called within the generation callback. +.PP +If the callback returns 0 then the key generation operation is aborted and an +error occurs. This might occur during a time consuming operation where +a user clicks on a \*(L"cancel\*(R" button. +.PP +The functions \fBEVP_PKEY_CTX_set_app_data()\fR and \fBEVP_PKEY_CTX_get_app_data()\fR set +and retrieve an opaque pointer. This can be used to set some application +defined value which can be retrieved in the callback: for example a handle +which is used to update a \*(L"progress dialog\*(R". +.PP +\&\fBEVP_PKEY_check()\fR validates the key-pair given by \fBctx\fR. This function first tries +to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR if it's present; otherwise +it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +.PP +\&\fBEVP_PKEY_public_check()\fR validates the public component of the key-pair given by \fBctx\fR. +This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR +if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +.PP +\&\fBEVP_PKEY_param_check()\fR validates the algorithm parameters of the key-pair given by \fBctx\fR. +This function first tries to use customized key check method in \fB\s-1EVP_PKEY_METHOD\s0\fR +if it's present; otherwise it calls a default one defined in \fB\s-1EVP_PKEY_ASN1_METHOD\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_keygen_init()\fR or \fBEVP_PKEY_paramgen_init()\fR algorithm +specific control operations can be performed to set any appropriate parameters +for the operation. +.PP +The functions \fBEVP_PKEY_keygen()\fR and \fBEVP_PKEY_paramgen()\fR can be called more than +once on the same context if several operations are performed using the same +parameters. +.PP +The meaning of the parameters passed to the callback will depend on the +algorithm and the specific implementation of the algorithm. Some might not +give any useful information at all during key or parameter generation. Others +might not even call the callback. +.PP +The operation performed by key or parameter generation depends on the algorithm +used. In some cases (e.g. \s-1EC\s0 with a supplied named curve) the \*(L"generation\*(R" +option merely sets the appropriate fields in an \s-1EVP_PKEY\s0 structure. +.PP +In OpenSSL an \s-1EVP_PKEY\s0 structure containing a private key also contains the +public key components and parameters (if any). An OpenSSL private key is +equivalent to what some libraries call a \*(L"key pair\*(R". A private key can be used +in functions which require the use of a public key or parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_keygen_init()\fR, \fBEVP_PKEY_paramgen_init()\fR, \fBEVP_PKEY_keygen()\fR and +\&\fBEVP_PKEY_paramgen()\fR return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.PP +\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR return 1 +for success or others for failure. They return \-2 if the operation is not supported +for the specific algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a 2048 bit \s-1RSA\s0 key: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& EVP_PKEY *pkey = NULL; +\& +\& ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_keygen_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) +\& /* Error */ +\& +\& /* Generate key */ +\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) +\& /* Error */ +.Ve +.PP +Generate a key from a set of parameters: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& ENGINE *eng; +\& EVP_PKEY *pkey = NULL, *param; +\& +\& /* Assumed param, eng are set up already */ +\& ctx = EVP_PKEY_CTX_new(param, eng); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_keygen_init(ctx) <= 0) +\& /* Error */ +\& +\& /* Generate key */ +\& if (EVP_PKEY_keygen(ctx, &pkey) <= 0) +\& /* Error */ +.Ve +.PP +Example of generation callback for OpenSSL public key implementations: +.PP +.Vb 1 +\& /* Application data is a BIO to output status to */ +\& +\& EVP_PKEY_CTX_set_app_data(ctx, status_bio); +\& +\& static int genpkey_cb(EVP_PKEY_CTX *ctx) +\& { +\& char c = \*(Aq*\*(Aq; +\& BIO *b = EVP_PKEY_CTX_get_app_data(ctx); +\& int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); +\& +\& if (p == 0) +\& c = \*(Aq.\*(Aq; +\& if (p == 1) +\& c = \*(Aq+\*(Aq; +\& if (p == 2) +\& c = \*(Aq*\*(Aq; +\& if (p == 3) +\& c = \*(Aq\en\*(Aq; +\& BIO_write(b, &c, 1); +\& (void)BIO_flush(b); +\& return 1; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.PP +\&\fBEVP_PKEY_check()\fR, \fBEVP_PKEY_public_check()\fR and \fBEVP_PKEY_param_check()\fR were added +in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 new file mode 100644 index 000000000000..0b9e750b16ba --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_get_count.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_METH_GET_COUNT 3" +.TH EVP_PKEY_METH_GET_COUNT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_meth_get_count, EVP_PKEY_meth_get0, EVP_PKEY_meth_get0_info \- enumerate public key methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t EVP_PKEY_meth_get_count(void); +\& const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx); +\& void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, +\& const EVP_PKEY_METHOD *meth); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_meth_count()\fR returns a count of the number of public key methods +available: it includes standard methods and any methods added by the +application. +.PP +\&\fBEVP_PKEY_meth_get0()\fR returns the public key method \fBidx\fR. The value of \fBidx\fR +must be between zero and \fBEVP_PKEY_meth_get_count()\fR \- 1. +.PP +\&\fBEVP_PKEY_meth_get0_info()\fR returns the public key \s-1ID\s0 (a \s-1NID\s0) and any flags +associated with the public key method \fB*meth\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_meth_count()\fR returns the number of available public key methods. +.PP +\&\fBEVP_PKEY_meth_get0()\fR return a public key method or \fB\s-1NULL\s0\fR if \fBidx\fR is +out of range. +.PP +\&\fBEVP_PKEY_meth_get0_info()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 new file mode 100644 index 000000000000..465a3499ed7a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_meth_new.3 @@ -0,0 +1,570 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_METH_NEW 3" +.TH EVP_PKEY_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find, EVP_PKEY_meth_add0, EVP_PKEY_METHOD, EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_check, EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check, EVP_PKEY_meth_set_digest_custom, EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_check, EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check, EVP_PKEY_meth_get_digest_custom, EVP_PKEY_meth_remove \&\- manipulating EVP_PKEY_METHOD structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +\& +\& EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); +\& void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +\& void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +\& const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +\& int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); +\& int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth); +\& +\& void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, +\& int (*init) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, +\& int (*copy) (EVP_PKEY_CTX *dst, +\& EVP_PKEY_CTX *src)); +\& void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, +\& void (*cleanup) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, +\& int (*paramgen_init) (EVP_PKEY_CTX *ctx), +\& int (*paramgen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, +\& int (*keygen_init) (EVP_PKEY_CTX *ctx), +\& int (*keygen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, +\& int (*sign_init) (EVP_PKEY_CTX *ctx), +\& int (*sign) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, +\& int (*verify_init) (EVP_PKEY_CTX *ctx), +\& int (*verify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, +\& int (*verify_recover_init) (EVP_PKEY_CTX +\& *ctx), +\& int (*verify_recover) (EVP_PKEY_CTX +\& *ctx, +\& unsigned char +\& *sig, +\& size_t *siglen, +\& const unsigned +\& char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, +\& int (*signctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (*signctx) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, +\& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (*verifyctx) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& int siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, +\& int (*encrypt_init) (EVP_PKEY_CTX *ctx), +\& int (*encryptfn) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, +\& int (*decrypt_init) (EVP_PKEY_CTX *ctx), +\& int (*decrypt) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, +\& int (*derive_init) (EVP_PKEY_CTX *ctx), +\& int (*derive) (EVP_PKEY_CTX *ctx, +\& unsigned char *key, +\& size_t *keylen)); +\& void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, +\& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, +\& void *p2), +\& int (*ctrl_str) (EVP_PKEY_CTX *ctx, +\& const char *type, +\& const char *value)); +\& void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, +\& int (*check) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, +\& int (*digest_custom) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx)); +\& +\& void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, +\& int (**pinit) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, +\& int (**pcopy) (EVP_PKEY_CTX *dst, +\& EVP_PKEY_CTX *src)); +\& void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, +\& void (**pcleanup) (EVP_PKEY_CTX *ctx)); +\& void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, +\& int (**pparamgen_init) (EVP_PKEY_CTX *ctx), +\& int (**pparamgen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, +\& int (**pkeygen_init) (EVP_PKEY_CTX *ctx), +\& int (**pkeygen) (EVP_PKEY_CTX *ctx, +\& EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, +\& int (**psign_init) (EVP_PKEY_CTX *ctx), +\& int (**psign) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, +\& int (**pverify_init) (EVP_PKEY_CTX *ctx), +\& int (**pverify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& size_t siglen, +\& const unsigned char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, +\& int (**pverify_recover_init) (EVP_PKEY_CTX +\& *ctx), +\& int (**pverify_recover) (EVP_PKEY_CTX +\& *ctx, +\& unsigned char +\& *sig, +\& size_t *siglen, +\& const unsigned +\& char *tbs, +\& size_t tbslen)); +\& void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, +\& int (**psignctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (**psignctx) (EVP_PKEY_CTX *ctx, +\& unsigned char *sig, +\& size_t *siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, +\& int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx), +\& int (**pverifyctx) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, +\& int siglen, +\& EVP_MD_CTX *mctx)); +\& void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, +\& int (**pencrypt_init) (EVP_PKEY_CTX *ctx), +\& int (**pencryptfn) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, +\& int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), +\& int (**pdecrypt) (EVP_PKEY_CTX *ctx, +\& unsigned char *out, +\& size_t *outlen, +\& const unsigned char *in, +\& size_t inlen)); +\& void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, +\& int (**pderive_init) (EVP_PKEY_CTX *ctx), +\& int (**pderive) (EVP_PKEY_CTX *ctx, +\& unsigned char *key, +\& size_t *keylen)); +\& void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, +\& int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, +\& void *p2), +\& int (**pctrl_str) (EVP_PKEY_CTX *ctx, +\& const char *type, +\& const char *value)); +\& void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, +\& int (**pcheck) (EVP_PKEY *pkey)); +\& void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth, +\& int (**pdigest_custom) (EVP_PKEY_CTX *ctx, +\& EVP_MD_CTX *mctx)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1EVP_PKEY_METHOD\s0\fR is a structure which holds a set of methods for a +specific public key cryptographic algorithm. Those methods are usually +used to perform different jobs, such as generating a key, signing or +verifying, encrypting or decrypting, etc. +.PP +There are two places where the \fB\s-1EVP_PKEY_METHOD\s0\fR objects are stored: one +is a built-in static array representing the standard methods for different +algorithms, and the other one is a stack of user-defined application-specific +methods, which can be manipulated by using \fBEVP_PKEY_meth_add0\fR\|(3). +.PP +The \fB\s-1EVP_PKEY_METHOD\s0\fR objects are usually referenced by \fB\s-1EVP_PKEY_CTX\s0\fR +objects. +.SS "Methods" +.IX Subsection "Methods" +The methods are the underlying implementations of a particular public key +algorithm present by the \fB\s-1EVP_PKEY_CTX\s0\fR object. +.PP +.Vb 3 +\& int (*init) (EVP_PKEY_CTX *ctx); +\& int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); +\& void (*cleanup) (EVP_PKEY_CTX *ctx); +.Ve +.PP +The \fBinit()\fR method is called to initialize algorithm-specific data when a new +\&\fB\s-1EVP_PKEY_CTX\s0\fR is created. As opposed to \fBinit()\fR, the \fBcleanup()\fR method is called +when an \fB\s-1EVP_PKEY_CTX\s0\fR is freed. The \fBcopy()\fR method is called when an \fB\s-1EVP_PKEY_CTX\s0\fR +is being duplicated. Refer to \fBEVP_PKEY_CTX_new\fR\|(3), \fBEVP_PKEY_CTX_new_id\fR\|(3), +\&\fBEVP_PKEY_CTX_free\fR\|(3) and \fBEVP_PKEY_CTX_dup\fR\|(3). +.PP +.Vb 2 +\& int (*paramgen_init) (EVP_PKEY_CTX *ctx); +\& int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +.Ve +.PP +The \fBparamgen_init()\fR and \fBparamgen()\fR methods deal with key parameter generation. +They are called by \fBEVP_PKEY_paramgen_init\fR\|(3) and \fBEVP_PKEY_paramgen\fR\|(3) to +handle the parameter generation process. +.PP +.Vb 2 +\& int (*keygen_init) (EVP_PKEY_CTX *ctx); +\& int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +.Ve +.PP +The \fBkeygen_init()\fR and \fBkeygen()\fR methods are used to generate the actual key for +the specified algorithm. They are called by \fBEVP_PKEY_keygen_init\fR\|(3) and +\&\fBEVP_PKEY_keygen\fR\|(3). +.PP +.Vb 3 +\& int (*sign_init) (EVP_PKEY_CTX *ctx); +\& int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.PP +The \fBsign_init()\fR and \fBsign()\fR methods are used to generate the signature of a +piece of data using a private key. They are called by \fBEVP_PKEY_sign_init\fR\|(3) +and \fBEVP_PKEY_sign\fR\|(3). +.PP +.Vb 4 +\& int (*verify_init) (EVP_PKEY_CTX *ctx); +\& int (*verify) (EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.PP +The \fBverify_init()\fR and \fBverify()\fR methods are used to verify whether a signature is +valid. They are called by \fBEVP_PKEY_verify_init\fR\|(3) and \fBEVP_PKEY_verify\fR\|(3). +.PP +.Vb 4 +\& int (*verify_recover_init) (EVP_PKEY_CTX *ctx); +\& int (*verify_recover) (EVP_PKEY_CTX *ctx, +\& unsigned char *rout, size_t *routlen, +\& const unsigned char *sig, size_t siglen); +.Ve +.PP +The \fBverify_recover_init()\fR and \fBverify_recover()\fR methods are used to verify a +signature and then recover the digest from the signature (for instance, a +signature that was generated by \s-1RSA\s0 signing algorithm). They are called by +\&\fBEVP_PKEY_verify_recover_init\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). +.PP +.Vb 3 +\& int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +\& int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, +\& EVP_MD_CTX *mctx); +.Ve +.PP +The \fBsignctx_init()\fR and \fBsignctx()\fR methods are used to sign a digest present by +a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the EVP_DigestSign functions. See +\&\fBEVP_DigestSignInit\fR\|(3) for details. +.PP +.Vb 3 +\& int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +\& int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, +\& EVP_MD_CTX *mctx); +.Ve +.PP +The \fBverifyctx_init()\fR and \fBverifyctx()\fR methods are used to verify a signature +against the data in a \fB\s-1EVP_MD_CTX\s0\fR object. They are called by the various +EVP_DigestVerify functions. See \fBEVP_DigestVerifyInit\fR\|(3) for details. +.PP +.Vb 3 +\& int (*encrypt_init) (EVP_PKEY_CTX *ctx); +\& int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.PP +The \fBencrypt_init()\fR and \fBencrypt()\fR methods are used to encrypt a piece of data. +They are called by \fBEVP_PKEY_encrypt_init\fR\|(3) and \fBEVP_PKEY_encrypt\fR\|(3). +.PP +.Vb 3 +\& int (*decrypt_init) (EVP_PKEY_CTX *ctx); +\& int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, +\& const unsigned char *in, size_t inlen); +.Ve +.PP +The \fBdecrypt_init()\fR and \fBdecrypt()\fR methods are used to decrypt a piece of data. +They are called by \fBEVP_PKEY_decrypt_init\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3). +.PP +.Vb 2 +\& int (*derive_init) (EVP_PKEY_CTX *ctx); +\& int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +.Ve +.PP +The \fBderive_init()\fR and \fBderive()\fR methods are used to derive the shared secret +from a public key algorithm (for instance, the \s-1DH\s0 algorithm). They are called by +\&\fBEVP_PKEY_derive_init\fR\|(3) and \fBEVP_PKEY_derive\fR\|(3). +.PP +.Vb 2 +\& int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); +\& int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); +.Ve +.PP +The \fBctrl()\fR and \fBctrl_str()\fR methods are used to adjust algorithm-specific +settings. See \fBEVP_PKEY_CTX_ctrl\fR\|(3) and related functions for details. +.PP +.Vb 5 +\& int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +\& int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, +\& size_t siglen, const unsigned char *tbs, +\& size_t tbslen); +.Ve +.PP +The \fBdigestsign()\fR and \fBdigestverify()\fR methods are used to generate or verify +a signature in a one-shot mode. They could be called by \fBEVP_DigestSign\fR\|(3) +and \fBEVP_DigestVerify\fR\|(3). +.PP +.Vb 3 +\& int (*check) (EVP_PKEY *pkey); +\& int (*public_check) (EVP_PKEY *pkey); +\& int (*param_check) (EVP_PKEY *pkey); +.Ve +.PP +The \fBcheck()\fR, \fBpublic_check()\fR and \fBparam_check()\fR methods are used to validate a +key-pair, the public component and parameters respectively for a given \fBpkey\fR. +They could be called by \fBEVP_PKEY_check\fR\|(3), \fBEVP_PKEY_public_check\fR\|(3) and +\&\fBEVP_PKEY_param_check\fR\|(3) respectively. +.PP +.Vb 1 +\& int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +.Ve +.PP +The \fBdigest_custom()\fR method is used to generate customized digest content before +the real message is passed to functions like \fBEVP_DigestSignUpdate\fR\|(3) or +\&\fBEVP_DigestVerifyInit\fR\|(3). This is usually required by some public key +signature algorithms like \s-1SM2\s0 which requires a hashed prefix to the message to +be signed. The \fBdigest_custom()\fR function will be called by \fBEVP_DigestSignInit\fR\|(3) +and \fBEVP_DigestVerifyInit\fR\|(3). +.SS "Functions" +.IX Subsection "Functions" +\&\fBEVP_PKEY_meth_new()\fR creates and returns a new \fB\s-1EVP_PKEY_METHOD\s0\fR object, +and associates the given \fBid\fR and \fBflags\fR. The following flags are +supported: +.PP +.Vb 2 +\& EVP_PKEY_FLAG_AUTOARGLEN +\& EVP_PKEY_FLAG_SIGCTX_CUSTOM +.Ve +.PP +If an \fB\s-1EVP_PKEY_METHOD\s0\fR is set with the \fB\s-1EVP_PKEY_FLAG_AUTOARGLEN\s0\fR flag, the +maximum size of the output buffer will be automatically calculated or checked +in corresponding \s-1EVP\s0 methods by the \s-1EVP\s0 framework. Thus the implementations of +these methods don't need to care about handling the case of returning output +buffer size by themselves. For details on the output buffer size, refer to +\&\fBEVP_PKEY_sign\fR\|(3). +.PP +The \fB\s-1EVP_PKEY_FLAG_SIGCTX_CUSTOM\s0\fR is used to indicate the \fBsignctx()\fR method +of an \fB\s-1EVP_PKEY_METHOD\s0\fR is always called by the \s-1EVP\s0 framework while doing a +digest signing operation by calling \fBEVP_DigestSignFinal\fR\|(3). +.PP +\&\fBEVP_PKEY_meth_free()\fR frees an existing \fB\s-1EVP_PKEY_METHOD\s0\fR pointed by +\&\fBpmeth\fR. +.PP +\&\fBEVP_PKEY_meth_copy()\fR copies an \fB\s-1EVP_PKEY_METHOD\s0\fR object from \fBsrc\fR +to \fBdst\fR. +.PP +\&\fBEVP_PKEY_meth_find()\fR finds an \fB\s-1EVP_PKEY_METHOD\s0\fR object with the \fBid\fR. +This function first searches through the user-defined method objects and +then the built-in objects. +.PP +\&\fBEVP_PKEY_meth_add0()\fR adds \fBpmeth\fR to the user defined stack of methods. +.PP +\&\fBEVP_PKEY_meth_remove()\fR removes an \fB\s-1EVP_PKEY_METHOD\s0\fR object added by +\&\fBEVP_PKEY_meth_add0()\fR. +.PP +The EVP_PKEY_meth_set functions set the corresponding fields of +\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure with the arguments passed. +.PP +The EVP_PKEY_meth_get functions get the corresponding fields of +\&\fB\s-1EVP_PKEY_METHOD\s0\fR structure to the arguments provided. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_meth_new()\fR returns a pointer to a new \fB\s-1EVP_PKEY_METHOD\s0\fR +object or returns \s-1NULL\s0 on error. +.PP +\&\fBEVP_PKEY_meth_free()\fR and \fBEVP_PKEY_meth_copy()\fR do not return values. +.PP +\&\fBEVP_PKEY_meth_find()\fR returns a pointer to the found \fB\s-1EVP_PKEY_METHOD\s0\fR +object or returns \s-1NULL\s0 if not found. +.PP +\&\fBEVP_PKEY_meth_add0()\fR returns 1 if method is added successfully or 0 +if an error occurred. +.PP +\&\fBEVP_PKEY_meth_remove()\fR returns 1 if method is removed successfully or +0 if an error occurred. +.PP +All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return +values. For the 'get' functions, function pointers are returned by +arguments. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 new file mode 100644 index 000000000000..708dac7c7a2f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_new.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_NEW 3" +.TH EVP_PKEY_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_free, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key, EVP_PKEY_new_CMAC_key, EVP_PKEY_new_mac_key, EVP_PKEY_get_raw_private_key, EVP_PKEY_get_raw_public_key \&\- public/private key allocation and raw key handling functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *EVP_PKEY_new(void); +\& int EVP_PKEY_up_ref(EVP_PKEY *key); +\& void EVP_PKEY_free(EVP_PKEY *key); +\& +\& EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, +\& const unsigned char *key, size_t keylen); +\& EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, +\& const unsigned char *key, size_t keylen); +\& EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, +\& size_t len, const EVP_CIPHER *cipher); +\& EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, +\& int keylen); +\& +\& int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, +\& size_t *len); +\& int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, +\& size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR structure which is +used by OpenSSL to store public and private keys. The reference count is set to +\&\fB1\fR. +.PP +\&\fBEVP_PKEY_up_ref()\fR increments the reference count of \fBkey\fR. +.PP +\&\fBEVP_PKEY_free()\fR decrements the reference count of \fBkey\fR and, if the reference +count is zero, frees it up. If \fBkey\fR is \s-1NULL,\s0 nothing is done. +.PP +\&\fBEVP_PKEY_new_raw_private_key()\fR allocates a new \fB\s-1EVP_PKEY\s0\fR. If \fBe\fR is non-NULL +then the new \fB\s-1EVP_PKEY\s0\fR structure is associated with the engine \fBe\fR. The +\&\fBtype\fR argument indicates what kind of key this is. The value should be a \s-1NID\s0 +for a public key algorithm that supports raw private keys, i.e. one of +\&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, +\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. \fBkey\fR points to the +raw private key data for this \fB\s-1EVP_PKEY\s0\fR which should be of length \fBkeylen\fR. +The length should be appropriate for the type of the key. The public key data +will be automatically derived from the given private key data (if appropriate +for the algorithm type). +.PP +\&\fBEVP_PKEY_new_raw_public_key()\fR works in the same way as +\&\fBEVP_PKEY_new_raw_private_key()\fR except that \fBkey\fR points to the raw public key +data. The \fB\s-1EVP_PKEY\s0\fR structure will be initialised without any private key +information. Algorithm types that support raw public keys are +\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.PP +\&\fBEVP_PKEY_new_CMAC_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR +except it is only for the \fB\s-1EVP_PKEY_CMAC\s0\fR algorithm type. In addition to the +raw private key data, it also takes a cipher algorithm to be used during +creation of a \s-1CMAC\s0 in the \fBcipher\fR argument. +.PP +\&\fBEVP_PKEY_new_mac_key()\fR works in the same way as \fBEVP_PKEY_new_raw_private_key()\fR. +New applications should use \fBEVP_PKEY_new_raw_private_key()\fR instead. +.PP +\&\fBEVP_PKEY_get_raw_private_key()\fR fills the buffer provided by \fBpriv\fR with raw +private key data. The number of bytes written is populated in \fB*len\fR. If the +buffer \fBpriv\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the private key data. This function +only works for algorithms that support raw private keys. Currently this is: +\&\fB\s-1EVP_PKEY_HMAC\s0\fR, \fB\s-1EVP_PKEY_POLY1305\s0\fR, \fB\s-1EVP_PKEY_SIPHASH\s0\fR, \fB\s-1EVP_PKEY_X25519\s0\fR, +\&\fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.PP +\&\fBEVP_PKEY_get_raw_public_key()\fR fills the buffer provided by \fBpub\fR with raw +public key data. The number of bytes written is populated in \fB*len\fR. If the +buffer \fBpub\fR is \s-1NULL\s0 then \fB*len\fR is populated with the number of bytes +required to hold the key. The calling application is responsible for ensuring +that the buffer is large enough to receive the public key data. This function +only works for algorithms that support raw public keys. Currently this is: +\&\fB\s-1EVP_PKEY_X25519\s0\fR, \fB\s-1EVP_PKEY_ED25519\s0\fR, \fB\s-1EVP_PKEY_X448\s0\fR or \fB\s-1EVP_PKEY_ED448\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions which require a +general private key without reference to any particular algorithm. +.PP +The structure returned by \fBEVP_PKEY_new()\fR is empty. To add a private or public +key to this empty structure use the appropriate functions described in +\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or +EVP_PKEY_set1_EC_KEY. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_new()\fR, \fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, +\&\fBEVP_PKEY_new_CMAC_key()\fR and \fBEVP_PKEY_new_mac_key()\fR return either the newly +allocated \fB\s-1EVP_PKEY\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBEVP_PKEY_up_ref()\fR, \fBEVP_PKEY_get_raw_private_key()\fR and +\&\fBEVP_PKEY_get_raw_public_key()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_set1_RSA\fR\|(3), EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH or +EVP_PKEY_set1_EC_KEY +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBEVP_PKEY_new()\fR and \fBEVP_PKEY_free()\fR functions exist in all versions of OpenSSL. +.PP +The \fBEVP_PKEY_up_ref()\fR function was added in OpenSSL 1.1.0. +.PP +The +\&\fBEVP_PKEY_new_raw_private_key()\fR, \fBEVP_PKEY_new_raw_public_key()\fR, +\&\fBEVP_PKEY_new_CMAC_key()\fR, \fBEVP_PKEY_new_raw_private_key()\fR and +\&\fBEVP_PKEY_get_raw_public_key()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 new file mode 100644 index 000000000000..b8d33cc73892 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_print_private.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_PRINT_PRIVATE 3" +.TH EVP_PKEY_PRINT_PRIVATE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public key algorithm printing routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +\& int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, +\& int indent, ASN1_PCTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fBEVP_PKEY_print_public()\fR, \fBEVP_PKEY_print_private()\fR and +\&\fBEVP_PKEY_print_params()\fR print out the public, private or parameter components +of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable +form. The parameter \fBindent\fR indicated how far the printout should be indented. +.PP +The \fBpctx\fR parameter allows the print output to be finely tuned by using +\&\s-1ASN1\s0 printing options. If \fBpctx\fR is set to \s-1NULL\s0 then default values will +be used. +.SH "NOTES" +.IX Header "NOTES" +Currently no public key algorithms include any options in the \fBpctx\fR parameter. +.PP +If the key does not include all the components indicated by the function then +only those contained in the key will be printed. For example passing a public +key to \fBEVP_PKEY_print_private()\fR will only print the public components. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions all return 1 for success and 0 or a negative value for failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 new file mode 100644 index 000000000000..9d4c4670e4e8 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_set1_RSA.3 @@ -0,0 +1,282 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SET1_RSA 3" +.TH EVP_PKEY_SET1_RSA 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine \- EVP_PKEY assignment functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key); +\& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key); +\& int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key); +\& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +\& +\& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +\& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +\& +\& const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); +\& const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len); +\& const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len); +\& RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); +\& DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +\& +\& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key); +\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key); +\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key); +\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); +\& int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); +\& int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key); +\& +\& int EVP_PKEY_id(const EVP_PKEY *pkey); +\& int EVP_PKEY_base_id(const EVP_PKEY *pkey); +\& int EVP_PKEY_type(int type); +\& int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +\& +\& ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey); +\& int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and +\&\fBEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. +.PP +\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or +\&\fB\s-1NULL\s0\fR if the key is not of the correct type. +.PP +\&\fBEVP_PKEY_get0_hmac()\fR, \fBEVP_PKEY_get0_poly1305()\fR, \fBEVP_PKEY_get0_siphash()\fR, +\&\fBEVP_PKEY_get0_RSA()\fR, \fBEVP_PKEY_get0_DSA()\fR, \fBEVP_PKEY_get0_DH()\fR +and \fBEVP_PKEY_get0_EC_KEY()\fR also return the referenced key in \fBpkey\fR or \fB\s-1NULL\s0\fR +if the key is not of the correct type but the reference count of the +returned key is \fBnot\fR incremented and so must not be freed up after use. +.PP +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, +\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR and +\&\fBEVP_PKEY_assign_SIPHASH()\fR also set the referenced key to \fBkey\fR +however these use the supplied \fBkey\fR internally and so \fBkey\fR +will be freed when the parent \fBpkey\fR is freed. +.PP +\&\fBEVP_PKEY_base_id()\fR returns the type of \fBpkey\fR. For example +an \s-1RSA\s0 key will return \fB\s-1EVP_PKEY_RSA\s0\fR. +.PP +\&\fBEVP_PKEY_id()\fR returns the actual \s-1OID\s0 associated with \fBpkey\fR. Historically keys +using the same algorithm could use different OIDs. For example an \s-1RSA\s0 key could +use the OIDs corresponding to the NIDs \fBNID_rsaEncryption\fR (equivalent to +\&\fB\s-1EVP_PKEY_RSA\s0\fR) or \fBNID_rsa\fR (equivalent to \fB\s-1EVP_PKEY_RSA2\s0\fR). The use of +alternative non-standard OIDs is now rare so \fB\s-1EVP_PKEY_RSA2\s0\fR et al are not +often seen in practice. +.PP +\&\fBEVP_PKEY_type()\fR returns the underlying type of the \s-1NID\s0 \fBtype\fR. For example +EVP_PKEY_type(\s-1EVP_PKEY_RSA2\s0) will return \fB\s-1EVP_PKEY_RSA\s0\fR. +.PP +\&\fBEVP_PKEY_get0_engine()\fR returns a reference to the \s-1ENGINE\s0 handling \fBpkey\fR. +.PP +\&\fBEVP_PKEY_set1_engine()\fR sets the \s-1ENGINE\s0 handling \fBpkey\fR to \fBengine\fR. It +must be called after the key algorithm and components are set up. +If \fBengine\fR does not include an \fB\s-1EVP_PKEY_METHOD\s0\fR for \fBpkey\fR an +error occurs. +.PP +\&\fBEVP_PKEY_set_alias_type()\fR allows modifying a \s-1EVP_PKEY\s0 to use a +different set of algorithms than the default. This is currently used +to support \s-1SM2\s0 keys, which use an identical encoding to \s-1ECDSA.\s0 +.SH "NOTES" +.IX Header "NOTES" +In accordance with the OpenSSL naming convention the key obtained +from or assigned to the \fBpkey\fR using the \fB1\fR functions must be +freed as well as \fBpkey\fR. +.PP +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, +\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR +and \fBEVP_PKEY_assign_SIPHASH()\fR are implemented as macros. +.PP +Most applications wishing to know a key type will simply call +\&\fBEVP_PKEY_base_id()\fR and will not care about the actual type: +which will be identical in almost all cases. +.PP +Previous versions of this document suggested using EVP_PKEY_type(pkey\->type) +to determine the type of a key. Since \fB\s-1EVP_PKEY\s0\fR is now opaque this +is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). +.PP +\&\fBEVP_PKEY_set1_engine()\fR is typically used by an \s-1ENGINE\s0 returning an \s-1HSM\s0 +key as part of its routine to load a private key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_set1_RSA()\fR, \fBEVP_PKEY_set1_DSA()\fR, \fBEVP_PKEY_set1_DH()\fR and +\&\fBEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. +.PP +\&\fBEVP_PKEY_get1_RSA()\fR, \fBEVP_PKEY_get1_DSA()\fR, \fBEVP_PKEY_get1_DH()\fR and +\&\fBEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fBEVP_PKEY_assign_RSA()\fR, \fBEVP_PKEY_assign_DSA()\fR, \fBEVP_PKEY_assign_DH()\fR, +\&\fBEVP_PKEY_assign_EC_KEY()\fR, \fBEVP_PKEY_assign_POLY1305()\fR +and \fBEVP_PKEY_assign_SIPHASH()\fR return 1 for success and 0 for failure. +.PP +\&\fBEVP_PKEY_base_id()\fR, \fBEVP_PKEY_id()\fR and \fBEVP_PKEY_type()\fR return a key +type or \fBNID_undef\fR (equivalently \fB\s-1EVP_PKEY_NONE\s0\fR) on error. +.PP +\&\fBEVP_PKEY_set1_engine()\fR returns 1 for success and 0 for failure. +.PP +\&\fBEVP_PKEY_set_alias_type()\fR returns 1 for success and 0 for error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +After loading an \s-1ECC\s0 key, it is possible to convert it to using \s-1SM2\s0 +algorithms with EVP_PKEY_set_alias_type: +.PP +.Vb 1 +\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 new file mode 100644 index 000000000000..8887fb79080e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_sign.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_SIGN 3" +.TH EVP_PKEY_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_sign_init, EVP_PKEY_sign \- sign using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, +\& unsigned char *sig, size_t *siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_sign_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a signing operation. +.PP +The \fBEVP_PKEY_sign()\fR function performs a public key signing operation +using \fBctx\fR. The data to be signed is specified using the \fBtbs\fR and +\&\fBtbslen\fR parameters. If \fBsig\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBsiglen\fR parameter. If \fBsig\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBsiglen\fR parameter should contain the length of the +\&\fBsig\fR buffer, if the call is successful the signature is written to +\&\fBsig\fR and the amount of data written to \fBsiglen\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +\&\fBEVP_DigestSignInit\fR\|(3) and +\&\fBEVP_SignInit\fR\|(3) signing interfaces instead. +.PP +After the call to \fBEVP_PKEY_sign_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation (see \fBEVP_PKEY_CTX_ctrl\fR\|(3)). +.PP +The function \fBEVP_PKEY_sign()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_sign_init()\fR and \fBEVP_PKEY_sign()\fR return 1 for success and 0 +or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& /* md is a SHA\-256 digest in this example. */ +\& unsigned char *md, *sig; +\& size_t mdlen = 32, siglen; +\& EVP_PKEY *signing_key; +\& +\& /* +\& * NB: assumes signing_key and md are set up before the next +\& * step. signing_key must be an RSA private key and md must +\& * point to the SHA\-256 digest to be signed. +\& */ +\& ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_sign_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) +\& /* Error */ +\& +\& sig = OPENSSL_malloc(siglen); +\& +\& if (!sig) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) +\& /* Error */ +\& +\& /* Signature is siglen bytes written to buffer sig */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 new file mode 100644 index 000000000000..c7f15a36b161 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_verify.3 @@ -0,0 +1,234 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_VERIFY 3" +.TH EVP_PKEY_VERIFY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_verify_init, EVP_PKEY_verify \- signature verification using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, +\& const unsigned char *sig, size_t siglen, +\& const unsigned char *tbs, size_t tbslen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_verify_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a signature verification operation. +.PP +The \fBEVP_PKEY_verify()\fR function performs a public key verification operation +using \fBctx\fR. The signature is specified using the \fBsig\fR and +\&\fBsiglen\fR parameters. The verified data (i.e. the data believed originally +signed) is specified using the \fBtbs\fR and \fBtbslen\fR parameters. +.SH "NOTES" +.IX Header "NOTES" +After the call to \fBEVP_PKEY_verify_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_verify()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_verify_init()\fR and \fBEVP_PKEY_verify()\fR return 1 if the verification was +successful and 0 if it failed. Unlike other functions the return value 0 from +\&\fBEVP_PKEY_verify()\fR only indicates that the signature did not verify +successfully (that is tbs did not match the original data or the signature was +of invalid form) it is not an indication of a more serious error. +.PP +A negative value indicates an error other that signature verification failure. +In particular a return value of \-2 indicates the operation is not supported by +the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Verify signature using PKCS#1 and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *md, *sig; +\& size_t mdlen, siglen; +\& EVP_PKEY *verify_key; +\& +\& /* +\& * NB: assumes verify_key, sig, siglen md and mdlen are already set up +\& * and that verify_key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_verify_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Perform operation */ +\& ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); +\& +\& /* +\& * ret == 1 indicates success, 0 verify failure and < 0 for some +\& * other error. +\& */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 new file mode 100644 index 000000000000..d75534aa73f5 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_PKEY_verify_recover.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_PKEY_VERIFY_RECOVER 3" +.TH EVP_PKEY_VERIFY_RECOVER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_verify_recover_init, EVP_PKEY_verify_recover \- recover signature using a public key algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +\& int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, +\& unsigned char *rout, size_t *routlen, +\& const unsigned char *sig, size_t siglen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEVP_PKEY_verify_recover_init()\fR function initializes a public key algorithm +context using key \fBpkey\fR for a verify recover operation. +.PP +The \fBEVP_PKEY_verify_recover()\fR function recovers signed data +using \fBctx\fR. The signature is specified using the \fBsig\fR and +\&\fBsiglen\fR parameters. If \fBrout\fR is \fB\s-1NULL\s0\fR then the maximum size of the output +buffer is written to the \fBroutlen\fR parameter. If \fBrout\fR is not \fB\s-1NULL\s0\fR then +before the call the \fBroutlen\fR parameter should contain the length of the +\&\fBrout\fR buffer, if the call is successful recovered data is written to +\&\fBrout\fR and the amount of data written to \fBroutlen\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally an application is only interested in whether a signature verification +operation is successful in those cases the \fBEVP_verify()\fR function should be +used. +.PP +Sometimes however it is useful to obtain the data originally signed using a +signing operation. Only certain public key algorithms can recover a signature +in this way (for example \s-1RSA\s0 in \s-1PKCS\s0 padding mode). +.PP +After the call to \fBEVP_PKEY_verify_recover_init()\fR algorithm specific control +operations can be performed to set any appropriate parameters for the +operation. +.PP +The function \fBEVP_PKEY_verify_recover()\fR can be called more than once on the same +context if several operations are performed using the same parameters. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_PKEY_verify_recover_init()\fR and \fBEVP_PKEY_verify_recover()\fR return 1 for success +and 0 or a negative value for failure. In particular a return value of \-2 +indicates the operation is not supported by the public key algorithm. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Recover digest originally signed using PKCS#1 and \s-1SHA256\s0 digest: +.PP +.Vb 2 +\& #include +\& #include +\& +\& EVP_PKEY_CTX *ctx; +\& unsigned char *rout, *sig; +\& size_t routlen, siglen; +\& EVP_PKEY *verify_key; +\& +\& /* +\& * NB: assumes verify_key, sig and siglen are already set up +\& * and that verify_key is an RSA public key +\& */ +\& ctx = EVP_PKEY_CTX_new(verify_key, NULL /* no engine */); +\& if (!ctx) +\& /* Error occurred */ +\& if (EVP_PKEY_verify_recover_init(ctx) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) +\& /* Error */ +\& if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) +\& /* Error */ +\& +\& /* Determine buffer length */ +\& if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) +\& /* Error */ +\& +\& rout = OPENSSL_malloc(routlen); +\& +\& if (!rout) +\& /* malloc failure */ +\& +\& if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) +\& /* Error */ +\& +\& /* Recovered data is routlen bytes written to buffer rout */ +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_SealInit.3 b/secure/lib/libcrypto/man/man3/EVP_SealInit.3 new file mode 100644 index 000000000000..32c26df471a9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_SealInit.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SEALINIT 3" +.TH EVP_SEALINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char **ek, int *ekl, unsigned char *iv, +\& EVP_PKEY **pubk, int npubk); +\& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 envelope routines are a high level interface to envelope +encryption. They generate a random key and \s-1IV\s0 (if required) then +\&\*(L"envelope\*(R" it by using public key encryption. Data can then be +encrypted using this key. +.PP +\&\fBEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption +with cipher \fBtype\fR using a random secret key and \s-1IV.\s0 \fBtype\fR is normally +supplied by a function such as \fBEVP_aes_256_cbc()\fR. The secret key is encrypted +using one or more public keys, this allows the same encrypted data to be +decrypted using any of the corresponding private keys. \fBek\fR is an array of +buffers where the public key encrypted secret key will be written, each buffer +must contain enough room for the corresponding encrypted key: that is +\&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual +size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is +an array of \fBnpubk\fR public keys. +.PP +The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must +contain enough room for the corresponding cipher's \s-1IV,\s0 as determined by (for +example) EVP_CIPHER_iv_length(type). +.PP +If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored +and can be \fB\s-1NULL\s0\fR. +.PP +\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR have exactly the same properties +as the \fBEVP_EncryptUpdate()\fR and \fBEVP_EncryptFinal()\fR routines, as +documented on the \fBEVP_EncryptInit\fR\|(3) manual +page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful. +.PP +\&\fBEVP_SealUpdate()\fR and \fBEVP_SealFinal()\fR return 1 for success and 0 for +failure. +.SH "NOTES" +.IX Header "NOTES" +Because a random secret key is generated the random number generator +must be seeded when \fBEVP_SealInit()\fR is called. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +The public key must be \s-1RSA\s0 because it is the only OpenSSL public key +algorithm that supports key transport. +.PP +Envelope encryption is the usual method of using public key encryption +on large amounts of data, this is because public key encryption is slow +but symmetric encryption is fast. So symmetric encryption is used for +bulk encryption and the small random symmetric key used is transferred +using public key encryption. +.PP +It is possible to call \fBEVP_SealInit()\fR twice in the same way as +\&\fBEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 +and (after setting any cipher parameters) it should be called again +with \fBtype\fR set to \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_OpenInit\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_SignInit.3 b/secure/lib/libcrypto/man/man3/EVP_SignInit.3 new file mode 100644 index 000000000000..cf7eb2b1a672 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_SignInit.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SIGNINIT 3" +.TH EVP_SIGNINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_PKEY_size, EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal, EVP_PKEY_security_bits \- EVP signing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sig, unsigned int *s, EVP_PKEY *pkey); +\& +\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& +\& int EVP_PKEY_size(const EVP_PKEY *pkey); +\& int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital +signatures. +.PP +\&\fBEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created with +\&\fBEVP_MD_CTX_new()\fR before calling this function. +.PP +\&\fBEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +signature context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. +.PP +\&\fBEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and +places the signature in \fBsig\fR. \fBsig\fR must be at least EVP_PKEY_size(pkey) +bytes in size. \fBs\fR is an \s-1OUT\s0 parameter, and not used as an \s-1IN\s0 parameter. +The number of bytes of data written (i.e. the length of the signature) +will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes +will be written. +.PP +\&\fBEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default +implementation of digest \fBtype\fR. +.PP +\&\fBEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual +signature returned by \fBEVP_SignFinal()\fR may be smaller. +.PP +\&\fBEVP_PKEY_security_bits()\fR returns the number of security bits of the given \fBpkey\fR, +bits of security is defined in \s-1NIST SP800\-57.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_SignInit_ex()\fR, \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR return 1 +for success and 0 for failure. +.PP +\&\fBEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.PP +\&\fBEVP_PKEY_security_bits()\fR returns the number of security bits. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +When signing with \s-1DSA\s0 private keys the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +This requirement does not hold for \s-1RSA\s0 signatures. +.PP +The call to \fBEVP_SignFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fBEVP_SignUpdate()\fR and \fBEVP_SignFinal()\fR can be called +later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "BUGS" +.IX Header "BUGS" +Older versions of this documentation wrongly stated that calls to +\&\fBEVP_SignUpdate()\fR could not be made after calling \fBEVP_SignFinal()\fR. +.PP +Since the private key is passed in the call to \fBEVP_SignFinal()\fR any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through \fBEVP_SignUpdate()\fR. +.PP +It is not possible to change the signing parameters using these function. +.PP +The previous two bugs are fixed in the newer EVP_SignDigest*() function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_VerifyInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 new file mode 100644 index 000000000000..6ce5eafb4085 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_VerifyInit.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_VERIFYINIT 3" +.TH EVP_VERIFYINIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_VerifyInit_ex, EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \&\- EVP signature verification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, +\& EVP_PKEY *pkey); +\& +\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature verification routines are a high level interface to digital +signatures. +.PP +\&\fBEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be created by calling +\&\fBEVP_MD_CTX_new()\fR before calling this function. +.PP +\&\fBEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +verification context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. +.PP +\&\fBEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR +and against the \fBsiglen\fR bytes at \fBsigbuf\fR. +.PP +\&\fBEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default +implementation of digest \fBtype\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBEVP_VerifyInit_ex()\fR and \fBEVP_VerifyUpdate()\fR return 1 for success and 0 for +failure. +.PP +\&\fBEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some +other error occurred. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +The call to \fBEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fBEVP_VerifyUpdate()\fR and \fBEVP_VerifyFinal()\fR can be called +later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fBEVP_MD_CTX_free()\fR or a memory leak +will occur. +.SH "BUGS" +.IX Header "BUGS" +Older versions of this documentation wrongly stated that calls to +\&\fBEVP_VerifyUpdate()\fR could not be made after calling \fBEVP_VerifyFinal()\fR. +.PP +Since the public key is passed in the call to \fBEVP_SignFinal()\fR any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through \fBEVP_SignUpdate()\fR. +.PP +It is not possible to change the signing parameters using these function. +.PP +The previous two bugs are fixed in the newer EVP_DigestVerify*() function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_SignInit\fR\|(3), +\&\fBEVP_DigestInit\fR\|(3), +\&\fBevp\fR\|(7), \s-1\fBHMAC\s0\fR\|(3), \s-1\fBMD2\s0\fR\|(3), +\&\s-1\fBMD5\s0\fR\|(3), \s-1\fBMDC2\s0\fR\|(3), \s-1\fBRIPEMD160\s0\fR\|(3), +\&\s-1\fBSHA1\s0\fR\|(3), \fBdgst\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_aes.3 b/secure/lib/libcrypto/man/man3/EVP_aes.3 new file mode 100644 index 000000000000..c79fbc05d30a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_aes.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_AES 3" +.TH EVP_AES 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_aes_128_cbc, EVP_aes_192_cbc, EVP_aes_256_cbc, EVP_aes_128_cfb, EVP_aes_192_cfb, EVP_aes_256_cfb, EVP_aes_128_cfb1, EVP_aes_192_cfb1, EVP_aes_256_cfb1, EVP_aes_128_cfb8, EVP_aes_192_cfb8, EVP_aes_256_cfb8, EVP_aes_128_cfb128, EVP_aes_192_cfb128, EVP_aes_256_cfb128, EVP_aes_128_ctr, EVP_aes_192_ctr, EVP_aes_256_ctr, EVP_aes_128_ecb, EVP_aes_192_ecb, EVP_aes_256_ecb, EVP_aes_128_ofb, EVP_aes_192_ofb, EVP_aes_256_ofb, EVP_aes_128_cbc_hmac_sha1, EVP_aes_256_cbc_hmac_sha1, EVP_aes_128_cbc_hmac_sha256, EVP_aes_256_cbc_hmac_sha256, EVP_aes_128_ccm, EVP_aes_192_ccm, EVP_aes_256_ccm, EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ocb, EVP_aes_192_ocb, EVP_aes_256_ocb, EVP_aes_128_wrap, EVP_aes_192_wrap, EVP_aes_256_wrap, EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, EVP_aes_256_wrap_pad, EVP_aes_128_xts, EVP_aes_256_xts \&\- EVP AES cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_aes_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1AES\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_aes_128_cbc()\fR, \fBEVP_aes_192_cbc()\fR, \fBEVP_aes_256_cbc()\fR, \fBEVP_aes_128_cfb()\fR, \fBEVP_aes_192_cfb()\fR, \fBEVP_aes_256_cfb()\fR, \fBEVP_aes_128_cfb1()\fR, \fBEVP_aes_192_cfb1()\fR, \fBEVP_aes_256_cfb1()\fR, \fBEVP_aes_128_cfb8()\fR, \fBEVP_aes_192_cfb8()\fR, \fBEVP_aes_256_cfb8()\fR, \fBEVP_aes_128_cfb128()\fR, \fBEVP_aes_192_cfb128()\fR, \fBEVP_aes_256_cfb128()\fR, \fBEVP_aes_128_ctr()\fR, \fBEVP_aes_192_ctr()\fR, \fBEVP_aes_256_ctr()\fR, \fBEVP_aes_128_ecb()\fR, \fBEVP_aes_192_ecb()\fR, \fBEVP_aes_256_ecb()\fR, \fBEVP_aes_128_ofb()\fR, \fBEVP_aes_192_ofb()\fR, \fBEVP_aes_256_ofb()\fR" 4 +.IX Item "EVP_aes_128_cbc(), EVP_aes_192_cbc(), EVP_aes_256_cbc(), EVP_aes_128_cfb(), EVP_aes_192_cfb(), EVP_aes_256_cfb(), EVP_aes_128_cfb1(), EVP_aes_192_cfb1(), EVP_aes_256_cfb1(), EVP_aes_128_cfb8(), EVP_aes_192_cfb8(), EVP_aes_256_cfb8(), EVP_aes_128_cfb128(), EVP_aes_192_cfb128(), EVP_aes_256_cfb128(), EVP_aes_128_ctr(), EVP_aes_192_ctr(), EVP_aes_256_ctr(), EVP_aes_128_ecb(), EVP_aes_192_ecb(), EVP_aes_256_ecb(), EVP_aes_128_ofb(), EVP_aes_192_ofb(), EVP_aes_256_ofb()" +\&\s-1AES\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with 128\-bit +shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB,\s0 and \s-1OFB.\s0 +.IP "\fBEVP_aes_128_cbc_hmac_sha1()\fR, \fBEVP_aes_256_cbc_hmac_sha1()\fR" 4 +.IX Item "EVP_aes_128_cbc_hmac_sha1(), EVP_aes_256_cbc_hmac_sha1()" +Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA\-1\s0 as \s-1HMAC,\s0 with keys of +128 and 256 bits length respectively. The authentication tag is 160 bits long. +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 +interface. +.IP "\fBEVP_aes_128_cbc_hmac_sha256()\fR, \fBEVP_aes_256_cbc_hmac_sha256()\fR" 4 +.IX Item "EVP_aes_128_cbc_hmac_sha256(), EVP_aes_256_cbc_hmac_sha256()" +Authenticated encryption with \s-1AES\s0 in \s-1CBC\s0 mode using \s-1SHA256\s0 (\s-1SHA\-2,\s0 256\-bits) as +\&\s-1HMAC,\s0 with keys of 128 and 256 bits length respectively. The authentication tag +is 256 bits long. +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 +interface. +.IP "\fBEVP_aes_128_ccm()\fR, \fBEVP_aes_192_ccm()\fR, \fBEVP_aes_256_ccm()\fR, \fBEVP_aes_128_gcm()\fR, \fBEVP_aes_192_gcm()\fR, \fBEVP_aes_256_gcm()\fR, \fBEVP_aes_128_ocb()\fR, \fBEVP_aes_192_ocb()\fR, \fBEVP_aes_256_ocb()\fR" 4 +.IX Item "EVP_aes_128_ccm(), EVP_aes_192_ccm(), EVP_aes_256_ccm(), EVP_aes_128_gcm(), EVP_aes_192_gcm(), EVP_aes_256_gcm(), EVP_aes_128_ocb(), EVP_aes_192_ocb(), EVP_aes_256_ocb()" +\&\s-1AES\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0), Galois Counter Mode +(\s-1GCM\s0) and \s-1OCB\s0 Mode respectively. These ciphers require additional control +operations to function correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) +section for details. +.IP "\fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_128_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_192_wrap_pad()\fR, \fBEVP_aes_128_wrap()\fR, \fBEVP_aes_192_wrap()\fR, \fBEVP_aes_256_wrap()\fR, \fBEVP_aes_256_wrap_pad()\fR" 4 +.IX Item "EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_128_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_192_wrap_pad(), EVP_aes_128_wrap(), EVP_aes_192_wrap(), EVP_aes_256_wrap(), EVP_aes_256_wrap_pad()" +\&\s-1AES\s0 key wrap with 128, 192 and 256 bit keys, as according to \s-1RFC 3394\s0 section +2.2.1 (\*(L"wrap\*(R") and \s-1RFC 5649\s0 section 4.1 (\*(L"wrap with padding\*(R") respectively. +.IP "\fBEVP_aes_128_xts()\fR, \fBEVP_aes_256_xts()\fR" 4 +.IX Item "EVP_aes_128_xts(), EVP_aes_256_xts()" +\&\s-1AES XTS\s0 mode (XTS-AES) is standardized in \s-1IEEE\s0 Std. 1619\-2007 and described in \s-1NIST +SP 800\-38E.\s0 The \s-1XTS\s0 (XEX-based tweaked-codebook mode with ciphertext stealing) +mode was designed by Prof. Phillip Rogaway of University of California, Davis, +intended for encrypting data on a storage device. +.Sp +XTS-AES provides confidentiality but not authentication of data. It also +requires a key of double-length for protection of a certain key size. +In particular, \s-1XTS\-AES\-128\s0 (\fBEVP_aes_128_xts\fR) takes input of a 256\-bit key to +achieve \s-1AES\s0 128\-bit security, and \s-1XTS\-AES\-256\s0 (\fBEVP_aes_256_xts\fR) takes input +of a 512\-bit key to achieve \s-1AES\s0 256\-bit security. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_aria.3 b/secure/lib/libcrypto/man/man3/EVP_aria.3 new file mode 100644 index 000000000000..65fd2843fc27 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_aria.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_ARIA 3" +.TH EVP_ARIA 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_aria_128_cbc, EVP_aria_192_cbc, EVP_aria_256_cbc, EVP_aria_128_cfb, EVP_aria_192_cfb, EVP_aria_256_cfb, EVP_aria_128_cfb1, EVP_aria_192_cfb1, EVP_aria_256_cfb1, EVP_aria_128_cfb8, EVP_aria_192_cfb8, EVP_aria_256_cfb8, EVP_aria_128_cfb128, EVP_aria_192_cfb128, EVP_aria_256_cfb128, EVP_aria_128_ctr, EVP_aria_192_ctr, EVP_aria_256_ctr, EVP_aria_128_ecb, EVP_aria_192_ecb, EVP_aria_256_ecb, EVP_aria_128_ofb, EVP_aria_192_ofb, EVP_aria_256_ofb, EVP_aria_128_ccm, EVP_aria_192_ccm, EVP_aria_256_ccm, EVP_aria_128_gcm, EVP_aria_192_gcm, EVP_aria_256_gcm, \&\- EVP ARIA cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_aria_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ARIA\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_aria_128_cbc()\fR, \fBEVP_aria_192_cbc()\fR, \fBEVP_aria_256_cbc()\fR, \fBEVP_aria_128_cfb()\fR, \fBEVP_aria_192_cfb()\fR, \fBEVP_aria_256_cfb()\fR, \fBEVP_aria_128_cfb1()\fR, \fBEVP_aria_192_cfb1()\fR, \fBEVP_aria_256_cfb1()\fR, \fBEVP_aria_128_cfb8()\fR, \fBEVP_aria_192_cfb8()\fR, \fBEVP_aria_256_cfb8()\fR, \fBEVP_aria_128_cfb128()\fR, \fBEVP_aria_192_cfb128()\fR, \fBEVP_aria_256_cfb128()\fR, \fBEVP_aria_128_ctr()\fR, \fBEVP_aria_192_ctr()\fR, \fBEVP_aria_256_ctr()\fR, \fBEVP_aria_128_ecb()\fR, \fBEVP_aria_192_ecb()\fR, \fBEVP_aria_256_ecb()\fR, \fBEVP_aria_128_ofb()\fR, \fBEVP_aria_192_ofb()\fR, \fBEVP_aria_256_ofb()\fR" 4 +.IX Item "EVP_aria_128_cbc(), EVP_aria_192_cbc(), EVP_aria_256_cbc(), EVP_aria_128_cfb(), EVP_aria_192_cfb(), EVP_aria_256_cfb(), EVP_aria_128_cfb1(), EVP_aria_192_cfb1(), EVP_aria_256_cfb1(), EVP_aria_128_cfb8(), EVP_aria_192_cfb8(), EVP_aria_256_cfb8(), EVP_aria_128_cfb128(), EVP_aria_192_cfb128(), EVP_aria_256_cfb128(), EVP_aria_128_ctr(), EVP_aria_192_ctr(), EVP_aria_256_ctr(), EVP_aria_128_ecb(), EVP_aria_192_ecb(), EVP_aria_256_ecb(), EVP_aria_128_ofb(), EVP_aria_192_ofb(), EVP_aria_256_ofb()" +\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with +128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 +.IP "\fBEVP_aria_128_ccm()\fR, \fBEVP_aria_192_ccm()\fR, \fBEVP_aria_256_ccm()\fR, \fBEVP_aria_128_gcm()\fR, \fBEVP_aria_192_gcm()\fR, \fBEVP_aria_256_gcm()\fR," 4 +.IX Item "EVP_aria_128_ccm(), EVP_aria_192_ccm(), EVP_aria_256_ccm(), EVP_aria_128_gcm(), EVP_aria_192_gcm(), EVP_aria_256_gcm()," +\&\s-1ARIA\s0 for 128, 192 and 256 bit keys in CBC-MAC Mode (\s-1CCM\s0) and Galois Counter +Mode (\s-1GCM\s0). These ciphers require additional control operations to function +correctly, see the \*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 new file mode 100644 index 000000000000..e04fc08cddb9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_bf_cbc.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BF_CBC 3" +.TH EVP_BF_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_bf_cbc, EVP_bf_cfb, EVP_bf_cfb64, EVP_bf_ecb, EVP_bf_ofb \&\- EVP Blowfish cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_bf_cbc(void) +\& const EVP_CIPHER *EVP_bf_cfb(void) +\& const EVP_CIPHER *EVP_bf_cfb64(void) +\& const EVP_CIPHER *EVP_bf_ecb(void) +\& const EVP_CIPHER *EVP_bf_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Blowfish encryption algorithm for \s-1EVP.\s0 +.PP +This is a variable key length cipher. +.IP "\fBEVP_bf_cbc()\fR, \fBEVP_bf_cfb()\fR, \fBEVP_bf_cfb64()\fR, \fBEVP_bf_ecb()\fR, \fBEVP_bf_ofb()\fR" 4 +.IX Item "EVP_bf_cbc(), EVP_bf_cfb(), EVP_bf_cfb64(), EVP_bf_ecb(), EVP_bf_ofb()" +Blowfish encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 b/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 new file mode 100644 index 000000000000..257b6707290c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_blake2b512.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_BLAKE2B512 3" +.TH EVP_BLAKE2B512 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_blake2b512, EVP_blake2s256 \&\- BLAKE2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_blake2b512(void); +\& const EVP_MD *EVP_blake2s256(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1BLAKE2\s0 is an improved version of \s-1BLAKE,\s0 which was submitted to the \s-1NIST SHA\-3\s0 +algorithm competition. The BLAKE2s and BLAKE2b algorithms are described in +\&\s-1RFC 7693.\s0 +.IP "\fBEVP_blake2s256()\fR" 4 +.IX Item "EVP_blake2s256()" +The BLAKE2s algorithm that produces a 256\-bit output from a given input. +.IP "\fBEVP_blake2b512()\fR" 4 +.IX Item "EVP_blake2b512()" +The BLAKE2b algorithm that produces a 512\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 7693.\s0 +.SH "NOTES" +.IX Header "NOTES" +While the BLAKE2b and BLAKE2s algorithms supports a variable length digest, +this implementation outputs a digest of a fixed length (the maximum length +supported), which is 512\-bits for BLAKE2b and 256\-bits for BLAKE2s. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_camellia.3 b/secure/lib/libcrypto/man/man3/EVP_camellia.3 new file mode 100644 index 000000000000..f492975343af --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_camellia.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CAMELLIA 3" +.TH EVP_CAMELLIA 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_camellia_128_cbc, EVP_camellia_192_cbc, EVP_camellia_256_cbc, EVP_camellia_128_cfb, EVP_camellia_192_cfb, EVP_camellia_256_cfb, EVP_camellia_128_cfb1, EVP_camellia_192_cfb1, EVP_camellia_256_cfb1, EVP_camellia_128_cfb8, EVP_camellia_192_cfb8, EVP_camellia_256_cfb8, EVP_camellia_128_cfb128, EVP_camellia_192_cfb128, EVP_camellia_256_cfb128, EVP_camellia_128_ctr, EVP_camellia_192_ctr, EVP_camellia_256_ctr, EVP_camellia_128_ecb, EVP_camellia_192_ecb, EVP_camellia_256_ecb, EVP_camellia_128_ofb, EVP_camellia_192_ofb, EVP_camellia_256_ofb \&\- EVP Camellia cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_camellia_128_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The Camellia encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_camellia_128_cbc()\fR, \fBEVP_camellia_192_cbc()\fR, \fBEVP_camellia_256_cbc()\fR, \fBEVP_camellia_128_cfb()\fR, \fBEVP_camellia_192_cfb()\fR, \fBEVP_camellia_256_cfb()\fR, \fBEVP_camellia_128_cfb1()\fR, \fBEVP_camellia_192_cfb1()\fR, \fBEVP_camellia_256_cfb1()\fR, \fBEVP_camellia_128_cfb8()\fR, \fBEVP_camellia_192_cfb8()\fR, \fBEVP_camellia_256_cfb8()\fR, \fBEVP_camellia_128_cfb128()\fR, \fBEVP_camellia_192_cfb128()\fR, \fBEVP_camellia_256_cfb128()\fR, \fBEVP_camellia_128_ctr()\fR, \fBEVP_camellia_192_ctr()\fR, \fBEVP_camellia_256_ctr()\fR, \fBEVP_camellia_128_ecb()\fR, \fBEVP_camellia_192_ecb()\fR, \fBEVP_camellia_256_ecb()\fR, \fBEVP_camellia_128_ofb()\fR, \fBEVP_camellia_192_ofb()\fR, \fBEVP_camellia_256_ofb()\fR" 4 +.IX Item "EVP_camellia_128_cbc(), EVP_camellia_192_cbc(), EVP_camellia_256_cbc(), EVP_camellia_128_cfb(), EVP_camellia_192_cfb(), EVP_camellia_256_cfb(), EVP_camellia_128_cfb1(), EVP_camellia_192_cfb1(), EVP_camellia_256_cfb1(), EVP_camellia_128_cfb8(), EVP_camellia_192_cfb8(), EVP_camellia_256_cfb8(), EVP_camellia_128_cfb128(), EVP_camellia_192_cfb128(), EVP_camellia_256_cfb128(), EVP_camellia_128_ctr(), EVP_camellia_192_ctr(), EVP_camellia_256_ctr(), EVP_camellia_128_ecb(), EVP_camellia_192_ecb(), EVP_camellia_256_ecb(), EVP_camellia_128_ofb(), EVP_camellia_192_ofb(), EVP_camellia_256_ofb()" +Camellia for 128, 192 and 256 bit keys in the following modes: \s-1CBC, CFB\s0 with +128\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit shift, \s-1CTR, ECB\s0 and \s-1OFB.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 new file mode 100644 index 000000000000..907808dbb23a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_cast5_cbc.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CAST5_CBC 3" +.TH EVP_CAST5_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_cast5_cbc, EVP_cast5_cfb, EVP_cast5_cfb64, EVP_cast5_ecb, EVP_cast5_ofb \&\- EVP CAST cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_cast5_cbc(void) +\& const EVP_CIPHER *EVP_cast5_cfb(void) +\& const EVP_CIPHER *EVP_cast5_cfb64(void) +\& const EVP_CIPHER *EVP_cast5_ecb(void) +\& const EVP_CIPHER *EVP_cast5_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1CAST\s0 encryption algorithm for \s-1EVP.\s0 +.PP +This is a variable key length cipher. +.IP "\fBEVP_cast5_cbc()\fR, \fBEVP_cast5_ecb()\fR, \fBEVP_cast5_cfb()\fR, \fBEVP_cast5_cfb64()\fR, \fBEVP_cast5_ofb()\fR" 4 +.IX Item "EVP_cast5_cbc(), EVP_cast5_ecb(), EVP_cast5_cfb(), EVP_cast5_cfb64(), EVP_cast5_ofb()" +\&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_chacha20.3 b/secure/lib/libcrypto/man/man3/EVP_chacha20.3 new file mode 100644 index 000000000000..0a3f1c52d8e5 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_chacha20.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_CHACHA20 3" +.TH EVP_CHACHA20 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_chacha20, EVP_chacha20_poly1305 \&\- EVP ChaCha20 stream cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_chacha20(void) +\& const EVP_CIPHER *EVP_chacha20_poly1305(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The ChaCha20 stream cipher for \s-1EVP.\s0 +.IP "\fBEVP_chacha20()\fR" 4 +.IX Item "EVP_chacha20()" +The ChaCha20 stream cipher. The key length is 256 bits, the \s-1IV\s0 is 128 bits long. +The first 32 bits consists of a counter in little-endian order followed by a 96 +bit nonce. For example a nonce of: +.Sp +000000000000000000000002 +.Sp +With an initial counter of 42 (2a in hex) would be expressed as: +.Sp +2a000000000000000000000000000002 +.IP "\fBEVP_chacha20_poly1305()\fR" 4 +.IX Item "EVP_chacha20_poly1305()" +Authenticated encryption with ChaCha20\-Poly1305. Like \fBEVP_chacha20()\fR, the key +is 256 bits and the \s-1IV\s0 is 96 bits. This supports additional authenticated data +(\s-1AAD\s0) and produces a 128\-bit authentication tag. See the +\&\*(L"\s-1AEAD\s0 Interface\*(R" in \fBEVP_EncryptInit\fR\|(3) section for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_des.3 b/secure/lib/libcrypto/man/man3/EVP_des.3 new file mode 100644 index 000000000000..2e809fa8ae20 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_des.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DES 3" +.TH EVP_DES 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_des_cbc, EVP_des_cfb, EVP_des_cfb1, EVP_des_cfb8, EVP_des_cfb64, EVP_des_ecb, EVP_des_ofb, EVP_des_ede, EVP_des_ede_cbc, EVP_des_ede_cfb, EVP_des_ede_cfb64, EVP_des_ede_ecb, EVP_des_ede_ofb, EVP_des_ede3, EVP_des_ede3_cbc, EVP_des_ede3_cfb, EVP_des_ede3_cfb1, EVP_des_ede3_cfb8, EVP_des_ede3_cfb64, EVP_des_ede3_ecb, EVP_des_ede3_ofb, EVP_des_ede3_wrap \&\- EVP DES cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_ciphername(void) +.Ve +.PP +\&\fIEVP_ciphername\fR is used a placeholder for any of the described cipher +functions, such as \fIEVP_des_cbc\fR. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1DES\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_des_cbc()\fR, \fBEVP_des_ecb()\fR, \fBEVP_des_cfb()\fR, \fBEVP_des_cfb1()\fR, \fBEVP_des_cfb8()\fR, \fBEVP_des_cfb64()\fR, \fBEVP_des_ofb()\fR" 4 +.IX Item "EVP_des_cbc(), EVP_des_ecb(), EVP_des_cfb(), EVP_des_cfb1(), EVP_des_cfb8(), EVP_des_cfb64(), EVP_des_ofb()" +\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, \s-1CFB\s0 with 8\-bit +shift and \s-1OFB\s0 modes. +.IP "\fBEVP_des_ede()\fR, \fBEVP_des_ede_cbc()\fR, \fBEVP_des_ede_cfb()\fR, \fBEVP_des_ede_cfb64()\fR, \fBEVP_des_ede_ecb()\fR, \fBEVP_des_ede_ofb()\fR" 4 +.IX Item "EVP_des_ede(), EVP_des_ede_cbc(), EVP_des_ede_cfb(), EVP_des_ede_cfb64(), EVP_des_ede_ecb(), EVP_des_ede_ofb()" +Two key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift and \s-1OFB\s0 modes. +.IP "\fBEVP_des_ede3()\fR, \fBEVP_des_ede3_cbc()\fR, \fBEVP_des_ede3_cfb()\fR, \fBEVP_des_ede3_cfb1()\fR, \fBEVP_des_ede3_cfb8()\fR, \fBEVP_des_ede3_cfb64()\fR, \fBEVP_des_ede3_ecb()\fR, \fBEVP_des_ede3_ofb()\fR" 4 +.IX Item "EVP_des_ede3(), EVP_des_ede3_cbc(), EVP_des_ede3_cfb(), EVP_des_ede3_cfb1(), EVP_des_ede3_cfb8(), EVP_des_ede3_cfb64(), EVP_des_ede3_ecb(), EVP_des_ede3_ofb()" +Three-key triple \s-1DES\s0 in \s-1ECB, CBC, CFB\s0 with 64\-bit shift, \s-1CFB\s0 with 1\-bit shift, +\&\s-1CFB\s0 with 8\-bit shift and \s-1OFB\s0 modes. +.IP "\fBEVP_des_ede3_wrap()\fR" 4 +.IX Item "EVP_des_ede3_wrap()" +Triple-DES key wrap according to \s-1RFC 3217\s0 Section 3. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 new file mode 100644 index 000000000000..4f50dd4a9ccc --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_desx_cbc.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_DESX_CBC 3" +.TH EVP_DESX_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_desx_cbc \&\- EVP DES\-X cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_desx_cbc(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The DES-X encryption algorithm for \s-1EVP.\s0 +.PP +All modes below use a key length of 128 bits and acts on blocks of 128\-bits. +.IP "\fBEVP_desx_cbc()\fR" 4 +.IX Item "EVP_desx_cbc()" +The DES-X algorithm in \s-1CBC\s0 mode. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 new file mode 100644 index 000000000000..5fca826ccf61 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_idea_cbc.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_IDEA_CBC 3" +.TH EVP_IDEA_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_idea_cbc, EVP_idea_cfb, EVP_idea_cfb64, EVP_idea_ecb, EVP_idea_ofb \&\- EVP IDEA cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_idea_cbc(void) +\& const EVP_CIPHER *EVP_idea_cfb(void) +\& const EVP_CIPHER *EVP_idea_cfb64(void) +\& const EVP_CIPHER *EVP_idea_ecb(void) +\& const EVP_CIPHER *EVP_idea_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1IDEA\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_idea_cbc()\fR, \fBEVP_idea_cfb()\fR, \fBEVP_idea_cfb64()\fR, \fBEVP_idea_ecb()\fR, \fBEVP_idea_ofb()\fR" 4 +.IX Item "EVP_idea_cbc(), EVP_idea_cfb(), EVP_idea_cfb64(), EVP_idea_ecb(), EVP_idea_ofb()" +The \s-1IDEA\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_md2.3 b/secure/lib/libcrypto/man/man3/EVP_md2.3 new file mode 100644 index 000000000000..e01f4d9e9c4e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_md2.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD2 3" +.TH EVP_MD2 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md2 \&\- MD2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md2(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD2\s0 is a cryptographic hash function standardized in \s-1RFC 1319\s0 and designed by +Ronald Rivest. +.IP "\fBEVP_md2()\fR" 4 +.IX Item "EVP_md2()" +The \s-1MD2\s0 algorithm which produces a 128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 1319.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_md4.3 b/secure/lib/libcrypto/man/man3/EVP_md4.3 new file mode 100644 index 000000000000..cfcf27ce4acb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_md4.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD4 3" +.TH EVP_MD4 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md4 \&\- MD4 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md4(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD4\s0 is a cryptographic hash function standardized in \s-1RFC 1320\s0 and designed by +Ronald Rivest, first published in 1990. +.IP "\fBEVP_md4()\fR" 4 +.IX Item "EVP_md4()" +The \s-1MD4\s0 algorithm which produces a 128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 1320.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_md5.3 b/secure/lib/libcrypto/man/man3/EVP_md5.3 new file mode 100644 index 000000000000..f512a8de247c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_md5.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MD5 3" +.TH EVP_MD5 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_md5, EVP_md5_sha1 \&\- MD5 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_md5(void); +\& const EVP_MD *EVP_md5_sha1(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD5\s0 is a cryptographic hash function standardized in \s-1RFC 1321\s0 and designed by +Ronald Rivest. +.PP +The \s-1CMU\s0 Software Engineering Institute considers \s-1MD5\s0 unsuitable for further +use since its security has been severely compromised. +.IP "\fBEVP_md5()\fR" 4 +.IX Item "EVP_md5()" +The \s-1MD5\s0 algorithm which produces a 128\-bit output from a given input. +.IP "\fBEVP_md5_sha1()\fR" 4 +.IX Item "EVP_md5_sha1()" +A hash algorithm of \s-1SSL\s0 v3 that combines \s-1MD5\s0 with \s-1SHA\-1\s0 as described in \s-1RFC +6101.\s0 +.Sp +\&\s-1WARNING:\s0 this algorithm is not intended for non-SSL usage. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1IETF RFC 1321.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_mdc2.3 b/secure/lib/libcrypto/man/man3/EVP_mdc2.3 new file mode 100644 index 000000000000..2f76da399c2d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_mdc2.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_MDC2 3" +.TH EVP_MDC2 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_mdc2 \&\- MDC\-2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_mdc2(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MDC\-2\s0 (Modification Detection Code 2 or Meyer-Schilling) is a cryptographic +hash function based on a block cipher. +.IP "\fBEVP_mdc2()\fR" 4 +.IX Item "EVP_mdc2()" +The \s-1MDC\-2DES\s0 algorithm of using \s-1MDC\-2\s0 with the \s-1DES\s0 block cipher. It produces a +128\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 new file mode 100644 index 000000000000..7129201573a3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_rc2_cbc.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC2_CBC 3" +.TH EVP_RC2_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc2_cbc, EVP_rc2_cfb, EVP_rc2_cfb64, EVP_rc2_ecb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc \&\- EVP RC2 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc2_cbc(void) +\& const EVP_CIPHER *EVP_rc2_cfb(void) +\& const EVP_CIPHER *EVP_rc2_cfb64(void) +\& const EVP_CIPHER *EVP_rc2_ecb(void) +\& const EVP_CIPHER *EVP_rc2_ofb(void) +\& const EVP_CIPHER *EVP_rc2_40_cbc(void) +\& const EVP_CIPHER *EVP_rc2_64_cbc(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC2\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_rc2_cbc()\fR, \fBEVP_rc2_cfb()\fR, \fBEVP_rc2_cfb64()\fR, \fBEVP_rc2_ecb()\fR, \fBEVP_rc2_ofb()\fR" 4 +.IX Item "EVP_rc2_cbc(), EVP_rc2_cfb(), EVP_rc2_cfb64(), EVP_rc2_ecb(), EVP_rc2_ofb()" +\&\s-1RC2\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a +variable key length cipher with an additional parameter called \*(L"effective key +bits\*(R" or \*(L"effective key length\*(R". By default both are set to 128 bits. +.IP "\fBEVP_rc2_40_cbc()\fR, \fBEVP_rc2_64_cbc()\fR" 4 +.IX Item "EVP_rc2_40_cbc(), EVP_rc2_64_cbc()" +\&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of +40 and 64 bits. +.Sp +\&\s-1WARNING:\s0 these functions are obsolete. Their usage should be replaced with the +\&\fBEVP_rc2_cbc()\fR, \fBEVP_CIPHER_CTX_set_key_length()\fR and \fBEVP_CIPHER_CTX_ctrl()\fR +functions to set the key length and effective key length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_rc4.3 b/secure/lib/libcrypto/man/man3/EVP_rc4.3 new file mode 100644 index 000000000000..ddf2d5153416 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_rc4.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC4 3" +.TH EVP_RC4 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc4, EVP_rc4_40, EVP_rc4_hmac_md5 \&\- EVP RC4 stream cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc4(void) +\& const EVP_CIPHER *EVP_rc4_40(void) +\& const EVP_CIPHER *EVP_rc4_hmac_md5(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC4\s0 stream cipher for \s-1EVP.\s0 +.IP "\fBEVP_rc4()\fR" 4 +.IX Item "EVP_rc4()" +\&\s-1RC4\s0 stream cipher. This is a variable key length cipher with a default key +length of 128 bits. +.IP "\fBEVP_rc4_40()\fR" 4 +.IX Item "EVP_rc4_40()" +\&\s-1RC4\s0 stream cipher with 40 bit key length. +.Sp +\&\s-1WARNING:\s0 this function is obsolete. Its usage should be replaced with the +\&\fBEVP_rc4()\fR and the \fBEVP_CIPHER_CTX_set_key_length()\fR functions. +.IP "\fBEVP_rc4_hmac_md5()\fR" 4 +.IX Item "EVP_rc4_hmac_md5()" +Authenticated encryption with the \s-1RC4\s0 stream cipher with \s-1MD5\s0 as \s-1HMAC.\s0 +.Sp +\&\s-1WARNING:\s0 this is not intended for usage outside of \s-1TLS\s0 and requires calling of +some undocumented ctrl functions. These ciphers do not conform to the \s-1EVP AEAD\s0 +interface. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 new file mode 100644 index 000000000000..a6d21839c41c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_rc5_32_12_16_cbc.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RC5_32_12_16_CBC 3" +.TH EVP_RC5_32_12_16_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_rc5_32_12_16_cbc, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_cfb64, EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_ofb \&\- EVP RC5 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void) +\& const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1RC5\s0 encryption algorithm for \s-1EVP.\s0 +.IP "\fBEVP_rc5_32_12_16_cbc()\fR, \fBEVP_rc5_32_12_16_cfb()\fR, \fBEVP_rc5_32_12_16_cfb64()\fR, \fBEVP_rc5_32_12_16_ecb()\fR, \fBEVP_rc5_32_12_16_ofb()\fR" 4 +.IX Item "EVP_rc5_32_12_16_cbc(), EVP_rc5_32_12_16_cfb(), EVP_rc5_32_12_16_cfb64(), EVP_rc5_32_12_16_ecb(), EVP_rc5_32_12_16_ofb()" +\&\s-1RC5\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. This is a +variable key length cipher with an additional \*(L"number of rounds\*(R" parameter. By +default the key length is set to 128 bits and 12 rounds. Alternative key lengths +can be set using \fBEVP_CIPHER_CTX_set_key_length\fR\|(3). The maximum key length is +2040 bits. +.Sp +The following rc5 specific \fIctrl\fRs are supported (see +\&\fBEVP_CIPHER_CTX_ctrl\fR\|(3)). +.RS 4 +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_SET_RC5_ROUNDS,\s0 rounds, \s-1NULL\s0)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, rounds, NULL)" +Sets the number of rounds to \fBrounds\fR. This must be one of \s-1RC5_8_ROUNDS, +RC5_12_ROUNDS\s0 or \s-1RC5_16_ROUNDS.\s0 +.IP "EVP_CIPHER_CTX_ctrl(ctx, \s-1EVP_CTRL_GET_RC5_ROUNDS, 0,\s0 &rounds)" 4 +.IX Item "EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &rounds)" +Stores the number of rounds currently configured in \fB*rounds\fR where \fB*rounds\fR +is an int. +.RE +.RS 4 +.RE +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 b/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 new file mode 100644 index 000000000000..8380f78ef3a5 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_ripemd160.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_RIPEMD160 3" +.TH EVP_RIPEMD160 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_ripemd160 \&\- RIPEMD160 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_ripemd160(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RIPEMD\-160\s0 is a cryptographic hash function first published in 1996 belonging +to the \s-1RIPEMD\s0 family (\s-1RACE\s0 Integrity Primitives Evaluation Message Digest). +.IP "\fBEVP_ripemd160()\fR" 4 +.IX Item "EVP_ripemd160()" +The \s-1RIPEMD\-160\s0 algorithm which produces a 160\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 new file mode 100644 index 000000000000..6dd6417db97f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_seed_cbc.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SEED_CBC 3" +.TH EVP_SEED_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_seed_cbc, EVP_seed_cfb, EVP_seed_cfb128, EVP_seed_ecb, EVP_seed_ofb \&\- EVP SEED cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_seed_cbc(void) +\& const EVP_CIPHER *EVP_seed_cfb(void) +\& const EVP_CIPHER *EVP_seed_cfb128(void) +\& const EVP_CIPHER *EVP_seed_ecb(void) +\& const EVP_CIPHER *EVP_seed_ofb(void) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SEED\s0 encryption algorithm for \s-1EVP.\s0 +.PP +All modes below use a key length of 128 bits and acts on blocks of 128\-bits. +.IP "\fBEVP_seed_cbc()\fR, \fBEVP_seed_cfb()\fR, \fBEVP_seed_cfb128()\fR, \fBEVP_seed_ecb()\fR, \fBEVP_seed_ofb()\fR" 4 +.IX Item "EVP_seed_cbc(), EVP_seed_cfb(), EVP_seed_cfb128(), EVP_seed_ecb(), EVP_seed_ofb()" +The \s-1SEED\s0 encryption algorithm in \s-1CBC, CFB, ECB\s0 and \s-1OFB\s0 modes respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return an \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_sha1.3 b/secure/lib/libcrypto/man/man3/EVP_sha1.3 new file mode 100644 index 000000000000..fd688d5f4c04 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_sha1.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA1 3" +.TH EVP_SHA1 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha1 \&\- SHA\-1 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha1(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-1\s0 (Secure Hash Algorithm 1) is a cryptographic hash function standardized +in \s-1NIST FIPS 180\-4.\s0 The algorithm was designed by the United States National +Security Agency and initially published in 1995. +.IP "\fBEVP_sha1()\fR" 4 +.IX Item "EVP_sha1()" +The \s-1SHA\-1\s0 algorithm which produces a 160\-bit output from a given input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST FIPS 180\-4.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_sha224.3 b/secure/lib/libcrypto/man/man3/EVP_sha224.3 new file mode 100644 index 000000000000..3863fcdba82c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_sha224.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA224 3" +.TH EVP_SHA224 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha224, EVP_sha256, EVP_sha512_224, EVP_sha512_256, EVP_sha384, EVP_sha512 \&\- SHA\-2 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha224(void); +\& const EVP_MD *EVP_sha256(void); +\& const EVP_MD *EVP_sha512_224(void); +\& const EVP_MD *EVP_sha512_256(void); +\& const EVP_MD *EVP_sha384(void); +\& const EVP_MD *EVP_sha512(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-2\s0 (Secure Hash Algorithm 2) is a family of cryptographic hash functions +standardized in \s-1NIST FIPS 180\-4,\s0 first published in 2001. +.IP "\fBEVP_sha224()\fR, \fBEVP_sha256()\fR, EVP_sha512_224, EVP_sha512_256, \fBEVP_sha384()\fR, \fBEVP_sha512()\fR" 4 +.IX Item "EVP_sha224(), EVP_sha256(), EVP_sha512_224, EVP_sha512_256, EVP_sha384(), EVP_sha512()" +The \s-1SHA\-2 SHA\-224, SHA\-256, SHA\-512/224, SHA512/256, SHA\-384\s0 and \s-1SHA\-512\s0 +algorithms, which generate 224, 256, 224, 256, 384 and 512 bits +respectively of output from a given input. +.Sp +The two algorithms: \s-1SHA\-512/224\s0 and \s-1SHA512/256\s0 are truncated forms of the +\&\s-1SHA\-512\s0 algorithm. They are distinct from \s-1SHA\-224\s0 and \s-1SHA\-256\s0 even though +their outputs are of the same size. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST FIPS 180\-4.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 b/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 new file mode 100644 index 000000000000..80912d1f03f4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_sha3_224.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SHA3_224 3" +.TH EVP_SHA3_224 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sha3_224, EVP_sha3_256, EVP_sha3_384, EVP_sha3_512, EVP_shake128, EVP_shake256 \&\- SHA\-3 For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sha3_224(void); +\& const EVP_MD *EVP_sha3_256(void); +\& const EVP_MD *EVP_sha3_384(void); +\& const EVP_MD *EVP_sha3_512(void); +\& +\& const EVP_MD *EVP_shake128(void); +\& const EVP_MD *EVP_shake256(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA\-3\s0 (Secure Hash Algorithm 3) is a family of cryptographic hash functions +standardized in \s-1NIST FIPS 202,\s0 first published in 2015. It is based on the +Keccak algorithm. +.IP "\fBEVP_sha3_224()\fR, \fBEVP_sha3_256()\fR, \fBEVP_sha3_384()\fR, \fBEVP_sha3_512()\fR" 4 +.IX Item "EVP_sha3_224(), EVP_sha3_256(), EVP_sha3_384(), EVP_sha3_512()" +The \s-1SHA\-3 SHA\-3\-224, SHA\-3\-256, SHA\-3\-384,\s0 and \s-1SHA\-3\-512\s0 algorithms +respectively. They produce 224, 256, 384 and 512 bits of output from a given +input. +.IP "\fBEVP_shake128()\fR, \fBEVP_shake256()\fR" 4 +.IX Item "EVP_shake128(), EVP_shake256()" +The \s-1SHAKE\-128\s0 and \s-1SHAKE\-256\s0 Extendable Output Functions (\s-1XOF\s0) that can generate +a variable hash length. +.Sp +Specifically, \fBEVP_shake128\fR provides an overall security of 128 bits, while +\&\fBEVP_shake256\fR provides that of 256 bits. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1NIST FIPS 202.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_sm3.3 b/secure/lib/libcrypto/man/man3/EVP_sm3.3 new file mode 100644 index 000000000000..b43489ffe60e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_sm3.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SM3 3" +.TH EVP_SM3 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sm3 \&\- SM3 for EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_sm3(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SM3\s0 is a cryptographic hash function with a 256\-bit output, defined in \s-1GB/T +32905\-2016.\s0 +.IP "\fBEVP_sm3()\fR" 4 +.IX Item "EVP_sm3()" +The \s-1SM3\s0 hash function. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1GB/T 32905\-2016\s0 and \s-1GM/T 0004\-2012.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 b/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 new file mode 100644 index 000000000000..f1bb99f33e4a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_sm4_cbc.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_SM4_CBC 3" +.TH EVP_SM4_CBC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_sm4_cbc, EVP_sm4_ecb, EVP_sm4_cfb, EVP_sm4_cfb128, EVP_sm4_ofb, EVP_sm4_ctr \&\- EVP SM4 cipher +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_CIPHER *EVP_sm4_cbc(void); +\& const EVP_CIPHER *EVP_sm4_ecb(void); +\& const EVP_CIPHER *EVP_sm4_cfb(void); +\& const EVP_CIPHER *EVP_sm4_cfb128(void); +\& const EVP_CIPHER *EVP_sm4_ofb(void); +\& const EVP_CIPHER *EVP_sm4_ctr(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SM4\s0 blockcipher (\s-1GB/T 32907\-2016\s0) for \s-1EVP.\s0 +.PP +All modes below use a key length of 128 bits and acts on blocks of 128 bits. +.IP "\fBEVP_sm4_cbc()\fR, \fBEVP_sm4_ecb()\fR, \fBEVP_sm4_cfb()\fR, \fBEVP_sm4_cfb128()\fR, \fBEVP_sm4_ofb()\fR, \fBEVP_sm4_ctr()\fR" 4 +.IX Item "EVP_sm4_cbc(), EVP_sm4_ecb(), EVP_sm4_cfb(), EVP_sm4_cfb128(), EVP_sm4_ofb(), EVP_sm4_ctr()" +The \s-1SM4\s0 blockcipher with a 128\-bit key in \s-1CBC, ECB, CFB, OFB\s0 and \s-1CTR\s0 modes +respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_CIPHER\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_CIPHER_meth_new\fR\|(3) for +details of the \fB\s-1EVP_CIPHER\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_CIPHER_meth_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017 Ribose Inc. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 b/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 new file mode 100644 index 000000000000..3b8c83942c32 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/EVP_whirlpool.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP_WHIRLPOOL 3" +.TH EVP_WHIRLPOOL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +EVP_whirlpool \&\- WHIRLPOOL For EVP +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const EVP_MD *EVP_whirlpool(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1WHIRLPOOL\s0 is a cryptographic hash function standardized in \s-1ISO/IEC 10118\-3:2004\s0 +designed by Vincent Rijmen and Paulo S. L. M. Barreto. +.IP "\fBEVP_whirlpool()\fR" 4 +.IX Item "EVP_whirlpool()" +The \s-1WHIRLPOOL\s0 algorithm that produces a message digest of 512\-bits from a given +input. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return a \fB\s-1EVP_MD\s0\fR structure that contains the +implementation of the symmetric cipher. See \fBEVP_MD_meth_new\fR\|(3) for +details of the \fB\s-1EVP_MD\s0\fR structure. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-3:2004.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/HMAC.3 b/secure/lib/libcrypto/man/man3/HMAC.3 new file mode 100644 index 000000000000..4ff9e1ddcc84 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/HMAC.3 @@ -0,0 +1,279 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "HMAC 3" +.TH HMAC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +HMAC, HMAC_CTX_new, HMAC_CTX_reset, HMAC_CTX_free, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_copy, HMAC_CTX_set_flags, HMAC_CTX_get_md, HMAC_size \&\- HMAC message authentication code +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned char *HMAC(const EVP_MD *evp_md, const void *key, +\& int key_len, const unsigned char *d, int n, +\& unsigned char *md, unsigned int *md_len); +\& +\& HMAC_CTX *HMAC_CTX_new(void); +\& int HMAC_CTX_reset(HMAC_CTX *ctx); +\& +\& int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md, ENGINE *impl); +\& int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); +\& int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +\& +\& void HMAC_CTX_free(HMAC_CTX *ctx); +\& +\& int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); +\& void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +\& const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); +\& +\& size_t HMAC_size(const HMAC_CTX *e); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash +function used for message authentication, which is based on a hash +function. +.PP +\&\s-1\fBHMAC\s0()\fR computes the message authentication code of the \fBn\fR bytes at +\&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is +\&\fBkey_len\fR bytes long. +.PP +It places the result in \fBmd\fR (which must have space for the output of +the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes). +If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of +the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. Note: passing a \s-1NULL\s0 +value for \fBmd\fR to use the static array is not thread safe. +.PP +\&\fBevp_md\fR is a message digest such as \fBEVP_sha1()\fR, \fBEVP_ripemd160()\fR etc. \s-1HMAC\s0 does +not support variable output length digests such as \fBEVP_shake128()\fR and +\&\fBEVP_shake256()\fR. +.PP +\&\fBHMAC_CTX_new()\fR creates a new \s-1HMAC_CTX\s0 in heap memory. +.PP +\&\fBHMAC_CTX_reset()\fR zeroes an existing \fB\s-1HMAC_CTX\s0\fR and associated +resources, making it suitable for new computations as if it was newly +created with \fBHMAC_CTX_new()\fR. +.PP +\&\fBHMAC_CTX_free()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR, +releases any associated resources and finally frees the \fB\s-1HMAC_CTX\s0\fR +itself. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL,\s0 or if \fBkey\fR is \s-1NULL\s0 +and \fBevp_md\fR is the same as the previous call, then the +existing key is +reused. \fBctx\fR must have been created with \fBHMAC_CTX_new()\fR before the first use +of an \fB\s-1HMAC_CTX\s0\fR in this function. +.PP +If \fBHMAC_Init_ex()\fR is called with \fBkey\fR \s-1NULL\s0 and \fBevp_md\fR is not the +same as the previous digest used by \fBctx\fR then an error is returned +because reuse of an existing key with a different digest is not supported. +.PP +\&\fBHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes +long. +.PP +\&\fBHMAC_Update()\fR can be called repeatedly with chunks of the message to +be authenticated (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBHMAC_Final()\fR places the message authentication code in \fBmd\fR, which +must have space for the hash function output. +.PP +\&\fBHMAC_CTX_copy()\fR copies all of the internal state from \fBsctx\fR into \fBdctx\fR. +.PP +\&\fBHMAC_CTX_set_flags()\fR applies the specified flags to the internal EVP_MD_CTXs. +These flags have the same meaning as for \fBEVP_MD_CTX_set_flags\fR\|(3). +.PP +\&\fBHMAC_CTX_get_md()\fR returns the \s-1EVP_MD\s0 that has previously been set for the +supplied \s-1HMAC_CTX.\s0 +.PP +\&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBHMAC\s0()\fR returns a pointer to the message authentication code or \s-1NULL\s0 if +an error occurred. +.PP +\&\fBHMAC_CTX_new()\fR returns a pointer to a new \fB\s-1HMAC_CTX\s0\fR on success or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBHMAC_CTX_reset()\fR, \fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR, \fBHMAC_Final()\fR and +\&\fBHMAC_CTX_copy()\fR return 1 for success or 0 if an error occurred. +.PP +\&\fBHMAC_CTX_get_md()\fR return the \s-1EVP_MD\s0 previously set for the supplied \s-1HMAC_CTX\s0 or +\&\s-1NULL\s0 if no \s-1EVP_MD\s0 has been set. +.PP +\&\fBHMAC_size()\fR returns the length in bytes of the underlying hash function output +or zero on error. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 2104\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBSHA1\s0\fR\|(3), \fBevp\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBHMAC_CTX_init()\fR was replaced with \fBHMAC_CTX_reset()\fR in OpenSSL 1.1.0. +.PP +\&\fBHMAC_CTX_cleanup()\fR existed in OpenSSL before version 1.1.0. +.PP +\&\fBHMAC_CTX_new()\fR, \fBHMAC_CTX_free()\fR and \fBHMAC_CTX_get_md()\fR are new in OpenSSL 1.1.0. +.PP +\&\fBHMAC_Init_ex()\fR, \fBHMAC_Update()\fR and \fBHMAC_Final()\fR did not return values in +OpenSSL before version 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/MD5.3 b/secure/lib/libcrypto/man/man3/MD5.3 new file mode 100644 index 000000000000..3d127a9e504f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/MD5.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "MD5 3" +.TH MD5 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD2_Init(MD2_CTX *c); +\& int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); +\& int MD2_Final(unsigned char *md, MD2_CTX *c); +\& +\& +\& #include +\& +\& unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD4_Init(MD4_CTX *c); +\& int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); +\& int MD4_Final(unsigned char *md, MD4_CTX *c); +\& +\& +\& #include +\& +\& unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); +\& +\& int MD5_Init(MD5_CTX *c); +\& int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); +\& int MD5_Final(unsigned char *md, MD5_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. +.PP +\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest +of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space +for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 +bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static +array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. +.PP +\&\fBMD2_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBMD2_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR. +.PP +\&\fBMD4_Init()\fR, \fBMD4_Update()\fR, \fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and +\&\fBMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. +.PP +Applications should use the higher level functions +\&\fBEVP_DigestInit\fR\|(3) +etc. instead of calling the hash functions directly. +.SH "NOTE" +.IX Header "NOTE" +\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are recommended only for compatibility with existing +applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be +preferred. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBMD2\s0()\fR, \s-1\fBMD4\s0()\fR, and \s-1\fBMD5\s0()\fR return pointers to the hash value. +.PP +\&\fBMD2_Init()\fR, \fBMD2_Update()\fR, \fBMD2_Final()\fR, \fBMD4_Init()\fR, \fBMD4_Update()\fR, +\&\fBMD4_Final()\fR, \fBMD5_Init()\fR, \fBMD5_Update()\fR, and \fBMD5_Final()\fR return 1 for +success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 1319, RFC 1320, RFC 1321\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/MDC2_Init.3 b/secure/lib/libcrypto/man/man3/MDC2_Init.3 new file mode 100644 index 000000000000..eec665c12704 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/MDC2_Init.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "MDC2_INIT 3" +.TH MDC2_INIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned char *MDC2(const unsigned char *d, unsigned long n, +\& unsigned char *md); +\& +\& int MDC2_Init(MDC2_CTX *c); +\& int MDC2_Update(MDC2_CTX *c, const unsigned char *data, +\& unsigned long len); +\& int MDC2_Final(unsigned char *md, MDC2_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from +block ciphers. These functions are an implementation of \s-1MDC2\s0 with +\&\s-1DES.\s0 +.PP +\&\s-1\fBMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. +.PP +\&\fBMDC2_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR. +.PP +Applications should use the higher level functions +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the +hash functions directly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBMDC2\s0()\fR returns a pointer to the hash value. +.PP +\&\fBMDC2_Init()\fR, \fBMDC2_Update()\fR and \fBMDC2_Final()\fR return 1 for success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-2:2000\s0 Hash-Function 2, with \s-1DES\s0 as the underlying block cipher. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/Makefile b/secure/lib/libcrypto/man/man3/Makefile new file mode 100644 index 000000000000..da6c0c8a8e88 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/Makefile @@ -0,0 +1,3806 @@ +# $FreeBSD$ +MAN+= ADMISSIONS.3 +MAN+= ASN1_INTEGER_get_int64.3 +MAN+= ASN1_ITEM_lookup.3 +MAN+= ASN1_OBJECT_new.3 +MAN+= ASN1_STRING_TABLE_add.3 +MAN+= ASN1_STRING_length.3 +MAN+= ASN1_STRING_new.3 +MAN+= ASN1_STRING_print_ex.3 +MAN+= ASN1_TIME_set.3 +MAN+= ASN1_TYPE_get.3 +MAN+= ASN1_generate_nconf.3 +MAN+= ASYNC_WAIT_CTX_new.3 +MAN+= ASYNC_start_job.3 +MAN+= BF_encrypt.3 +MAN+= BIO_ADDR.3 +MAN+= BIO_ADDRINFO.3 +MAN+= BIO_connect.3 +MAN+= BIO_ctrl.3 +MAN+= BIO_f_base64.3 +MAN+= BIO_f_buffer.3 +MAN+= BIO_f_cipher.3 +MAN+= BIO_f_md.3 +MAN+= BIO_f_null.3 +MAN+= BIO_f_ssl.3 +MAN+= BIO_find_type.3 +MAN+= BIO_get_data.3 +MAN+= BIO_get_ex_new_index.3 +MAN+= BIO_meth_new.3 +MAN+= BIO_new.3 +MAN+= BIO_new_CMS.3 +MAN+= BIO_parse_hostserv.3 +MAN+= BIO_printf.3 +MAN+= BIO_push.3 +MAN+= BIO_read.3 +MAN+= BIO_s_accept.3 +MAN+= BIO_s_bio.3 +MAN+= BIO_s_connect.3 +MAN+= BIO_s_fd.3 +MAN+= BIO_s_file.3 +MAN+= BIO_s_mem.3 +MAN+= BIO_s_null.3 +MAN+= BIO_s_socket.3 +MAN+= BIO_set_callback.3 +MAN+= BIO_should_retry.3 +MAN+= BN_BLINDING_new.3 +MAN+= BN_CTX_new.3 +MAN+= BN_CTX_start.3 +MAN+= BN_add.3 +MAN+= BN_add_word.3 +MAN+= BN_bn2bin.3 +MAN+= BN_cmp.3 +MAN+= BN_copy.3 +MAN+= BN_generate_prime.3 +MAN+= BN_mod_inverse.3 +MAN+= BN_mod_mul_montgomery.3 +MAN+= BN_mod_mul_reciprocal.3 +MAN+= BN_new.3 +MAN+= BN_num_bytes.3 +MAN+= BN_rand.3 +MAN+= BN_security_bits.3 +MAN+= BN_set_bit.3 +MAN+= BN_swap.3 +MAN+= BN_zero.3 +MAN+= BUF_MEM_new.3 +MAN+= CMS_add0_cert.3 +MAN+= CMS_add1_recipient_cert.3 +MAN+= CMS_add1_signer.3 +MAN+= CMS_compress.3 +MAN+= CMS_decrypt.3 +MAN+= CMS_encrypt.3 +MAN+= CMS_final.3 +MAN+= CMS_get0_RecipientInfos.3 +MAN+= CMS_get0_SignerInfos.3 +MAN+= CMS_get0_type.3 +MAN+= CMS_get1_ReceiptRequest.3 +MAN+= CMS_sign.3 +MAN+= CMS_sign_receipt.3 +MAN+= CMS_uncompress.3 +MAN+= CMS_verify.3 +MAN+= CMS_verify_receipt.3 +MAN+= CONF_modules_free.3 +MAN+= CONF_modules_load_file.3 +MAN+= CRYPTO_THREAD_run_once.3 +MAN+= CRYPTO_get_ex_new_index.3 +MAN+= CRYPTO_memcmp.3 +MAN+= CTLOG_STORE_get0_log_by_id.3 +MAN+= CTLOG_STORE_new.3 +MAN+= CTLOG_new.3 +MAN+= CT_POLICY_EVAL_CTX_new.3 +MAN+= DEFINE_STACK_OF.3 +MAN+= DES_random_key.3 +MAN+= DH_generate_key.3 +MAN+= DH_generate_parameters.3 +MAN+= DH_get0_pqg.3 +MAN+= DH_get_1024_160.3 +MAN+= DH_meth_new.3 +MAN+= DH_new.3 +MAN+= DH_new_by_nid.3 +MAN+= DH_set_method.3 +MAN+= DH_size.3 +MAN+= DSA_SIG_new.3 +MAN+= DSA_do_sign.3 +MAN+= DSA_dup_DH.3 +MAN+= DSA_generate_key.3 +MAN+= DSA_generate_parameters.3 +MAN+= DSA_get0_pqg.3 +MAN+= DSA_meth_new.3 +MAN+= DSA_new.3 +MAN+= DSA_set_method.3 +MAN+= DSA_sign.3 +MAN+= DSA_size.3 +MAN+= DTLS_get_data_mtu.3 +MAN+= DTLS_set_timer_cb.3 +MAN+= DTLSv1_listen.3 +MAN+= ECDSA_SIG_new.3 +MAN+= ECPKParameters_print.3 +MAN+= EC_GFp_simple_method.3 +MAN+= EC_GROUP_copy.3 +MAN+= EC_GROUP_new.3 +MAN+= EC_KEY_get_enc_flags.3 +MAN+= EC_KEY_new.3 +MAN+= EC_POINT_add.3 +MAN+= EC_POINT_new.3 +MAN+= ENGINE_add.3 +MAN+= ERR_GET_LIB.3 +MAN+= ERR_clear_error.3 +MAN+= ERR_error_string.3 +MAN+= ERR_get_error.3 +MAN+= ERR_load_crypto_strings.3 +MAN+= ERR_load_strings.3 +MAN+= ERR_print_errors.3 +MAN+= ERR_put_error.3 +MAN+= ERR_remove_state.3 +MAN+= ERR_set_mark.3 +MAN+= EVP_BytesToKey.3 +MAN+= EVP_CIPHER_CTX_get_cipher_data.3 +MAN+= EVP_CIPHER_meth_new.3 +MAN+= EVP_DigestInit.3 +MAN+= EVP_DigestSignInit.3 +MAN+= EVP_DigestVerifyInit.3 +MAN+= EVP_EncodeInit.3 +MAN+= EVP_EncryptInit.3 +MAN+= EVP_MD_meth_new.3 +MAN+= EVP_OpenInit.3 +MAN+= EVP_PKEY_ASN1_METHOD.3 +MAN+= EVP_PKEY_CTX_ctrl.3 +MAN+= EVP_PKEY_CTX_new.3 +MAN+= EVP_PKEY_CTX_set1_pbe_pass.3 +MAN+= EVP_PKEY_CTX_set_hkdf_md.3 +MAN+= EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 +MAN+= EVP_PKEY_CTX_set_scrypt_N.3 +MAN+= EVP_PKEY_CTX_set_tls1_prf_md.3 +MAN+= EVP_PKEY_asn1_get_count.3 +MAN+= EVP_PKEY_cmp.3 +MAN+= EVP_PKEY_decrypt.3 +MAN+= EVP_PKEY_derive.3 +MAN+= EVP_PKEY_encrypt.3 +MAN+= EVP_PKEY_get_default_digest_nid.3 +MAN+= EVP_PKEY_keygen.3 +MAN+= EVP_PKEY_meth_get_count.3 +MAN+= EVP_PKEY_meth_new.3 +MAN+= EVP_PKEY_new.3 +MAN+= EVP_PKEY_print_private.3 +MAN+= EVP_PKEY_set1_RSA.3 +MAN+= EVP_PKEY_sign.3 +MAN+= EVP_PKEY_verify.3 +MAN+= EVP_PKEY_verify_recover.3 +MAN+= EVP_SealInit.3 +MAN+= EVP_SignInit.3 +MAN+= EVP_VerifyInit.3 +MAN+= EVP_aes.3 +MAN+= EVP_aria.3 +MAN+= EVP_bf_cbc.3 +MAN+= EVP_blake2b512.3 +MAN+= EVP_camellia.3 +MAN+= EVP_cast5_cbc.3 +MAN+= EVP_chacha20.3 +MAN+= EVP_des.3 +MAN+= EVP_desx_cbc.3 +MAN+= EVP_idea_cbc.3 +MAN+= EVP_md2.3 +MAN+= EVP_md4.3 +MAN+= EVP_md5.3 +MAN+= EVP_mdc2.3 +MAN+= EVP_rc2_cbc.3 +MAN+= EVP_rc4.3 +MAN+= EVP_rc5_32_12_16_cbc.3 +MAN+= EVP_ripemd160.3 +MAN+= EVP_seed_cbc.3 +MAN+= EVP_sha1.3 +MAN+= EVP_sha224.3 +MAN+= EVP_sha3_224.3 +MAN+= EVP_sm3.3 +MAN+= EVP_sm4_cbc.3 +MAN+= EVP_whirlpool.3 +MAN+= HMAC.3 +MAN+= MD5.3 +MAN+= MDC2_Init.3 +MAN+= OBJ_nid2obj.3 +MAN+= OCSP_REQUEST_new.3 +MAN+= OCSP_cert_to_id.3 +MAN+= OCSP_request_add1_nonce.3 +MAN+= OCSP_resp_find_status.3 +MAN+= OCSP_response_status.3 +MAN+= OCSP_sendreq_new.3 +MAN+= OPENSSL_Applink.3 +MAN+= OPENSSL_LH_COMPFUNC.3 +MAN+= OPENSSL_LH_stats.3 +MAN+= OPENSSL_VERSION_NUMBER.3 +MAN+= OPENSSL_config.3 +MAN+= OPENSSL_fork_prepare.3 +MAN+= OPENSSL_ia32cap.3 +MAN+= OPENSSL_init_crypto.3 +MAN+= OPENSSL_init_ssl.3 +MAN+= OPENSSL_instrument_bus.3 +MAN+= OPENSSL_load_builtin_modules.3 +MAN+= OPENSSL_malloc.3 +MAN+= OPENSSL_secure_malloc.3 +MAN+= OSSL_STORE_INFO.3 +MAN+= OSSL_STORE_LOADER.3 +MAN+= OSSL_STORE_SEARCH.3 +MAN+= OSSL_STORE_expect.3 +MAN+= OSSL_STORE_open.3 +MAN+= OpenSSL_add_all_algorithms.3 +MAN+= PEM_bytes_read_bio.3 +MAN+= PEM_read.3 +MAN+= PEM_read_CMS.3 +MAN+= PEM_read_bio_PrivateKey.3 +MAN+= PEM_read_bio_ex.3 +MAN+= PEM_write_bio_CMS_stream.3 +MAN+= PEM_write_bio_PKCS7_stream.3 +MAN+= PKCS12_create.3 +MAN+= PKCS12_newpass.3 +MAN+= PKCS12_parse.3 +MAN+= PKCS5_PBKDF2_HMAC.3 +MAN+= PKCS7_decrypt.3 +MAN+= PKCS7_encrypt.3 +MAN+= PKCS7_sign.3 +MAN+= PKCS7_sign_add_signer.3 +MAN+= PKCS7_verify.3 +MAN+= RAND_DRBG_generate.3 +MAN+= RAND_DRBG_get0_master.3 +MAN+= RAND_DRBG_new.3 +MAN+= RAND_DRBG_reseed.3 +MAN+= RAND_DRBG_set_callbacks.3 +MAN+= RAND_DRBG_set_ex_data.3 +MAN+= RAND_add.3 +MAN+= RAND_bytes.3 +MAN+= RAND_cleanup.3 +MAN+= RAND_egd.3 +MAN+= RAND_load_file.3 +MAN+= RAND_set_rand_method.3 +MAN+= RC4_set_key.3 +MAN+= RIPEMD160_Init.3 +MAN+= RSA_blinding_on.3 +MAN+= RSA_check_key.3 +MAN+= RSA_generate_key.3 +MAN+= RSA_get0_key.3 +MAN+= RSA_meth_new.3 +MAN+= RSA_new.3 +MAN+= RSA_padding_add_PKCS1_type_1.3 +MAN+= RSA_print.3 +MAN+= RSA_private_encrypt.3 +MAN+= RSA_public_encrypt.3 +MAN+= RSA_set_method.3 +MAN+= RSA_sign.3 +MAN+= RSA_sign_ASN1_OCTET_STRING.3 +MAN+= RSA_size.3 +MAN+= SCT_new.3 +MAN+= SCT_print.3 +MAN+= SCT_validate.3 +MAN+= SHA256_Init.3 +MAN+= SMIME_read_CMS.3 +MAN+= SMIME_read_PKCS7.3 +MAN+= SMIME_write_CMS.3 +MAN+= SMIME_write_PKCS7.3 +MAN+= SSL_CIPHER_get_name.3 +MAN+= SSL_COMP_add_compression_method.3 +MAN+= SSL_CONF_CTX_new.3 +MAN+= SSL_CONF_CTX_set1_prefix.3 +MAN+= SSL_CONF_CTX_set_flags.3 +MAN+= SSL_CONF_CTX_set_ssl_ctx.3 +MAN+= SSL_CONF_cmd.3 +MAN+= SSL_CONF_cmd_argv.3 +MAN+= SSL_CTX_add1_chain_cert.3 +MAN+= SSL_CTX_add_extra_chain_cert.3 +MAN+= SSL_CTX_add_session.3 +MAN+= SSL_CTX_config.3 +MAN+= SSL_CTX_ctrl.3 +MAN+= SSL_CTX_dane_enable.3 +MAN+= SSL_CTX_flush_sessions.3 +MAN+= SSL_CTX_free.3 +MAN+= SSL_CTX_get0_param.3 +MAN+= SSL_CTX_get_verify_mode.3 +MAN+= SSL_CTX_has_client_custom_ext.3 +MAN+= SSL_CTX_load_verify_locations.3 +MAN+= SSL_CTX_new.3 +MAN+= SSL_CTX_sess_number.3 +MAN+= SSL_CTX_sess_set_cache_size.3 +MAN+= SSL_CTX_sess_set_get_cb.3 +MAN+= SSL_CTX_sessions.3 +MAN+= SSL_CTX_set0_CA_list.3 +MAN+= SSL_CTX_set1_curves.3 +MAN+= SSL_CTX_set1_sigalgs.3 +MAN+= SSL_CTX_set1_verify_cert_store.3 +MAN+= SSL_CTX_set_alpn_select_cb.3 +MAN+= SSL_CTX_set_cert_cb.3 +MAN+= SSL_CTX_set_cert_store.3 +MAN+= SSL_CTX_set_cert_verify_callback.3 +MAN+= SSL_CTX_set_cipher_list.3 +MAN+= SSL_CTX_set_client_cert_cb.3 +MAN+= SSL_CTX_set_client_hello_cb.3 +MAN+= SSL_CTX_set_ct_validation_callback.3 +MAN+= SSL_CTX_set_ctlog_list_file.3 +MAN+= SSL_CTX_set_default_passwd_cb.3 +MAN+= SSL_CTX_set_ex_data.3 +MAN+= SSL_CTX_set_generate_session_id.3 +MAN+= SSL_CTX_set_info_callback.3 +MAN+= SSL_CTX_set_keylog_callback.3 +MAN+= SSL_CTX_set_max_cert_list.3 +MAN+= SSL_CTX_set_min_proto_version.3 +MAN+= SSL_CTX_set_mode.3 +MAN+= SSL_CTX_set_msg_callback.3 +MAN+= SSL_CTX_set_num_tickets.3 +MAN+= SSL_CTX_set_options.3 +MAN+= SSL_CTX_set_psk_client_callback.3 +MAN+= SSL_CTX_set_quiet_shutdown.3 +MAN+= SSL_CTX_set_read_ahead.3 +MAN+= SSL_CTX_set_record_padding_callback.3 +MAN+= SSL_CTX_set_security_level.3 +MAN+= SSL_CTX_set_session_cache_mode.3 +MAN+= SSL_CTX_set_session_id_context.3 +MAN+= SSL_CTX_set_session_ticket_cb.3 +MAN+= SSL_CTX_set_split_send_fragment.3 +MAN+= SSL_CTX_set_ssl_version.3 +MAN+= SSL_CTX_set_stateless_cookie_generate_cb.3 +MAN+= SSL_CTX_set_timeout.3 +MAN+= SSL_CTX_set_tlsext_servername_callback.3 +MAN+= SSL_CTX_set_tlsext_status_cb.3 +MAN+= SSL_CTX_set_tlsext_ticket_key_cb.3 +MAN+= SSL_CTX_set_tlsext_use_srtp.3 +MAN+= SSL_CTX_set_tmp_dh_callback.3 +MAN+= SSL_CTX_set_verify.3 +MAN+= SSL_CTX_use_certificate.3 +MAN+= SSL_CTX_use_psk_identity_hint.3 +MAN+= SSL_CTX_use_serverinfo.3 +MAN+= SSL_SESSION_free.3 +MAN+= SSL_SESSION_get0_cipher.3 +MAN+= SSL_SESSION_get0_hostname.3 +MAN+= SSL_SESSION_get0_id_context.3 +MAN+= SSL_SESSION_get0_peer.3 +MAN+= SSL_SESSION_get_compress_id.3 +MAN+= SSL_SESSION_get_ex_data.3 +MAN+= SSL_SESSION_get_protocol_version.3 +MAN+= SSL_SESSION_get_time.3 +MAN+= SSL_SESSION_has_ticket.3 +MAN+= SSL_SESSION_is_resumable.3 +MAN+= SSL_SESSION_print.3 +MAN+= SSL_SESSION_set1_id.3 +MAN+= SSL_accept.3 +MAN+= SSL_alert_type_string.3 +MAN+= SSL_alloc_buffers.3 +MAN+= SSL_check_chain.3 +MAN+= SSL_clear.3 +MAN+= SSL_connect.3 +MAN+= SSL_do_handshake.3 +MAN+= SSL_export_keying_material.3 +MAN+= SSL_extension_supported.3 +MAN+= SSL_free.3 +MAN+= SSL_get0_peer_scts.3 +MAN+= SSL_get_SSL_CTX.3 +MAN+= SSL_get_all_async_fds.3 +MAN+= SSL_get_ciphers.3 +MAN+= SSL_get_client_random.3 +MAN+= SSL_get_current_cipher.3 +MAN+= SSL_get_default_timeout.3 +MAN+= SSL_get_error.3 +MAN+= SSL_get_extms_support.3 +MAN+= SSL_get_fd.3 +MAN+= SSL_get_peer_cert_chain.3 +MAN+= SSL_get_peer_certificate.3 +MAN+= SSL_get_peer_signature_nid.3 +MAN+= SSL_get_peer_tmp_key.3 +MAN+= SSL_get_psk_identity.3 +MAN+= SSL_get_rbio.3 +MAN+= SSL_get_session.3 +MAN+= SSL_get_shared_sigalgs.3 +MAN+= SSL_get_verify_result.3 +MAN+= SSL_get_version.3 +MAN+= SSL_in_init.3 +MAN+= SSL_key_update.3 +MAN+= SSL_library_init.3 +MAN+= SSL_load_client_CA_file.3 +MAN+= SSL_new.3 +MAN+= SSL_pending.3 +MAN+= SSL_read.3 +MAN+= SSL_read_early_data.3 +MAN+= SSL_rstate_string.3 +MAN+= SSL_session_reused.3 +MAN+= SSL_set1_host.3 +MAN+= SSL_set_bio.3 +MAN+= SSL_set_connect_state.3 +MAN+= SSL_set_fd.3 +MAN+= SSL_set_session.3 +MAN+= SSL_set_shutdown.3 +MAN+= SSL_set_verify_result.3 +MAN+= SSL_shutdown.3 +MAN+= SSL_state_string.3 +MAN+= SSL_want.3 +MAN+= SSL_write.3 +MAN+= UI_STRING.3 +MAN+= UI_UTIL_read_pw.3 +MAN+= UI_create_method.3 +MAN+= UI_new.3 +MAN+= X509V3_get_d2i.3 +MAN+= X509_ALGOR_dup.3 +MAN+= X509_CRL_get0_by_serial.3 +MAN+= X509_EXTENSION_set_object.3 +MAN+= X509_LOOKUP_hash_dir.3 +MAN+= X509_LOOKUP_meth_new.3 +MAN+= X509_NAME_ENTRY_get_object.3 +MAN+= X509_NAME_add_entry_by_txt.3 +MAN+= X509_NAME_get0_der.3 +MAN+= X509_NAME_get_index_by_NID.3 +MAN+= X509_NAME_print_ex.3 +MAN+= X509_PUBKEY_new.3 +MAN+= X509_SIG_get0.3 +MAN+= X509_STORE_CTX_get_error.3 +MAN+= X509_STORE_CTX_new.3 +MAN+= X509_STORE_CTX_set_verify_cb.3 +MAN+= X509_STORE_add_cert.3 +MAN+= X509_STORE_get0_param.3 +MAN+= X509_STORE_new.3 +MAN+= X509_STORE_set_verify_cb_func.3 +MAN+= X509_VERIFY_PARAM_set_flags.3 +MAN+= X509_check_ca.3 +MAN+= X509_check_host.3 +MAN+= X509_check_issued.3 +MAN+= X509_check_private_key.3 +MAN+= X509_cmp.3 +MAN+= X509_cmp_time.3 +MAN+= X509_digest.3 +MAN+= X509_dup.3 +MAN+= X509_get0_notBefore.3 +MAN+= X509_get0_signature.3 +MAN+= X509_get0_uids.3 +MAN+= X509_get_extension_flags.3 +MAN+= X509_get_pubkey.3 +MAN+= X509_get_serialNumber.3 +MAN+= X509_get_subject_name.3 +MAN+= X509_get_version.3 +MAN+= X509_new.3 +MAN+= X509_sign.3 +MAN+= X509_verify_cert.3 +MAN+= X509v3_get_ext_by_NID.3 +MAN+= d2i_DHparams.3 +MAN+= d2i_PKCS8PrivateKey_bio.3 +MAN+= d2i_PrivateKey.3 +MAN+= d2i_SSL_SESSION.3 +MAN+= d2i_X509.3 +MAN+= i2d_CMS_bio_stream.3 +MAN+= i2d_PKCS7_bio_stream.3 +MAN+= i2d_re_X509_tbs.3 +MAN+= o2i_SCT_LIST.3 +MLINKS+= ADMISSIONS.3 ADMISSIONS_get0_admissionAuthority.3 +MLINKS+= ADMISSIONS.3 ADMISSIONS_get0_namingAuthority.3 +MLINKS+= ADMISSIONS.3 ADMISSIONS_get0_professionInfos.3 +MLINKS+= ADMISSIONS.3 ADMISSIONS_set0_admissionAuthority.3 +MLINKS+= ADMISSIONS.3 ADMISSIONS_set0_namingAuthority.3 +MLINKS+= ADMISSIONS.3 ADMISSIONS_set0_professionInfos.3 +MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX.3 +MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX_get0_admissionAuthority.3 +MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX_get0_contentsOfAdmissions.3 +MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX_set0_admissionAuthority.3 +MLINKS+= ADMISSIONS.3 ADMISSION_SYNTAX_set0_contentsOfAdmissions.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_get0_authorityId.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_get0_authorityText.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_get0_authorityURL.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_set0_authorityId.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_set0_authorityText.3 +MLINKS+= ADMISSIONS.3 NAMING_AUTHORITY_set0_authorityURL.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFOS.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_addProfessionInfo.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_namingAuthority.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_professionItems.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_professionOIDs.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_get0_registrationNumber.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_addProfessionInfo.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_namingAuthority.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_professionItems.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_professionOIDs.3 +MLINKS+= ADMISSIONS.3 PROFESSION_INFO_set0_registrationNumber.3 +MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_get.3 +MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_get_int64.3 +MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_set.3 +MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_set_int64.3 +MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_ENUMERATED_to_BN.3 +MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_get.3 +MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_get_uint64.3 +MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_set.3 +MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_set_int64.3 +MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_set_uint64.3 +MLINKS+= ASN1_INTEGER_get_int64.3 ASN1_INTEGER_to_BN.3 +MLINKS+= ASN1_INTEGER_get_int64.3 BN_to_ASN1_ENUMERATED.3 +MLINKS+= ASN1_INTEGER_get_int64.3 BN_to_ASN1_INTEGER.3 +MLINKS+= ASN1_ITEM_lookup.3 ASN1_ITEM_get.3 +MLINKS+= ASN1_OBJECT_new.3 ASN1_OBJECT_free.3 +MLINKS+= ASN1_STRING_TABLE_add.3 ASN1_STRING_TABLE.3 +MLINKS+= ASN1_STRING_TABLE_add.3 ASN1_STRING_TABLE_cleanup.3 +MLINKS+= ASN1_STRING_TABLE_add.3 ASN1_STRING_TABLE_get.3 +MLINKS+= ASN1_STRING_length.3 ASN1_STRING_cmp.3 +MLINKS+= ASN1_STRING_length.3 ASN1_STRING_data.3 +MLINKS+= ASN1_STRING_length.3 ASN1_STRING_dup.3 +MLINKS+= ASN1_STRING_length.3 ASN1_STRING_get0_data.3 +MLINKS+= ASN1_STRING_length.3 ASN1_STRING_set.3 +MLINKS+= ASN1_STRING_length.3 ASN1_STRING_to_UTF8.3 +MLINKS+= ASN1_STRING_length.3 ASN1_STRING_type.3 +MLINKS+= ASN1_STRING_new.3 ASN1_STRING_free.3 +MLINKS+= ASN1_STRING_new.3 ASN1_STRING_type_new.3 +MLINKS+= ASN1_STRING_print_ex.3 ASN1_STRING_print.3 +MLINKS+= ASN1_STRING_print_ex.3 ASN1_STRING_print_ex_fp.3 +MLINKS+= ASN1_STRING_print_ex.3 ASN1_tag2str.3 +MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_adj.3 +MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_check.3 +MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_print.3 +MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_set.3 +MLINKS+= ASN1_TIME_set.3 ASN1_GENERALIZEDTIME_set_string.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_adj.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_check.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_cmp_time_t.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_compare.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_diff.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_normalize.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_print.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_set_string.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_set_string_X509.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_to_generalizedtime.3 +MLINKS+= ASN1_TIME_set.3 ASN1_TIME_to_tm.3 +MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_adj.3 +MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_check.3 +MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_cmp_time_t.3 +MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_print.3 +MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_set.3 +MLINKS+= ASN1_TIME_set.3 ASN1_UTCTIME_set_string.3 +MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_cmp.3 +MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_pack_sequence.3 +MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_set.3 +MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_set1.3 +MLINKS+= ASN1_TYPE_get.3 ASN1_TYPE_unpack_sequence.3 +MLINKS+= ASN1_generate_nconf.3 ASN1_generate_v3.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_clear_fd.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_free.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_get_all_fds.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_get_changed_fds.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_get_fd.3 +MLINKS+= ASYNC_WAIT_CTX_new.3 ASYNC_WAIT_CTX_set_wait_fd.3 +MLINKS+= ASYNC_start_job.3 ASYNC_block_pause.3 +MLINKS+= ASYNC_start_job.3 ASYNC_cleanup_thread.3 +MLINKS+= ASYNC_start_job.3 ASYNC_get_current_job.3 +MLINKS+= ASYNC_start_job.3 ASYNC_get_wait_ctx.3 +MLINKS+= ASYNC_start_job.3 ASYNC_init_thread.3 +MLINKS+= ASYNC_start_job.3 ASYNC_is_capable.3 +MLINKS+= ASYNC_start_job.3 ASYNC_pause_job.3 +MLINKS+= ASYNC_start_job.3 ASYNC_unblock_pause.3 +MLINKS+= BF_encrypt.3 BF_cbc_encrypt.3 +MLINKS+= BF_encrypt.3 BF_cfb64_encrypt.3 +MLINKS+= BF_encrypt.3 BF_decrypt.3 +MLINKS+= BF_encrypt.3 BF_ecb_encrypt.3 +MLINKS+= BF_encrypt.3 BF_ofb64_encrypt.3 +MLINKS+= BF_encrypt.3 BF_options.3 +MLINKS+= BF_encrypt.3 BF_set_key.3 +MLINKS+= BIO_ADDR.3 BIO_ADDR_clear.3 +MLINKS+= BIO_ADDR.3 BIO_ADDR_family.3 +MLINKS+= BIO_ADDR.3 BIO_ADDR_free.3 +MLINKS+= BIO_ADDR.3 BIO_ADDR_hostname_string.3 +MLINKS+= BIO_ADDR.3 BIO_ADDR_new.3 +MLINKS+= BIO_ADDR.3 BIO_ADDR_path_string.3 +MLINKS+= BIO_ADDR.3 BIO_ADDR_rawaddress.3 +MLINKS+= BIO_ADDR.3 BIO_ADDR_rawmake.3 +MLINKS+= BIO_ADDR.3 BIO_ADDR_rawport.3 +MLINKS+= BIO_ADDR.3 BIO_ADDR_service_string.3 +MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_address.3 +MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_family.3 +MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_free.3 +MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_next.3 +MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_protocol.3 +MLINKS+= BIO_ADDRINFO.3 BIO_ADDRINFO_socktype.3 +MLINKS+= BIO_ADDRINFO.3 BIO_lookup.3 +MLINKS+= BIO_ADDRINFO.3 BIO_lookup_ex.3 +MLINKS+= BIO_ADDRINFO.3 BIO_lookup_type.3 +MLINKS+= BIO_connect.3 BIO_accept_ex.3 +MLINKS+= BIO_connect.3 BIO_bind.3 +MLINKS+= BIO_connect.3 BIO_closesocket.3 +MLINKS+= BIO_connect.3 BIO_listen.3 +MLINKS+= BIO_connect.3 BIO_socket.3 +MLINKS+= BIO_ctrl.3 BIO_callback_ctrl.3 +MLINKS+= BIO_ctrl.3 BIO_ctrl_pending.3 +MLINKS+= BIO_ctrl.3 BIO_ctrl_wpending.3 +MLINKS+= BIO_ctrl.3 BIO_eof.3 +MLINKS+= BIO_ctrl.3 BIO_flush.3 +MLINKS+= BIO_ctrl.3 BIO_get_close.3 +MLINKS+= BIO_ctrl.3 BIO_get_info_callback.3 +MLINKS+= BIO_ctrl.3 BIO_info_cb.3 +MLINKS+= BIO_ctrl.3 BIO_int_ctrl.3 +MLINKS+= BIO_ctrl.3 BIO_pending.3 +MLINKS+= BIO_ctrl.3 BIO_ptr_ctrl.3 +MLINKS+= BIO_ctrl.3 BIO_reset.3 +MLINKS+= BIO_ctrl.3 BIO_seek.3 +MLINKS+= BIO_ctrl.3 BIO_set_close.3 +MLINKS+= BIO_ctrl.3 BIO_set_info_callback.3 +MLINKS+= BIO_ctrl.3 BIO_tell.3 +MLINKS+= BIO_ctrl.3 BIO_wpending.3 +MLINKS+= BIO_f_buffer.3 BIO_get_buffer_num_lines.3 +MLINKS+= BIO_f_buffer.3 BIO_set_buffer_read_data.3 +MLINKS+= BIO_f_buffer.3 BIO_set_buffer_size.3 +MLINKS+= BIO_f_buffer.3 BIO_set_read_buffer_size.3 +MLINKS+= BIO_f_buffer.3 BIO_set_write_buffer_size.3 +MLINKS+= BIO_f_cipher.3 BIO_get_cipher_ctx.3 +MLINKS+= BIO_f_cipher.3 BIO_get_cipher_status.3 +MLINKS+= BIO_f_cipher.3 BIO_set_cipher.3 +MLINKS+= BIO_f_md.3 BIO_get_md.3 +MLINKS+= BIO_f_md.3 BIO_get_md_ctx.3 +MLINKS+= BIO_f_md.3 BIO_set_md.3 +MLINKS+= BIO_f_ssl.3 BIO_do_handshake.3 +MLINKS+= BIO_f_ssl.3 BIO_get_num_renegotiates.3 +MLINKS+= BIO_f_ssl.3 BIO_get_ssl.3 +MLINKS+= BIO_f_ssl.3 BIO_new_buffer_ssl_connect.3 +MLINKS+= BIO_f_ssl.3 BIO_new_ssl.3 +MLINKS+= BIO_f_ssl.3 BIO_new_ssl_connect.3 +MLINKS+= BIO_f_ssl.3 BIO_set_ssl.3 +MLINKS+= BIO_f_ssl.3 BIO_set_ssl_mode.3 +MLINKS+= BIO_f_ssl.3 BIO_set_ssl_renegotiate_bytes.3 +MLINKS+= BIO_f_ssl.3 BIO_set_ssl_renegotiate_timeout.3 +MLINKS+= BIO_f_ssl.3 BIO_ssl_copy_session_id.3 +MLINKS+= BIO_f_ssl.3 BIO_ssl_shutdown.3 +MLINKS+= BIO_find_type.3 BIO_method_type.3 +MLINKS+= BIO_find_type.3 BIO_next.3 +MLINKS+= BIO_get_data.3 BIO_get_init.3 +MLINKS+= BIO_get_data.3 BIO_get_shutdown.3 +MLINKS+= BIO_get_data.3 BIO_set_data.3 +MLINKS+= BIO_get_data.3 BIO_set_init.3 +MLINKS+= BIO_get_data.3 BIO_set_shutdown.3 +MLINKS+= BIO_get_ex_new_index.3 BIO_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 BIO_set_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 DH_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 DH_get_ex_new_index.3 +MLINKS+= BIO_get_ex_new_index.3 DH_set_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 DSA_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 DSA_get_ex_new_index.3 +MLINKS+= BIO_get_ex_new_index.3 DSA_set_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 ECDH_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 ECDH_get_ex_new_index.3 +MLINKS+= BIO_get_ex_new_index.3 ECDH_set_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 EC_KEY_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 EC_KEY_get_ex_new_index.3 +MLINKS+= BIO_get_ex_new_index.3 EC_KEY_set_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 ENGINE_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 ENGINE_get_ex_new_index.3 +MLINKS+= BIO_get_ex_new_index.3 ENGINE_set_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 RSA_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 RSA_get_ex_new_index.3 +MLINKS+= BIO_get_ex_new_index.3 RSA_set_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 UI_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 UI_get_ex_new_index.3 +MLINKS+= BIO_get_ex_new_index.3 UI_set_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_get_ex_new_index.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_CTX_set_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_get_ex_new_index.3 +MLINKS+= BIO_get_ex_new_index.3 X509_STORE_set_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 X509_get_ex_data.3 +MLINKS+= BIO_get_ex_new_index.3 X509_get_ex_new_index.3 +MLINKS+= BIO_get_ex_new_index.3 X509_set_ex_data.3 +MLINKS+= BIO_meth_new.3 BIO_get_new_index.3 +MLINKS+= BIO_meth_new.3 BIO_meth_free.3 +MLINKS+= BIO_meth_new.3 BIO_meth_get_callback_ctrl.3 +MLINKS+= BIO_meth_new.3 BIO_meth_get_create.3 +MLINKS+= BIO_meth_new.3 BIO_meth_get_ctrl.3 +MLINKS+= BIO_meth_new.3 BIO_meth_get_destroy.3 +MLINKS+= BIO_meth_new.3 BIO_meth_get_gets.3 +MLINKS+= BIO_meth_new.3 BIO_meth_get_puts.3 +MLINKS+= BIO_meth_new.3 BIO_meth_get_read.3 +MLINKS+= BIO_meth_new.3 BIO_meth_get_read_ex.3 +MLINKS+= BIO_meth_new.3 BIO_meth_get_write.3 +MLINKS+= BIO_meth_new.3 BIO_meth_get_write_ex.3 +MLINKS+= BIO_meth_new.3 BIO_meth_set_callback_ctrl.3 +MLINKS+= BIO_meth_new.3 BIO_meth_set_create.3 +MLINKS+= BIO_meth_new.3 BIO_meth_set_ctrl.3 +MLINKS+= BIO_meth_new.3 BIO_meth_set_destroy.3 +MLINKS+= BIO_meth_new.3 BIO_meth_set_gets.3 +MLINKS+= BIO_meth_new.3 BIO_meth_set_puts.3 +MLINKS+= BIO_meth_new.3 BIO_meth_set_read.3 +MLINKS+= BIO_meth_new.3 BIO_meth_set_read_ex.3 +MLINKS+= BIO_meth_new.3 BIO_meth_set_write.3 +MLINKS+= BIO_meth_new.3 BIO_meth_set_write_ex.3 +MLINKS+= BIO_new.3 BIO_free.3 +MLINKS+= BIO_new.3 BIO_free_all.3 +MLINKS+= BIO_new.3 BIO_up_ref.3 +MLINKS+= BIO_new.3 BIO_vfree.3 +MLINKS+= BIO_parse_hostserv.3 BIO_hostserv_priorities.3 +MLINKS+= BIO_printf.3 BIO_snprintf.3 +MLINKS+= BIO_printf.3 BIO_vprintf.3 +MLINKS+= BIO_printf.3 BIO_vsnprintf.3 +MLINKS+= BIO_push.3 BIO_pop.3 +MLINKS+= BIO_push.3 BIO_set_next.3 +MLINKS+= BIO_read.3 BIO_gets.3 +MLINKS+= BIO_read.3 BIO_puts.3 +MLINKS+= BIO_read.3 BIO_read_ex.3 +MLINKS+= BIO_read.3 BIO_write.3 +MLINKS+= BIO_read.3 BIO_write_ex.3 +MLINKS+= BIO_s_accept.3 BIO_do_accept.3 +MLINKS+= BIO_s_accept.3 BIO_get_accept_ip_family.3 +MLINKS+= BIO_s_accept.3 BIO_get_accept_name.3 +MLINKS+= BIO_s_accept.3 BIO_get_accept_port.3 +MLINKS+= BIO_s_accept.3 BIO_get_bind_mode.3 +MLINKS+= BIO_s_accept.3 BIO_get_peer_name.3 +MLINKS+= BIO_s_accept.3 BIO_get_peer_port.3 +MLINKS+= BIO_s_accept.3 BIO_new_accept.3 +MLINKS+= BIO_s_accept.3 BIO_set_accept_bios.3 +MLINKS+= BIO_s_accept.3 BIO_set_accept_ip_family.3 +MLINKS+= BIO_s_accept.3 BIO_set_accept_name.3 +MLINKS+= BIO_s_accept.3 BIO_set_accept_port.3 +MLINKS+= BIO_s_accept.3 BIO_set_bind_mode.3 +MLINKS+= BIO_s_accept.3 BIO_set_nbio_accept.3 +MLINKS+= BIO_s_bio.3 BIO_ctrl_get_read_request.3 +MLINKS+= BIO_s_bio.3 BIO_ctrl_get_write_guarantee.3 +MLINKS+= BIO_s_bio.3 BIO_ctrl_reset_read_request.3 +MLINKS+= BIO_s_bio.3 BIO_destroy_bio_pair.3 +MLINKS+= BIO_s_bio.3 BIO_get_read_request.3 +MLINKS+= BIO_s_bio.3 BIO_get_write_buf_size.3 +MLINKS+= BIO_s_bio.3 BIO_get_write_guarantee.3 +MLINKS+= BIO_s_bio.3 BIO_make_bio_pair.3 +MLINKS+= BIO_s_bio.3 BIO_new_bio_pair.3 +MLINKS+= BIO_s_bio.3 BIO_set_write_buf_size.3 +MLINKS+= BIO_s_bio.3 BIO_shutdown_wr.3 +MLINKS+= BIO_s_connect.3 BIO_do_connect.3 +MLINKS+= BIO_s_connect.3 BIO_get_conn_address.3 +MLINKS+= BIO_s_connect.3 BIO_get_conn_hostname.3 +MLINKS+= BIO_s_connect.3 BIO_get_conn_ip_family.3 +MLINKS+= BIO_s_connect.3 BIO_get_conn_port.3 +MLINKS+= BIO_s_connect.3 BIO_new_connect.3 +MLINKS+= BIO_s_connect.3 BIO_set_conn_address.3 +MLINKS+= BIO_s_connect.3 BIO_set_conn_hostname.3 +MLINKS+= BIO_s_connect.3 BIO_set_conn_ip_family.3 +MLINKS+= BIO_s_connect.3 BIO_set_conn_port.3 +MLINKS+= BIO_s_connect.3 BIO_set_nbio.3 +MLINKS+= BIO_s_fd.3 BIO_get_fd.3 +MLINKS+= BIO_s_fd.3 BIO_new_fd.3 +MLINKS+= BIO_s_fd.3 BIO_set_fd.3 +MLINKS+= BIO_s_file.3 BIO_append_filename.3 +MLINKS+= BIO_s_file.3 BIO_get_fp.3 +MLINKS+= BIO_s_file.3 BIO_new_file.3 +MLINKS+= BIO_s_file.3 BIO_new_fp.3 +MLINKS+= BIO_s_file.3 BIO_read_filename.3 +MLINKS+= BIO_s_file.3 BIO_rw_filename.3 +MLINKS+= BIO_s_file.3 BIO_set_fp.3 +MLINKS+= BIO_s_file.3 BIO_write_filename.3 +MLINKS+= BIO_s_mem.3 BIO_get_mem_data.3 +MLINKS+= BIO_s_mem.3 BIO_get_mem_ptr.3 +MLINKS+= BIO_s_mem.3 BIO_new_mem_buf.3 +MLINKS+= BIO_s_mem.3 BIO_s_secmem.3 +MLINKS+= BIO_s_mem.3 BIO_set_mem_buf.3 +MLINKS+= BIO_s_mem.3 BIO_set_mem_eof_return.3 +MLINKS+= BIO_s_socket.3 BIO_new_socket.3 +MLINKS+= BIO_set_callback.3 BIO_callback_fn.3 +MLINKS+= BIO_set_callback.3 BIO_callback_fn_ex.3 +MLINKS+= BIO_set_callback.3 BIO_debug_callback.3 +MLINKS+= BIO_set_callback.3 BIO_get_callback.3 +MLINKS+= BIO_set_callback.3 BIO_get_callback_arg.3 +MLINKS+= BIO_set_callback.3 BIO_get_callback_ex.3 +MLINKS+= BIO_set_callback.3 BIO_set_callback_arg.3 +MLINKS+= BIO_set_callback.3 BIO_set_callback_ex.3 +MLINKS+= BIO_should_retry.3 BIO_get_retry_BIO.3 +MLINKS+= BIO_should_retry.3 BIO_get_retry_reason.3 +MLINKS+= BIO_should_retry.3 BIO_retry_type.3 +MLINKS+= BIO_should_retry.3 BIO_set_retry_reason.3 +MLINKS+= BIO_should_retry.3 BIO_should_io_special.3 +MLINKS+= BIO_should_retry.3 BIO_should_read.3 +MLINKS+= BIO_should_retry.3 BIO_should_write.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_convert.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_convert_ex.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_create_param.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_free.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_get_flags.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_invert.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_invert_ex.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_is_current_thread.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_lock.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_set_current_thread.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_set_flags.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_unlock.3 +MLINKS+= BN_BLINDING_new.3 BN_BLINDING_update.3 +MLINKS+= BN_CTX_new.3 BN_CTX_free.3 +MLINKS+= BN_CTX_new.3 BN_CTX_secure_new.3 +MLINKS+= BN_CTX_start.3 BN_CTX_end.3 +MLINKS+= BN_CTX_start.3 BN_CTX_get.3 +MLINKS+= BN_add.3 BN_div.3 +MLINKS+= BN_add.3 BN_exp.3 +MLINKS+= BN_add.3 BN_gcd.3 +MLINKS+= BN_add.3 BN_mod.3 +MLINKS+= BN_add.3 BN_mod_add.3 +MLINKS+= BN_add.3 BN_mod_exp.3 +MLINKS+= BN_add.3 BN_mod_mul.3 +MLINKS+= BN_add.3 BN_mod_sqr.3 +MLINKS+= BN_add.3 BN_mod_sub.3 +MLINKS+= BN_add.3 BN_mul.3 +MLINKS+= BN_add.3 BN_nnmod.3 +MLINKS+= BN_add.3 BN_sqr.3 +MLINKS+= BN_add.3 BN_sub.3 +MLINKS+= BN_add_word.3 BN_div_word.3 +MLINKS+= BN_add_word.3 BN_mod_word.3 +MLINKS+= BN_add_word.3 BN_mul_word.3 +MLINKS+= BN_add_word.3 BN_sub_word.3 +MLINKS+= BN_bn2bin.3 BN_bin2bn.3 +MLINKS+= BN_bn2bin.3 BN_bn2binpad.3 +MLINKS+= BN_bn2bin.3 BN_bn2dec.3 +MLINKS+= BN_bn2bin.3 BN_bn2hex.3 +MLINKS+= BN_bn2bin.3 BN_bn2lebinpad.3 +MLINKS+= BN_bn2bin.3 BN_bn2mpi.3 +MLINKS+= BN_bn2bin.3 BN_dec2bn.3 +MLINKS+= BN_bn2bin.3 BN_hex2bn.3 +MLINKS+= BN_bn2bin.3 BN_lebin2bn.3 +MLINKS+= BN_bn2bin.3 BN_mpi2bn.3 +MLINKS+= BN_bn2bin.3 BN_print.3 +MLINKS+= BN_bn2bin.3 BN_print_fp.3 +MLINKS+= BN_cmp.3 BN_is_odd.3 +MLINKS+= BN_cmp.3 BN_is_one.3 +MLINKS+= BN_cmp.3 BN_is_word.3 +MLINKS+= BN_cmp.3 BN_is_zero.3 +MLINKS+= BN_cmp.3 BN_ucmp.3 +MLINKS+= BN_copy.3 BN_dup.3 +MLINKS+= BN_copy.3 BN_with_flags.3 +MLINKS+= BN_generate_prime.3 BN_GENCB_call.3 +MLINKS+= BN_generate_prime.3 BN_GENCB_free.3 +MLINKS+= BN_generate_prime.3 BN_GENCB_get_arg.3 +MLINKS+= BN_generate_prime.3 BN_GENCB_new.3 +MLINKS+= BN_generate_prime.3 BN_GENCB_set.3 +MLINKS+= BN_generate_prime.3 BN_GENCB_set_old.3 +MLINKS+= BN_generate_prime.3 BN_generate_prime_ex.3 +MLINKS+= BN_generate_prime.3 BN_is_prime.3 +MLINKS+= BN_generate_prime.3 BN_is_prime_ex.3 +MLINKS+= BN_generate_prime.3 BN_is_prime_fasttest.3 +MLINKS+= BN_generate_prime.3 BN_is_prime_fasttest_ex.3 +MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_copy.3 +MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_free.3 +MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_new.3 +MLINKS+= BN_mod_mul_montgomery.3 BN_MONT_CTX_set.3 +MLINKS+= BN_mod_mul_montgomery.3 BN_from_montgomery.3 +MLINKS+= BN_mod_mul_montgomery.3 BN_to_montgomery.3 +MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_free.3 +MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_new.3 +MLINKS+= BN_mod_mul_reciprocal.3 BN_RECP_CTX_set.3 +MLINKS+= BN_mod_mul_reciprocal.3 BN_div_recp.3 +MLINKS+= BN_new.3 BN_clear.3 +MLINKS+= BN_new.3 BN_clear_free.3 +MLINKS+= BN_new.3 BN_free.3 +MLINKS+= BN_new.3 BN_secure_new.3 +MLINKS+= BN_num_bytes.3 BN_num_bits.3 +MLINKS+= BN_num_bytes.3 BN_num_bits_word.3 +MLINKS+= BN_rand.3 BN_priv_rand.3 +MLINKS+= BN_rand.3 BN_priv_rand_range.3 +MLINKS+= BN_rand.3 BN_pseudo_rand.3 +MLINKS+= BN_rand.3 BN_pseudo_rand_range.3 +MLINKS+= BN_rand.3 BN_rand_range.3 +MLINKS+= BN_set_bit.3 BN_clear_bit.3 +MLINKS+= BN_set_bit.3 BN_is_bit_set.3 +MLINKS+= BN_set_bit.3 BN_lshift.3 +MLINKS+= BN_set_bit.3 BN_lshift1.3 +MLINKS+= BN_set_bit.3 BN_mask_bits.3 +MLINKS+= BN_set_bit.3 BN_rshift.3 +MLINKS+= BN_set_bit.3 BN_rshift1.3 +MLINKS+= BN_zero.3 BN_get_word.3 +MLINKS+= BN_zero.3 BN_one.3 +MLINKS+= BN_zero.3 BN_set_word.3 +MLINKS+= BN_zero.3 BN_value_one.3 +MLINKS+= BUF_MEM_new.3 BUF_MEM_free.3 +MLINKS+= BUF_MEM_new.3 BUF_MEM_grow.3 +MLINKS+= BUF_MEM_new.3 BUF_MEM_grow_clean.3 +MLINKS+= BUF_MEM_new.3 BUF_MEM_new_ex.3 +MLINKS+= BUF_MEM_new.3 BUF_reverse.3 +MLINKS+= CMS_add0_cert.3 CMS_add0_crl.3 +MLINKS+= CMS_add0_cert.3 CMS_add1_cert.3 +MLINKS+= CMS_add0_cert.3 CMS_add1_crl.3 +MLINKS+= CMS_add0_cert.3 CMS_get1_certs.3 +MLINKS+= CMS_add0_cert.3 CMS_get1_crls.3 +MLINKS+= CMS_add1_recipient_cert.3 CMS_add0_recipient_key.3 +MLINKS+= CMS_add1_signer.3 CMS_SignerInfo_sign.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_decrypt.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_encrypt.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_kekri_get0_id.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_kekri_id_cmp.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_cert_cmp.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_get0_signer_id.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_set0_key.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_set0_pkey.3 +MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_type.3 +MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_cert_cmp.3 +MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_get0_signature.3 +MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_get0_signer_id.3 +MLINKS+= CMS_get0_SignerInfos.3 CMS_SignerInfo_set1_signer_cert.3 +MLINKS+= CMS_get0_type.3 CMS_get0_content.3 +MLINKS+= CMS_get0_type.3 CMS_get0_eContentType.3 +MLINKS+= CMS_get0_type.3 CMS_set1_eContentType.3 +MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_create0.3 +MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_get0_values.3 +MLINKS+= CMS_get1_ReceiptRequest.3 CMS_add1_ReceiptRequest.3 +MLINKS+= CMS_verify.3 CMS_get0_signers.3 +MLINKS+= CONF_modules_free.3 CONF_modules_finish.3 +MLINKS+= CONF_modules_free.3 CONF_modules_unload.3 +MLINKS+= CONF_modules_load_file.3 CONF_modules_load.3 +MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_lock_free.3 +MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_lock_new.3 +MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_read_lock.3 +MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_unlock.3 +MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_THREAD_write_lock.3 +MLINKS+= CRYPTO_THREAD_run_once.3 CRYPTO_atomic_add.3 +MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_EX_dup.3 +MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_EX_free.3 +MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_EX_new.3 +MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_free_ex_data.3 +MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_free_ex_index.3 +MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_get_ex_data.3 +MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_new_ex_data.3 +MLINKS+= CRYPTO_get_ex_new_index.3 CRYPTO_set_ex_data.3 +MLINKS+= CTLOG_STORE_new.3 CTLOG_STORE_free.3 +MLINKS+= CTLOG_STORE_new.3 CTLOG_STORE_load_default_file.3 +MLINKS+= CTLOG_STORE_new.3 CTLOG_STORE_load_file.3 +MLINKS+= CTLOG_new.3 CTLOG_free.3 +MLINKS+= CTLOG_new.3 CTLOG_get0_log_id.3 +MLINKS+= CTLOG_new.3 CTLOG_get0_name.3 +MLINKS+= CTLOG_new.3 CTLOG_get0_public_key.3 +MLINKS+= CTLOG_new.3 CTLOG_new_from_base64.3 +MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_free.3 +MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_get0_cert.3 +MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_get0_issuer.3 +MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_get0_log_store.3 +MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_get_time.3 +MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_set1_cert.3 +MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_set1_issuer.3 +MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE.3 +MLINKS+= CT_POLICY_EVAL_CTX_new.3 CT_POLICY_EVAL_CTX_set_time.3 +MLINKS+= DEFINE_STACK_OF.3 DEFINE_SPECIAL_STACK_OF.3 +MLINKS+= DEFINE_STACK_OF.3 DEFINE_SPECIAL_STACK_OF_CONST.3 +MLINKS+= DEFINE_STACK_OF.3 DEFINE_STACK_OF_CONST.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_deep_copy.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_delete.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_delete_ptr.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_dup.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_find.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_find_ex.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_free.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_insert.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_is_sorted.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_new.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_new_null.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_new_reserve.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_num.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_pop.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_pop_free.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_push.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_reserve.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_set.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_set_cmp_func.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_shift.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_sort.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_unshift.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_value.3 +MLINKS+= DEFINE_STACK_OF.3 sk_TYPE_zero.3 +MLINKS+= DES_random_key.3 DES_cbc_cksum.3 +MLINKS+= DES_random_key.3 DES_cfb64_encrypt.3 +MLINKS+= DES_random_key.3 DES_cfb_encrypt.3 +MLINKS+= DES_random_key.3 DES_crypt.3 +MLINKS+= DES_random_key.3 DES_ecb2_encrypt.3 +MLINKS+= DES_random_key.3 DES_ecb3_encrypt.3 +MLINKS+= DES_random_key.3 DES_ecb_encrypt.3 +MLINKS+= DES_random_key.3 DES_ede2_cbc_encrypt.3 +MLINKS+= DES_random_key.3 DES_ede2_cfb64_encrypt.3 +MLINKS+= DES_random_key.3 DES_ede2_ofb64_encrypt.3 +MLINKS+= DES_random_key.3 DES_ede3_cbc_encrypt.3 +MLINKS+= DES_random_key.3 DES_ede3_cfb64_encrypt.3 +MLINKS+= DES_random_key.3 DES_ede3_ofb64_encrypt.3 +MLINKS+= DES_random_key.3 DES_fcrypt.3 +MLINKS+= DES_random_key.3 DES_is_weak_key.3 +MLINKS+= DES_random_key.3 DES_key_sched.3 +MLINKS+= DES_random_key.3 DES_ncbc_encrypt.3 +MLINKS+= DES_random_key.3 DES_ofb64_encrypt.3 +MLINKS+= DES_random_key.3 DES_ofb_encrypt.3 +MLINKS+= DES_random_key.3 DES_pcbc_encrypt.3 +MLINKS+= DES_random_key.3 DES_quad_cksum.3 +MLINKS+= DES_random_key.3 DES_set_key.3 +MLINKS+= DES_random_key.3 DES_set_key_checked.3 +MLINKS+= DES_random_key.3 DES_set_key_unchecked.3 +MLINKS+= DES_random_key.3 DES_set_odd_parity.3 +MLINKS+= DES_random_key.3 DES_string_to_2keys.3 +MLINKS+= DES_random_key.3 DES_string_to_key.3 +MLINKS+= DES_random_key.3 DES_xcbc_encrypt.3 +MLINKS+= DH_generate_key.3 DH_compute_key.3 +MLINKS+= DH_generate_parameters.3 DH_check.3 +MLINKS+= DH_generate_parameters.3 DH_check_ex.3 +MLINKS+= DH_generate_parameters.3 DH_check_params.3 +MLINKS+= DH_generate_parameters.3 DH_check_params_ex.3 +MLINKS+= DH_generate_parameters.3 DH_check_pub_key_ex.3 +MLINKS+= DH_generate_parameters.3 DH_generate_parameters_ex.3 +MLINKS+= DH_get0_pqg.3 DH_clear_flags.3 +MLINKS+= DH_get0_pqg.3 DH_get0_engine.3 +MLINKS+= DH_get0_pqg.3 DH_get0_g.3 +MLINKS+= DH_get0_pqg.3 DH_get0_key.3 +MLINKS+= DH_get0_pqg.3 DH_get0_p.3 +MLINKS+= DH_get0_pqg.3 DH_get0_priv_key.3 +MLINKS+= DH_get0_pqg.3 DH_get0_pub_key.3 +MLINKS+= DH_get0_pqg.3 DH_get0_q.3 +MLINKS+= DH_get0_pqg.3 DH_get_length.3 +MLINKS+= DH_get0_pqg.3 DH_set0_key.3 +MLINKS+= DH_get0_pqg.3 DH_set0_pqg.3 +MLINKS+= DH_get0_pqg.3 DH_set_flags.3 +MLINKS+= DH_get0_pqg.3 DH_set_length.3 +MLINKS+= DH_get0_pqg.3 DH_test_flags.3 +MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_192.3 +MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_224.3 +MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_256.3 +MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_384.3 +MLINKS+= DH_get_1024_160.3 BN_get0_nist_prime_521.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc2409_prime_1024.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc2409_prime_768.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_1536.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_2048.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_3072.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_4096.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_6144.3 +MLINKS+= DH_get_1024_160.3 BN_get_rfc3526_prime_8192.3 +MLINKS+= DH_get_1024_160.3 DH_get_2048_224.3 +MLINKS+= DH_get_1024_160.3 DH_get_2048_256.3 +MLINKS+= DH_meth_new.3 DH_meth_dup.3 +MLINKS+= DH_meth_new.3 DH_meth_free.3 +MLINKS+= DH_meth_new.3 DH_meth_get0_app_data.3 +MLINKS+= DH_meth_new.3 DH_meth_get0_name.3 +MLINKS+= DH_meth_new.3 DH_meth_get_bn_mod_exp.3 +MLINKS+= DH_meth_new.3 DH_meth_get_compute_key.3 +MLINKS+= DH_meth_new.3 DH_meth_get_finish.3 +MLINKS+= DH_meth_new.3 DH_meth_get_flags.3 +MLINKS+= DH_meth_new.3 DH_meth_get_generate_key.3 +MLINKS+= DH_meth_new.3 DH_meth_get_generate_params.3 +MLINKS+= DH_meth_new.3 DH_meth_get_init.3 +MLINKS+= DH_meth_new.3 DH_meth_set0_app_data.3 +MLINKS+= DH_meth_new.3 DH_meth_set1_name.3 +MLINKS+= DH_meth_new.3 DH_meth_set_bn_mod_exp.3 +MLINKS+= DH_meth_new.3 DH_meth_set_compute_key.3 +MLINKS+= DH_meth_new.3 DH_meth_set_finish.3 +MLINKS+= DH_meth_new.3 DH_meth_set_flags.3 +MLINKS+= DH_meth_new.3 DH_meth_set_generate_key.3 +MLINKS+= DH_meth_new.3 DH_meth_set_generate_params.3 +MLINKS+= DH_meth_new.3 DH_meth_set_init.3 +MLINKS+= DH_new.3 DH_free.3 +MLINKS+= DH_new_by_nid.3 DH_get_nid.3 +MLINKS+= DH_set_method.3 DH_OpenSSL.3 +MLINKS+= DH_set_method.3 DH_get_default_method.3 +MLINKS+= DH_set_method.3 DH_new_method.3 +MLINKS+= DH_set_method.3 DH_set_default_method.3 +MLINKS+= DH_size.3 DH_bits.3 +MLINKS+= DH_size.3 DH_security_bits.3 +MLINKS+= DSA_SIG_new.3 DSA_SIG_free.3 +MLINKS+= DSA_SIG_new.3 DSA_SIG_get0.3 +MLINKS+= DSA_SIG_new.3 DSA_SIG_set0.3 +MLINKS+= DSA_do_sign.3 DSA_do_verify.3 +MLINKS+= DSA_generate_parameters.3 DSA_generate_parameters_ex.3 +MLINKS+= DSA_get0_pqg.3 DSA_clear_flags.3 +MLINKS+= DSA_get0_pqg.3 DSA_get0_engine.3 +MLINKS+= DSA_get0_pqg.3 DSA_get0_g.3 +MLINKS+= DSA_get0_pqg.3 DSA_get0_key.3 +MLINKS+= DSA_get0_pqg.3 DSA_get0_p.3 +MLINKS+= DSA_get0_pqg.3 DSA_get0_priv_key.3 +MLINKS+= DSA_get0_pqg.3 DSA_get0_pub_key.3 +MLINKS+= DSA_get0_pqg.3 DSA_get0_q.3 +MLINKS+= DSA_get0_pqg.3 DSA_set0_key.3 +MLINKS+= DSA_get0_pqg.3 DSA_set0_pqg.3 +MLINKS+= DSA_get0_pqg.3 DSA_set_flags.3 +MLINKS+= DSA_get0_pqg.3 DSA_test_flags.3 +MLINKS+= DSA_meth_new.3 DSA_meth_dup.3 +MLINKS+= DSA_meth_new.3 DSA_meth_free.3 +MLINKS+= DSA_meth_new.3 DSA_meth_get0_app_data.3 +MLINKS+= DSA_meth_new.3 DSA_meth_get0_name.3 +MLINKS+= DSA_meth_new.3 DSA_meth_get_bn_mod_exp.3 +MLINKS+= DSA_meth_new.3 DSA_meth_get_finish.3 +MLINKS+= DSA_meth_new.3 DSA_meth_get_flags.3 +MLINKS+= DSA_meth_new.3 DSA_meth_get_init.3 +MLINKS+= DSA_meth_new.3 DSA_meth_get_keygen.3 +MLINKS+= DSA_meth_new.3 DSA_meth_get_mod_exp.3 +MLINKS+= DSA_meth_new.3 DSA_meth_get_paramgen.3 +MLINKS+= DSA_meth_new.3 DSA_meth_get_sign.3 +MLINKS+= DSA_meth_new.3 DSA_meth_get_sign_setup.3 +MLINKS+= DSA_meth_new.3 DSA_meth_get_verify.3 +MLINKS+= DSA_meth_new.3 DSA_meth_set0_app_data.3 +MLINKS+= DSA_meth_new.3 DSA_meth_set1_name.3 +MLINKS+= DSA_meth_new.3 DSA_meth_set_bn_mod_exp.3 +MLINKS+= DSA_meth_new.3 DSA_meth_set_finish.3 +MLINKS+= DSA_meth_new.3 DSA_meth_set_flags.3 +MLINKS+= DSA_meth_new.3 DSA_meth_set_init.3 +MLINKS+= DSA_meth_new.3 DSA_meth_set_keygen.3 +MLINKS+= DSA_meth_new.3 DSA_meth_set_mod_exp.3 +MLINKS+= DSA_meth_new.3 DSA_meth_set_paramgen.3 +MLINKS+= DSA_meth_new.3 DSA_meth_set_sign.3 +MLINKS+= DSA_meth_new.3 DSA_meth_set_sign_setup.3 +MLINKS+= DSA_meth_new.3 DSA_meth_set_verify.3 +MLINKS+= DSA_new.3 DSA_free.3 +MLINKS+= DSA_set_method.3 DSA_OpenSSL.3 +MLINKS+= DSA_set_method.3 DSA_get_default_method.3 +MLINKS+= DSA_set_method.3 DSA_new_method.3 +MLINKS+= DSA_set_method.3 DSA_set_default_method.3 +MLINKS+= DSA_sign.3 DSA_sign_setup.3 +MLINKS+= DSA_sign.3 DSA_verify.3 +MLINKS+= DSA_size.3 DSA_bits.3 +MLINKS+= DSA_size.3 DSA_security_bits.3 +MLINKS+= DTLS_set_timer_cb.3 DTLS_timer_cb.3 +MLINKS+= DTLSv1_listen.3 SSL_stateless.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_free.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_get0.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_get0_r.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_get0_s.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_SIG_set0.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_do_sign.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_do_sign_ex.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_do_verify.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_sign.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_sign_ex.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_sign_setup.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_size.3 +MLINKS+= ECDSA_SIG_new.3 ECDSA_verify.3 +MLINKS+= ECPKParameters_print.3 ECPKParameters_print_fp.3 +MLINKS+= EC_GFp_simple_method.3 EC_GF2m_simple_method.3 +MLINKS+= EC_GFp_simple_method.3 EC_GFp_mont_method.3 +MLINKS+= EC_GFp_simple_method.3 EC_GFp_nist_method.3 +MLINKS+= EC_GFp_simple_method.3 EC_GFp_nistp224_method.3 +MLINKS+= EC_GFp_simple_method.3 EC_GFp_nistp256_method.3 +MLINKS+= EC_GFp_simple_method.3 EC_GFp_nistp521_method.3 +MLINKS+= EC_GFp_simple_method.3 EC_METHOD_get_field_type.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_check.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_check_discriminant.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_cmp.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_dup.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_cofactor.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_generator.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_order.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get0_seed.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_asn1_flag.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_basis_type.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_cofactor.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_curve_name.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_degree.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_order.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_pentanomial_basis.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_point_conversion_form.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_seed_len.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_get_trinomial_basis.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_method_of.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_order_bits.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_asn1_flag.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_curve_name.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_generator.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_point_conversion_form.3 +MLINKS+= EC_GROUP_copy.3 EC_GROUP_set_seed.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_clear_free.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_free.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_get_curve.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_get_curve_GF2m.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_get_curve_GFp.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_get_ecparameters.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_get_ecpkparameters.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_new_by_curve_name.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_new_curve_GF2m.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_new_curve_GFp.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_new_from_ecparameters.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_new_from_ecpkparameters.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_set_curve.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_set_curve_GF2m.3 +MLINKS+= EC_GROUP_new.3 EC_GROUP_set_curve_GFp.3 +MLINKS+= EC_GROUP_new.3 EC_get_builtin_curves.3 +MLINKS+= EC_KEY_get_enc_flags.3 EC_KEY_set_enc_flags.3 +MLINKS+= EC_KEY_new.3 EC_KEY_check_key.3 +MLINKS+= EC_KEY_new.3 EC_KEY_clear_flags.3 +MLINKS+= EC_KEY_new.3 EC_KEY_copy.3 +MLINKS+= EC_KEY_new.3 EC_KEY_dup.3 +MLINKS+= EC_KEY_new.3 EC_KEY_free.3 +MLINKS+= EC_KEY_new.3 EC_KEY_generate_key.3 +MLINKS+= EC_KEY_new.3 EC_KEY_get0_engine.3 +MLINKS+= EC_KEY_new.3 EC_KEY_get0_group.3 +MLINKS+= EC_KEY_new.3 EC_KEY_get0_private_key.3 +MLINKS+= EC_KEY_new.3 EC_KEY_get0_public_key.3 +MLINKS+= EC_KEY_new.3 EC_KEY_get_conv_form.3 +MLINKS+= EC_KEY_new.3 EC_KEY_get_flags.3 +MLINKS+= EC_KEY_new.3 EC_KEY_get_method.3 +MLINKS+= EC_KEY_new.3 EC_KEY_key2buf.3 +MLINKS+= EC_KEY_new.3 EC_KEY_new_by_curve_name.3 +MLINKS+= EC_KEY_new.3 EC_KEY_oct2key.3 +MLINKS+= EC_KEY_new.3 EC_KEY_oct2priv.3 +MLINKS+= EC_KEY_new.3 EC_KEY_precompute_mult.3 +MLINKS+= EC_KEY_new.3 EC_KEY_priv2buf.3 +MLINKS+= EC_KEY_new.3 EC_KEY_priv2oct.3 +MLINKS+= EC_KEY_new.3 EC_KEY_set_asn1_flag.3 +MLINKS+= EC_KEY_new.3 EC_KEY_set_conv_form.3 +MLINKS+= EC_KEY_new.3 EC_KEY_set_flags.3 +MLINKS+= EC_KEY_new.3 EC_KEY_set_group.3 +MLINKS+= EC_KEY_new.3 EC_KEY_set_method.3 +MLINKS+= EC_KEY_new.3 EC_KEY_set_private_key.3 +MLINKS+= EC_KEY_new.3 EC_KEY_set_public_key.3 +MLINKS+= EC_KEY_new.3 EC_KEY_set_public_key_affine_coordinates.3 +MLINKS+= EC_KEY_new.3 EC_KEY_up_ref.3 +MLINKS+= EC_POINT_add.3 EC_GROUP_have_precompute_mult.3 +MLINKS+= EC_POINT_add.3 EC_GROUP_precompute_mult.3 +MLINKS+= EC_POINT_add.3 EC_POINT_cmp.3 +MLINKS+= EC_POINT_add.3 EC_POINT_dbl.3 +MLINKS+= EC_POINT_add.3 EC_POINT_invert.3 +MLINKS+= EC_POINT_add.3 EC_POINT_is_at_infinity.3 +MLINKS+= EC_POINT_add.3 EC_POINT_is_on_curve.3 +MLINKS+= EC_POINT_add.3 EC_POINT_make_affine.3 +MLINKS+= EC_POINT_add.3 EC_POINT_mul.3 +MLINKS+= EC_POINT_add.3 EC_POINTs_make_affine.3 +MLINKS+= EC_POINT_add.3 EC_POINTs_mul.3 +MLINKS+= EC_POINT_new.3 EC_POINT_bn2point.3 +MLINKS+= EC_POINT_new.3 EC_POINT_clear_free.3 +MLINKS+= EC_POINT_new.3 EC_POINT_copy.3 +MLINKS+= EC_POINT_new.3 EC_POINT_dup.3 +MLINKS+= EC_POINT_new.3 EC_POINT_free.3 +MLINKS+= EC_POINT_new.3 EC_POINT_get_Jprojective_coordinates_GFp.3 +MLINKS+= EC_POINT_new.3 EC_POINT_get_affine_coordinates.3 +MLINKS+= EC_POINT_new.3 EC_POINT_get_affine_coordinates_GF2m.3 +MLINKS+= EC_POINT_new.3 EC_POINT_get_affine_coordinates_GFp.3 +MLINKS+= EC_POINT_new.3 EC_POINT_hex2point.3 +MLINKS+= EC_POINT_new.3 EC_POINT_method_of.3 +MLINKS+= EC_POINT_new.3 EC_POINT_oct2point.3 +MLINKS+= EC_POINT_new.3 EC_POINT_point2bn.3 +MLINKS+= EC_POINT_new.3 EC_POINT_point2buf.3 +MLINKS+= EC_POINT_new.3 EC_POINT_point2hex.3 +MLINKS+= EC_POINT_new.3 EC_POINT_point2oct.3 +MLINKS+= EC_POINT_new.3 EC_POINT_set_Jprojective_coordinates_GFp.3 +MLINKS+= EC_POINT_new.3 EC_POINT_set_affine_coordinates.3 +MLINKS+= EC_POINT_new.3 EC_POINT_set_affine_coordinates_GF2m.3 +MLINKS+= EC_POINT_new.3 EC_POINT_set_affine_coordinates_GFp.3 +MLINKS+= EC_POINT_new.3 EC_POINT_set_compressed_coordinates.3 +MLINKS+= EC_POINT_new.3 EC_POINT_set_compressed_coordinates_GF2m.3 +MLINKS+= EC_POINT_new.3 EC_POINT_set_compressed_coordinates_GFp.3 +MLINKS+= EC_POINT_new.3 EC_POINT_set_to_infinity.3 +MLINKS+= ENGINE_add.3 ENGINE_by_id.3 +MLINKS+= ENGINE_add.3 ENGINE_cleanup.3 +MLINKS+= ENGINE_add.3 ENGINE_cmd_is_executable.3 +MLINKS+= ENGINE_add.3 ENGINE_ctrl.3 +MLINKS+= ENGINE_add.3 ENGINE_ctrl_cmd.3 +MLINKS+= ENGINE_add.3 ENGINE_ctrl_cmd_string.3 +MLINKS+= ENGINE_add.3 ENGINE_finish.3 +MLINKS+= ENGINE_add.3 ENGINE_free.3 +MLINKS+= ENGINE_add.3 ENGINE_get_DH.3 +MLINKS+= ENGINE_add.3 ENGINE_get_DSA.3 +MLINKS+= ENGINE_add.3 ENGINE_get_RAND.3 +MLINKS+= ENGINE_add.3 ENGINE_get_RSA.3 +MLINKS+= ENGINE_add.3 ENGINE_get_cipher.3 +MLINKS+= ENGINE_add.3 ENGINE_get_cipher_engine.3 +MLINKS+= ENGINE_add.3 ENGINE_get_ciphers.3 +MLINKS+= ENGINE_add.3 ENGINE_get_cmd_defns.3 +MLINKS+= ENGINE_add.3 ENGINE_get_ctrl_function.3 +MLINKS+= ENGINE_add.3 ENGINE_get_default_DH.3 +MLINKS+= ENGINE_add.3 ENGINE_get_default_DSA.3 +MLINKS+= ENGINE_add.3 ENGINE_get_default_RAND.3 +MLINKS+= ENGINE_add.3 ENGINE_get_default_RSA.3 +MLINKS+= ENGINE_add.3 ENGINE_get_destroy_function.3 +MLINKS+= ENGINE_add.3 ENGINE_get_digest.3 +MLINKS+= ENGINE_add.3 ENGINE_get_digest_engine.3 +MLINKS+= ENGINE_add.3 ENGINE_get_digests.3 +MLINKS+= ENGINE_add.3 ENGINE_get_finish_function.3 +MLINKS+= ENGINE_add.3 ENGINE_get_first.3 +MLINKS+= ENGINE_add.3 ENGINE_get_flags.3 +MLINKS+= ENGINE_add.3 ENGINE_get_id.3 +MLINKS+= ENGINE_add.3 ENGINE_get_init_function.3 +MLINKS+= ENGINE_add.3 ENGINE_get_last.3 +MLINKS+= ENGINE_add.3 ENGINE_get_load_privkey_function.3 +MLINKS+= ENGINE_add.3 ENGINE_get_load_pubkey_function.3 +MLINKS+= ENGINE_add.3 ENGINE_get_name.3 +MLINKS+= ENGINE_add.3 ENGINE_get_next.3 +MLINKS+= ENGINE_add.3 ENGINE_get_prev.3 +MLINKS+= ENGINE_add.3 ENGINE_get_table_flags.3 +MLINKS+= ENGINE_add.3 ENGINE_init.3 +MLINKS+= ENGINE_add.3 ENGINE_load_builtin_engines.3 +MLINKS+= ENGINE_add.3 ENGINE_load_private_key.3 +MLINKS+= ENGINE_add.3 ENGINE_load_public_key.3 +MLINKS+= ENGINE_add.3 ENGINE_new.3 +MLINKS+= ENGINE_add.3 ENGINE_register_DH.3 +MLINKS+= ENGINE_add.3 ENGINE_register_DSA.3 +MLINKS+= ENGINE_add.3 ENGINE_register_RAND.3 +MLINKS+= ENGINE_add.3 ENGINE_register_RSA.3 +MLINKS+= ENGINE_add.3 ENGINE_register_all_DH.3 +MLINKS+= ENGINE_add.3 ENGINE_register_all_DSA.3 +MLINKS+= ENGINE_add.3 ENGINE_register_all_RAND.3 +MLINKS+= ENGINE_add.3 ENGINE_register_all_RSA.3 +MLINKS+= ENGINE_add.3 ENGINE_register_all_ciphers.3 +MLINKS+= ENGINE_add.3 ENGINE_register_all_complete.3 +MLINKS+= ENGINE_add.3 ENGINE_register_all_digests.3 +MLINKS+= ENGINE_add.3 ENGINE_register_ciphers.3 +MLINKS+= ENGINE_add.3 ENGINE_register_complete.3 +MLINKS+= ENGINE_add.3 ENGINE_register_digests.3 +MLINKS+= ENGINE_add.3 ENGINE_remove.3 +MLINKS+= ENGINE_add.3 ENGINE_set_DH.3 +MLINKS+= ENGINE_add.3 ENGINE_set_DSA.3 +MLINKS+= ENGINE_add.3 ENGINE_set_RAND.3 +MLINKS+= ENGINE_add.3 ENGINE_set_RSA.3 +MLINKS+= ENGINE_add.3 ENGINE_set_ciphers.3 +MLINKS+= ENGINE_add.3 ENGINE_set_cmd_defns.3 +MLINKS+= ENGINE_add.3 ENGINE_set_ctrl_function.3 +MLINKS+= ENGINE_add.3 ENGINE_set_default.3 +MLINKS+= ENGINE_add.3 ENGINE_set_default_DH.3 +MLINKS+= ENGINE_add.3 ENGINE_set_default_DSA.3 +MLINKS+= ENGINE_add.3 ENGINE_set_default_RAND.3 +MLINKS+= ENGINE_add.3 ENGINE_set_default_RSA.3 +MLINKS+= ENGINE_add.3 ENGINE_set_default_ciphers.3 +MLINKS+= ENGINE_add.3 ENGINE_set_default_digests.3 +MLINKS+= ENGINE_add.3 ENGINE_set_default_string.3 +MLINKS+= ENGINE_add.3 ENGINE_set_destroy_function.3 +MLINKS+= ENGINE_add.3 ENGINE_set_digests.3 +MLINKS+= ENGINE_add.3 ENGINE_set_finish_function.3 +MLINKS+= ENGINE_add.3 ENGINE_set_flags.3 +MLINKS+= ENGINE_add.3 ENGINE_set_id.3 +MLINKS+= ENGINE_add.3 ENGINE_set_init_function.3 +MLINKS+= ENGINE_add.3 ENGINE_set_load_privkey_function.3 +MLINKS+= ENGINE_add.3 ENGINE_set_load_pubkey_function.3 +MLINKS+= ENGINE_add.3 ENGINE_set_name.3 +MLINKS+= ENGINE_add.3 ENGINE_set_table_flags.3 +MLINKS+= ENGINE_add.3 ENGINE_unregister_DH.3 +MLINKS+= ENGINE_add.3 ENGINE_unregister_DSA.3 +MLINKS+= ENGINE_add.3 ENGINE_unregister_RAND.3 +MLINKS+= ENGINE_add.3 ENGINE_unregister_RSA.3 +MLINKS+= ENGINE_add.3 ENGINE_unregister_ciphers.3 +MLINKS+= ENGINE_add.3 ENGINE_unregister_digests.3 +MLINKS+= ENGINE_add.3 ENGINE_up_ref.3 +MLINKS+= ERR_GET_LIB.3 ERR_FATAL_ERROR.3 +MLINKS+= ERR_GET_LIB.3 ERR_GET_FUNC.3 +MLINKS+= ERR_GET_LIB.3 ERR_GET_REASON.3 +MLINKS+= ERR_error_string.3 ERR_error_string_n.3 +MLINKS+= ERR_error_string.3 ERR_func_error_string.3 +MLINKS+= ERR_error_string.3 ERR_lib_error_string.3 +MLINKS+= ERR_error_string.3 ERR_reason_error_string.3 +MLINKS+= ERR_get_error.3 ERR_get_error_line.3 +MLINKS+= ERR_get_error.3 ERR_get_error_line_data.3 +MLINKS+= ERR_get_error.3 ERR_peek_error.3 +MLINKS+= ERR_get_error.3 ERR_peek_error_line.3 +MLINKS+= ERR_get_error.3 ERR_peek_error_line_data.3 +MLINKS+= ERR_get_error.3 ERR_peek_last_error.3 +MLINKS+= ERR_get_error.3 ERR_peek_last_error_line.3 +MLINKS+= ERR_get_error.3 ERR_peek_last_error_line_data.3 +MLINKS+= ERR_load_crypto_strings.3 ERR_free_strings.3 +MLINKS+= ERR_load_crypto_strings.3 SSL_load_error_strings.3 +MLINKS+= ERR_load_strings.3 ERR_PACK.3 +MLINKS+= ERR_load_strings.3 ERR_get_next_error_library.3 +MLINKS+= ERR_print_errors.3 ERR_print_errors_cb.3 +MLINKS+= ERR_print_errors.3 ERR_print_errors_fp.3 +MLINKS+= ERR_put_error.3 ERR_add_error_data.3 +MLINKS+= ERR_put_error.3 ERR_add_error_vdata.3 +MLINKS+= ERR_remove_state.3 ERR_remove_thread_state.3 +MLINKS+= ERR_set_mark.3 ERR_pop_to_mark.3 +MLINKS+= EVP_CIPHER_CTX_get_cipher_data.3 EVP_CIPHER_CTX_set_cipher_data.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_dup.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_free.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_cleanup.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_ctrl.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_do_cipher.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_get_asn1_params.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_init.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_get_set_asn1_params.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_cleanup.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_ctrl.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_do_cipher.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_flags.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_get_asn1_params.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_impl_ctx_size.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_init.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_iv_length.3 +MLINKS+= EVP_CIPHER_meth_new.3 EVP_CIPHER_meth_set_set_asn1_params.3 +MLINKS+= EVP_DigestInit.3 EVP_DigestFinal.3 +MLINKS+= EVP_DigestInit.3 EVP_DigestFinalXOF.3 +MLINKS+= EVP_DigestInit.3 EVP_DigestFinal_ex.3 +MLINKS+= EVP_DigestInit.3 EVP_DigestInit_ex.3 +MLINKS+= EVP_DigestInit.3 EVP_DigestUpdate.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_block_size.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_clear_flags.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_copy.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_copy_ex.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_ctrl.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_free.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_md.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_md_data.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_new.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_reset.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_set_flags.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_set_pkey_ctx.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_size.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_test_flags.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_CTX_type.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_block_size.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_pkey_type.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_size.3 +MLINKS+= EVP_DigestInit.3 EVP_MD_type.3 +MLINKS+= EVP_DigestInit.3 EVP_get_digestbyname.3 +MLINKS+= EVP_DigestInit.3 EVP_get_digestbynid.3 +MLINKS+= EVP_DigestInit.3 EVP_get_digestbyobj.3 +MLINKS+= EVP_DigestInit.3 EVP_md_null.3 +MLINKS+= EVP_DigestSignInit.3 EVP_DigestSign.3 +MLINKS+= EVP_DigestSignInit.3 EVP_DigestSignFinal.3 +MLINKS+= EVP_DigestSignInit.3 EVP_DigestSignUpdate.3 +MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerify.3 +MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerifyFinal.3 +MLINKS+= EVP_DigestVerifyInit.3 EVP_DigestVerifyUpdate.3 +MLINKS+= EVP_EncodeInit.3 EVP_DecodeBlock.3 +MLINKS+= EVP_EncodeInit.3 EVP_DecodeFinal.3 +MLINKS+= EVP_EncodeInit.3 EVP_DecodeInit.3 +MLINKS+= EVP_EncodeInit.3 EVP_DecodeUpdate.3 +MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_copy.3 +MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_free.3 +MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_new.3 +MLINKS+= EVP_EncodeInit.3 EVP_ENCODE_CTX_num.3 +MLINKS+= EVP_EncodeInit.3 EVP_EncodeBlock.3 +MLINKS+= EVP_EncodeInit.3 EVP_EncodeFinal.3 +MLINKS+= EVP_EncodeInit.3 EVP_EncodeUpdate.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_block_size.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_cipher.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_ctrl.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_flags.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_free.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_get_app_data.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_iv_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_key_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_mode.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_new.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_nid.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_reset.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_app_data.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_key_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_set_padding.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_CTX_type.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_asn1_to_param.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_block_size.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_flags.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_iv_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_key_length.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_mode.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_nid.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_param_to_asn1.3 +MLINKS+= EVP_EncryptInit.3 EVP_CIPHER_type.3 +MLINKS+= EVP_EncryptInit.3 EVP_CipherFinal.3 +MLINKS+= EVP_EncryptInit.3 EVP_CipherFinal_ex.3 +MLINKS+= EVP_EncryptInit.3 EVP_CipherInit.3 +MLINKS+= EVP_EncryptInit.3 EVP_CipherInit_ex.3 +MLINKS+= EVP_EncryptInit.3 EVP_CipherUpdate.3 +MLINKS+= EVP_EncryptInit.3 EVP_DecryptFinal.3 +MLINKS+= EVP_EncryptInit.3 EVP_DecryptFinal_ex.3 +MLINKS+= EVP_EncryptInit.3 EVP_DecryptInit.3 +MLINKS+= EVP_EncryptInit.3 EVP_DecryptInit_ex.3 +MLINKS+= EVP_EncryptInit.3 EVP_DecryptUpdate.3 +MLINKS+= EVP_EncryptInit.3 EVP_EncryptFinal.3 +MLINKS+= EVP_EncryptInit.3 EVP_EncryptFinal_ex.3 +MLINKS+= EVP_EncryptInit.3 EVP_EncryptInit_ex.3 +MLINKS+= EVP_EncryptInit.3 EVP_EncryptUpdate.3 +MLINKS+= EVP_EncryptInit.3 EVP_enc_null.3 +MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbyname.3 +MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbynid.3 +MLINKS+= EVP_EncryptInit.3 EVP_get_cipherbyobj.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_dup.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_free.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_app_datasize.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_cleanup.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_copy.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_ctrl.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_final.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_flags.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_init.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_input_blocksize.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_result_size.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_get_update.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_app_datasize.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_cleanup.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_copy.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_ctrl.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_final.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_flags.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_init.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_input_blocksize.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_result_size.3 +MLINKS+= EVP_MD_meth_new.3 EVP_MD_meth_set_update.3 +MLINKS+= EVP_OpenInit.3 EVP_OpenFinal.3 +MLINKS+= EVP_OpenInit.3 EVP_OpenUpdate.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_add0.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_add_alias.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_copy.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_free.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_new.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_check.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_ctrl.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_free.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_get_priv_key.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_get_pub_key.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_item.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_param.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_param_check.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_private.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_public.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_public_check.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_security_bits.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_set_priv_key.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_set_pub_key.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_asn1_set_siginf.3 +MLINKS+= EVP_PKEY_ASN1_METHOD.3 EVP_PKEY_get0_asn1.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_ctrl_str.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_ctrl_uint64.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_dh_kdf_oid.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_dh_kdf_ukm.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get0_rsa_oaep_label.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get1_id.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get1_id_len.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_outlen.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_dh_kdf_type.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_cofactor_mode.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_outlen.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_ecdh_kdf_type.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_mgf1_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_oaep_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_padding.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_rsa_pss_saltlen.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_get_signature_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_dh_kdf_oid.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_dh_kdf_ukm.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set0_rsa_oaep_label.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set1_id.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_outlen.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_kdf_type.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_nid.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_pad.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_generator.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_prime_len.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_subprime_len.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_paramgen_type.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dh_rfc5114.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dhx_rfc5114.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_dsa_paramgen_bits.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ec_param_enc.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_cofactor_mode.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_outlen.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_ecdh_kdf_type.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_mac_key.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_bits.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_primes.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_keygen_pubexp.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_mgf1_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_oaep_md.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_padding.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_rsa_pss_saltlen.3 +MLINKS+= EVP_PKEY_CTX_ctrl.3 EVP_PKEY_CTX_set_signature_md.3 +MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_dup.3 +MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_free.3 +MLINKS+= EVP_PKEY_CTX_new.3 EVP_PKEY_CTX_new_id.3 +MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_add1_hkdf_info.3 +MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_hkdf_mode.3 +MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_set1_hkdf_key.3 +MLINKS+= EVP_PKEY_CTX_set_hkdf_md.3 EVP_PKEY_CTX_set1_hkdf_salt.3 +MLINKS+= EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.3 +MLINKS+= EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen.3 +MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set1_scrypt_salt.3 +MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set_scrypt_maxmem_bytes.3 +MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set_scrypt_p.3 +MLINKS+= EVP_PKEY_CTX_set_scrypt_N.3 EVP_PKEY_CTX_set_scrypt_r.3 +MLINKS+= EVP_PKEY_CTX_set_tls1_prf_md.3 EVP_PKEY_CTX_add1_tls1_prf_seed.3 +MLINKS+= EVP_PKEY_CTX_set_tls1_prf_md.3 EVP_PKEY_CTX_set1_tls1_prf_secret.3 +MLINKS+= EVP_PKEY_asn1_get_count.3 EVP_PKEY_asn1_find.3 +MLINKS+= EVP_PKEY_asn1_get_count.3 EVP_PKEY_asn1_find_str.3 +MLINKS+= EVP_PKEY_asn1_get_count.3 EVP_PKEY_asn1_get0.3 +MLINKS+= EVP_PKEY_asn1_get_count.3 EVP_PKEY_asn1_get0_info.3 +MLINKS+= EVP_PKEY_cmp.3 EVP_PKEY_cmp_parameters.3 +MLINKS+= EVP_PKEY_cmp.3 EVP_PKEY_copy_parameters.3 +MLINKS+= EVP_PKEY_cmp.3 EVP_PKEY_missing_parameters.3 +MLINKS+= EVP_PKEY_decrypt.3 EVP_PKEY_decrypt_init.3 +MLINKS+= EVP_PKEY_derive.3 EVP_PKEY_derive_init.3 +MLINKS+= EVP_PKEY_derive.3 EVP_PKEY_derive_set_peer.3 +MLINKS+= EVP_PKEY_encrypt.3 EVP_PKEY_encrypt_init.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_app_data.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_cb.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_get_keygen_info.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_set_app_data.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_CTX_set_cb.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_check.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_gen_cb.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_keygen_init.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_param_check.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_paramgen.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_paramgen_init.3 +MLINKS+= EVP_PKEY_keygen.3 EVP_PKEY_public_check.3 +MLINKS+= EVP_PKEY_meth_get_count.3 EVP_PKEY_meth_get0.3 +MLINKS+= EVP_PKEY_meth_get_count.3 EVP_PKEY_meth_get0_info.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_METHOD.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_add0.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_copy.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_find.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_free.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_check.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_cleanup.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_copy.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_ctrl.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_decrypt.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_derive.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_digest_custom.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_encrypt.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_init.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_keygen.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_param_check.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_paramgen.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_public_check.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_sign.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_signctx.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_verify.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_verify_recover.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_get_verifyctx.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_remove.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_check.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_cleanup.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_copy.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_ctrl.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_decrypt.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_derive.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_digest_custom.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_encrypt.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_init.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_keygen.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_param_check.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_paramgen.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_public_check.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_sign.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_signctx.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_verify.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_verify_recover.3 +MLINKS+= EVP_PKEY_meth_new.3 EVP_PKEY_meth_set_verifyctx.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_free.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_get_raw_private_key.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_get_raw_public_key.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_CMAC_key.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_mac_key.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_raw_private_key.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_new_raw_public_key.3 +MLINKS+= EVP_PKEY_new.3 EVP_PKEY_up_ref.3 +MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_params.3 +MLINKS+= EVP_PKEY_print_private.3 EVP_PKEY_print_public.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DH.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_DSA.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_EC_KEY.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_POLY1305.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_RSA.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_assign_SIPHASH.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_base_id.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_DH.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_DSA.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_EC_KEY.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_RSA.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_engine.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_hmac.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_poly1305.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get0_siphash.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DH.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_DSA.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_EC_KEY.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_get1_RSA.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_id.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_DH.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_DSA.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_EC_KEY.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set1_engine.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_set_alias_type.3 +MLINKS+= EVP_PKEY_set1_RSA.3 EVP_PKEY_type.3 +MLINKS+= EVP_PKEY_sign.3 EVP_PKEY_sign_init.3 +MLINKS+= EVP_PKEY_verify.3 EVP_PKEY_verify_init.3 +MLINKS+= EVP_PKEY_verify_recover.3 EVP_PKEY_verify_recover_init.3 +MLINKS+= EVP_SealInit.3 EVP_SealFinal.3 +MLINKS+= EVP_SealInit.3 EVP_SealUpdate.3 +MLINKS+= EVP_SignInit.3 EVP_PKEY_security_bits.3 +MLINKS+= EVP_SignInit.3 EVP_PKEY_size.3 +MLINKS+= EVP_SignInit.3 EVP_SignFinal.3 +MLINKS+= EVP_SignInit.3 EVP_SignInit_ex.3 +MLINKS+= EVP_SignInit.3 EVP_SignUpdate.3 +MLINKS+= EVP_VerifyInit.3 EVP_VerifyFinal.3 +MLINKS+= EVP_VerifyInit.3 EVP_VerifyInit_ex.3 +MLINKS+= EVP_VerifyInit.3 EVP_VerifyUpdate.3 +MLINKS+= EVP_aes.3 EVP_aes_128_cbc.3 +MLINKS+= EVP_aes.3 EVP_aes_128_cbc_hmac_sha1.3 +MLINKS+= EVP_aes.3 EVP_aes_128_cbc_hmac_sha256.3 +MLINKS+= EVP_aes.3 EVP_aes_128_ccm.3 +MLINKS+= EVP_aes.3 EVP_aes_128_cfb.3 +MLINKS+= EVP_aes.3 EVP_aes_128_cfb1.3 +MLINKS+= EVP_aes.3 EVP_aes_128_cfb128.3 +MLINKS+= EVP_aes.3 EVP_aes_128_cfb8.3 +MLINKS+= EVP_aes.3 EVP_aes_128_ctr.3 +MLINKS+= EVP_aes.3 EVP_aes_128_ecb.3 +MLINKS+= EVP_aes.3 EVP_aes_128_gcm.3 +MLINKS+= EVP_aes.3 EVP_aes_128_ocb.3 +MLINKS+= EVP_aes.3 EVP_aes_128_ofb.3 +MLINKS+= EVP_aes.3 EVP_aes_128_wrap.3 +MLINKS+= EVP_aes.3 EVP_aes_128_wrap_pad.3 +MLINKS+= EVP_aes.3 EVP_aes_128_xts.3 +MLINKS+= EVP_aes.3 EVP_aes_192_cbc.3 +MLINKS+= EVP_aes.3 EVP_aes_192_ccm.3 +MLINKS+= EVP_aes.3 EVP_aes_192_cfb.3 +MLINKS+= EVP_aes.3 EVP_aes_192_cfb1.3 +MLINKS+= EVP_aes.3 EVP_aes_192_cfb128.3 +MLINKS+= EVP_aes.3 EVP_aes_192_cfb8.3 +MLINKS+= EVP_aes.3 EVP_aes_192_ctr.3 +MLINKS+= EVP_aes.3 EVP_aes_192_ecb.3 +MLINKS+= EVP_aes.3 EVP_aes_192_gcm.3 +MLINKS+= EVP_aes.3 EVP_aes_192_ocb.3 +MLINKS+= EVP_aes.3 EVP_aes_192_ofb.3 +MLINKS+= EVP_aes.3 EVP_aes_192_wrap.3 +MLINKS+= EVP_aes.3 EVP_aes_192_wrap_pad.3 +MLINKS+= EVP_aes.3 EVP_aes_256_cbc.3 +MLINKS+= EVP_aes.3 EVP_aes_256_cbc_hmac_sha1.3 +MLINKS+= EVP_aes.3 EVP_aes_256_cbc_hmac_sha256.3 +MLINKS+= EVP_aes.3 EVP_aes_256_ccm.3 +MLINKS+= EVP_aes.3 EVP_aes_256_cfb.3 +MLINKS+= EVP_aes.3 EVP_aes_256_cfb1.3 +MLINKS+= EVP_aes.3 EVP_aes_256_cfb128.3 +MLINKS+= EVP_aes.3 EVP_aes_256_cfb8.3 +MLINKS+= EVP_aes.3 EVP_aes_256_ctr.3 +MLINKS+= EVP_aes.3 EVP_aes_256_ecb.3 +MLINKS+= EVP_aes.3 EVP_aes_256_gcm.3 +MLINKS+= EVP_aes.3 EVP_aes_256_ocb.3 +MLINKS+= EVP_aes.3 EVP_aes_256_ofb.3 +MLINKS+= EVP_aes.3 EVP_aes_256_wrap.3 +MLINKS+= EVP_aes.3 EVP_aes_256_wrap_pad.3 +MLINKS+= EVP_aes.3 EVP_aes_256_xts.3 +MLINKS+= EVP_aria.3 EVP_aria_128_cbc.3 +MLINKS+= EVP_aria.3 EVP_aria_128_ccm.3 +MLINKS+= EVP_aria.3 EVP_aria_128_cfb.3 +MLINKS+= EVP_aria.3 EVP_aria_128_cfb1.3 +MLINKS+= EVP_aria.3 EVP_aria_128_cfb128.3 +MLINKS+= EVP_aria.3 EVP_aria_128_cfb8.3 +MLINKS+= EVP_aria.3 EVP_aria_128_ctr.3 +MLINKS+= EVP_aria.3 EVP_aria_128_ecb.3 +MLINKS+= EVP_aria.3 EVP_aria_128_gcm.3 +MLINKS+= EVP_aria.3 EVP_aria_128_ofb.3 +MLINKS+= EVP_aria.3 EVP_aria_192_cbc.3 +MLINKS+= EVP_aria.3 EVP_aria_192_ccm.3 +MLINKS+= EVP_aria.3 EVP_aria_192_cfb.3 +MLINKS+= EVP_aria.3 EVP_aria_192_cfb1.3 +MLINKS+= EVP_aria.3 EVP_aria_192_cfb128.3 +MLINKS+= EVP_aria.3 EVP_aria_192_cfb8.3 +MLINKS+= EVP_aria.3 EVP_aria_192_ctr.3 +MLINKS+= EVP_aria.3 EVP_aria_192_ecb.3 +MLINKS+= EVP_aria.3 EVP_aria_192_gcm.3 +MLINKS+= EVP_aria.3 EVP_aria_192_ofb.3 +MLINKS+= EVP_aria.3 EVP_aria_256_cbc.3 +MLINKS+= EVP_aria.3 EVP_aria_256_ccm.3 +MLINKS+= EVP_aria.3 EVP_aria_256_cfb.3 +MLINKS+= EVP_aria.3 EVP_aria_256_cfb1.3 +MLINKS+= EVP_aria.3 EVP_aria_256_cfb128.3 +MLINKS+= EVP_aria.3 EVP_aria_256_cfb8.3 +MLINKS+= EVP_aria.3 EVP_aria_256_ctr.3 +MLINKS+= EVP_aria.3 EVP_aria_256_ecb.3 +MLINKS+= EVP_aria.3 EVP_aria_256_gcm.3 +MLINKS+= EVP_aria.3 EVP_aria_256_ofb.3 +MLINKS+= EVP_bf_cbc.3 EVP_bf_cfb.3 +MLINKS+= EVP_bf_cbc.3 EVP_bf_cfb64.3 +MLINKS+= EVP_bf_cbc.3 EVP_bf_ecb.3 +MLINKS+= EVP_bf_cbc.3 EVP_bf_ofb.3 +MLINKS+= EVP_blake2b512.3 EVP_blake2s256.3 +MLINKS+= EVP_camellia.3 EVP_camellia_128_cbc.3 +MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb.3 +MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb1.3 +MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb128.3 +MLINKS+= EVP_camellia.3 EVP_camellia_128_cfb8.3 +MLINKS+= EVP_camellia.3 EVP_camellia_128_ctr.3 +MLINKS+= EVP_camellia.3 EVP_camellia_128_ecb.3 +MLINKS+= EVP_camellia.3 EVP_camellia_128_ofb.3 +MLINKS+= EVP_camellia.3 EVP_camellia_192_cbc.3 +MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb.3 +MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb1.3 +MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb128.3 +MLINKS+= EVP_camellia.3 EVP_camellia_192_cfb8.3 +MLINKS+= EVP_camellia.3 EVP_camellia_192_ctr.3 +MLINKS+= EVP_camellia.3 EVP_camellia_192_ecb.3 +MLINKS+= EVP_camellia.3 EVP_camellia_192_ofb.3 +MLINKS+= EVP_camellia.3 EVP_camellia_256_cbc.3 +MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb.3 +MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb1.3 +MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb128.3 +MLINKS+= EVP_camellia.3 EVP_camellia_256_cfb8.3 +MLINKS+= EVP_camellia.3 EVP_camellia_256_ctr.3 +MLINKS+= EVP_camellia.3 EVP_camellia_256_ecb.3 +MLINKS+= EVP_camellia.3 EVP_camellia_256_ofb.3 +MLINKS+= EVP_cast5_cbc.3 EVP_cast5_cfb.3 +MLINKS+= EVP_cast5_cbc.3 EVP_cast5_cfb64.3 +MLINKS+= EVP_cast5_cbc.3 EVP_cast5_ecb.3 +MLINKS+= EVP_cast5_cbc.3 EVP_cast5_ofb.3 +MLINKS+= EVP_chacha20.3 EVP_chacha20_poly1305.3 +MLINKS+= EVP_des.3 EVP_des_cbc.3 +MLINKS+= EVP_des.3 EVP_des_cfb.3 +MLINKS+= EVP_des.3 EVP_des_cfb1.3 +MLINKS+= EVP_des.3 EVP_des_cfb64.3 +MLINKS+= EVP_des.3 EVP_des_cfb8.3 +MLINKS+= EVP_des.3 EVP_des_ecb.3 +MLINKS+= EVP_des.3 EVP_des_ede.3 +MLINKS+= EVP_des.3 EVP_des_ede3.3 +MLINKS+= EVP_des.3 EVP_des_ede3_cbc.3 +MLINKS+= EVP_des.3 EVP_des_ede3_cfb.3 +MLINKS+= EVP_des.3 EVP_des_ede3_cfb1.3 +MLINKS+= EVP_des.3 EVP_des_ede3_cfb64.3 +MLINKS+= EVP_des.3 EVP_des_ede3_cfb8.3 +MLINKS+= EVP_des.3 EVP_des_ede3_ecb.3 +MLINKS+= EVP_des.3 EVP_des_ede3_ofb.3 +MLINKS+= EVP_des.3 EVP_des_ede3_wrap.3 +MLINKS+= EVP_des.3 EVP_des_ede_cbc.3 +MLINKS+= EVP_des.3 EVP_des_ede_cfb.3 +MLINKS+= EVP_des.3 EVP_des_ede_cfb64.3 +MLINKS+= EVP_des.3 EVP_des_ede_ecb.3 +MLINKS+= EVP_des.3 EVP_des_ede_ofb.3 +MLINKS+= EVP_des.3 EVP_des_ofb.3 +MLINKS+= EVP_idea_cbc.3 EVP_idea_cfb.3 +MLINKS+= EVP_idea_cbc.3 EVP_idea_cfb64.3 +MLINKS+= EVP_idea_cbc.3 EVP_idea_ecb.3 +MLINKS+= EVP_idea_cbc.3 EVP_idea_ofb.3 +MLINKS+= EVP_md5.3 EVP_md5_sha1.3 +MLINKS+= EVP_rc2_cbc.3 EVP_rc2_40_cbc.3 +MLINKS+= EVP_rc2_cbc.3 EVP_rc2_64_cbc.3 +MLINKS+= EVP_rc2_cbc.3 EVP_rc2_cfb.3 +MLINKS+= EVP_rc2_cbc.3 EVP_rc2_cfb64.3 +MLINKS+= EVP_rc2_cbc.3 EVP_rc2_ecb.3 +MLINKS+= EVP_rc2_cbc.3 EVP_rc2_ofb.3 +MLINKS+= EVP_rc4.3 EVP_rc4_40.3 +MLINKS+= EVP_rc4.3 EVP_rc4_hmac_md5.3 +MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_cfb.3 +MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_cfb64.3 +MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_ecb.3 +MLINKS+= EVP_rc5_32_12_16_cbc.3 EVP_rc5_32_12_16_ofb.3 +MLINKS+= EVP_seed_cbc.3 EVP_seed_cfb.3 +MLINKS+= EVP_seed_cbc.3 EVP_seed_cfb128.3 +MLINKS+= EVP_seed_cbc.3 EVP_seed_ecb.3 +MLINKS+= EVP_seed_cbc.3 EVP_seed_ofb.3 +MLINKS+= EVP_sha224.3 EVP_sha256.3 +MLINKS+= EVP_sha224.3 EVP_sha384.3 +MLINKS+= EVP_sha224.3 EVP_sha512.3 +MLINKS+= EVP_sha224.3 EVP_sha512_224.3 +MLINKS+= EVP_sha224.3 EVP_sha512_256.3 +MLINKS+= EVP_sha3_224.3 EVP_sha3_256.3 +MLINKS+= EVP_sha3_224.3 EVP_sha3_384.3 +MLINKS+= EVP_sha3_224.3 EVP_sha3_512.3 +MLINKS+= EVP_sha3_224.3 EVP_shake128.3 +MLINKS+= EVP_sha3_224.3 EVP_shake256.3 +MLINKS+= EVP_sm4_cbc.3 EVP_sm4_cfb.3 +MLINKS+= EVP_sm4_cbc.3 EVP_sm4_cfb128.3 +MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ctr.3 +MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ecb.3 +MLINKS+= EVP_sm4_cbc.3 EVP_sm4_ofb.3 +MLINKS+= HMAC.3 HMAC_CTX_copy.3 +MLINKS+= HMAC.3 HMAC_CTX_free.3 +MLINKS+= HMAC.3 HMAC_CTX_get_md.3 +MLINKS+= HMAC.3 HMAC_CTX_new.3 +MLINKS+= HMAC.3 HMAC_CTX_reset.3 +MLINKS+= HMAC.3 HMAC_CTX_set_flags.3 +MLINKS+= HMAC.3 HMAC_Final.3 +MLINKS+= HMAC.3 HMAC_Init.3 +MLINKS+= HMAC.3 HMAC_Init_ex.3 +MLINKS+= HMAC.3 HMAC_Update.3 +MLINKS+= HMAC.3 HMAC_size.3 +MLINKS+= MD5.3 MD2.3 +MLINKS+= MD5.3 MD2_Final.3 +MLINKS+= MD5.3 MD2_Init.3 +MLINKS+= MD5.3 MD2_Update.3 +MLINKS+= MD5.3 MD4.3 +MLINKS+= MD5.3 MD4_Final.3 +MLINKS+= MD5.3 MD4_Init.3 +MLINKS+= MD5.3 MD4_Update.3 +MLINKS+= MD5.3 MD5_Final.3 +MLINKS+= MD5.3 MD5_Init.3 +MLINKS+= MD5.3 MD5_Update.3 +MLINKS+= MDC2_Init.3 MDC2.3 +MLINKS+= MDC2_Init.3 MDC2_Final.3 +MLINKS+= MDC2_Init.3 MDC2_Update.3 +MLINKS+= OBJ_nid2obj.3 OBJ_cleanup.3 +MLINKS+= OBJ_nid2obj.3 OBJ_cmp.3 +MLINKS+= OBJ_nid2obj.3 OBJ_create.3 +MLINKS+= OBJ_nid2obj.3 OBJ_dup.3 +MLINKS+= OBJ_nid2obj.3 OBJ_get0_data.3 +MLINKS+= OBJ_nid2obj.3 OBJ_length.3 +MLINKS+= OBJ_nid2obj.3 OBJ_ln2nid.3 +MLINKS+= OBJ_nid2obj.3 OBJ_nid2ln.3 +MLINKS+= OBJ_nid2obj.3 OBJ_nid2sn.3 +MLINKS+= OBJ_nid2obj.3 OBJ_obj2nid.3 +MLINKS+= OBJ_nid2obj.3 OBJ_obj2txt.3 +MLINKS+= OBJ_nid2obj.3 OBJ_sn2nid.3 +MLINKS+= OBJ_nid2obj.3 OBJ_txt2nid.3 +MLINKS+= OBJ_nid2obj.3 OBJ_txt2obj.3 +MLINKS+= OBJ_nid2obj.3 i2t_ASN1_OBJECT.3 +MLINKS+= OCSP_REQUEST_new.3 OCSP_REQUEST_free.3 +MLINKS+= OCSP_REQUEST_new.3 OCSP_request_add0_id.3 +MLINKS+= OCSP_REQUEST_new.3 OCSP_request_add1_cert.3 +MLINKS+= OCSP_REQUEST_new.3 OCSP_request_onereq_count.3 +MLINKS+= OCSP_REQUEST_new.3 OCSP_request_onereq_get0.3 +MLINKS+= OCSP_REQUEST_new.3 OCSP_request_sign.3 +MLINKS+= OCSP_cert_to_id.3 OCSP_CERTID_free.3 +MLINKS+= OCSP_cert_to_id.3 OCSP_cert_id_new.3 +MLINKS+= OCSP_cert_to_id.3 OCSP_id_cmp.3 +MLINKS+= OCSP_cert_to_id.3 OCSP_id_get0_info.3 +MLINKS+= OCSP_cert_to_id.3 OCSP_id_issuer_cmp.3 +MLINKS+= OCSP_request_add1_nonce.3 OCSP_basic_add1_nonce.3 +MLINKS+= OCSP_request_add1_nonce.3 OCSP_check_nonce.3 +MLINKS+= OCSP_request_add1_nonce.3 OCSP_copy_nonce.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_basic_verify.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_check_validity.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_resp_count.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_resp_find.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_certs.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_id.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_produced_at.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_respdata.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_signature.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_signer.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get0_tbs_sigalg.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_resp_get1_id.3 +MLINKS+= OCSP_resp_find_status.3 OCSP_single_get0_status.3 +MLINKS+= OCSP_response_status.3 OCSP_RESPID_match.3 +MLINKS+= OCSP_response_status.3 OCSP_RESPID_set_by_key.3 +MLINKS+= OCSP_response_status.3 OCSP_RESPID_set_by_name.3 +MLINKS+= OCSP_response_status.3 OCSP_RESPONSE_free.3 +MLINKS+= OCSP_response_status.3 OCSP_basic_sign.3 +MLINKS+= OCSP_response_status.3 OCSP_basic_sign_ctx.3 +MLINKS+= OCSP_response_status.3 OCSP_response_create.3 +MLINKS+= OCSP_response_status.3 OCSP_response_get1_basic.3 +MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_add1_header.3 +MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_free.3 +MLINKS+= OCSP_sendreq_new.3 OCSP_REQ_CTX_set1_req.3 +MLINKS+= OCSP_sendreq_new.3 OCSP_sendreq_bio.3 +MLINKS+= OCSP_sendreq_new.3 OCSP_sendreq_nbio.3 +MLINKS+= OCSP_sendreq_new.3 OCSP_set_max_response_length.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 DECLARE_LHASH_OF.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 IMPLEMENT_LHASH_COMP_FN.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 IMPLEMENT_LHASH_HASH_FN.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 LHASH.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 LHASH_DOALL_ARG_FN_TYPE.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_DOALL_FUNC.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 OPENSSL_LH_HASHFUNC.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_delete.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_doall.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_doall_arg.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_error.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_free.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_insert.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_new.3 +MLINKS+= OPENSSL_LH_COMPFUNC.3 lh_TYPE_retrieve.3 +MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_stats.3 +MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_stats_bio.3 +MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_usage_stats.3 +MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_node_usage_stats_bio.3 +MLINKS+= OPENSSL_LH_stats.3 OPENSSL_LH_stats_bio.3 +MLINKS+= OPENSSL_VERSION_NUMBER.3 OPENSSL_VERSION_TEXT.3 +MLINKS+= OPENSSL_VERSION_NUMBER.3 OpenSSL_version.3 +MLINKS+= OPENSSL_VERSION_NUMBER.3 OpenSSL_version_num.3 +MLINKS+= OPENSSL_config.3 OPENSSL_no_config.3 +MLINKS+= OPENSSL_fork_prepare.3 OPENSSL_fork_child.3 +MLINKS+= OPENSSL_fork_prepare.3 OPENSSL_fork_parent.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_free.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_new.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_appname.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_file_flags.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_INIT_set_config_filename.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_atexit.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_cleanup.3 +MLINKS+= OPENSSL_init_crypto.3 OPENSSL_thread_stop.3 +MLINKS+= OPENSSL_instrument_bus.3 OPENSSL_instrument_bus2.3 +MLINKS+= OPENSSL_load_builtin_modules.3 ASN1_add_oid_module.3 +MLINKS+= OPENSSL_load_builtin_modules.3 ENGINE_add_conf_module.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_clear_free.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_clear_realloc.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_free.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_get_alloc_counts.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_get_mem_functions.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_malloc.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_ctrl.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_debug_pop.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_debug_push.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_leaks.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_leaks_cb.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_mem_leaks_fp.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_realloc.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_set_mem_debug.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_set_mem_functions.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_strdup.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_strndup.3 +MLINKS+= OPENSSL_malloc.3 CRYPTO_zalloc.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_MALLOC_FAILURES.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_MALLOC_FD.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_buf2hexstr.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_cleanse.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_clear_free.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_clear_realloc.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_free.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_hexchar2int.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_hexstr2buf.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_malloc_init.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_mem_debug_pop.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_mem_debug_push.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_memdup.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_realloc.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_strdup.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_strlcat.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_strlcpy.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_strndup.3 +MLINKS+= OPENSSL_malloc.3 OPENSSL_zalloc.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_clear_free.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_free.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc_done.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc_init.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_malloc_initialized.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_used.3 +MLINKS+= OPENSSL_secure_malloc.3 CRYPTO_secure_zalloc.3 +MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_actual_size.3 +MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_clear_free.3 +MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_free.3 +MLINKS+= OPENSSL_secure_malloc.3 OPENSSL_secure_zalloc.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_free.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_CERT.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_CRL.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_NAME.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_NAME_description.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_PARAMS.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get0_PKEY.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_CERT.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_CRL.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_NAME.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_NAME_description.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_PARAMS.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get1_PKEY.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_get_type.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_CERT.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_CRL.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_NAME.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_PARAMS.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_new_PKEY.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_set0_NAME_description.3 +MLINKS+= OSSL_STORE_INFO.3 OSSL_STORE_INFO_type_string.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_CTX.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_free.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_get0_engine.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_get0_scheme.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_new.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_close.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_ctrl.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_eof.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_error.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_expect.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_find.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_load.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_LOADER_set_open.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_close_fn.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_ctrl_fn.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_eof_fn.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_error_fn.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_expect_fn.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_find_fn.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_load_fn.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_open_fn.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_register_loader.3 +MLINKS+= OSSL_STORE_LOADER.3 OSSL_STORE_unregister_loader.3 +MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_by_alias.3 +MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_by_issuer_serial.3 +MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_by_key_fingerprint.3 +MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_by_name.3 +MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_free.3 +MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_bytes.3 +MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_digest.3 +MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_name.3 +MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_serial.3 +MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get0_string.3 +MLINKS+= OSSL_STORE_SEARCH.3 OSSL_STORE_SEARCH_get_type.3 +MLINKS+= OSSL_STORE_expect.3 OSSL_STORE_find.3 +MLINKS+= OSSL_STORE_expect.3 OSSL_STORE_supports_search.3 +MLINKS+= OSSL_STORE_open.3 OSSL_STORE_CTX.3 +MLINKS+= OSSL_STORE_open.3 OSSL_STORE_close.3 +MLINKS+= OSSL_STORE_open.3 OSSL_STORE_ctrl.3 +MLINKS+= OSSL_STORE_open.3 OSSL_STORE_eof.3 +MLINKS+= OSSL_STORE_open.3 OSSL_STORE_error.3 +MLINKS+= OSSL_STORE_open.3 OSSL_STORE_load.3 +MLINKS+= OSSL_STORE_open.3 OSSL_STORE_post_process_info_fn.3 +MLINKS+= OpenSSL_add_all_algorithms.3 EVP_cleanup.3 +MLINKS+= OpenSSL_add_all_algorithms.3 OpenSSL_add_all_ciphers.3 +MLINKS+= OpenSSL_add_all_algorithms.3 OpenSSL_add_all_digests.3 +MLINKS+= PEM_bytes_read_bio.3 PEM_bytes_read_bio_secmem.3 +MLINKS+= PEM_read.3 PEM_do_header.3 +MLINKS+= PEM_read.3 PEM_get_EVP_CIPHER_INFO.3 +MLINKS+= PEM_read.3 PEM_read_bio.3 +MLINKS+= PEM_read.3 PEM_write.3 +MLINKS+= PEM_read.3 PEM_write_bio.3 +MLINKS+= PEM_read_CMS.3 DECLARE_PEM_rw.3 +MLINKS+= PEM_read_CMS.3 PEM_read_ECPKParameters.3 +MLINKS+= PEM_read_CMS.3 PEM_read_ECPrivateKey.3 +MLINKS+= PEM_read_CMS.3 PEM_read_EC_PUBKEY.3 +MLINKS+= PEM_read_CMS.3 PEM_read_NETSCAPE_CERT_SEQUENCE.3 +MLINKS+= PEM_read_CMS.3 PEM_read_PKCS8.3 +MLINKS+= PEM_read_CMS.3 PEM_read_PKCS8_PRIV_KEY_INFO.3 +MLINKS+= PEM_read_CMS.3 PEM_read_SSL_SESSION.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_CMS.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_ECPKParameters.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_EC_PUBKEY.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_PKCS8.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_PKCS8_PRIV_KEY_INFO.3 +MLINKS+= PEM_read_CMS.3 PEM_read_bio_SSL_SESSION.3 +MLINKS+= PEM_read_CMS.3 PEM_write_CMS.3 +MLINKS+= PEM_read_CMS.3 PEM_write_DHxparams.3 +MLINKS+= PEM_read_CMS.3 PEM_write_ECPKParameters.3 +MLINKS+= PEM_read_CMS.3 PEM_write_ECPrivateKey.3 +MLINKS+= PEM_read_CMS.3 PEM_write_EC_PUBKEY.3 +MLINKS+= PEM_read_CMS.3 PEM_write_NETSCAPE_CERT_SEQUENCE.3 +MLINKS+= PEM_read_CMS.3 PEM_write_PKCS8.3 +MLINKS+= PEM_read_CMS.3 PEM_write_PKCS8_PRIV_KEY_INFO.3 +MLINKS+= PEM_read_CMS.3 PEM_write_SSL_SESSION.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_CMS.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_DHxparams.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_ECPKParameters.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_ECPrivateKey.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_EC_PUBKEY.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_PKCS8.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_PKCS8_PRIV_KEY_INFO.3 +MLINKS+= PEM_read_CMS.3 PEM_write_bio_SSL_SESSION.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DHparams.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DSAPrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DSA_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_DSAparams.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_PKCS7.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_PrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_RSAPrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_RSAPublicKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_RSA_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_X509.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_X509_AUX.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_X509_CRL.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_X509_REQ.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_DHparams.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_DSAPrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_DSA_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_DSAparams.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_PKCS7.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_RSAPrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_RSAPublicKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_RSA_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_X509.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_X509_AUX.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_X509_CRL.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_read_bio_X509_REQ.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_DHparams.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_DSAPrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_DSA_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_DSAparams.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PKCS7.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PKCS8PrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PKCS8PrivateKey_nid.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_PrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_RSAPrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_RSAPublicKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_RSA_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509_AUX.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509_CRL.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509_REQ.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_X509_REQ_NEW.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_DHparams.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_DSAPrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_DSA_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_DSAparams.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS7.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS8PrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PKCS8PrivateKey_nid.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_PrivateKey_traditional.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_RSAPrivateKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_RSAPublicKey.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_RSA_PUBKEY.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_AUX.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_CRL.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ.3 +MLINKS+= PEM_read_bio_PrivateKey.3 PEM_write_bio_X509_REQ_NEW.3 +MLINKS+= PEM_read_bio_PrivateKey.3 pem_password_cb.3 +MLINKS+= PEM_read_bio_ex.3 PEM_FLAG_EAY_COMPATIBLE.3 +MLINKS+= PEM_read_bio_ex.3 PEM_FLAG_ONLY_B64.3 +MLINKS+= PEM_read_bio_ex.3 PEM_FLAG_SECURE.3 +MLINKS+= PKCS5_PBKDF2_HMAC.3 PKCS5_PBKDF2_HMAC_SHA1.3 +MLINKS+= PKCS7_verify.3 PKCS7_get0_signers.3 +MLINKS+= RAND_DRBG_generate.3 RAND_DRBG_bytes.3 +MLINKS+= RAND_DRBG_get0_master.3 RAND_DRBG_get0_private.3 +MLINKS+= RAND_DRBG_get0_master.3 RAND_DRBG_get0_public.3 +MLINKS+= RAND_DRBG_new.3 RAND_DRBG_free.3 +MLINKS+= RAND_DRBG_new.3 RAND_DRBG_instantiate.3 +MLINKS+= RAND_DRBG_new.3 RAND_DRBG_secure_new.3 +MLINKS+= RAND_DRBG_new.3 RAND_DRBG_set.3 +MLINKS+= RAND_DRBG_new.3 RAND_DRBG_set_defaults.3 +MLINKS+= RAND_DRBG_new.3 RAND_DRBG_uninstantiate.3 +MLINKS+= RAND_DRBG_reseed.3 RAND_DRBG_set_reseed_defaults.3 +MLINKS+= RAND_DRBG_reseed.3 RAND_DRBG_set_reseed_interval.3 +MLINKS+= RAND_DRBG_reseed.3 RAND_DRBG_set_reseed_time_interval.3 +MLINKS+= RAND_DRBG_set_callbacks.3 RAND_DRBG_cleanup_entropy_fn.3 +MLINKS+= RAND_DRBG_set_callbacks.3 RAND_DRBG_cleanup_nonce_fn.3 +MLINKS+= RAND_DRBG_set_callbacks.3 RAND_DRBG_get_entropy_fn.3 +MLINKS+= RAND_DRBG_set_callbacks.3 RAND_DRBG_get_nonce_fn.3 +MLINKS+= RAND_DRBG_set_ex_data.3 RAND_DRBG_get_ex_data.3 +MLINKS+= RAND_DRBG_set_ex_data.3 RAND_DRBG_get_ex_new_index.3 +MLINKS+= RAND_add.3 RAND_event.3 +MLINKS+= RAND_add.3 RAND_keep_random_devices_open.3 +MLINKS+= RAND_add.3 RAND_poll.3 +MLINKS+= RAND_add.3 RAND_screen.3 +MLINKS+= RAND_add.3 RAND_seed.3 +MLINKS+= RAND_add.3 RAND_status.3 +MLINKS+= RAND_bytes.3 RAND_priv_bytes.3 +MLINKS+= RAND_bytes.3 RAND_pseudo_bytes.3 +MLINKS+= RAND_egd.3 RAND_egd_bytes.3 +MLINKS+= RAND_egd.3 RAND_query_egd_bytes.3 +MLINKS+= RAND_load_file.3 RAND_file_name.3 +MLINKS+= RAND_load_file.3 RAND_write_file.3 +MLINKS+= RAND_set_rand_method.3 RAND_OpenSSL.3 +MLINKS+= RAND_set_rand_method.3 RAND_get_rand_method.3 +MLINKS+= RC4_set_key.3 RC4.3 +MLINKS+= RIPEMD160_Init.3 RIPEMD160.3 +MLINKS+= RIPEMD160_Init.3 RIPEMD160_Final.3 +MLINKS+= RIPEMD160_Init.3 RIPEMD160_Update.3 +MLINKS+= RSA_blinding_on.3 RSA_blinding_off.3 +MLINKS+= RSA_check_key.3 RSA_check_key_ex.3 +MLINKS+= RSA_generate_key.3 RSA_generate_key_ex.3 +MLINKS+= RSA_generate_key.3 RSA_generate_multi_prime_key.3 +MLINKS+= RSA_get0_key.3 RSA_clear_flags.3 +MLINKS+= RSA_get0_key.3 RSA_get0_crt_params.3 +MLINKS+= RSA_get0_key.3 RSA_get0_d.3 +MLINKS+= RSA_get0_key.3 RSA_get0_dmp1.3 +MLINKS+= RSA_get0_key.3 RSA_get0_dmq1.3 +MLINKS+= RSA_get0_key.3 RSA_get0_e.3 +MLINKS+= RSA_get0_key.3 RSA_get0_engine.3 +MLINKS+= RSA_get0_key.3 RSA_get0_factors.3 +MLINKS+= RSA_get0_key.3 RSA_get0_iqmp.3 +MLINKS+= RSA_get0_key.3 RSA_get0_multi_prime_crt_params.3 +MLINKS+= RSA_get0_key.3 RSA_get0_multi_prime_factors.3 +MLINKS+= RSA_get0_key.3 RSA_get0_n.3 +MLINKS+= RSA_get0_key.3 RSA_get0_p.3 +MLINKS+= RSA_get0_key.3 RSA_get0_q.3 +MLINKS+= RSA_get0_key.3 RSA_get_multi_prime_extra_count.3 +MLINKS+= RSA_get0_key.3 RSA_get_version.3 +MLINKS+= RSA_get0_key.3 RSA_set0_crt_params.3 +MLINKS+= RSA_get0_key.3 RSA_set0_factors.3 +MLINKS+= RSA_get0_key.3 RSA_set0_key.3 +MLINKS+= RSA_get0_key.3 RSA_set0_multi_prime_params.3 +MLINKS+= RSA_get0_key.3 RSA_set_flags.3 +MLINKS+= RSA_get0_key.3 RSA_test_flags.3 +MLINKS+= RSA_meth_new.3 RSA_meth_dup.3 +MLINKS+= RSA_meth_new.3 RSA_meth_free.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get0_app_data.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get0_name.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_bn_mod_exp.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_finish.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_flags.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_init.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_keygen.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_mod_exp.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_multi_prime_keygen.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_priv_dec.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_priv_enc.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_pub_dec.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_pub_enc.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_sign.3 +MLINKS+= RSA_meth_new.3 RSA_meth_get_verify.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set0_app_data.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set1_name.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_bn_mod_exp.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_finish.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_flags.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_init.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_keygen.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_mod_exp.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_multi_prime_keygen.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_priv_dec.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_priv_enc.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_pub_dec.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_pub_enc.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_sign.3 +MLINKS+= RSA_meth_new.3 RSA_meth_set_verify.3 +MLINKS+= RSA_new.3 RSA_free.3 +MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_OAEP.3 +MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_OAEP_mgf1.3 +MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_type_2.3 +MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_SSLv23.3 +MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_none.3 +MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_OAEP.3 +MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_OAEP_mgf1.3 +MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_1.3 +MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_2.3 +MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_SSLv23.3 +MLINKS+= RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_none.3 +MLINKS+= RSA_print.3 DHparams_print.3 +MLINKS+= RSA_print.3 DHparams_print_fp.3 +MLINKS+= RSA_print.3 DSA_print.3 +MLINKS+= RSA_print.3 DSA_print_fp.3 +MLINKS+= RSA_print.3 DSAparams_print.3 +MLINKS+= RSA_print.3 DSAparams_print_fp.3 +MLINKS+= RSA_print.3 RSA_print_fp.3 +MLINKS+= RSA_private_encrypt.3 RSA_public_decrypt.3 +MLINKS+= RSA_public_encrypt.3 RSA_private_decrypt.3 +MLINKS+= RSA_set_method.3 RSA_PKCS1_OpenSSL.3 +MLINKS+= RSA_set_method.3 RSA_flags.3 +MLINKS+= RSA_set_method.3 RSA_get_default_method.3 +MLINKS+= RSA_set_method.3 RSA_get_method.3 +MLINKS+= RSA_set_method.3 RSA_new_method.3 +MLINKS+= RSA_set_method.3 RSA_set_default_method.3 +MLINKS+= RSA_sign.3 RSA_verify.3 +MLINKS+= RSA_sign_ASN1_OCTET_STRING.3 RSA_verify_ASN1_OCTET_STRING.3 +MLINKS+= RSA_size.3 RSA_bits.3 +MLINKS+= RSA_size.3 RSA_security_bits.3 +MLINKS+= SCT_new.3 SCT_LIST_free.3 +MLINKS+= SCT_new.3 SCT_free.3 +MLINKS+= SCT_new.3 SCT_get0_extensions.3 +MLINKS+= SCT_new.3 SCT_get0_log_id.3 +MLINKS+= SCT_new.3 SCT_get0_signature.3 +MLINKS+= SCT_new.3 SCT_get_log_entry_type.3 +MLINKS+= SCT_new.3 SCT_get_signature_nid.3 +MLINKS+= SCT_new.3 SCT_get_source.3 +MLINKS+= SCT_new.3 SCT_get_timestamp.3 +MLINKS+= SCT_new.3 SCT_get_version.3 +MLINKS+= SCT_new.3 SCT_new_from_base64.3 +MLINKS+= SCT_new.3 SCT_set0_extensions.3 +MLINKS+= SCT_new.3 SCT_set0_log_id.3 +MLINKS+= SCT_new.3 SCT_set0_signature.3 +MLINKS+= SCT_new.3 SCT_set1_extensions.3 +MLINKS+= SCT_new.3 SCT_set1_log_id.3 +MLINKS+= SCT_new.3 SCT_set1_signature.3 +MLINKS+= SCT_new.3 SCT_set_log_entry_type.3 +MLINKS+= SCT_new.3 SCT_set_signature_nid.3 +MLINKS+= SCT_new.3 SCT_set_source.3 +MLINKS+= SCT_new.3 SCT_set_timestamp.3 +MLINKS+= SCT_new.3 SCT_set_version.3 +MLINKS+= SCT_print.3 SCT_LIST_print.3 +MLINKS+= SCT_print.3 SCT_validation_status_string.3 +MLINKS+= SCT_validate.3 SCT_LIST_validate.3 +MLINKS+= SCT_validate.3 SCT_get_validation_status.3 +MLINKS+= SHA256_Init.3 SHA1.3 +MLINKS+= SHA256_Init.3 SHA1_Final.3 +MLINKS+= SHA256_Init.3 SHA1_Init.3 +MLINKS+= SHA256_Init.3 SHA1_Update.3 +MLINKS+= SHA256_Init.3 SHA224.3 +MLINKS+= SHA256_Init.3 SHA224_Final.3 +MLINKS+= SHA256_Init.3 SHA224_Init.3 +MLINKS+= SHA256_Init.3 SHA224_Update.3 +MLINKS+= SHA256_Init.3 SHA256.3 +MLINKS+= SHA256_Init.3 SHA256_Final.3 +MLINKS+= SHA256_Init.3 SHA256_Update.3 +MLINKS+= SHA256_Init.3 SHA384.3 +MLINKS+= SHA256_Init.3 SHA384_Final.3 +MLINKS+= SHA256_Init.3 SHA384_Init.3 +MLINKS+= SHA256_Init.3 SHA384_Update.3 +MLINKS+= SHA256_Init.3 SHA512.3 +MLINKS+= SHA256_Init.3 SHA512_Final.3 +MLINKS+= SHA256_Init.3 SHA512_Init.3 +MLINKS+= SHA256_Init.3 SHA512_Update.3 +MLINKS+= SSL_CIPHER_get_name.3 OPENSSL_cipher_name.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_description.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_find.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_auth_nid.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_bits.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_cipher_nid.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_digest_nid.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_handshake_digest.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_id.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_kx_nid.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_protocol_id.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_get_version.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_is_aead.3 +MLINKS+= SSL_CIPHER_get_name.3 SSL_CIPHER_standard_name.3 +MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_free_compression_methods.3 +MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_get0_name.3 +MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_get_compression_methods.3 +MLINKS+= SSL_COMP_add_compression_method.3 SSL_COMP_get_id.3 +MLINKS+= SSL_CONF_CTX_new.3 SSL_CONF_CTX_free.3 +MLINKS+= SSL_CONF_CTX_set_flags.3 SSL_CONF_CTX_clear_flags.3 +MLINKS+= SSL_CONF_CTX_set_ssl_ctx.3 SSL_CONF_CTX_set_ssl.3 +MLINKS+= SSL_CONF_cmd.3 SSL_CONF_cmd_value_type.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_add0_chain_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_build_cert_chain.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_clear_chain_certs.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_get0_chain_certs.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_select_current_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set0_chain.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set1_chain.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_CTX_set_current_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_add0_chain_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_add1_chain_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_build_cert_chain.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_clear_chain_certs.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_get0_chain_certs.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_select_current_cert.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set0_chain.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set1_chain.3 +MLINKS+= SSL_CTX_add1_chain_cert.3 SSL_set_current_cert.3 +MLINKS+= SSL_CTX_add_extra_chain_cert.3 SSL_CTX_clear_extra_chain_certs.3 +MLINKS+= SSL_CTX_add_session.3 SSL_CTX_remove_session.3 +MLINKS+= SSL_CTX_config.3 SSL_config.3 +MLINKS+= SSL_CTX_ctrl.3 SSL_CTX_callback_ctrl.3 +MLINKS+= SSL_CTX_ctrl.3 SSL_callback_ctrl.3 +MLINKS+= SSL_CTX_ctrl.3 SSL_ctrl.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_CTX_dane_clear_flags.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_CTX_dane_mtype_set.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_CTX_dane_set_flags.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_clear_flags.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_enable.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_set_flags.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_dane_tlsa_add.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_get0_dane_authority.3 +MLINKS+= SSL_CTX_dane_enable.3 SSL_get0_dane_tlsa.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_CTX_set1_param.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_get0_param.3 +MLINKS+= SSL_CTX_get0_param.3 SSL_set1_param.3 +MLINKS+= SSL_CTX_get_verify_mode.3 SSL_CTX_get_verify_callback.3 +MLINKS+= SSL_CTX_get_verify_mode.3 SSL_CTX_get_verify_depth.3 +MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_callback.3 +MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_depth.3 +MLINKS+= SSL_CTX_get_verify_mode.3 SSL_get_verify_mode.3 +MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_dir.3 +MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_file.3 +MLINKS+= SSL_CTX_load_verify_locations.3 SSL_CTX_set_default_verify_paths.3 +MLINKS+= SSL_CTX_new.3 DTLS_client_method.3 +MLINKS+= SSL_CTX_new.3 DTLS_method.3 +MLINKS+= SSL_CTX_new.3 DTLS_server_method.3 +MLINKS+= SSL_CTX_new.3 DTLSv1_2_client_method.3 +MLINKS+= SSL_CTX_new.3 DTLSv1_2_method.3 +MLINKS+= SSL_CTX_new.3 DTLSv1_2_server_method.3 +MLINKS+= SSL_CTX_new.3 DTLSv1_client_method.3 +MLINKS+= SSL_CTX_new.3 DTLSv1_method.3 +MLINKS+= SSL_CTX_new.3 DTLSv1_server_method.3 +MLINKS+= SSL_CTX_new.3 SSL_CTX_up_ref.3 +MLINKS+= SSL_CTX_new.3 SSLv23_client_method.3 +MLINKS+= SSL_CTX_new.3 SSLv23_method.3 +MLINKS+= SSL_CTX_new.3 SSLv23_server_method.3 +MLINKS+= SSL_CTX_new.3 SSLv3_client_method.3 +MLINKS+= SSL_CTX_new.3 SSLv3_method.3 +MLINKS+= SSL_CTX_new.3 SSLv3_server_method.3 +MLINKS+= SSL_CTX_new.3 TLS_client_method.3 +MLINKS+= SSL_CTX_new.3 TLS_method.3 +MLINKS+= SSL_CTX_new.3 TLS_server_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_1_client_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_1_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_1_server_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_2_client_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_2_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_2_server_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_client_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_method.3 +MLINKS+= SSL_CTX_new.3 TLSv1_server_method.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_accept.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_accept_good.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_accept_renegotiate.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_cache_full.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_cb_hits.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_connect.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_connect_good.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_connect_renegotiate.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_hits.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_misses.3 +MLINKS+= SSL_CTX_sess_number.3 SSL_CTX_sess_timeouts.3 +MLINKS+= SSL_CTX_sess_set_cache_size.3 SSL_CTX_sess_get_cache_size.3 +MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_get_cb.3 +MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_new_cb.3 +MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_remove_cb.3 +MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_new_cb.3 +MLINKS+= SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_remove_cb.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_add1_to_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_add_client_CA.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_get0_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_get_client_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_CTX_set_client_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_add1_to_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_add_client_CA.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get0_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get0_peer_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_get_client_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_set0_CA_list.3 +MLINKS+= SSL_CTX_set0_CA_list.3 SSL_set_client_CA_list.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_curves_list.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_groups.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_CTX_set1_groups_list.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_get1_curves.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_get1_groups.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_get_shared_curve.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_get_shared_group.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_curves.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_curves_list.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_groups.3 +MLINKS+= SSL_CTX_set1_curves.3 SSL_set1_groups_list.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_CTX_set1_client_sigalgs.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_CTX_set1_client_sigalgs_list.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_CTX_set1_sigalgs_list.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_client_sigalgs.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_client_sigalgs_list.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_sigalgs.3 +MLINKS+= SSL_CTX_set1_sigalgs.3 SSL_set1_sigalgs_list.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set0_chain_cert_store.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set0_verify_cert_store.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_CTX_set1_chain_cert_store.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set0_chain_cert_store.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set0_verify_cert_store.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set1_chain_cert_store.3 +MLINKS+= SSL_CTX_set1_verify_cert_store.3 SSL_set1_verify_cert_store.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_CTX_set_alpn_protos.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_CTX_set_next_proto_select_cb.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_CTX_set_next_protos_advertised_cb.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_get0_alpn_selected.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_get0_next_proto_negotiated.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_select_next_proto.3 +MLINKS+= SSL_CTX_set_alpn_select_cb.3 SSL_set_alpn_protos.3 +MLINKS+= SSL_CTX_set_cert_cb.3 SSL_set_cert_cb.3 +MLINKS+= SSL_CTX_set_cert_store.3 SSL_CTX_get_cert_store.3 +MLINKS+= SSL_CTX_set_cert_store.3 SSL_CTX_set1_cert_store.3 +MLINKS+= SSL_CTX_set_cipher_list.3 SSL_CTX_set_ciphersuites.3 +MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_cipher_list.3 +MLINKS+= SSL_CTX_set_cipher_list.3 SSL_set_ciphersuites.3 +MLINKS+= SSL_CTX_set_client_cert_cb.3 SSL_CTX_get_client_cert_cb.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_cb_fn.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_ciphers.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_compression_methods.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_ext.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_legacy_version.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_random.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get0_session_id.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_get1_extensions_present.3 +MLINKS+= SSL_CTX_set_client_hello_cb.3 SSL_client_hello_isv2.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_CTX_ct_is_enabled.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_CTX_disable_ct.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_CTX_enable_ct.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_ct_is_enabled.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_disable_ct.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_enable_ct.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 SSL_set_ct_validation_callback.3 +MLINKS+= SSL_CTX_set_ct_validation_callback.3 ssl_ct_validation_cb.3 +MLINKS+= SSL_CTX_set_ctlog_list_file.3 SSL_CTX_set_default_ctlog_list_file.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_get_default_passwd_cb.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_get_default_passwd_cb_userdata.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_default_passwd_cb_userdata.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_get_default_passwd_cb.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_get_default_passwd_cb_userdata.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_set_default_passwd_cb.3 +MLINKS+= SSL_CTX_set_default_passwd_cb.3 SSL_set_default_passwd_cb_userdata.3 +MLINKS+= SSL_CTX_set_ex_data.3 SSL_CTX_get_ex_data.3 +MLINKS+= SSL_CTX_set_ex_data.3 SSL_get_ex_data.3 +MLINKS+= SSL_CTX_set_ex_data.3 SSL_set_ex_data.3 +MLINKS+= SSL_CTX_set_generate_session_id.3 GEN_SESSION_CB.3 +MLINKS+= SSL_CTX_set_generate_session_id.3 SSL_has_matching_session_id.3 +MLINKS+= SSL_CTX_set_generate_session_id.3 SSL_set_generate_session_id.3 +MLINKS+= SSL_CTX_set_info_callback.3 SSL_CTX_get_info_callback.3 +MLINKS+= SSL_CTX_set_info_callback.3 SSL_get_info_callback.3 +MLINKS+= SSL_CTX_set_info_callback.3 SSL_set_info_callback.3 +MLINKS+= SSL_CTX_set_keylog_callback.3 SSL_CTX_get_keylog_callback.3 +MLINKS+= SSL_CTX_set_keylog_callback.3 SSL_CTX_keylog_cb_func.3 +MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_CTX_get_max_cert_list.3 +MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_get_max_cert_list.3 +MLINKS+= SSL_CTX_set_max_cert_list.3 SSL_set_max_cert_list.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_CTX_get_max_proto_version.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_CTX_get_min_proto_version.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_CTX_set_max_proto_version.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_get_max_proto_version.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_get_min_proto_version.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_set_max_proto_version.3 +MLINKS+= SSL_CTX_set_min_proto_version.3 SSL_set_min_proto_version.3 +MLINKS+= SSL_CTX_set_mode.3 SSL_CTX_clear_mode.3 +MLINKS+= SSL_CTX_set_mode.3 SSL_CTX_get_mode.3 +MLINKS+= SSL_CTX_set_mode.3 SSL_clear_mode.3 +MLINKS+= SSL_CTX_set_mode.3 SSL_get_mode.3 +MLINKS+= SSL_CTX_set_mode.3 SSL_set_mode.3 +MLINKS+= SSL_CTX_set_msg_callback.3 SSL_CTX_set_msg_callback_arg.3 +MLINKS+= SSL_CTX_set_msg_callback.3 SSL_set_msg_callback.3 +MLINKS+= SSL_CTX_set_msg_callback.3 SSL_set_msg_callback_arg.3 +MLINKS+= SSL_CTX_set_num_tickets.3 SSL_CTX_get_num_tickets.3 +MLINKS+= SSL_CTX_set_num_tickets.3 SSL_get_num_tickets.3 +MLINKS+= SSL_CTX_set_num_tickets.3 SSL_set_num_tickets.3 +MLINKS+= SSL_CTX_set_options.3 SSL_CTX_clear_options.3 +MLINKS+= SSL_CTX_set_options.3 SSL_CTX_get_options.3 +MLINKS+= SSL_CTX_set_options.3 SSL_clear_options.3 +MLINKS+= SSL_CTX_set_options.3 SSL_get_options.3 +MLINKS+= SSL_CTX_set_options.3 SSL_get_secure_renegotiation_support.3 +MLINKS+= SSL_CTX_set_options.3 SSL_set_options.3 +MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_CTX_set_psk_use_session_callback.3 +MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_psk_client_cb_func.3 +MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_psk_use_session_cb_func.3 +MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_set_psk_client_callback.3 +MLINKS+= SSL_CTX_set_psk_client_callback.3 SSL_set_psk_use_session_callback.3 +MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_CTX_get_quiet_shutdown.3 +MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_get_quiet_shutdown.3 +MLINKS+= SSL_CTX_set_quiet_shutdown.3 SSL_set_quiet_shutdown.3 +MLINKS+= SSL_CTX_set_read_ahead.3 SSL_CTX_get_default_read_ahead.3 +MLINKS+= SSL_CTX_set_read_ahead.3 SSL_CTX_get_read_ahead.3 +MLINKS+= SSL_CTX_set_read_ahead.3 SSL_get_read_ahead.3 +MLINKS+= SSL_CTX_set_read_ahead.3 SSL_set_read_ahead.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_CTX_get_record_padding_callback_arg.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_CTX_set_block_padding.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_CTX_set_record_padding_callback_arg.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_get_record_padding_callback_arg.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_set_block_padding.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_set_record_padding_callback.3 +MLINKS+= SSL_CTX_set_record_padding_callback.3 SSL_set_record_padding_callback_arg.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_get0_security_ex_data.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_get_security_callback.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_get_security_level.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_set0_security_ex_data.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_CTX_set_security_callback.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_get0_security_ex_data.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_get_security_callback.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_get_security_level.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_set0_security_ex_data.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_set_security_callback.3 +MLINKS+= SSL_CTX_set_security_level.3 SSL_set_security_level.3 +MLINKS+= SSL_CTX_set_session_cache_mode.3 SSL_CTX_get_session_cache_mode.3 +MLINKS+= SSL_CTX_set_session_id_context.3 SSL_set_session_id_context.3 +MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_CTX_decrypt_session_ticket_fn.3 +MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_CTX_generate_session_ticket_fn.3 +MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_SESSION_get0_ticket_appdata.3 +MLINKS+= SSL_CTX_set_session_ticket_cb.3 SSL_SESSION_set1_ticket_appdata.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_default_read_buffer_len.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_max_pipelines.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_max_send_fragment.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_CTX_set_tlsext_max_fragment_length.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_SESSION_get_max_fragment_length.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_default_read_buffer_len.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_max_pipelines.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_max_send_fragment.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_split_send_fragment.3 +MLINKS+= SSL_CTX_set_split_send_fragment.3 SSL_set_tlsext_max_fragment_length.3 +MLINKS+= SSL_CTX_set_ssl_version.3 SSL_get_ssl_method.3 +MLINKS+= SSL_CTX_set_ssl_version.3 SSL_set_ssl_method.3 +MLINKS+= SSL_CTX_set_stateless_cookie_generate_cb.3 SSL_CTX_set_stateless_cookie_verify_cb.3 +MLINKS+= SSL_CTX_set_timeout.3 SSL_CTX_get_timeout.3 +MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_CTX_set_tlsext_servername_arg.3 +MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_get_servername.3 +MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_get_servername_type.3 +MLINKS+= SSL_CTX_set_tlsext_servername_callback.3 SSL_set_tlsext_host_name.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_get_tlsext_status_arg.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_get_tlsext_status_cb.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_get_tlsext_status_type.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_set_tlsext_status_arg.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_CTX_set_tlsext_status_type.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_get_tlsext_status_ocsp_resp.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_get_tlsext_status_type.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_set_tlsext_status_ocsp_resp.3 +MLINKS+= SSL_CTX_set_tlsext_status_cb.3 SSL_set_tlsext_status_type.3 +MLINKS+= SSL_CTX_set_tlsext_use_srtp.3 SSL_get_selected_srtp_profile.3 +MLINKS+= SSL_CTX_set_tlsext_use_srtp.3 SSL_get_srtp_profiles.3 +MLINKS+= SSL_CTX_set_tlsext_use_srtp.3 SSL_set_tlsext_use_srtp.3 +MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_tmp_dh.3 +MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh.3 +MLINKS+= SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh_callback.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_CTX_set_post_handshake_auth.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_CTX_set_verify_depth.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_get_ex_data_X509_STORE_CTX_idx.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_set_post_handshake_auth.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_set_verify.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_set_verify_depth.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_verify_cb.3 +MLINKS+= SSL_CTX_set_verify.3 SSL_verify_client_post_handshake.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_check_private_key.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey_ASN1.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey_file.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey_ASN1.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey_file.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_cert_and_key.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_ASN1.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_chain_file.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_file.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_check_private_key.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey_ASN1.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_PrivateKey_file.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_ASN1.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_file.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_cert_and_key.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_ASN1.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_chain_file.3 +MLINKS+= SSL_CTX_use_certificate.3 SSL_use_certificate_file.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_CTX_set_psk_find_session_callback.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_CTX_set_psk_server_callback.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_psk_find_session_cb_func.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_psk_server_cb_func.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_set_psk_find_session_callback.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_set_psk_server_callback.3 +MLINKS+= SSL_CTX_use_psk_identity_hint.3 SSL_use_psk_identity_hint.3 +MLINKS+= SSL_CTX_use_serverinfo.3 SSL_CTX_use_serverinfo_ex.3 +MLINKS+= SSL_CTX_use_serverinfo.3 SSL_CTX_use_serverinfo_file.3 +MLINKS+= SSL_SESSION_free.3 SSL_SESSION_dup.3 +MLINKS+= SSL_SESSION_free.3 SSL_SESSION_new.3 +MLINKS+= SSL_SESSION_free.3 SSL_SESSION_up_ref.3 +MLINKS+= SSL_SESSION_get0_cipher.3 SSL_SESSION_set_cipher.3 +MLINKS+= SSL_SESSION_get0_hostname.3 SSL_SESSION_get0_alpn_selected.3 +MLINKS+= SSL_SESSION_get0_hostname.3 SSL_SESSION_set1_alpn_selected.3 +MLINKS+= SSL_SESSION_get0_hostname.3 SSL_SESSION_set1_hostname.3 +MLINKS+= SSL_SESSION_get0_id_context.3 SSL_SESSION_set1_id_context.3 +MLINKS+= SSL_SESSION_get_ex_data.3 SSL_SESSION_set_ex_data.3 +MLINKS+= SSL_SESSION_get_protocol_version.3 SSL_SESSION_set_protocol_version.3 +MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_get_timeout.3 +MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_set_time.3 +MLINKS+= SSL_SESSION_get_time.3 SSL_SESSION_set_timeout.3 +MLINKS+= SSL_SESSION_get_time.3 SSL_get_time.3 +MLINKS+= SSL_SESSION_get_time.3 SSL_get_timeout.3 +MLINKS+= SSL_SESSION_get_time.3 SSL_set_time.3 +MLINKS+= SSL_SESSION_get_time.3 SSL_set_timeout.3 +MLINKS+= SSL_SESSION_has_ticket.3 SSL_SESSION_get0_ticket.3 +MLINKS+= SSL_SESSION_has_ticket.3 SSL_SESSION_get_ticket_lifetime_hint.3 +MLINKS+= SSL_SESSION_print.3 SSL_SESSION_print_fp.3 +MLINKS+= SSL_SESSION_print.3 SSL_SESSION_print_keylog.3 +MLINKS+= SSL_SESSION_set1_id.3 SSL_SESSION_get_id.3 +MLINKS+= SSL_alert_type_string.3 SSL_alert_desc_string.3 +MLINKS+= SSL_alert_type_string.3 SSL_alert_desc_string_long.3 +MLINKS+= SSL_alert_type_string.3 SSL_alert_type_string_long.3 +MLINKS+= SSL_alloc_buffers.3 SSL_free_buffers.3 +MLINKS+= SSL_export_keying_material.3 SSL_export_keying_material_early.3 +MLINKS+= SSL_extension_supported.3 SSL_CTX_add_client_custom_ext.3 +MLINKS+= SSL_extension_supported.3 SSL_CTX_add_custom_ext.3 +MLINKS+= SSL_extension_supported.3 SSL_CTX_add_server_custom_ext.3 +MLINKS+= SSL_extension_supported.3 custom_ext_add_cb.3 +MLINKS+= SSL_extension_supported.3 custom_ext_free_cb.3 +MLINKS+= SSL_extension_supported.3 custom_ext_parse_cb.3 +MLINKS+= SSL_get_all_async_fds.3 SSL_get_changed_async_fds.3 +MLINKS+= SSL_get_all_async_fds.3 SSL_waiting_for_async.3 +MLINKS+= SSL_get_ciphers.3 SSL_CTX_get_ciphers.3 +MLINKS+= SSL_get_ciphers.3 SSL_bytes_to_cipher_list.3 +MLINKS+= SSL_get_ciphers.3 SSL_get1_supported_ciphers.3 +MLINKS+= SSL_get_ciphers.3 SSL_get_cipher_list.3 +MLINKS+= SSL_get_ciphers.3 SSL_get_client_ciphers.3 +MLINKS+= SSL_get_ciphers.3 SSL_get_shared_ciphers.3 +MLINKS+= SSL_get_client_random.3 SSL_SESSION_get_master_key.3 +MLINKS+= SSL_get_client_random.3 SSL_SESSION_set1_master_key.3 +MLINKS+= SSL_get_client_random.3 SSL_get_server_random.3 +MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher.3 +MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_bits.3 +MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_name.3 +MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_version.3 +MLINKS+= SSL_get_current_cipher.3 SSL_get_pending_cipher.3 +MLINKS+= SSL_get_fd.3 SSL_get_rfd.3 +MLINKS+= SSL_get_fd.3 SSL_get_wfd.3 +MLINKS+= SSL_get_peer_cert_chain.3 SSL_get0_verified_chain.3 +MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_peer_signature_type_nid.3 +MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_signature_nid.3 +MLINKS+= SSL_get_peer_signature_nid.3 SSL_get_signature_type_nid.3 +MLINKS+= SSL_get_peer_tmp_key.3 SSL_get_server_tmp_key.3 +MLINKS+= SSL_get_peer_tmp_key.3 SSL_get_tmp_key.3 +MLINKS+= SSL_get_psk_identity.3 SSL_get_psk_identity_hint.3 +MLINKS+= SSL_get_rbio.3 SSL_get_wbio.3 +MLINKS+= SSL_get_session.3 SSL_get0_session.3 +MLINKS+= SSL_get_session.3 SSL_get1_session.3 +MLINKS+= SSL_get_shared_sigalgs.3 SSL_get_sigalgs.3 +MLINKS+= SSL_get_version.3 SSL_client_version.3 +MLINKS+= SSL_get_version.3 SSL_is_dtls.3 +MLINKS+= SSL_get_version.3 SSL_version.3 +MLINKS+= SSL_in_init.3 SSL_get_state.3 +MLINKS+= SSL_in_init.3 SSL_in_accept_init.3 +MLINKS+= SSL_in_init.3 SSL_in_before.3 +MLINKS+= SSL_in_init.3 SSL_in_connect_init.3 +MLINKS+= SSL_in_init.3 SSL_is_init_finished.3 +MLINKS+= SSL_key_update.3 SSL_get_key_update_type.3 +MLINKS+= SSL_key_update.3 SSL_renegotiate.3 +MLINKS+= SSL_key_update.3 SSL_renegotiate_abbreviated.3 +MLINKS+= SSL_key_update.3 SSL_renegotiate_pending.3 +MLINKS+= SSL_library_init.3 OpenSSL_add_ssl_algorithms.3 +MLINKS+= SSL_new.3 SSL_dup.3 +MLINKS+= SSL_new.3 SSL_up_ref.3 +MLINKS+= SSL_pending.3 SSL_has_pending.3 +MLINKS+= SSL_read.3 SSL_peek.3 +MLINKS+= SSL_read.3 SSL_peek_ex.3 +MLINKS+= SSL_read.3 SSL_read_ex.3 +MLINKS+= SSL_read_early_data.3 SSL_CTX_get_max_early_data.3 +MLINKS+= SSL_read_early_data.3 SSL_CTX_get_recv_max_early_data.3 +MLINKS+= SSL_read_early_data.3 SSL_CTX_set_allow_early_data_cb.3 +MLINKS+= SSL_read_early_data.3 SSL_CTX_set_max_early_data.3 +MLINKS+= SSL_read_early_data.3 SSL_CTX_set_recv_max_early_data.3 +MLINKS+= SSL_read_early_data.3 SSL_SESSION_get_max_early_data.3 +MLINKS+= SSL_read_early_data.3 SSL_SESSION_set_max_early_data.3 +MLINKS+= SSL_read_early_data.3 SSL_allow_early_data_cb_fn.3 +MLINKS+= SSL_read_early_data.3 SSL_get_early_data_status.3 +MLINKS+= SSL_read_early_data.3 SSL_get_max_early_data.3 +MLINKS+= SSL_read_early_data.3 SSL_get_recv_max_early_data.3 +MLINKS+= SSL_read_early_data.3 SSL_set_allow_early_data_cb.3 +MLINKS+= SSL_read_early_data.3 SSL_set_max_early_data.3 +MLINKS+= SSL_read_early_data.3 SSL_set_recv_max_early_data.3 +MLINKS+= SSL_read_early_data.3 SSL_write_early_data.3 +MLINKS+= SSL_rstate_string.3 SSL_rstate_string_long.3 +MLINKS+= SSL_set1_host.3 SSL_add1_host.3 +MLINKS+= SSL_set1_host.3 SSL_get0_peername.3 +MLINKS+= SSL_set1_host.3 SSL_set_hostflags.3 +MLINKS+= SSL_set_bio.3 SSL_set0_rbio.3 +MLINKS+= SSL_set_bio.3 SSL_set0_wbio.3 +MLINKS+= SSL_set_connect_state.3 SSL_is_server.3 +MLINKS+= SSL_set_connect_state.3 SSL_set_accept_state.3 +MLINKS+= SSL_set_fd.3 SSL_set_rfd.3 +MLINKS+= SSL_set_fd.3 SSL_set_wfd.3 +MLINKS+= SSL_set_shutdown.3 SSL_get_shutdown.3 +MLINKS+= SSL_state_string.3 SSL_state_string_long.3 +MLINKS+= SSL_want.3 SSL_want_async.3 +MLINKS+= SSL_want.3 SSL_want_async_job.3 +MLINKS+= SSL_want.3 SSL_want_client_hello_cb.3 +MLINKS+= SSL_want.3 SSL_want_nothing.3 +MLINKS+= SSL_want.3 SSL_want_read.3 +MLINKS+= SSL_want.3 SSL_want_write.3 +MLINKS+= SSL_want.3 SSL_want_x509_lookup.3 +MLINKS+= SSL_write.3 SSL_write_ex.3 +MLINKS+= UI_STRING.3 UI_get0_action_string.3 +MLINKS+= UI_STRING.3 UI_get0_output_string.3 +MLINKS+= UI_STRING.3 UI_get0_result_string.3 +MLINKS+= UI_STRING.3 UI_get0_test_string.3 +MLINKS+= UI_STRING.3 UI_get_input_flags.3 +MLINKS+= UI_STRING.3 UI_get_result_maxsize.3 +MLINKS+= UI_STRING.3 UI_get_result_minsize.3 +MLINKS+= UI_STRING.3 UI_get_result_string_length.3 +MLINKS+= UI_STRING.3 UI_get_string_type.3 +MLINKS+= UI_STRING.3 UI_set_result.3 +MLINKS+= UI_STRING.3 UI_set_result_ex.3 +MLINKS+= UI_STRING.3 UI_string_types.3 +MLINKS+= UI_UTIL_read_pw.3 UI_UTIL_read_pw_string.3 +MLINKS+= UI_UTIL_read_pw.3 UI_UTIL_wrap_read_pem_callback.3 +MLINKS+= UI_create_method.3 UI_METHOD.3 +MLINKS+= UI_create_method.3 UI_destroy_method.3 +MLINKS+= UI_create_method.3 UI_method_get_closer.3 +MLINKS+= UI_create_method.3 UI_method_get_data_destructor.3 +MLINKS+= UI_create_method.3 UI_method_get_data_duplicator.3 +MLINKS+= UI_create_method.3 UI_method_get_ex_data.3 +MLINKS+= UI_create_method.3 UI_method_get_flusher.3 +MLINKS+= UI_create_method.3 UI_method_get_opener.3 +MLINKS+= UI_create_method.3 UI_method_get_prompt_constructor.3 +MLINKS+= UI_create_method.3 UI_method_get_reader.3 +MLINKS+= UI_create_method.3 UI_method_get_writer.3 +MLINKS+= UI_create_method.3 UI_method_set_closer.3 +MLINKS+= UI_create_method.3 UI_method_set_data_duplicator.3 +MLINKS+= UI_create_method.3 UI_method_set_ex_data.3 +MLINKS+= UI_create_method.3 UI_method_set_flusher.3 +MLINKS+= UI_create_method.3 UI_method_set_opener.3 +MLINKS+= UI_create_method.3 UI_method_set_prompt_constructor.3 +MLINKS+= UI_create_method.3 UI_method_set_reader.3 +MLINKS+= UI_create_method.3 UI_method_set_writer.3 +MLINKS+= UI_new.3 UI.3 +MLINKS+= UI_new.3 UI_OpenSSL.3 +MLINKS+= UI_new.3 UI_add_error_string.3 +MLINKS+= UI_new.3 UI_add_info_string.3 +MLINKS+= UI_new.3 UI_add_input_boolean.3 +MLINKS+= UI_new.3 UI_add_input_string.3 +MLINKS+= UI_new.3 UI_add_user_data.3 +MLINKS+= UI_new.3 UI_add_verify_string.3 +MLINKS+= UI_new.3 UI_construct_prompt.3 +MLINKS+= UI_new.3 UI_ctrl.3 +MLINKS+= UI_new.3 UI_dup_error_string.3 +MLINKS+= UI_new.3 UI_dup_info_string.3 +MLINKS+= UI_new.3 UI_dup_input_boolean.3 +MLINKS+= UI_new.3 UI_dup_input_string.3 +MLINKS+= UI_new.3 UI_dup_user_data.3 +MLINKS+= UI_new.3 UI_dup_verify_string.3 +MLINKS+= UI_new.3 UI_free.3 +MLINKS+= UI_new.3 UI_get0_result.3 +MLINKS+= UI_new.3 UI_get0_user_data.3 +MLINKS+= UI_new.3 UI_get_default_method.3 +MLINKS+= UI_new.3 UI_get_method.3 +MLINKS+= UI_new.3 UI_get_result_length.3 +MLINKS+= UI_new.3 UI_new_method.3 +MLINKS+= UI_new.3 UI_null.3 +MLINKS+= UI_new.3 UI_process.3 +MLINKS+= UI_new.3 UI_set_default_method.3 +MLINKS+= UI_new.3 UI_set_method.3 +MLINKS+= X509V3_get_d2i.3 X509V3_EXT_d2i.3 +MLINKS+= X509V3_get_d2i.3 X509V3_EXT_i2d.3 +MLINKS+= X509V3_get_d2i.3 X509V3_add1_i2d.3 +MLINKS+= X509V3_get_d2i.3 X509_CRL_add1_ext_i2d.3 +MLINKS+= X509V3_get_d2i.3 X509_CRL_get0_extensions.3 +MLINKS+= X509V3_get_d2i.3 X509_CRL_get_ext_d2i.3 +MLINKS+= X509V3_get_d2i.3 X509_REVOKED_add1_ext_i2d.3 +MLINKS+= X509V3_get_d2i.3 X509_REVOKED_get0_extensions.3 +MLINKS+= X509V3_get_d2i.3 X509_REVOKED_get_ext_d2i.3 +MLINKS+= X509V3_get_d2i.3 X509_add1_ext_i2d.3 +MLINKS+= X509V3_get_d2i.3 X509_get0_extensions.3 +MLINKS+= X509V3_get_d2i.3 X509_get_ext_d2i.3 +MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_cmp.3 +MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_get0.3 +MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_set0.3 +MLINKS+= X509_ALGOR_dup.3 X509_ALGOR_set_md.3 +MLINKS+= X509_CRL_get0_by_serial.3 X509_CRL_add0_revoked.3 +MLINKS+= X509_CRL_get0_by_serial.3 X509_CRL_get0_by_cert.3 +MLINKS+= X509_CRL_get0_by_serial.3 X509_CRL_get_REVOKED.3 +MLINKS+= X509_CRL_get0_by_serial.3 X509_CRL_sort.3 +MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_get0_revocationDate.3 +MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_get0_serialNumber.3 +MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_set_revocationDate.3 +MLINKS+= X509_CRL_get0_by_serial.3 X509_REVOKED_set_serialNumber.3 +MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_create_by_NID.3 +MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_create_by_OBJ.3 +MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_get_critical.3 +MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_get_data.3 +MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_get_object.3 +MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_set_critical.3 +MLINKS+= X509_EXTENSION_set_object.3 X509_EXTENSION_set_data.3 +MLINKS+= X509_LOOKUP_hash_dir.3 X509_LOOKUP_file.3 +MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_cert_crl_file.3 +MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_cert_file.3 +MLINKS+= X509_LOOKUP_hash_dir.3 X509_load_crl_file.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_ctrl_fn.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_by_alias_fn.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_by_fingerprint_fn.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_by_issuer_serial_fn.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_by_subject_fn.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_method_data.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_get_store.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_free.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_ctrl.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_free.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_get_by_alias.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_get_by_fingerprint.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_get_by_issuer_serial.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_get_by_subject.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_init.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_new_item.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_get_shutdown.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_ctrl.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_free.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_get_by_alias.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_get_by_fingerprint.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_get_by_issuer_serial.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_get_by_subject.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_init.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_new_item.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_meth_set_shutdown.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_LOOKUP_set_method_data.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_OBJECT_set1_X509.3 +MLINKS+= X509_LOOKUP_meth_new.3 X509_OBJECT_set1_X509_CRL.3 +MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_NID.3 +MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_OBJ.3 +MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_create_by_txt.3 +MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_get_data.3 +MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_set_data.3 +MLINKS+= X509_NAME_ENTRY_get_object.3 X509_NAME_ENTRY_set_object.3 +MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry.3 +MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry_by_NID.3 +MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_add_entry_by_OBJ.3 +MLINKS+= X509_NAME_add_entry_by_txt.3 X509_NAME_delete_entry.3 +MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_entry_count.3 +MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_entry.3 +MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_index_by_OBJ.3 +MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_text_by_NID.3 +MLINKS+= X509_NAME_get_index_by_NID.3 X509_NAME_get_text_by_OBJ.3 +MLINKS+= X509_NAME_print_ex.3 X509_NAME_oneline.3 +MLINKS+= X509_NAME_print_ex.3 X509_NAME_print.3 +MLINKS+= X509_NAME_print_ex.3 X509_NAME_print_ex_fp.3 +MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_free.3 +MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_get.3 +MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_get0.3 +MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_get0_param.3 +MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_set.3 +MLINKS+= X509_PUBKEY_new.3 X509_PUBKEY_set0_param.3 +MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY.3 +MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY_bio.3 +MLINKS+= X509_PUBKEY_new.3 d2i_PUBKEY_fp.3 +MLINKS+= X509_PUBKEY_new.3 i2d_PUBKEY.3 +MLINKS+= X509_PUBKEY_new.3 i2d_PUBKEY_bio.3 +MLINKS+= X509_PUBKEY_new.3 i2d_PUBKEY_fp.3 +MLINKS+= X509_SIG_get0.3 X509_SIG_getm.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get0_cert.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get1_chain.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get_current_cert.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_get_error_depth.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_current_cert.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_error.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_STORE_CTX_set_error_depth.3 +MLINKS+= X509_STORE_CTX_get_error.3 X509_verify_cert_error_string.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_cleanup.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_free.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get0_chain.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get0_param.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get0_untrusted.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_get_num_untrusted.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_init.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_crls.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_param.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_trusted_stack.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_untrusted.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set0_verified_chain.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_cert.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_default.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_set_verify.3 +MLINKS+= X509_STORE_CTX_new.3 X509_STORE_CTX_verify_fn.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_cert_crl.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_crl.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_issued.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_policy.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_check_revocation.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_cleanup.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_get_crl.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_get_issuer.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_lookup_certs.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_lookup_crls.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_get_verify_cb.3 +MLINKS+= X509_STORE_CTX_set_verify_cb.3 X509_STORE_CTX_verify_cb.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_add_crl.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_load_locations.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_default_paths.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_depth.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_flags.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_purpose.3 +MLINKS+= X509_STORE_add_cert.3 X509_STORE_set_trust.3 +MLINKS+= X509_STORE_get0_param.3 X509_STORE_get0_objects.3 +MLINKS+= X509_STORE_get0_param.3 X509_STORE_set1_param.3 +MLINKS+= X509_STORE_new.3 X509_STORE_free.3 +MLINKS+= X509_STORE_new.3 X509_STORE_lock.3 +MLINKS+= X509_STORE_new.3 X509_STORE_unlock.3 +MLINKS+= X509_STORE_new.3 X509_STORE_up_ref.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_cert_crl_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_crl_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_issued_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_policy_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_check_revocation_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_cleanup_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get_crl_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get_issuer_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_get_verify.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_lookup_certs_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_CTX_lookup_crls_fn.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_cert_crl.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_check_crl.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_check_issued.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_check_policy.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_check_revocation.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_cleanup.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_get_crl.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_get_issuer.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_lookup_certs.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_lookup_crls.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_get_verify_cb.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_cert_crl.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_check_crl.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_check_issued.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_check_policy.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_check_revocation.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_cleanup.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_get_crl.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_get_issuer.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_lookup_certs.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_lookup_crls.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_lookup_crls_cb.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_verify.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_verify_cb.3 +MLINKS+= X509_STORE_set_verify_cb_func.3 X509_STORE_set_verify_func.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_add0_policy.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_add1_host.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_clear_flags.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get0_peername.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_auth_level.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_depth.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_flags.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_hostflags.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_inh_flags.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_get_time.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set1_email.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set1_host.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set1_ip.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set1_ip_asc.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set1_policies.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_auth_level.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_depth.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_hostflags.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_inh_flags.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_purpose.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_time.3 +MLINKS+= X509_VERIFY_PARAM_set_flags.3 X509_VERIFY_PARAM_set_trust.3 +MLINKS+= X509_check_host.3 X509_check_email.3 +MLINKS+= X509_check_host.3 X509_check_ip.3 +MLINKS+= X509_check_host.3 X509_check_ip_asc.3 +MLINKS+= X509_check_private_key.3 X509_REQ_check_private_key.3 +MLINKS+= X509_cmp.3 X509_CRL_cmp.3 +MLINKS+= X509_cmp.3 X509_CRL_match.3 +MLINKS+= X509_cmp.3 X509_NAME_cmp.3 +MLINKS+= X509_cmp.3 X509_issuer_and_serial_cmp.3 +MLINKS+= X509_cmp.3 X509_issuer_name_cmp.3 +MLINKS+= X509_cmp.3 X509_subject_name_cmp.3 +MLINKS+= X509_cmp_time.3 X509_cmp_current_time.3 +MLINKS+= X509_cmp_time.3 X509_time_adj.3 +MLINKS+= X509_cmp_time.3 X509_time_adj_ex.3 +MLINKS+= X509_digest.3 PKCS7_ISSUER_AND_SERIAL_digest.3 +MLINKS+= X509_digest.3 X509_CRL_digest.3 +MLINKS+= X509_digest.3 X509_NAME_digest.3 +MLINKS+= X509_digest.3 X509_REQ_digest.3 +MLINKS+= X509_digest.3 X509_pubkey_digest.3 +MLINKS+= X509_dup.3 ACCESS_DESCRIPTION_free.3 +MLINKS+= X509_dup.3 ACCESS_DESCRIPTION_new.3 +MLINKS+= X509_dup.3 ADMISSIONS_free.3 +MLINKS+= X509_dup.3 ADMISSIONS_new.3 +MLINKS+= X509_dup.3 ADMISSION_SYNTAX_free.3 +MLINKS+= X509_dup.3 ADMISSION_SYNTAX_new.3 +MLINKS+= X509_dup.3 ASIdOrRange_free.3 +MLINKS+= X509_dup.3 ASIdOrRange_new.3 +MLINKS+= X509_dup.3 ASIdentifierChoice_free.3 +MLINKS+= X509_dup.3 ASIdentifierChoice_new.3 +MLINKS+= X509_dup.3 ASIdentifiers_free.3 +MLINKS+= X509_dup.3 ASIdentifiers_new.3 +MLINKS+= X509_dup.3 ASN1_ITEM.3 +MLINKS+= X509_dup.3 ASRange_free.3 +MLINKS+= X509_dup.3 ASRange_new.3 +MLINKS+= X509_dup.3 AUTHORITY_INFO_ACCESS_free.3 +MLINKS+= X509_dup.3 AUTHORITY_INFO_ACCESS_new.3 +MLINKS+= X509_dup.3 AUTHORITY_KEYID_free.3 +MLINKS+= X509_dup.3 AUTHORITY_KEYID_new.3 +MLINKS+= X509_dup.3 BASIC_CONSTRAINTS_free.3 +MLINKS+= X509_dup.3 BASIC_CONSTRAINTS_new.3 +MLINKS+= X509_dup.3 CERTIFICATEPOLICIES_free.3 +MLINKS+= X509_dup.3 CERTIFICATEPOLICIES_new.3 +MLINKS+= X509_dup.3 CMS_ContentInfo_free.3 +MLINKS+= X509_dup.3 CMS_ContentInfo_new.3 +MLINKS+= X509_dup.3 CMS_ContentInfo_print_ctx.3 +MLINKS+= X509_dup.3 CMS_ReceiptRequest_free.3 +MLINKS+= X509_dup.3 CMS_ReceiptRequest_new.3 +MLINKS+= X509_dup.3 CRL_DIST_POINTS_free.3 +MLINKS+= X509_dup.3 CRL_DIST_POINTS_new.3 +MLINKS+= X509_dup.3 DECLARE_ASN1_FUNCTIONS.3 +MLINKS+= X509_dup.3 DIRECTORYSTRING_free.3 +MLINKS+= X509_dup.3 DIRECTORYSTRING_new.3 +MLINKS+= X509_dup.3 DISPLAYTEXT_free.3 +MLINKS+= X509_dup.3 DISPLAYTEXT_new.3 +MLINKS+= X509_dup.3 DIST_POINT_NAME_free.3 +MLINKS+= X509_dup.3 DIST_POINT_NAME_new.3 +MLINKS+= X509_dup.3 DIST_POINT_free.3 +MLINKS+= X509_dup.3 DIST_POINT_new.3 +MLINKS+= X509_dup.3 DSAparams_dup.3 +MLINKS+= X509_dup.3 ECPARAMETERS_free.3 +MLINKS+= X509_dup.3 ECPARAMETERS_new.3 +MLINKS+= X509_dup.3 ECPKPARAMETERS_free.3 +MLINKS+= X509_dup.3 ECPKPARAMETERS_new.3 +MLINKS+= X509_dup.3 EDIPARTYNAME_free.3 +MLINKS+= X509_dup.3 EDIPARTYNAME_new.3 +MLINKS+= X509_dup.3 ESS_CERT_ID_dup.3 +MLINKS+= X509_dup.3 ESS_CERT_ID_free.3 +MLINKS+= X509_dup.3 ESS_CERT_ID_new.3 +MLINKS+= X509_dup.3 ESS_ISSUER_SERIAL_dup.3 +MLINKS+= X509_dup.3 ESS_ISSUER_SERIAL_free.3 +MLINKS+= X509_dup.3 ESS_ISSUER_SERIAL_new.3 +MLINKS+= X509_dup.3 ESS_SIGNING_CERT_dup.3 +MLINKS+= X509_dup.3 ESS_SIGNING_CERT_free.3 +MLINKS+= X509_dup.3 ESS_SIGNING_CERT_new.3 +MLINKS+= X509_dup.3 EXTENDED_KEY_USAGE_free.3 +MLINKS+= X509_dup.3 EXTENDED_KEY_USAGE_new.3 +MLINKS+= X509_dup.3 GENERAL_NAMES_free.3 +MLINKS+= X509_dup.3 GENERAL_NAMES_new.3 +MLINKS+= X509_dup.3 GENERAL_NAME_dup.3 +MLINKS+= X509_dup.3 GENERAL_NAME_free.3 +MLINKS+= X509_dup.3 GENERAL_NAME_new.3 +MLINKS+= X509_dup.3 GENERAL_SUBTREE_free.3 +MLINKS+= X509_dup.3 GENERAL_SUBTREE_new.3 +MLINKS+= X509_dup.3 IMPLEMENT_ASN1_FUNCTIONS.3 +MLINKS+= X509_dup.3 IPAddressChoice_free.3 +MLINKS+= X509_dup.3 IPAddressChoice_new.3 +MLINKS+= X509_dup.3 IPAddressFamily_free.3 +MLINKS+= X509_dup.3 IPAddressFamily_new.3 +MLINKS+= X509_dup.3 IPAddressOrRange_free.3 +MLINKS+= X509_dup.3 IPAddressOrRange_new.3 +MLINKS+= X509_dup.3 IPAddressRange_free.3 +MLINKS+= X509_dup.3 IPAddressRange_new.3 +MLINKS+= X509_dup.3 ISSUING_DIST_POINT_free.3 +MLINKS+= X509_dup.3 ISSUING_DIST_POINT_new.3 +MLINKS+= X509_dup.3 NAME_CONSTRAINTS_free.3 +MLINKS+= X509_dup.3 NAME_CONSTRAINTS_new.3 +MLINKS+= X509_dup.3 NAMING_AUTHORITY_free.3 +MLINKS+= X509_dup.3 NAMING_AUTHORITY_new.3 +MLINKS+= X509_dup.3 NETSCAPE_CERT_SEQUENCE_free.3 +MLINKS+= X509_dup.3 NETSCAPE_CERT_SEQUENCE_new.3 +MLINKS+= X509_dup.3 NETSCAPE_SPKAC_free.3 +MLINKS+= X509_dup.3 NETSCAPE_SPKAC_new.3 +MLINKS+= X509_dup.3 NETSCAPE_SPKI_free.3 +MLINKS+= X509_dup.3 NETSCAPE_SPKI_new.3 +MLINKS+= X509_dup.3 NOTICEREF_free.3 +MLINKS+= X509_dup.3 NOTICEREF_new.3 +MLINKS+= X509_dup.3 OCSP_BASICRESP_free.3 +MLINKS+= X509_dup.3 OCSP_BASICRESP_new.3 +MLINKS+= X509_dup.3 OCSP_CERTID_dup.3 +MLINKS+= X509_dup.3 OCSP_CERTID_new.3 +MLINKS+= X509_dup.3 OCSP_CERTSTATUS_free.3 +MLINKS+= X509_dup.3 OCSP_CERTSTATUS_new.3 +MLINKS+= X509_dup.3 OCSP_CRLID_free.3 +MLINKS+= X509_dup.3 OCSP_CRLID_new.3 +MLINKS+= X509_dup.3 OCSP_ONEREQ_free.3 +MLINKS+= X509_dup.3 OCSP_ONEREQ_new.3 +MLINKS+= X509_dup.3 OCSP_REQINFO_free.3 +MLINKS+= X509_dup.3 OCSP_REQINFO_new.3 +MLINKS+= X509_dup.3 OCSP_RESPBYTES_free.3 +MLINKS+= X509_dup.3 OCSP_RESPBYTES_new.3 +MLINKS+= X509_dup.3 OCSP_RESPDATA_free.3 +MLINKS+= X509_dup.3 OCSP_RESPDATA_new.3 +MLINKS+= X509_dup.3 OCSP_RESPID_free.3 +MLINKS+= X509_dup.3 OCSP_RESPID_new.3 +MLINKS+= X509_dup.3 OCSP_RESPONSE_new.3 +MLINKS+= X509_dup.3 OCSP_REVOKEDINFO_free.3 +MLINKS+= X509_dup.3 OCSP_REVOKEDINFO_new.3 +MLINKS+= X509_dup.3 OCSP_SERVICELOC_free.3 +MLINKS+= X509_dup.3 OCSP_SERVICELOC_new.3 +MLINKS+= X509_dup.3 OCSP_SIGNATURE_free.3 +MLINKS+= X509_dup.3 OCSP_SIGNATURE_new.3 +MLINKS+= X509_dup.3 OCSP_SINGLERESP_free.3 +MLINKS+= X509_dup.3 OCSP_SINGLERESP_new.3 +MLINKS+= X509_dup.3 OTHERNAME_free.3 +MLINKS+= X509_dup.3 OTHERNAME_new.3 +MLINKS+= X509_dup.3 PBE2PARAM_free.3 +MLINKS+= X509_dup.3 PBE2PARAM_new.3 +MLINKS+= X509_dup.3 PBEPARAM_free.3 +MLINKS+= X509_dup.3 PBEPARAM_new.3 +MLINKS+= X509_dup.3 PBKDF2PARAM_free.3 +MLINKS+= X509_dup.3 PBKDF2PARAM_new.3 +MLINKS+= X509_dup.3 PKCS12_BAGS_free.3 +MLINKS+= X509_dup.3 PKCS12_BAGS_new.3 +MLINKS+= X509_dup.3 PKCS12_MAC_DATA_free.3 +MLINKS+= X509_dup.3 PKCS12_MAC_DATA_new.3 +MLINKS+= X509_dup.3 PKCS12_SAFEBAG_free.3 +MLINKS+= X509_dup.3 PKCS12_SAFEBAG_new.3 +MLINKS+= X509_dup.3 PKCS12_free.3 +MLINKS+= X509_dup.3 PKCS12_new.3 +MLINKS+= X509_dup.3 PKCS7_DIGEST_free.3 +MLINKS+= X509_dup.3 PKCS7_DIGEST_new.3 +MLINKS+= X509_dup.3 PKCS7_ENCRYPT_free.3 +MLINKS+= X509_dup.3 PKCS7_ENCRYPT_new.3 +MLINKS+= X509_dup.3 PKCS7_ENC_CONTENT_free.3 +MLINKS+= X509_dup.3 PKCS7_ENC_CONTENT_new.3 +MLINKS+= X509_dup.3 PKCS7_ENVELOPE_free.3 +MLINKS+= X509_dup.3 PKCS7_ENVELOPE_new.3 +MLINKS+= X509_dup.3 PKCS7_ISSUER_AND_SERIAL_free.3 +MLINKS+= X509_dup.3 PKCS7_ISSUER_AND_SERIAL_new.3 +MLINKS+= X509_dup.3 PKCS7_RECIP_INFO_free.3 +MLINKS+= X509_dup.3 PKCS7_RECIP_INFO_new.3 +MLINKS+= X509_dup.3 PKCS7_SIGNED_free.3 +MLINKS+= X509_dup.3 PKCS7_SIGNED_new.3 +MLINKS+= X509_dup.3 PKCS7_SIGNER_INFO_free.3 +MLINKS+= X509_dup.3 PKCS7_SIGNER_INFO_new.3 +MLINKS+= X509_dup.3 PKCS7_SIGN_ENVELOPE_free.3 +MLINKS+= X509_dup.3 PKCS7_SIGN_ENVELOPE_new.3 +MLINKS+= X509_dup.3 PKCS7_dup.3 +MLINKS+= X509_dup.3 PKCS7_free.3 +MLINKS+= X509_dup.3 PKCS7_new.3 +MLINKS+= X509_dup.3 PKCS7_print_ctx.3 +MLINKS+= X509_dup.3 PKCS8_PRIV_KEY_INFO_free.3 +MLINKS+= X509_dup.3 PKCS8_PRIV_KEY_INFO_new.3 +MLINKS+= X509_dup.3 PKEY_USAGE_PERIOD_free.3 +MLINKS+= X509_dup.3 PKEY_USAGE_PERIOD_new.3 +MLINKS+= X509_dup.3 POLICYINFO_free.3 +MLINKS+= X509_dup.3 POLICYINFO_new.3 +MLINKS+= X509_dup.3 POLICYQUALINFO_free.3 +MLINKS+= X509_dup.3 POLICYQUALINFO_new.3 +MLINKS+= X509_dup.3 POLICY_CONSTRAINTS_free.3 +MLINKS+= X509_dup.3 POLICY_CONSTRAINTS_new.3 +MLINKS+= X509_dup.3 POLICY_MAPPING_free.3 +MLINKS+= X509_dup.3 POLICY_MAPPING_new.3 +MLINKS+= X509_dup.3 PROFESSION_INFOS_free.3 +MLINKS+= X509_dup.3 PROFESSION_INFOS_new.3 +MLINKS+= X509_dup.3 PROFESSION_INFO_free.3 +MLINKS+= X509_dup.3 PROFESSION_INFO_new.3 +MLINKS+= X509_dup.3 PROXY_CERT_INFO_EXTENSION_free.3 +MLINKS+= X509_dup.3 PROXY_CERT_INFO_EXTENSION_new.3 +MLINKS+= X509_dup.3 PROXY_POLICY_free.3 +MLINKS+= X509_dup.3 PROXY_POLICY_new.3 +MLINKS+= X509_dup.3 RSAPrivateKey_dup.3 +MLINKS+= X509_dup.3 RSAPublicKey_dup.3 +MLINKS+= X509_dup.3 RSA_OAEP_PARAMS_free.3 +MLINKS+= X509_dup.3 RSA_OAEP_PARAMS_new.3 +MLINKS+= X509_dup.3 RSA_PSS_PARAMS_free.3 +MLINKS+= X509_dup.3 RSA_PSS_PARAMS_new.3 +MLINKS+= X509_dup.3 SCRYPT_PARAMS_free.3 +MLINKS+= X509_dup.3 SCRYPT_PARAMS_new.3 +MLINKS+= X509_dup.3 SXNETID_free.3 +MLINKS+= X509_dup.3 SXNETID_new.3 +MLINKS+= X509_dup.3 SXNET_free.3 +MLINKS+= X509_dup.3 SXNET_new.3 +MLINKS+= X509_dup.3 TLS_FEATURE_free.3 +MLINKS+= X509_dup.3 TLS_FEATURE_new.3 +MLINKS+= X509_dup.3 TS_ACCURACY_dup.3 +MLINKS+= X509_dup.3 TS_ACCURACY_free.3 +MLINKS+= X509_dup.3 TS_ACCURACY_new.3 +MLINKS+= X509_dup.3 TS_MSG_IMPRINT_dup.3 +MLINKS+= X509_dup.3 TS_MSG_IMPRINT_free.3 +MLINKS+= X509_dup.3 TS_MSG_IMPRINT_new.3 +MLINKS+= X509_dup.3 TS_REQ_dup.3 +MLINKS+= X509_dup.3 TS_REQ_free.3 +MLINKS+= X509_dup.3 TS_REQ_new.3 +MLINKS+= X509_dup.3 TS_RESP_dup.3 +MLINKS+= X509_dup.3 TS_RESP_free.3 +MLINKS+= X509_dup.3 TS_RESP_new.3 +MLINKS+= X509_dup.3 TS_STATUS_INFO_dup.3 +MLINKS+= X509_dup.3 TS_STATUS_INFO_free.3 +MLINKS+= X509_dup.3 TS_STATUS_INFO_new.3 +MLINKS+= X509_dup.3 TS_TST_INFO_dup.3 +MLINKS+= X509_dup.3 TS_TST_INFO_free.3 +MLINKS+= X509_dup.3 TS_TST_INFO_new.3 +MLINKS+= X509_dup.3 USERNOTICE_free.3 +MLINKS+= X509_dup.3 USERNOTICE_new.3 +MLINKS+= X509_dup.3 X509_ALGOR_free.3 +MLINKS+= X509_dup.3 X509_ALGOR_new.3 +MLINKS+= X509_dup.3 X509_ATTRIBUTE_dup.3 +MLINKS+= X509_dup.3 X509_ATTRIBUTE_free.3 +MLINKS+= X509_dup.3 X509_ATTRIBUTE_new.3 +MLINKS+= X509_dup.3 X509_CERT_AUX_free.3 +MLINKS+= X509_dup.3 X509_CERT_AUX_new.3 +MLINKS+= X509_dup.3 X509_CINF_free.3 +MLINKS+= X509_dup.3 X509_CINF_new.3 +MLINKS+= X509_dup.3 X509_CRL_INFO_free.3 +MLINKS+= X509_dup.3 X509_CRL_INFO_new.3 +MLINKS+= X509_dup.3 X509_CRL_dup.3 +MLINKS+= X509_dup.3 X509_CRL_free.3 +MLINKS+= X509_dup.3 X509_CRL_new.3 +MLINKS+= X509_dup.3 X509_EXTENSION_dup.3 +MLINKS+= X509_dup.3 X509_EXTENSION_free.3 +MLINKS+= X509_dup.3 X509_EXTENSION_new.3 +MLINKS+= X509_dup.3 X509_NAME_ENTRY_dup.3 +MLINKS+= X509_dup.3 X509_NAME_ENTRY_free.3 +MLINKS+= X509_dup.3 X509_NAME_ENTRY_new.3 +MLINKS+= X509_dup.3 X509_NAME_dup.3 +MLINKS+= X509_dup.3 X509_NAME_free.3 +MLINKS+= X509_dup.3 X509_NAME_new.3 +MLINKS+= X509_dup.3 X509_REQ_INFO_free.3 +MLINKS+= X509_dup.3 X509_REQ_INFO_new.3 +MLINKS+= X509_dup.3 X509_REQ_dup.3 +MLINKS+= X509_dup.3 X509_REQ_free.3 +MLINKS+= X509_dup.3 X509_REQ_new.3 +MLINKS+= X509_dup.3 X509_REVOKED_dup.3 +MLINKS+= X509_dup.3 X509_REVOKED_free.3 +MLINKS+= X509_dup.3 X509_REVOKED_new.3 +MLINKS+= X509_dup.3 X509_SIG_free.3 +MLINKS+= X509_dup.3 X509_SIG_new.3 +MLINKS+= X509_dup.3 X509_VAL_free.3 +MLINKS+= X509_dup.3 X509_VAL_new.3 +MLINKS+= X509_get0_notBefore.3 X509_CRL_get0_lastUpdate.3 +MLINKS+= X509_get0_notBefore.3 X509_CRL_get0_nextUpdate.3 +MLINKS+= X509_get0_notBefore.3 X509_CRL_set1_lastUpdate.3 +MLINKS+= X509_get0_notBefore.3 X509_CRL_set1_nextUpdate.3 +MLINKS+= X509_get0_notBefore.3 X509_get0_notAfter.3 +MLINKS+= X509_get0_notBefore.3 X509_getm_notAfter.3 +MLINKS+= X509_get0_notBefore.3 X509_getm_notBefore.3 +MLINKS+= X509_get0_notBefore.3 X509_set1_notAfter.3 +MLINKS+= X509_get0_notBefore.3 X509_set1_notBefore.3 +MLINKS+= X509_get0_signature.3 X509_CRL_get0_signature.3 +MLINKS+= X509_get0_signature.3 X509_CRL_get_signature_nid.3 +MLINKS+= X509_get0_signature.3 X509_REQ_get0_signature.3 +MLINKS+= X509_get0_signature.3 X509_REQ_get_signature_nid.3 +MLINKS+= X509_get0_signature.3 X509_SIG_INFO_get.3 +MLINKS+= X509_get0_signature.3 X509_SIG_INFO_set.3 +MLINKS+= X509_get0_signature.3 X509_get0_tbs_sigalg.3 +MLINKS+= X509_get0_signature.3 X509_get_signature_info.3 +MLINKS+= X509_get0_signature.3 X509_get_signature_nid.3 +MLINKS+= X509_get_extension_flags.3 X509_get0_authority_issuer.3 +MLINKS+= X509_get_extension_flags.3 X509_get0_authority_key_id.3 +MLINKS+= X509_get_extension_flags.3 X509_get0_authority_serial.3 +MLINKS+= X509_get_extension_flags.3 X509_get0_subject_key_id.3 +MLINKS+= X509_get_extension_flags.3 X509_get_extended_key_usage.3 +MLINKS+= X509_get_extension_flags.3 X509_get_key_usage.3 +MLINKS+= X509_get_extension_flags.3 X509_get_pathlen.3 +MLINKS+= X509_get_extension_flags.3 X509_get_proxy_pathlen.3 +MLINKS+= X509_get_extension_flags.3 X509_set_proxy_flag.3 +MLINKS+= X509_get_extension_flags.3 X509_set_proxy_pathlen.3 +MLINKS+= X509_get_pubkey.3 X509_REQ_get0_pubkey.3 +MLINKS+= X509_get_pubkey.3 X509_REQ_get_X509_PUBKEY.3 +MLINKS+= X509_get_pubkey.3 X509_REQ_get_pubkey.3 +MLINKS+= X509_get_pubkey.3 X509_REQ_set_pubkey.3 +MLINKS+= X509_get_pubkey.3 X509_get0_pubkey.3 +MLINKS+= X509_get_pubkey.3 X509_get_X509_PUBKEY.3 +MLINKS+= X509_get_pubkey.3 X509_set_pubkey.3 +MLINKS+= X509_get_serialNumber.3 X509_get0_serialNumber.3 +MLINKS+= X509_get_serialNumber.3 X509_set_serialNumber.3 +MLINKS+= X509_get_subject_name.3 X509_CRL_get_issuer.3 +MLINKS+= X509_get_subject_name.3 X509_CRL_set_issuer_name.3 +MLINKS+= X509_get_subject_name.3 X509_REQ_get_subject_name.3 +MLINKS+= X509_get_subject_name.3 X509_REQ_set_subject_name.3 +MLINKS+= X509_get_subject_name.3 X509_get_issuer_name.3 +MLINKS+= X509_get_subject_name.3 X509_set_issuer_name.3 +MLINKS+= X509_get_subject_name.3 X509_set_subject_name.3 +MLINKS+= X509_get_version.3 X509_CRL_get_version.3 +MLINKS+= X509_get_version.3 X509_CRL_set_version.3 +MLINKS+= X509_get_version.3 X509_REQ_get_version.3 +MLINKS+= X509_get_version.3 X509_REQ_set_version.3 +MLINKS+= X509_get_version.3 X509_set_version.3 +MLINKS+= X509_new.3 X509_chain_up_ref.3 +MLINKS+= X509_new.3 X509_free.3 +MLINKS+= X509_new.3 X509_up_ref.3 +MLINKS+= X509_sign.3 X509_CRL_sign.3 +MLINKS+= X509_sign.3 X509_CRL_sign_ctx.3 +MLINKS+= X509_sign.3 X509_CRL_verify.3 +MLINKS+= X509_sign.3 X509_REQ_sign.3 +MLINKS+= X509_sign.3 X509_REQ_sign_ctx.3 +MLINKS+= X509_sign.3 X509_REQ_verify.3 +MLINKS+= X509_sign.3 X509_sign_ctx.3 +MLINKS+= X509_sign.3 X509_verify.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_add_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_delete_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_by_NID.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_by_OBJ.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_by_critical.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_CRL_get_ext_count.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_add_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_delete_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_by_NID.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_by_OBJ.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_by_critical.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_REVOKED_get_ext_count.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_add_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_delete_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_by_NID.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_by_OBJ.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_by_critical.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509_get_ext_count.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509v3_add_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509v3_delete_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509v3_get_ext.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509v3_get_ext_by_OBJ.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509v3_get_ext_by_critical.3 +MLINKS+= X509v3_get_ext_by_NID.3 X509v3_get_ext_count.3 +MLINKS+= d2i_DHparams.3 i2d_DHparams.3 +MLINKS+= d2i_PKCS8PrivateKey_bio.3 d2i_PKCS8PrivateKey_fp.3 +MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_bio.3 +MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_fp.3 +MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_nid_bio.3 +MLINKS+= d2i_PKCS8PrivateKey_bio.3 i2d_PKCS8PrivateKey_nid_fp.3 +MLINKS+= d2i_PrivateKey.3 d2i_AutoPrivateKey.3 +MLINKS+= d2i_PrivateKey.3 d2i_PrivateKey_bio.3 +MLINKS+= d2i_PrivateKey.3 d2i_PrivateKey_fp.3 +MLINKS+= d2i_PrivateKey.3 d2i_PublicKey.3 +MLINKS+= d2i_PrivateKey.3 i2d_PrivateKey.3 +MLINKS+= d2i_PrivateKey.3 i2d_PublicKey.3 +MLINKS+= d2i_SSL_SESSION.3 i2d_SSL_SESSION.3 +MLINKS+= d2i_X509.3 d2i_ACCESS_DESCRIPTION.3 +MLINKS+= d2i_X509.3 d2i_ADMISSIONS.3 +MLINKS+= d2i_X509.3 d2i_ADMISSION_SYNTAX.3 +MLINKS+= d2i_X509.3 d2i_ASIdOrRange.3 +MLINKS+= d2i_X509.3 d2i_ASIdentifierChoice.3 +MLINKS+= d2i_X509.3 d2i_ASIdentifiers.3 +MLINKS+= d2i_X509.3 d2i_ASN1_BIT_STRING.3 +MLINKS+= d2i_X509.3 d2i_ASN1_BMPSTRING.3 +MLINKS+= d2i_X509.3 d2i_ASN1_ENUMERATED.3 +MLINKS+= d2i_X509.3 d2i_ASN1_GENERALIZEDTIME.3 +MLINKS+= d2i_X509.3 d2i_ASN1_GENERALSTRING.3 +MLINKS+= d2i_X509.3 d2i_ASN1_IA5STRING.3 +MLINKS+= d2i_X509.3 d2i_ASN1_INTEGER.3 +MLINKS+= d2i_X509.3 d2i_ASN1_NULL.3 +MLINKS+= d2i_X509.3 d2i_ASN1_OBJECT.3 +MLINKS+= d2i_X509.3 d2i_ASN1_OCTET_STRING.3 +MLINKS+= d2i_X509.3 d2i_ASN1_PRINTABLE.3 +MLINKS+= d2i_X509.3 d2i_ASN1_PRINTABLESTRING.3 +MLINKS+= d2i_X509.3 d2i_ASN1_SEQUENCE_ANY.3 +MLINKS+= d2i_X509.3 d2i_ASN1_SET_ANY.3 +MLINKS+= d2i_X509.3 d2i_ASN1_T61STRING.3 +MLINKS+= d2i_X509.3 d2i_ASN1_TIME.3 +MLINKS+= d2i_X509.3 d2i_ASN1_TYPE.3 +MLINKS+= d2i_X509.3 d2i_ASN1_UINTEGER.3 +MLINKS+= d2i_X509.3 d2i_ASN1_UNIVERSALSTRING.3 +MLINKS+= d2i_X509.3 d2i_ASN1_UTCTIME.3 +MLINKS+= d2i_X509.3 d2i_ASN1_UTF8STRING.3 +MLINKS+= d2i_X509.3 d2i_ASN1_VISIBLESTRING.3 +MLINKS+= d2i_X509.3 d2i_ASRange.3 +MLINKS+= d2i_X509.3 d2i_AUTHORITY_INFO_ACCESS.3 +MLINKS+= d2i_X509.3 d2i_AUTHORITY_KEYID.3 +MLINKS+= d2i_X509.3 d2i_BASIC_CONSTRAINTS.3 +MLINKS+= d2i_X509.3 d2i_CERTIFICATEPOLICIES.3 +MLINKS+= d2i_X509.3 d2i_CMS_ContentInfo.3 +MLINKS+= d2i_X509.3 d2i_CMS_ReceiptRequest.3 +MLINKS+= d2i_X509.3 d2i_CMS_bio.3 +MLINKS+= d2i_X509.3 d2i_CRL_DIST_POINTS.3 +MLINKS+= d2i_X509.3 d2i_DHxparams.3 +MLINKS+= d2i_X509.3 d2i_DIRECTORYSTRING.3 +MLINKS+= d2i_X509.3 d2i_DISPLAYTEXT.3 +MLINKS+= d2i_X509.3 d2i_DIST_POINT.3 +MLINKS+= d2i_X509.3 d2i_DIST_POINT_NAME.3 +MLINKS+= d2i_X509.3 d2i_DSAPrivateKey.3 +MLINKS+= d2i_X509.3 d2i_DSAPrivateKey_bio.3 +MLINKS+= d2i_X509.3 d2i_DSAPrivateKey_fp.3 +MLINKS+= d2i_X509.3 d2i_DSAPublicKey.3 +MLINKS+= d2i_X509.3 d2i_DSA_PUBKEY.3 +MLINKS+= d2i_X509.3 d2i_DSA_PUBKEY_bio.3 +MLINKS+= d2i_X509.3 d2i_DSA_PUBKEY_fp.3 +MLINKS+= d2i_X509.3 d2i_DSA_SIG.3 +MLINKS+= d2i_X509.3 d2i_DSAparams.3 +MLINKS+= d2i_X509.3 d2i_ECDSA_SIG.3 +MLINKS+= d2i_X509.3 d2i_ECPKParameters.3 +MLINKS+= d2i_X509.3 d2i_ECParameters.3 +MLINKS+= d2i_X509.3 d2i_ECPrivateKey.3 +MLINKS+= d2i_X509.3 d2i_ECPrivateKey_bio.3 +MLINKS+= d2i_X509.3 d2i_ECPrivateKey_fp.3 +MLINKS+= d2i_X509.3 d2i_EC_PUBKEY.3 +MLINKS+= d2i_X509.3 d2i_EC_PUBKEY_bio.3 +MLINKS+= d2i_X509.3 d2i_EC_PUBKEY_fp.3 +MLINKS+= d2i_X509.3 d2i_EDIPARTYNAME.3 +MLINKS+= d2i_X509.3 d2i_ESS_CERT_ID.3 +MLINKS+= d2i_X509.3 d2i_ESS_ISSUER_SERIAL.3 +MLINKS+= d2i_X509.3 d2i_ESS_SIGNING_CERT.3 +MLINKS+= d2i_X509.3 d2i_EXTENDED_KEY_USAGE.3 +MLINKS+= d2i_X509.3 d2i_GENERAL_NAME.3 +MLINKS+= d2i_X509.3 d2i_GENERAL_NAMES.3 +MLINKS+= d2i_X509.3 d2i_IPAddressChoice.3 +MLINKS+= d2i_X509.3 d2i_IPAddressFamily.3 +MLINKS+= d2i_X509.3 d2i_IPAddressOrRange.3 +MLINKS+= d2i_X509.3 d2i_IPAddressRange.3 +MLINKS+= d2i_X509.3 d2i_ISSUING_DIST_POINT.3 +MLINKS+= d2i_X509.3 d2i_NAMING_AUTHORITY.3 +MLINKS+= d2i_X509.3 d2i_NETSCAPE_CERT_SEQUENCE.3 +MLINKS+= d2i_X509.3 d2i_NETSCAPE_SPKAC.3 +MLINKS+= d2i_X509.3 d2i_NETSCAPE_SPKI.3 +MLINKS+= d2i_X509.3 d2i_NOTICEREF.3 +MLINKS+= d2i_X509.3 d2i_OCSP_BASICRESP.3 +MLINKS+= d2i_X509.3 d2i_OCSP_CERTID.3 +MLINKS+= d2i_X509.3 d2i_OCSP_CERTSTATUS.3 +MLINKS+= d2i_X509.3 d2i_OCSP_CRLID.3 +MLINKS+= d2i_X509.3 d2i_OCSP_ONEREQ.3 +MLINKS+= d2i_X509.3 d2i_OCSP_REQINFO.3 +MLINKS+= d2i_X509.3 d2i_OCSP_REQUEST.3 +MLINKS+= d2i_X509.3 d2i_OCSP_RESPBYTES.3 +MLINKS+= d2i_X509.3 d2i_OCSP_RESPDATA.3 +MLINKS+= d2i_X509.3 d2i_OCSP_RESPID.3 +MLINKS+= d2i_X509.3 d2i_OCSP_RESPONSE.3 +MLINKS+= d2i_X509.3 d2i_OCSP_REVOKEDINFO.3 +MLINKS+= d2i_X509.3 d2i_OCSP_SERVICELOC.3 +MLINKS+= d2i_X509.3 d2i_OCSP_SIGNATURE.3 +MLINKS+= d2i_X509.3 d2i_OCSP_SINGLERESP.3 +MLINKS+= d2i_X509.3 d2i_OTHERNAME.3 +MLINKS+= d2i_X509.3 d2i_PBE2PARAM.3 +MLINKS+= d2i_X509.3 d2i_PBEPARAM.3 +MLINKS+= d2i_X509.3 d2i_PBKDF2PARAM.3 +MLINKS+= d2i_X509.3 d2i_PKCS12.3 +MLINKS+= d2i_X509.3 d2i_PKCS12_BAGS.3 +MLINKS+= d2i_X509.3 d2i_PKCS12_MAC_DATA.3 +MLINKS+= d2i_X509.3 d2i_PKCS12_SAFEBAG.3 +MLINKS+= d2i_X509.3 d2i_PKCS12_bio.3 +MLINKS+= d2i_X509.3 d2i_PKCS12_fp.3 +MLINKS+= d2i_X509.3 d2i_PKCS7.3 +MLINKS+= d2i_X509.3 d2i_PKCS7_DIGEST.3 +MLINKS+= d2i_X509.3 d2i_PKCS7_ENCRYPT.3 +MLINKS+= d2i_X509.3 d2i_PKCS7_ENC_CONTENT.3 +MLINKS+= d2i_X509.3 d2i_PKCS7_ENVELOPE.3 +MLINKS+= d2i_X509.3 d2i_PKCS7_ISSUER_AND_SERIAL.3 +MLINKS+= d2i_X509.3 d2i_PKCS7_RECIP_INFO.3 +MLINKS+= d2i_X509.3 d2i_PKCS7_SIGNED.3 +MLINKS+= d2i_X509.3 d2i_PKCS7_SIGNER_INFO.3 +MLINKS+= d2i_X509.3 d2i_PKCS7_SIGN_ENVELOPE.3 +MLINKS+= d2i_X509.3 d2i_PKCS7_bio.3 +MLINKS+= d2i_X509.3 d2i_PKCS7_fp.3 +MLINKS+= d2i_X509.3 d2i_PKCS8_PRIV_KEY_INFO.3 +MLINKS+= d2i_X509.3 d2i_PKCS8_PRIV_KEY_INFO_bio.3 +MLINKS+= d2i_X509.3 d2i_PKCS8_PRIV_KEY_INFO_fp.3 +MLINKS+= d2i_X509.3 d2i_PKCS8_bio.3 +MLINKS+= d2i_X509.3 d2i_PKCS8_fp.3 +MLINKS+= d2i_X509.3 d2i_PKEY_USAGE_PERIOD.3 +MLINKS+= d2i_X509.3 d2i_POLICYINFO.3 +MLINKS+= d2i_X509.3 d2i_POLICYQUALINFO.3 +MLINKS+= d2i_X509.3 d2i_PROFESSION_INFO.3 +MLINKS+= d2i_X509.3 d2i_PROXY_CERT_INFO_EXTENSION.3 +MLINKS+= d2i_X509.3 d2i_PROXY_POLICY.3 +MLINKS+= d2i_X509.3 d2i_RSAPrivateKey.3 +MLINKS+= d2i_X509.3 d2i_RSAPrivateKey_bio.3 +MLINKS+= d2i_X509.3 d2i_RSAPrivateKey_fp.3 +MLINKS+= d2i_X509.3 d2i_RSAPublicKey.3 +MLINKS+= d2i_X509.3 d2i_RSAPublicKey_bio.3 +MLINKS+= d2i_X509.3 d2i_RSAPublicKey_fp.3 +MLINKS+= d2i_X509.3 d2i_RSA_OAEP_PARAMS.3 +MLINKS+= d2i_X509.3 d2i_RSA_PSS_PARAMS.3 +MLINKS+= d2i_X509.3 d2i_RSA_PUBKEY.3 +MLINKS+= d2i_X509.3 d2i_RSA_PUBKEY_bio.3 +MLINKS+= d2i_X509.3 d2i_RSA_PUBKEY_fp.3 +MLINKS+= d2i_X509.3 d2i_SCRYPT_PARAMS.3 +MLINKS+= d2i_X509.3 d2i_SCT_LIST.3 +MLINKS+= d2i_X509.3 d2i_SXNET.3 +MLINKS+= d2i_X509.3 d2i_SXNETID.3 +MLINKS+= d2i_X509.3 d2i_TS_ACCURACY.3 +MLINKS+= d2i_X509.3 d2i_TS_MSG_IMPRINT.3 +MLINKS+= d2i_X509.3 d2i_TS_MSG_IMPRINT_bio.3 +MLINKS+= d2i_X509.3 d2i_TS_MSG_IMPRINT_fp.3 +MLINKS+= d2i_X509.3 d2i_TS_REQ.3 +MLINKS+= d2i_X509.3 d2i_TS_REQ_bio.3 +MLINKS+= d2i_X509.3 d2i_TS_REQ_fp.3 +MLINKS+= d2i_X509.3 d2i_TS_RESP.3 +MLINKS+= d2i_X509.3 d2i_TS_RESP_bio.3 +MLINKS+= d2i_X509.3 d2i_TS_RESP_fp.3 +MLINKS+= d2i_X509.3 d2i_TS_STATUS_INFO.3 +MLINKS+= d2i_X509.3 d2i_TS_TST_INFO.3 +MLINKS+= d2i_X509.3 d2i_TS_TST_INFO_bio.3 +MLINKS+= d2i_X509.3 d2i_TS_TST_INFO_fp.3 +MLINKS+= d2i_X509.3 d2i_USERNOTICE.3 +MLINKS+= d2i_X509.3 d2i_X509_ALGOR.3 +MLINKS+= d2i_X509.3 d2i_X509_ALGORS.3 +MLINKS+= d2i_X509.3 d2i_X509_ATTRIBUTE.3 +MLINKS+= d2i_X509.3 d2i_X509_CERT_AUX.3 +MLINKS+= d2i_X509.3 d2i_X509_CINF.3 +MLINKS+= d2i_X509.3 d2i_X509_CRL.3 +MLINKS+= d2i_X509.3 d2i_X509_CRL_INFO.3 +MLINKS+= d2i_X509.3 d2i_X509_CRL_bio.3 +MLINKS+= d2i_X509.3 d2i_X509_CRL_fp.3 +MLINKS+= d2i_X509.3 d2i_X509_EXTENSION.3 +MLINKS+= d2i_X509.3 d2i_X509_EXTENSIONS.3 +MLINKS+= d2i_X509.3 d2i_X509_NAME.3 +MLINKS+= d2i_X509.3 d2i_X509_NAME_ENTRY.3 +MLINKS+= d2i_X509.3 d2i_X509_PUBKEY.3 +MLINKS+= d2i_X509.3 d2i_X509_REQ.3 +MLINKS+= d2i_X509.3 d2i_X509_REQ_INFO.3 +MLINKS+= d2i_X509.3 d2i_X509_REQ_bio.3 +MLINKS+= d2i_X509.3 d2i_X509_REQ_fp.3 +MLINKS+= d2i_X509.3 d2i_X509_REVOKED.3 +MLINKS+= d2i_X509.3 d2i_X509_SIG.3 +MLINKS+= d2i_X509.3 d2i_X509_VAL.3 +MLINKS+= d2i_X509.3 i2d_ACCESS_DESCRIPTION.3 +MLINKS+= d2i_X509.3 i2d_ADMISSIONS.3 +MLINKS+= d2i_X509.3 i2d_ADMISSION_SYNTAX.3 +MLINKS+= d2i_X509.3 i2d_ASIdOrRange.3 +MLINKS+= d2i_X509.3 i2d_ASIdentifierChoice.3 +MLINKS+= d2i_X509.3 i2d_ASIdentifiers.3 +MLINKS+= d2i_X509.3 i2d_ASN1_BIT_STRING.3 +MLINKS+= d2i_X509.3 i2d_ASN1_BMPSTRING.3 +MLINKS+= d2i_X509.3 i2d_ASN1_ENUMERATED.3 +MLINKS+= d2i_X509.3 i2d_ASN1_GENERALIZEDTIME.3 +MLINKS+= d2i_X509.3 i2d_ASN1_GENERALSTRING.3 +MLINKS+= d2i_X509.3 i2d_ASN1_IA5STRING.3 +MLINKS+= d2i_X509.3 i2d_ASN1_INTEGER.3 +MLINKS+= d2i_X509.3 i2d_ASN1_NULL.3 +MLINKS+= d2i_X509.3 i2d_ASN1_OBJECT.3 +MLINKS+= d2i_X509.3 i2d_ASN1_OCTET_STRING.3 +MLINKS+= d2i_X509.3 i2d_ASN1_PRINTABLE.3 +MLINKS+= d2i_X509.3 i2d_ASN1_PRINTABLESTRING.3 +MLINKS+= d2i_X509.3 i2d_ASN1_SEQUENCE_ANY.3 +MLINKS+= d2i_X509.3 i2d_ASN1_SET_ANY.3 +MLINKS+= d2i_X509.3 i2d_ASN1_T61STRING.3 +MLINKS+= d2i_X509.3 i2d_ASN1_TIME.3 +MLINKS+= d2i_X509.3 i2d_ASN1_TYPE.3 +MLINKS+= d2i_X509.3 i2d_ASN1_UNIVERSALSTRING.3 +MLINKS+= d2i_X509.3 i2d_ASN1_UTCTIME.3 +MLINKS+= d2i_X509.3 i2d_ASN1_UTF8STRING.3 +MLINKS+= d2i_X509.3 i2d_ASN1_VISIBLESTRING.3 +MLINKS+= d2i_X509.3 i2d_ASN1_bio_stream.3 +MLINKS+= d2i_X509.3 i2d_ASRange.3 +MLINKS+= d2i_X509.3 i2d_AUTHORITY_INFO_ACCESS.3 +MLINKS+= d2i_X509.3 i2d_AUTHORITY_KEYID.3 +MLINKS+= d2i_X509.3 i2d_BASIC_CONSTRAINTS.3 +MLINKS+= d2i_X509.3 i2d_CERTIFICATEPOLICIES.3 +MLINKS+= d2i_X509.3 i2d_CMS_ContentInfo.3 +MLINKS+= d2i_X509.3 i2d_CMS_ReceiptRequest.3 +MLINKS+= d2i_X509.3 i2d_CMS_bio.3 +MLINKS+= d2i_X509.3 i2d_CRL_DIST_POINTS.3 +MLINKS+= d2i_X509.3 i2d_DHxparams.3 +MLINKS+= d2i_X509.3 i2d_DIRECTORYSTRING.3 +MLINKS+= d2i_X509.3 i2d_DISPLAYTEXT.3 +MLINKS+= d2i_X509.3 i2d_DIST_POINT.3 +MLINKS+= d2i_X509.3 i2d_DIST_POINT_NAME.3 +MLINKS+= d2i_X509.3 i2d_DSAPrivateKey.3 +MLINKS+= d2i_X509.3 i2d_DSAPrivateKey_bio.3 +MLINKS+= d2i_X509.3 i2d_DSAPrivateKey_fp.3 +MLINKS+= d2i_X509.3 i2d_DSAPublicKey.3 +MLINKS+= d2i_X509.3 i2d_DSA_PUBKEY.3 +MLINKS+= d2i_X509.3 i2d_DSA_PUBKEY_bio.3 +MLINKS+= d2i_X509.3 i2d_DSA_PUBKEY_fp.3 +MLINKS+= d2i_X509.3 i2d_DSA_SIG.3 +MLINKS+= d2i_X509.3 i2d_DSAparams.3 +MLINKS+= d2i_X509.3 i2d_ECDSA_SIG.3 +MLINKS+= d2i_X509.3 i2d_ECPKParameters.3 +MLINKS+= d2i_X509.3 i2d_ECParameters.3 +MLINKS+= d2i_X509.3 i2d_ECPrivateKey.3 +MLINKS+= d2i_X509.3 i2d_ECPrivateKey_bio.3 +MLINKS+= d2i_X509.3 i2d_ECPrivateKey_fp.3 +MLINKS+= d2i_X509.3 i2d_EC_PUBKEY.3 +MLINKS+= d2i_X509.3 i2d_EC_PUBKEY_bio.3 +MLINKS+= d2i_X509.3 i2d_EC_PUBKEY_fp.3 +MLINKS+= d2i_X509.3 i2d_EDIPARTYNAME.3 +MLINKS+= d2i_X509.3 i2d_ESS_CERT_ID.3 +MLINKS+= d2i_X509.3 i2d_ESS_ISSUER_SERIAL.3 +MLINKS+= d2i_X509.3 i2d_ESS_SIGNING_CERT.3 +MLINKS+= d2i_X509.3 i2d_EXTENDED_KEY_USAGE.3 +MLINKS+= d2i_X509.3 i2d_GENERAL_NAME.3 +MLINKS+= d2i_X509.3 i2d_GENERAL_NAMES.3 +MLINKS+= d2i_X509.3 i2d_IPAddressChoice.3 +MLINKS+= d2i_X509.3 i2d_IPAddressFamily.3 +MLINKS+= d2i_X509.3 i2d_IPAddressOrRange.3 +MLINKS+= d2i_X509.3 i2d_IPAddressRange.3 +MLINKS+= d2i_X509.3 i2d_ISSUING_DIST_POINT.3 +MLINKS+= d2i_X509.3 i2d_NAMING_AUTHORITY.3 +MLINKS+= d2i_X509.3 i2d_NETSCAPE_CERT_SEQUENCE.3 +MLINKS+= d2i_X509.3 i2d_NETSCAPE_SPKAC.3 +MLINKS+= d2i_X509.3 i2d_NETSCAPE_SPKI.3 +MLINKS+= d2i_X509.3 i2d_NOTICEREF.3 +MLINKS+= d2i_X509.3 i2d_OCSP_BASICRESP.3 +MLINKS+= d2i_X509.3 i2d_OCSP_CERTID.3 +MLINKS+= d2i_X509.3 i2d_OCSP_CERTSTATUS.3 +MLINKS+= d2i_X509.3 i2d_OCSP_CRLID.3 +MLINKS+= d2i_X509.3 i2d_OCSP_ONEREQ.3 +MLINKS+= d2i_X509.3 i2d_OCSP_REQINFO.3 +MLINKS+= d2i_X509.3 i2d_OCSP_REQUEST.3 +MLINKS+= d2i_X509.3 i2d_OCSP_RESPBYTES.3 +MLINKS+= d2i_X509.3 i2d_OCSP_RESPDATA.3 +MLINKS+= d2i_X509.3 i2d_OCSP_RESPID.3 +MLINKS+= d2i_X509.3 i2d_OCSP_RESPONSE.3 +MLINKS+= d2i_X509.3 i2d_OCSP_REVOKEDINFO.3 +MLINKS+= d2i_X509.3 i2d_OCSP_SERVICELOC.3 +MLINKS+= d2i_X509.3 i2d_OCSP_SIGNATURE.3 +MLINKS+= d2i_X509.3 i2d_OCSP_SINGLERESP.3 +MLINKS+= d2i_X509.3 i2d_OTHERNAME.3 +MLINKS+= d2i_X509.3 i2d_PBE2PARAM.3 +MLINKS+= d2i_X509.3 i2d_PBEPARAM.3 +MLINKS+= d2i_X509.3 i2d_PBKDF2PARAM.3 +MLINKS+= d2i_X509.3 i2d_PKCS12.3 +MLINKS+= d2i_X509.3 i2d_PKCS12_BAGS.3 +MLINKS+= d2i_X509.3 i2d_PKCS12_MAC_DATA.3 +MLINKS+= d2i_X509.3 i2d_PKCS12_SAFEBAG.3 +MLINKS+= d2i_X509.3 i2d_PKCS12_bio.3 +MLINKS+= d2i_X509.3 i2d_PKCS12_fp.3 +MLINKS+= d2i_X509.3 i2d_PKCS7.3 +MLINKS+= d2i_X509.3 i2d_PKCS7_DIGEST.3 +MLINKS+= d2i_X509.3 i2d_PKCS7_ENCRYPT.3 +MLINKS+= d2i_X509.3 i2d_PKCS7_ENC_CONTENT.3 +MLINKS+= d2i_X509.3 i2d_PKCS7_ENVELOPE.3 +MLINKS+= d2i_X509.3 i2d_PKCS7_ISSUER_AND_SERIAL.3 +MLINKS+= d2i_X509.3 i2d_PKCS7_NDEF.3 +MLINKS+= d2i_X509.3 i2d_PKCS7_RECIP_INFO.3 +MLINKS+= d2i_X509.3 i2d_PKCS7_SIGNED.3 +MLINKS+= d2i_X509.3 i2d_PKCS7_SIGNER_INFO.3 +MLINKS+= d2i_X509.3 i2d_PKCS7_SIGN_ENVELOPE.3 +MLINKS+= d2i_X509.3 i2d_PKCS7_bio.3 +MLINKS+= d2i_X509.3 i2d_PKCS7_fp.3 +MLINKS+= d2i_X509.3 i2d_PKCS8PrivateKeyInfo_bio.3 +MLINKS+= d2i_X509.3 i2d_PKCS8PrivateKeyInfo_fp.3 +MLINKS+= d2i_X509.3 i2d_PKCS8_PRIV_KEY_INFO.3 +MLINKS+= d2i_X509.3 i2d_PKCS8_PRIV_KEY_INFO_bio.3 +MLINKS+= d2i_X509.3 i2d_PKCS8_PRIV_KEY_INFO_fp.3 +MLINKS+= d2i_X509.3 i2d_PKCS8_bio.3 +MLINKS+= d2i_X509.3 i2d_PKCS8_fp.3 +MLINKS+= d2i_X509.3 i2d_PKEY_USAGE_PERIOD.3 +MLINKS+= d2i_X509.3 i2d_POLICYINFO.3 +MLINKS+= d2i_X509.3 i2d_POLICYQUALINFO.3 +MLINKS+= d2i_X509.3 i2d_PROFESSION_INFO.3 +MLINKS+= d2i_X509.3 i2d_PROXY_CERT_INFO_EXTENSION.3 +MLINKS+= d2i_X509.3 i2d_PROXY_POLICY.3 +MLINKS+= d2i_X509.3 i2d_RSAPrivateKey.3 +MLINKS+= d2i_X509.3 i2d_RSAPrivateKey_bio.3 +MLINKS+= d2i_X509.3 i2d_RSAPrivateKey_fp.3 +MLINKS+= d2i_X509.3 i2d_RSAPublicKey.3 +MLINKS+= d2i_X509.3 i2d_RSAPublicKey_bio.3 +MLINKS+= d2i_X509.3 i2d_RSAPublicKey_fp.3 +MLINKS+= d2i_X509.3 i2d_RSA_OAEP_PARAMS.3 +MLINKS+= d2i_X509.3 i2d_RSA_PSS_PARAMS.3 +MLINKS+= d2i_X509.3 i2d_RSA_PUBKEY.3 +MLINKS+= d2i_X509.3 i2d_RSA_PUBKEY_bio.3 +MLINKS+= d2i_X509.3 i2d_RSA_PUBKEY_fp.3 +MLINKS+= d2i_X509.3 i2d_SCRYPT_PARAMS.3 +MLINKS+= d2i_X509.3 i2d_SCT_LIST.3 +MLINKS+= d2i_X509.3 i2d_SXNET.3 +MLINKS+= d2i_X509.3 i2d_SXNETID.3 +MLINKS+= d2i_X509.3 i2d_TS_ACCURACY.3 +MLINKS+= d2i_X509.3 i2d_TS_MSG_IMPRINT.3 +MLINKS+= d2i_X509.3 i2d_TS_MSG_IMPRINT_bio.3 +MLINKS+= d2i_X509.3 i2d_TS_MSG_IMPRINT_fp.3 +MLINKS+= d2i_X509.3 i2d_TS_REQ.3 +MLINKS+= d2i_X509.3 i2d_TS_REQ_bio.3 +MLINKS+= d2i_X509.3 i2d_TS_REQ_fp.3 +MLINKS+= d2i_X509.3 i2d_TS_RESP.3 +MLINKS+= d2i_X509.3 i2d_TS_RESP_bio.3 +MLINKS+= d2i_X509.3 i2d_TS_RESP_fp.3 +MLINKS+= d2i_X509.3 i2d_TS_STATUS_INFO.3 +MLINKS+= d2i_X509.3 i2d_TS_TST_INFO.3 +MLINKS+= d2i_X509.3 i2d_TS_TST_INFO_bio.3 +MLINKS+= d2i_X509.3 i2d_TS_TST_INFO_fp.3 +MLINKS+= d2i_X509.3 i2d_USERNOTICE.3 +MLINKS+= d2i_X509.3 i2d_X509.3 +MLINKS+= d2i_X509.3 i2d_X509_ALGOR.3 +MLINKS+= d2i_X509.3 i2d_X509_ALGORS.3 +MLINKS+= d2i_X509.3 i2d_X509_ATTRIBUTE.3 +MLINKS+= d2i_X509.3 i2d_X509_CERT_AUX.3 +MLINKS+= d2i_X509.3 i2d_X509_CINF.3 +MLINKS+= d2i_X509.3 i2d_X509_CRL.3 +MLINKS+= d2i_X509.3 i2d_X509_CRL_INFO.3 +MLINKS+= d2i_X509.3 i2d_X509_CRL_bio.3 +MLINKS+= d2i_X509.3 i2d_X509_CRL_fp.3 +MLINKS+= d2i_X509.3 i2d_X509_EXTENSION.3 +MLINKS+= d2i_X509.3 i2d_X509_EXTENSIONS.3 +MLINKS+= d2i_X509.3 i2d_X509_NAME.3 +MLINKS+= d2i_X509.3 i2d_X509_NAME_ENTRY.3 +MLINKS+= d2i_X509.3 i2d_X509_PUBKEY.3 +MLINKS+= d2i_X509.3 i2d_X509_REQ.3 +MLINKS+= d2i_X509.3 i2d_X509_REQ_INFO.3 +MLINKS+= d2i_X509.3 i2d_X509_REQ_bio.3 +MLINKS+= d2i_X509.3 i2d_X509_REQ_fp.3 +MLINKS+= d2i_X509.3 i2d_X509_REVOKED.3 +MLINKS+= d2i_X509.3 i2d_X509_SIG.3 +MLINKS+= d2i_X509.3 i2d_X509_VAL.3 +MLINKS+= i2d_re_X509_tbs.3 d2i_X509_AUX.3 +MLINKS+= i2d_re_X509_tbs.3 i2d_X509_AUX.3 +MLINKS+= i2d_re_X509_tbs.3 i2d_re_X509_CRL_tbs.3 +MLINKS+= i2d_re_X509_tbs.3 i2d_re_X509_REQ_tbs.3 +MLINKS+= o2i_SCT_LIST.3 i2o_SCT.3 +MLINKS+= o2i_SCT_LIST.3 i2o_SCT_LIST.3 +MLINKS+= o2i_SCT_LIST.3 o2i_SCT.3 diff --git a/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 new file mode 100644 index 000000000000..626bf1acd261 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OBJ_nid2obj.3 @@ -0,0 +1,327 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OBJ_NID2OBJ 3" +.TH OBJ_NID2OBJ 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2t_ASN1_OBJECT, OBJ_length, OBJ_get0_data, OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \&\- ASN1 object utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *OBJ_nid2obj(int n); +\& const char *OBJ_nid2ln(int n); +\& const char *OBJ_nid2sn(int n); +\& +\& int OBJ_obj2nid(const ASN1_OBJECT *o); +\& int OBJ_ln2nid(const char *ln); +\& int OBJ_sn2nid(const char *sn); +\& +\& int OBJ_txt2nid(const char *s); +\& +\& ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name); +\& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +\& +\& int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); +\& +\& int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +\& ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o); +\& +\& int OBJ_create(const char *oid, const char *sn, const char *ln); +\& +\& size_t OBJ_length(const ASN1_OBJECT *obj); +\& const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void OBJ_cleanup(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are +a representation of the \s-1ASN1 OBJECT IDENTIFIER\s0 (\s-1OID\s0) type. +For convenience, OIDs are usually represented in source code as numeric +identifiers, or \fB\s-1NID\s0\fRs. OpenSSL has an internal table of OIDs that +are generated when the library is built, and their corresponding NIDs +are available as defined constants. For the functions below, application +code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as +constants. +.PP +\&\fBOBJ_nid2obj()\fR, \fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to +an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, +or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 +for the object \fBo\fR, the long name or the short name respectively +or NID_undef if an error occurred. +.PP +\&\fBOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string . \fBs\fR can be +a long name, a short name or the numerical representation of an object. +.PP +\&\fBOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. +If \fBno_name\fR is 0 then long names and short names will be interpreted +as well as numerical forms. If \fBno_name\fR is 1 only the numerical form +is acceptable. +.PP +\&\fBOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. +The representation is written as a null terminated string to \fBbuf\fR +at most \fBbuf_len\fR bytes are written, truncating the result if necessary. +The total amount of space required is returned. If \fBno_name\fR is 0 then +if the object has a long or short name then that will be used, otherwise +the numerical form will be used. If \fBno_name\fR is 1 then the numerical +form will always be used. +.PP +\&\fBi2t_ASN1_OBJECT()\fR is the same as \fBOBJ_obj2txt()\fR with the \fBno_name\fR set to zero. +.PP +\&\fBOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. +.PP +\&\fBOBJ_dup()\fR returns a copy of \fBo\fR. +.PP +\&\fBOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the +numerical form of the object, \fBsn\fR the short name and \fBln\fR the +long name. A new \s-1NID\s0 is returned for the created object in case of +success and NID_undef in case of failure. +.PP +\&\fBOBJ_length()\fR returns the size of the content octets of \fBobj\fR. +.PP +\&\fBOBJ_get0_data()\fR returns a pointer to the content octets of \fBobj\fR. +The returned pointer is an internal pointer which \fBmust not\fR be freed. +.PP +\&\fBOBJ_cleanup()\fR releases any resources allocated by creating new objects. +.SH "NOTES" +.IX Header "NOTES" +Objects in OpenSSL can have a short name, a long name and a numerical +identifier (\s-1NID\s0) associated with them. A standard set of objects is +represented in an internal table. The appropriate values are defined +in the header file \fBobjects.h\fR. +.PP +For example the \s-1OID\s0 for commonName has the following definitions: +.PP +.Vb 3 +\& #define SN_commonName "CN" +\& #define LN_commonName "commonName" +\& #define NID_commonName 13 +.Ve +.PP +New objects can be added by calling \fBOBJ_create()\fR. +.PP +Table objects have certain advantages over other objects: for example +their NIDs can be used in a C language switch statement. They are +also static constant structures which are shared: that is there +is only a single constant structure for each table object. +.PP +Objects which are not in the table have the \s-1NID\s0 value NID_undef. +.PP +Objects do not need to be in the internal tables to be processed, +the functions \fBOBJ_txt2obj()\fR and \fBOBJ_obj2txt()\fR can process the numerical +form of an \s-1OID.\s0 +.PP +Some objects are used to represent algorithms which do not have a +corresponding \s-1ASN.1 OBJECT IDENTIFIER\s0 encoding (for example no \s-1OID\s0 currently +exists for a particular algorithm). As a result they \fBcannot\fR be encoded or +decoded as part of \s-1ASN.1\s0 structures. Applications can determine if there +is a corresponding \s-1OBJECT IDENTIFIER\s0 by checking \fBOBJ_length()\fR is not zero. +.PP +These functions cannot return \fBconst\fR because an \fB\s-1ASN1_OBJECT\s0\fR can +represent both an internal, constant, \s-1OID\s0 and a dynamically-created one. +The latter cannot be constant because it needs to be freed after use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fBOBJ_nid2ln()\fR and \fBOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR +on error. +.PP +\&\fBOBJ_obj2nid()\fR, \fBOBJ_ln2nid()\fR, \fBOBJ_sn2nid()\fR and \fBOBJ_txt2nid()\fR return +a \s-1NID\s0 or \fBNID_undef\fR on error. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an object for \fBcommonName\fR: +.PP +.Vb 1 +\& ASN1_OBJECT *o = OBJ_nid2obj(NID_commonName); +.Ve +.PP +Check if an object is \fBcommonName\fR +.PP +.Vb 2 +\& if (OBJ_obj2nid(obj) == NID_commonName) +\& /* Do something */ +.Ve +.PP +Create a new \s-1NID\s0 and initialize an object from it: +.PP +.Vb 2 +\& int new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); +\& ASN1_OBJECT *obj = OBJ_nid2obj(new_nid); +.Ve +.PP +Create a new object directly: +.PP +.Vb 1 +\& obj = OBJ_txt2obj("1.2.3.4", 1); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fBOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the +convention of other OpenSSL functions where the buffer can be set +to \fB\s-1NULL\s0\fR to determine the amount of data that should be written. +Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should +be set to a positive value. A buffer length of 80 should be more +than enough to handle any \s-1OID\s0 encountered in practice. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOBJ_cleanup()\fR was deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto\fR\|(3) +and should not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 b/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 new file mode 100644 index 000000000000..7411aaa5561b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OCSP_REQUEST_new.3 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_REQUEST_NEW 3" +.TH OCSP_REQUEST_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_REQUEST_new, OCSP_REQUEST_free, OCSP_request_add0_id, OCSP_request_sign, OCSP_request_add1_cert, OCSP_request_onereq_count, OCSP_request_onereq_get0 \- OCSP request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_REQUEST *OCSP_REQUEST_new(void); +\& void OCSP_REQUEST_free(OCSP_REQUEST *req); +\& +\& OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); +\& +\& int OCSP_request_sign(OCSP_REQUEST *req, +\& X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, +\& STACK_OF(X509) *certs, unsigned long flags); +\& +\& int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); +\& +\& int OCSP_request_onereq_count(OCSP_REQUEST *req); +\& OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_REQUEST_new()\fR allocates and returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure. +.PP +\&\fBOCSP_REQUEST_free()\fR frees up the request structure \fBreq\fR. +.PP +\&\fBOCSP_request_add0_id()\fR adds certificate \s-1ID\s0 \fBcid\fR to \fBreq\fR. It returns +the \fB\s-1OCSP_ONEREQ\s0\fR structure added so an application can add additional +extensions to the request. The \fBid\fR parameter \fB\s-1MUST NOT\s0\fR be freed up after +the operation. +.PP +\&\fBOCSP_request_sign()\fR signs \s-1OCSP\s0 request \fBreq\fR using certificate +\&\fBsigner\fR, private key \fBkey\fR, digest \fBdgst\fR and additional certificates +\&\fBcerts\fR. If the \fBflags\fR option \fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates +will be included in the request. +.PP +\&\fBOCSP_request_add1_cert()\fR adds certificate \fBcert\fR to request \fBreq\fR. The +application is responsible for freeing up \fBcert\fR after use. +.PP +\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +structures in \fBreq\fR. +.PP +\&\fBOCSP_request_onereq_get0()\fR returns an internal pointer to the \fB\s-1OCSP_ONEREQ\s0\fR +contained in \fBreq\fR of index \fBi\fR. The index value \fBi\fR runs from 0 to +OCSP_request_onereq_count(req) \- 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_REQUEST_new()\fR returns an empty \fB\s-1OCSP_REQUEST\s0\fR structure or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fBOCSP_request_add0_id()\fR returns the \fB\s-1OCSP_ONEREQ\s0\fR structure containing \fBcid\fR +or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOCSP_request_sign()\fR and \fBOCSP_request_add1_cert()\fR return 1 for success and 0 +for failure. +.PP +\&\fBOCSP_request_onereq_count()\fR returns the total number of \fB\s-1OCSP_ONEREQ\s0\fR +structures in \fBreq\fR. +.PP +\&\fBOCSP_request_onereq_get0()\fR returns a pointer to an \fB\s-1OCSP_ONEREQ\s0\fR structure +or \fB\s-1NULL\s0\fR if the index value is out or range. +.SH "NOTES" +.IX Header "NOTES" +An \s-1OCSP\s0 request structure contains one or more \fB\s-1OCSP_ONEREQ\s0\fR structures +corresponding to each certificate. +.PP +\&\fBOCSP_request_onereq_count()\fR and \fBOCSP_request_onereq_get0()\fR are mainly used by +\&\s-1OCSP\s0 responders. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fB\s-1OCSP_REQUEST\s0\fR structure for certificate \fBcert\fR with issuer +\&\fBissuer\fR: +.PP +.Vb 2 +\& OCSP_REQUEST *req; +\& OCSP_ID *cid; +\& +\& req = OCSP_REQUEST_new(); +\& if (req == NULL) +\& /* error */ +\& cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); +\& if (cid == NULL) +\& /* error */ +\& +\& if (OCSP_REQUEST_add0_id(req, cid) == NULL) +\& /* error */ +\& +\& /* Do something with req, e.g. query responder */ +\& +\& OCSP_REQUEST_free(req); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 b/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 new file mode 100644 index 000000000000..4e363ece6a15 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OCSP_cert_to_id.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_CERT_TO_ID 3" +.TH OCSP_CERT_TO_ID 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_cert_to_id, OCSP_cert_id_new, OCSP_CERTID_free, OCSP_id_issuer_cmp, OCSP_id_cmp, OCSP_id_get0_info \- OCSP certificate ID utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, +\& X509 *subject, X509 *issuer); +\& +\& OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, +\& X509_NAME *issuerName, +\& ASN1_BIT_STRING *issuerKey, +\& ASN1_INTEGER *serialNumber); +\& +\& void OCSP_CERTID_free(OCSP_CERTID *id); +\& +\& int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +\& int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b); +\& +\& int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, +\& ASN1_OCTET_STRING **pikeyHash, +\& ASN1_INTEGER **pserial, OCSP_CERTID *cid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_cert_to_id()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR structure using +message digest \fBdgst\fR for certificate \fBsubject\fR with issuer \fBissuer\fR. If +\&\fBdgst\fR is \fB\s-1NULL\s0\fR then \s-1SHA1\s0 is used. +.PP +\&\fBOCSP_cert_id_new()\fR creates and returns a new \fB\s-1OCSP_CERTID\s0\fR using \fBdgst\fR and +issuer name \fBissuerName\fR, issuer key hash \fBissuerKey\fR and serial number +\&\fBserialNumber\fR. +.PP +\&\fBOCSP_CERTID_free()\fR frees up \fBid\fR. +.PP +\&\fBOCSP_id_cmp()\fR compares \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +.PP +\&\fBOCSP_id_issuer_cmp()\fR compares only the issuer name of \fB\s-1OCSP_CERTID\s0\fR \fBa\fR and \fBb\fR. +.PP +\&\fBOCSP_id_get0_info()\fR returns the issuer name hash, hash \s-1OID,\s0 issuer key hash and +serial number contained in \fBcid\fR. If any of the values are not required the +corresponding parameter can be set to \fB\s-1NULL\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_cert_to_id()\fR and \fBOCSP_cert_id_new()\fR return either a pointer to a valid +\&\fB\s-1OCSP_CERTID\s0\fR structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOCSP_id_cmp()\fR and \fBOCSP_id_issuer_cmp()\fR returns zero for a match and non-zero +otherwise. +.PP +\&\fBOCSP_CERTID_free()\fR does not return a value. +.PP +\&\fBOCSP_id_get0_info()\fR returns 1 for success and 0 for failure. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1OCSP\s0 clients will typically only use \fBOCSP_cert_to_id()\fR or \fBOCSP_cert_id_new()\fR: +the other functions are used by responder applications. +.PP +The values returned by \fBOCSP_id_get0_info()\fR are internal pointers and \fB\s-1MUST +NOT\s0\fR be freed up by an application: they will be freed when the corresponding +\&\fB\s-1OCSP_CERTID\s0\fR structure is freed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 b/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 new file mode 100644 index 000000000000..a79b659337da --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OCSP_request_add1_nonce.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_REQUEST_ADD1_NONCE 3" +.TH OCSP_REQUEST_ADD1_NONCE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_request_add1_nonce, OCSP_basic_add1_nonce, OCSP_check_nonce, OCSP_copy_nonce \- OCSP nonce functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +\& int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +\& int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); +\& int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *resp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_request_add1_nonce()\fR adds a nonce of value \fBval\fR and length \fBlen\fR to +\&\s-1OCSP\s0 request \fBreq\fR. If \fBval\fR is \fB\s-1NULL\s0\fR a random nonce is used. If \fBlen\fR +is zero or negative a default length will be used (currently 16 bytes). +.PP +\&\fBOCSP_basic_add1_nonce()\fR is identical to \fBOCSP_request_add1_nonce()\fR except +it adds a nonce to \s-1OCSP\s0 basic response \fBresp\fR. +.PP +\&\fBOCSP_check_nonce()\fR compares the nonce value in \fBreq\fR and \fBresp\fR. +.PP +\&\fBOCSP_copy_nonce()\fR copys any nonce value present in \fBreq\fR to \fBresp\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_request_add1_nonce()\fR and \fBOCSP_basic_add1_nonce()\fR return 1 for success +and 0 for failure. +.PP +\&\fBOCSP_copy_nonce()\fR returns 1 if a nonce was successfully copied, 2 if no nonce +was present in \fBreq\fR and 0 if an error occurred. +.PP +\&\fBOCSP_check_nonce()\fR returns the result of the nonce comparison between \fBreq\fR +and \fBresp\fR. The return value indicates the result of the comparison. If +nonces are present and equal 1 is returned. If the nonces are absent 2 is +returned. If a nonce is present in the response only 3 is returned. If nonces +are present and unequal 0 is returned. If the nonce is present in the request +only then \-1 is returned. +.SH "NOTES" +.IX Header "NOTES" +For most purposes the nonce value in a request is set to a random value so +the \fBval\fR parameter in \fBOCSP_request_add1_nonce()\fR is usually \s-1NULL.\s0 +.PP +An \s-1OCSP\s0 nonce is typically added to an \s-1OCSP\s0 request to thwart replay attacks +by checking the same nonce value appears in the response. +.PP +Some responders may include a nonce in all responses even if one is not +supplied. +.PP +Some responders cache \s-1OCSP\s0 responses and do not sign each response for +performance reasons. As a result they do not support nonces. +.PP +The return values of \fBOCSP_check_nonce()\fR can be checked to cover each case. A +positive return value effectively indicates success: nonces are both present +and match, both absent or present in the response only. A non-zero return +additionally covers the case where the nonce is present in the request only: +this will happen if the responder doesn't support nonces. A zero return value +indicates present and mismatched nonces: this should be treated as an error +condition. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 b/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 new file mode 100644 index 000000000000..302ebaca8264 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OCSP_resp_find_status.3 @@ -0,0 +1,319 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_RESP_FIND_STATUS 3" +.TH OCSP_RESP_FIND_STATUS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get1_id, OCSP_resp_get0_produced_at, OCSP_resp_get0_signature, OCSP_resp_get0_tbs_sigalg, OCSP_resp_get0_respdata, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity, OCSP_basic_verify \&\- OCSP response utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, +\& int *reason, +\& ASN1_GENERALIZEDTIME **revtime, +\& ASN1_GENERALIZEDTIME **thisupd, +\& ASN1_GENERALIZEDTIME **nextupd); +\& +\& int OCSP_resp_count(OCSP_BASICRESP *bs); +\& OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +\& int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +\& int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, +\& ASN1_GENERALIZEDTIME **revtime, +\& ASN1_GENERALIZEDTIME **thisupd, +\& ASN1_GENERALIZEDTIME **nextupd); +\& +\& const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at( +\& const OCSP_BASICRESP* single); +\& +\& const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +\& const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +\& const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +\& const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +\& +\& int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, +\& STACK_OF(X509) *extra_certs); +\& +\& int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, +\& const ASN1_OCTET_STRING **pid, +\& const X509_NAME **pname); +\& int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, +\& ASN1_OCTET_STRING **pid, +\& X509_NAME **pname); +\& +\& int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, +\& ASN1_GENERALIZEDTIME *nextupd, +\& long sec, long maxsec); +\& +\& int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, +\& X509_STORE *st, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is +successful the fields of the response are returned in \fB*status\fR, \fB*reason\fR, +\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. The \fB*status\fR value will be one of +\&\fBV_OCSP_CERTSTATUS_GOOD\fR, \fBV_OCSP_CERTSTATUS_REVOKED\fR or +\&\fBV_OCSP_CERTSTATUS_UNKNOWN\fR. The \fB*reason\fR and \fB*revtime\fR fields are only +set if the status is \fBV_OCSP_CERTSTATUS_REVOKED\fR. If set the \fB*reason\fR field +will be set to the revocation reason which will be one of +\&\fB\s-1OCSP_REVOKED_STATUS_NOSTATUS\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_UNSPECIFIED\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_KEYCOMPROMISE\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_CACOMPROMISE\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_AFFILIATIONCHANGED\s0\fR, \fB\s-1OCSP_REVOKED_STATUS_SUPERSEDED\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_CESSATIONOFOPERATION\s0\fR, +\&\fB\s-1OCSP_REVOKED_STATUS_CERTIFICATEHOLD\s0\fR or \fB\s-1OCSP_REVOKED_STATUS_REMOVEFROMCRL\s0\fR. +.PP +\&\fBOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR. +.PP +\&\fBOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR +corresponding to index \fBidx\fR. Where \fBidx\fR runs from 0 to +OCSP_resp_count(bs) \- 1. +.PP +\&\fBOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first +matching entry after \fBlast\fR or starting from the beginning if \fBlast\fR is \-1. +.PP +\&\fBOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR, +\&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. +.PP +\&\fBOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the +single response \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR. +.PP +\&\fBOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly +signed \fBbs\fR. The \s-1OCSP\s0 protocol does not require that this certificate +is included in the \fBcerts\fR field of the response, so additional certificates +can be supplied in \fBextra_certs\fR if the certificates that may have +signed the response are known via some out-of-band mechanism. +.PP +\&\fBOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is +a name then <*pname> is set to the name and \fB*pid\fR is set to \s-1NULL.\s0 If the +responder \s-1ID\s0 is by key \s-1ID\s0 then \fB*pid\fR is set to the key \s-1ID\s0 and \fB*pname\fR +is set to \s-1NULL.\s0 \fBOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR +with the caller, who is responsible for freeing them. Both functions return 1 +in case of success and 0 in case of failure. If \fBOCSP_resp_get1_id()\fR returns 0, +no freeing of the results is necessary. +.PP +\&\fBOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values +which will be typically obtained from \fBOCSP_resp_find_status()\fR or +\&\fBOCSP_single_get0_status()\fR. If \fBsec\fR is non-zero it indicates how many seconds +leeway should be allowed in the check. If \fBmaxsec\fR is positive it indicates +the maximum age of \fBthisupd\fR in seconds. +.PP +\&\fBOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly +signed and that the signer certificate can be validated. It takes \fBst\fR as +the trusted store and \fBcerts\fR as a set of untrusted intermediate certificates. +The function first tries to find the signer certificate of the response +in . It also searches the certificates the responder may have included +in \fBbs\fR unless the \fBflags\fR contain \fB\s-1OCSP_NOINTERN\s0\fR. +It fails if the signer certificate cannot be found. +Next, the function checks the signature of \fBbs\fR and fails on error +unless the \fBflags\fR contain \fB\s-1OCSP_NOSIGS\s0\fR. Then the function already returns +success if the \fBflags\fR contain \fB\s-1OCSP_NOVERIFY\s0\fR or if the signer certificate +was found in \fBcerts\fR and the \fBflags\fR contain \fB\s-1OCSP_TRUSTOTHER\s0\fR. +Otherwise the function continues by validating the signer certificate. +To this end, all certificates in \fBcert\fR and in \fBbs\fR are considered as +untrusted certificates for the construction of the validation path for the +signer certificate unless the \fB\s-1OCSP_NOCHAIN\s0\fR flag is set. After successful path +validation the function returns success if the \fB\s-1OCSP_NOCHECKS\s0\fR flag is set. +Otherwise it verifies that the signer certificate meets the \s-1OCSP\s0 issuer +criteria including potential delegation. If this does not succeed and the +\&\fBflags\fR do not contain \fB\s-1OCSP_NOEXPLICIT\s0\fR the function checks for explicit +trust for \s-1OCSP\s0 signing in the root \s-1CA\s0 certificate. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise. +.PP +\&\fBOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in +\&\fBbs\fR. +.PP +\&\fBOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or +\&\fB\s-1NULL\s0\fR if \fBidx\fR is out of range. +.PP +\&\fBOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if +\&\fBid\fR was not found. +.PP +\&\fBOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error +occurred. +.PP +\&\fBOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located, +or 0 on error. +.PP +\&\fBOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such +as malloc failure. +.SH "NOTES" +.IX Header "NOTES" +Applications will typically call \fBOCSP_resp_find_status()\fR using the certificate +\&\s-1ID\s0 of interest and then check its validity using \fBOCSP_check_validity()\fR. They +can then take appropriate action based on the status of the certificate. +.PP +An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR +fields. Normally the current time should be between these two values. To +account for clock skew the \fBmaxsec\fR field can be set to non-zero in +\&\fBOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this +would otherwise mean an ancient response would be considered valid: the +\&\fBmaxsec\fR parameter to \fBOCSP_check_validity()\fR can be used to limit the permitted +age of responses. +.PP +The values written to \fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR by +\&\fBOCSP_resp_find_status()\fR and \fBOCSP_single_get0_status()\fR are internal pointers +which \fB\s-1MUST NOT\s0\fR be freed up by the calling application. Any or all of these +parameters can be set to \s-1NULL\s0 if their value is not required. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OCSP_response_status.3 b/secure/lib/libcrypto/man/man3/OCSP_response_status.3 new file mode 100644 index 000000000000..5a2283240bca --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OCSP_response_status.3 @@ -0,0 +1,244 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_RESPONSE_STATUS 3" +.TH OCSP_RESPONSE_STATUS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_response_status, OCSP_response_get1_basic, OCSP_response_create, OCSP_RESPONSE_free, OCSP_RESPID_set_by_name, OCSP_RESPID_set_by_key, OCSP_RESPID_match, OCSP_basic_sign, OCSP_basic_sign_ctx \- OCSP response functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OCSP_response_status(OCSP_RESPONSE *resp); +\& OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); +\& OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +\& void OCSP_RESPONSE_free(OCSP_RESPONSE *resp); +\& +\& int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +\& int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +\& int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); +\& +\& int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, +\& const EVP_MD *dgst, STACK_OF(X509) *certs, +\& unsigned long flags); +\& int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx, +\& STACK_OF(X509) *certs, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOCSP_response_status()\fR returns the \s-1OCSP\s0 response status of \fBresp\fR. It returns +one of the values: \fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR, +\&\fB\s-1OCSP_RESPONSE_STATUS_MALFORMEDREQUEST\s0\fR, +\&\fB\s-1OCSP_RESPONSE_STATUS_INTERNALERROR\s0\fR, \fB\s-1OCSP_RESPONSE_STATUS_TRYLATER\s0\fR +\&\fB\s-1OCSP_RESPONSE_STATUS_SIGREQUIRED\s0\fR, or \fB\s-1OCSP_RESPONSE_STATUS_UNAUTHORIZED\s0\fR. +.PP +\&\fBOCSP_response_get1_basic()\fR decodes and returns the \fB\s-1OCSP_BASICRESP\s0\fR structure +contained in \fBresp\fR. +.PP +\&\fBOCSP_response_create()\fR creates and returns an \fB\s-1OCSP_RESPONSE\s0\fR structure for +\&\fBstatus\fR and optionally including basic response \fBbs\fR. +.PP +\&\fBOCSP_RESPONSE_free()\fR frees up \s-1OCSP\s0 response \fBresp\fR. +.PP +\&\fBOCSP_RESPID_set_by_name()\fR sets the name of the \s-1OCSP_RESPID\s0 to be the same as the +subject name in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. +.PP +\&\fBOCSP_RESPID_set_by_key()\fR sets the key of the \s-1OCSP_RESPID\s0 to be the same as the +key in the supplied X509 certificate \fBcert\fR for the \s-1OCSP\s0 responder. The key is +stored as a \s-1SHA1\s0 hash. +.PP +Note that an \s-1OCSP_RESPID\s0 can only have one of the name, or the key set. Calling +\&\fBOCSP_RESPID_set_by_name()\fR or \fBOCSP_RESPID_set_by_key()\fR will clear any existing +setting. +.PP +\&\fBOCSP_RESPID_match()\fR tests whether the \s-1OCSP_RESPID\s0 given in \fBrespid\fR matches +with the X509 certificate \fBcert\fR. +.PP +\&\fBOCSP_basic_sign()\fR signs \s-1OCSP\s0 response \fBbrsp\fR using certificate \fBsigner\fR, private key +\&\fBkey\fR, digest \fBdgst\fR and additional certificates \fBcerts\fR. If the \fBflags\fR option +\&\fB\s-1OCSP_NOCERTS\s0\fR is set then no certificates will be included in the request. If the +\&\fBflags\fR option \fB\s-1OCSP_RESPID_KEY\s0\fR is set then the responder is identified by key \s-1ID\s0 +rather than by name. \fBOCSP_basic_sign_ctx()\fR also signs \s-1OCSP\s0 response \fBbrsp\fR but +uses the parameters contained in digest context \fBctx\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_RESPONSE_status()\fR returns a status value. +.PP +\&\fBOCSP_response_get1_basic()\fR returns an \fB\s-1OCSP_BASICRESP\s0\fR structure pointer or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOCSP_response_create()\fR returns an \fB\s-1OCSP_RESPONSE\s0\fR structure pointer or \fB\s-1NULL\s0\fR +if an error occurred. +.PP +\&\fBOCSP_RESPONSE_free()\fR does not return a value. +.PP +\&\fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR, \fBOCSP_basic_sign()\fR, and +\&\fBOCSP_basic_sign_ctx()\fR return 1 on success or 0 +on failure. +.PP +\&\fBOCSP_RESPID_match()\fR returns 1 if the \s-1OCSP_RESPID\s0 and the X509 certificate match +or 0 otherwise. +.SH "NOTES" +.IX Header "NOTES" +\&\fBOCSP_response_get1_basic()\fR is only called if the status of a response is +\&\fB\s-1OCSP_RESPONSE_STATUS_SUCCESSFUL\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +\&\fBOCSP_cert_to_id\fR\|(3) +\&\fBOCSP_request_add1_nonce\fR\|(3) +\&\fBOCSP_REQUEST_new\fR\|(3) +\&\fBOCSP_resp_find_status\fR\|(3) +\&\fBOCSP_sendreq_new\fR\|(3) +\&\fBOCSP_RESPID_new\fR\|(3) +\&\fBOCSP_RESPID_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOCSP_RESPID_set_by_name()\fR, \fBOCSP_RESPID_set_by_key()\fR and \fBOCSP_RESPID_match()\fR +functions were added in OpenSSL 1.1.0a. +.PP +The \fBOCSP_basic_sign_ctx()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 b/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 new file mode 100644 index 000000000000..ae83ab3b6d60 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OCSP_sendreq_new.3 @@ -0,0 +1,253 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OCSP_SENDREQ_NEW 3" +.TH OCSP_SENDREQ_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OCSP_sendreq_new, OCSP_sendreq_nbio, OCSP_REQ_CTX_free, OCSP_set_max_response_length, OCSP_REQ_CTX_add1_header, OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio \- OCSP responder query functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, +\& int maxline); +\& +\& int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +\& +\& void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +\& +\& void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len); +\& +\& int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, +\& const char *name, const char *value); +\& +\& int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +\& +\& OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req, +\& int maxline); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBOCSP_sendreq_new()\fR returns an \fB\s-1OCSP_CTX\s0\fR structure using the +responder \fBio\fR, the \s-1URL\s0 path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a +response header maximum line length of \fBmaxline\fR. If \fBmaxline\fR is zero a +default value of 4k is used. The \s-1OCSP\s0 request \fBreq\fR may be set to \fB\s-1NULL\s0\fR +and provided later if required. +.PP +\&\fBOCSP_sendreq_nbio()\fR performs non-blocking I/O on the \s-1OCSP\s0 request context +\&\fBrctx\fR. When the operation is complete it returns the response in \fB*presp\fR. +.PP +\&\fBOCSP_REQ_CTX_free()\fR frees up the \s-1OCSP\s0 context \fBrctx\fR. +.PP +\&\fBOCSP_set_max_response_length()\fR sets the maximum response length for \fBrctx\fR +to \fBlen\fR. If the response exceeds this length an error occurs. If not +set a default value of 100k is used. +.PP +\&\fBOCSP_REQ_CTX_add1_header()\fR adds header \fBname\fR with value \fBvalue\fR to the +context \fBrctx\fR. It can be called more than once to add multiple headers. +It \fB\s-1MUST\s0\fR be called before any calls to \fBOCSP_sendreq_nbio()\fR. The \fBreq\fR +parameter in the initial to \fBOCSP_sendreq_new()\fR call \s-1MUST\s0 be set to \fB\s-1NULL\s0\fR if +additional headers are set. +.PP +\&\fBOCSP_REQ_CTX_set1_req()\fR sets the \s-1OCSP\s0 request in \fBrctx\fR to \fBreq\fR. This +function should be called after any calls to \fBOCSP_REQ_CTX_add1_header()\fR. +.PP +\&\fBOCSP_sendreq_bio()\fR performs an \s-1OCSP\s0 request using the responder \fBio\fR, the \s-1URL\s0 +path \fBpath\fR, the \s-1OCSP\s0 request \fBreq\fR and with a response header maximum line +length of \fBmaxline\fR. If \fBmaxline\fR is zero a default value of 4k is used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOCSP_sendreq_new()\fR returns a valid \fB\s-1OCSP_REQ_CTX\s0\fR structure or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fBOCSP_sendreq_nbio()\fR returns \fB1\fR if the operation was completed successfully, +\&\fB\-1\fR if the operation should be retried and \fB0\fR if an error occurred. +.PP +\&\fBOCSP_REQ_CTX_add1_header()\fR and \fBOCSP_REQ_CTX_set1_req()\fR return \fB1\fR for success +and \fB0\fR for failure. +.PP +\&\fBOCSP_sendreq_bio()\fR returns the \fB\s-1OCSP_RESPONSE\s0\fR structure sent by the +responder or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBOCSP_REQ_CTX_free()\fR and \fBOCSP_set_max_response_length()\fR do not return values. +.SH "NOTES" +.IX Header "NOTES" +These functions only perform a minimal \s-1HTTP\s0 query to a responder. If an +application wishes to support more advanced features it should use an +alternative more complete \s-1HTTP\s0 library. +.PP +Currently only \s-1HTTP POST\s0 queries to responders are supported. +.PP +The arguments to \fBOCSP_sendreq_new()\fR correspond to the components of the \s-1URL.\s0 +For example if the responder \s-1URL\s0 is \fBhttp://ocsp.com/ocspreq\fR the \s-1BIO\s0 +\&\fBio\fR should be connected to host \fBocsp.com\fR on port 80 and \fBpath\fR +should be set to \fB\*(L"/ocspreq\*(R"\fR +.PP +The headers added with \fBOCSP_REQ_CTX_add1_header()\fR are of the form +"\fBname\fR: \fBvalue\fR\*(L" or just \*(R"\fBname\fR" if \fBvalue\fR is \fB\s-1NULL\s0\fR. So to add +a Host header for \fBocsp.com\fR you would call: +.PP +.Vb 1 +\& OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); +.Ve +.PP +If \fBOCSP_sendreq_nbio()\fR indicates an operation should be retried the +corresponding \s-1BIO\s0 can be examined to determine which operation (read or +write) should be retried and appropriate action taken (for example a \fBselect()\fR +call on the underlying socket). +.PP +\&\fBOCSP_sendreq_bio()\fR does not support retries and so cannot handle non-blocking +I/O efficiently. It is retained for compatibility and its use in new +applications is not recommended. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_resp_find_status\fR\|(3), +\&\fBOCSP_response_status\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 new file mode 100644 index 000000000000..90d634ad4c9f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_Applink.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_APPLINK 3" +.TH OPENSSL_APPLINK 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_Applink \- glue between OpenSSL BIO and Win32 compiler run\-time +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& _\|_declspec(dllexport) void **OPENSSL_Applink(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OPENSSL_Applink is application-side interface which provides a glue +between OpenSSL \s-1BIO\s0 layer and Win32 compiler run-time environment. +Even though it appears at application side, it's essentially OpenSSL +private interface. For this reason application developers are not +expected to implement it, but to compile provided module with +compiler of their choice and link it into the target application. +The referred module is available as \fIapplink.c\fR, located alongside +the public header files (only on the platforms where applicable). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 b/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 new file mode 100644 index 000000000000..bf096f92889c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_LH_COMPFUNC.3 @@ -0,0 +1,369 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LH_COMPFUNC 3" +.TH OPENSSL_LH_COMPFUNC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +LHASH, DECLARE_LHASH_OF, OPENSSL_LH_COMPFUNC, OPENSSL_LH_HASHFUNC, OPENSSL_LH_DOALL_FUNC, LHASH_DOALL_ARG_FN_TYPE, IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, lh_TYPE_new, lh_TYPE_free, lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error \- dynamic hash table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_LHASH_OF(TYPE); +\& +\& LHASH *lh_TYPE_new(OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC compare); +\& void lh_TYPE_free(LHASH_OF(TYPE) *table); +\& +\& TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data); +\& TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data); +\& TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data); +\& +\& void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func); +\& void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, +\& TYPE *arg); +\& +\& int lh_TYPE_error(LHASH_OF(TYPE) *table); +\& +\& typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *); +\& typedef unsigned long (*OPENSSL_LH_HASHFUNC)(const void *); +\& typedef void (*OPENSSL_LH_DOALL_FUNC)(const void *); +\& typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements type-checked dynamic hash tables. The hash +table entries can be arbitrary structures. Usually they consist of key +and value fields. In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +for any of the OpenSSL datatypes, such as \fI\s-1SSL_SESSION\s0\fR. +.PP +\&\fBlh_TYPE_new()\fR creates a new \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure to store +arbitrary data entries, and specifies the 'hash' and 'compare' +callbacks to be used in organising the table's entries. The \fBhash\fR +callback takes a pointer to a table entry as its argument and returns +an unsigned long hash value for its key field. The hash value is +normally truncated to a power of 2, so make sure that your hash +function returns well mixed low order bits. The \fBcompare\fR callback +takes two arguments (pointers to two hash table entries), and returns +0 if their keys are equal, non-zero otherwise. +.PP +If your hash table +will contain items of some particular type and the \fBhash\fR and +\&\fBcompare\fR callbacks hash/compare these types, then the +\&\fB\s-1IMPLEMENT_LHASH_HASH_FN\s0\fR and \fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be +used to create callback wrappers of the prototypes required by +\&\fBlh_TYPE_new()\fR as shown in this example: +.PP +.Vb 11 +\& /* +\& * Implement the hash and compare functions; "stuff" can be any word. +\& */ +\& static unsigned long stuff_hash(const TYPE *a) +\& { +\& ... +\& } +\& static int stuff_cmp(const TYPE *a, const TYPE *b) +\& { +\& ... +\& } +\& +\& /* +\& * Implement the wrapper functions. +\& */ +\& static IMPLEMENT_LHASH_HASH_FN(stuff, TYPE) +\& static IMPLEMENT_LHASH_COMP_FN(stuff, TYPE) +.Ve +.PP +If the type is going to be used in several places, the following macros +can be used in a common header file to declare the function wrappers: +.PP +.Vb 2 +\& DECLARE_LHASH_HASH_FN(stuff, TYPE) +\& DECLARE_LHASH_COMP_FN(stuff, TYPE) +.Ve +.PP +Then a hash table of \s-1TYPE\s0 objects can be created using this: +.PP +.Vb 1 +\& LHASH_OF(TYPE) *htable; +\& +\& htable = lh_TYPE_new(LHASH_HASH_FN(stuff), LHASH_COMP_FN(stuff)); +.Ve +.PP +\&\fBlh_TYPE_free()\fR frees the \fB\s-1LHASH_OF\s0(\s-1TYPE\s0)\fR structure +\&\fBtable\fR. Allocated hash table entries will not be freed; consider +using \fBlh_TYPE_doall()\fR to deallocate any remaining entries in the +hash table (see below). +.PP +\&\fBlh_TYPE_insert()\fR inserts the structure pointed to by \fBdata\fR into +\&\fBtable\fR. If there already is an entry with the same key, the old +value is replaced. Note that \fBlh_TYPE_insert()\fR stores pointers, the +data are not copied. +.PP +\&\fBlh_TYPE_delete()\fR deletes an entry from \fBtable\fR. +.PP +\&\fBlh_TYPE_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR +is a structure with the key field(s) set; the function will return a +pointer to a fully populated structure. +.PP +\&\fBlh_TYPE_doall()\fR will, for every entry in the hash table, call +\&\fBfunc\fR with the data item as its parameter. +For example: +.PP +.Vb 2 +\& /* Cleans up resources belonging to \*(Aqa\*(Aq (this is implemented elsewhere) */ +\& void TYPE_cleanup_doall(TYPE *a); +\& +\& /* Implement a prototype\-compatible wrapper for "TYPE_cleanup" */ +\& IMPLEMENT_LHASH_DOALL_FN(TYPE_cleanup, TYPE) +\& +\& /* Call "TYPE_cleanup" against all items in a hash table. */ +\& lh_TYPE_doall(hashtable, LHASH_DOALL_FN(TYPE_cleanup)); +\& +\& /* Then the hash table itself can be deallocated */ +\& lh_TYPE_free(hashtable); +.Ve +.PP +When doing this, be careful if you delete entries from the hash table +in your callbacks: the table may decrease in size, moving the item +that you are currently on down lower in the hash table \- this could +cause some entries to be skipped during the iteration. The second +best solution to this problem is to set hash\->down_load=0 before +you start (which will stop the hash table ever decreasing in size). +The best solution is probably to avoid deleting items from the hash +table inside a \*(L"doall\*(R" callback! +.PP +\&\fBlh_TYPE_doall_arg()\fR is the same as \fBlh_TYPE_doall()\fR except that +\&\fBfunc\fR will be called with \fBarg\fR as the second argument and \fBfunc\fR +should be of type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype +that is passed both the table entry and an extra argument). As with +\&\fBlh_doall()\fR, you can instead choose to declare your callback with a +prototype matching the types you are dealing with and use the +declare/implement macros to create compatible wrappers that cast +variables before calling your type-specific callbacks. An example of +this is demonstrated here (printing all hash table entries to a \s-1BIO\s0 +that is provided by the caller): +.PP +.Vb 2 +\& /* Prints item \*(Aqa\*(Aq to \*(Aqoutput_bio\*(Aq (this is implemented elsewhere) */ +\& void TYPE_print_doall_arg(const TYPE *a, BIO *output_bio); +\& +\& /* Implement a prototype\-compatible wrapper for "TYPE_print" */ +\& static IMPLEMENT_LHASH_DOALL_ARG_FN(TYPE, const TYPE, BIO) +\& +\& /* Print out the entire hashtable to a particular BIO */ +\& lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO, +\& logging_bio); +.Ve +.PP +\&\fBlh_TYPE_error()\fR can be used to determine if an error occurred in the last +operation. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBlh_TYPE_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new +\&\fB\s-1LHASH\s0\fR structure. +.PP +When a hash table entry is replaced, \fBlh_TYPE_insert()\fR returns the value +being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error. +.PP +\&\fBlh_TYPE_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if +there is no such value in the hash table. +.PP +\&\fBlh_TYPE_retrieve()\fR returns the hash table entry if it has been found, +\&\fB\s-1NULL\s0\fR otherwise. +.PP +\&\fBlh_TYPE_error()\fR returns 1 if an error occurred in the last operation, 0 +otherwise. It's meaningful only after non-retrieve operations. +.PP +\&\fBlh_TYPE_free()\fR, \fBlh_TYPE_doall()\fR and \fBlh_TYPE_doall_arg()\fR return no values. +.SH "NOTE" +.IX Header "NOTE" +The \s-1LHASH\s0 code is not thread safe. All updating operations, as well as +lh_TYPE_error call must be performed under a write lock. All retrieve +operations should be performed under a read lock, \fIunless\fR accurate +usage statistics are desired. In which case, a write lock should be used +for retrieve operations as well. For output of the usage statistics, +using the functions from \fBOPENSSL_LH_stats\fR\|(3), a read lock suffices. +.PP +The \s-1LHASH\s0 code regards table entries as constant data. As such, it +internally represents \fBlh_insert()\fR'd items with a \*(L"const void *\*(R" +pointer type. This is why callbacks such as those used by \fBlh_doall()\fR +and \fBlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the +parameters that pass back the table items' data pointers \- for +consistency, user-provided data is \*(L"const\*(R" at all times as far as the +\&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing +these pointers, they can choose whether they too should be treating +all such parameters as constant. +.PP +As an example, a hash table may be maintained by code that, for +reasons of encapsulation, has only \*(L"const\*(R" access to the data being +indexed in the hash table (ie. it is returned as \*(L"const\*(R" from +elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are +appropriate as-is. Conversely, if the caller is responsible for the +life-time of the data in question, then they may well wish to make +modifications to table item passed back in the \fBlh_doall()\fR or +\&\fBlh_doall_arg()\fR callbacks (see the \*(L"TYPE_cleanup\*(R" example above). If +so, the caller can either cast the \*(L"const\*(R" away (if they're providing +the raw callbacks themselves) or use the macros to declare/implement +the wrapper functions without \*(L"const\*(R" types. +.PP +Callers that only have \*(L"const\*(R" access to data they're indexing in a +table, yet declare callbacks without constant types (or cast the +\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs +without being encouraged to do so by the \s-1API.\s0 On a related note, +those auditing code should pay special attention to any instances of +DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types +without any \*(L"const\*(R" qualifiers. +.SH "BUGS" +.IX Header "BUGS" +\&\fBlh_TYPE_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_LH_stats\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +In OpenSSL 1.0.0, the lhash interface was revamped for better +type checking. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 b/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 new file mode 100644 index 000000000000..db711b2092c2 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_LH_stats.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LH_STATS 3" +.TH OPENSSL_LH_STATS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_LH_stats, OPENSSL_LH_node_stats, OPENSSL_LH_node_usage_stats, OPENSSL_LH_stats_bio, OPENSSL_LH_node_stats_bio, OPENSSL_LH_node_usage_stats_bio \- LHASH statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_LH_stats(LHASH *table, FILE *out); +\& void OPENSSL_LH_node_stats(LHASH *table, FILE *out); +\& void OPENSSL_LH_node_usage_stats(LHASH *table, FILE *out); +\& +\& void OPENSSL_LH_stats_bio(LHASH *table, BIO *out); +\& void OPENSSL_LH_node_stats_bio(LHASH *table, BIO *out); +\& void OPENSSL_LH_node_usage_stats_bio(LHASH *table, BIO *out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of +accessing the hash table. +.PP +\&\fBOPENSSL_LH_stats()\fR prints out statistics on the size of the hash table, how +many entries are in it, and the number and result of calls to the +routines in this library. +.PP +\&\fBOPENSSL_LH_node_stats()\fR prints the number of entries for each 'bucket' in the +hash table. +.PP +\&\fBOPENSSL_LH_node_usage_stats()\fR prints out a short summary of the state of the +hash table. It prints the 'load' and the 'actual load'. The load is +the average number of data items per 'bucket' in the hash table. The +\&'actual load' is the average number of items per 'bucket', but only +for buckets which contain entries. So the 'actual load' is the +average number of searches that will need to find an item in the hash +table, while the 'load' is the average number that will be done to +record a miss. +.PP +\&\fBOPENSSL_LH_stats_bio()\fR, \fBOPENSSL_LH_node_stats_bio()\fR and \fBOPENSSL_LH_node_usage_stats_bio()\fR +are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions do not return values. +.SH "NOTE" +.IX Header "NOTE" +These calls should be made under a read lock. Refer to +\&\*(L"\s-1NOTE\*(R"\s0 in \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) for more details about the locks required +when using the \s-1LHASH\s0 data structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBbio\fR\|(7), \s-1\fBOPENSSL_LH_COMPFUNC\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 new file mode 100644 index 000000000000..0988b613a75e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_VERSION_NUMBER.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_VERSION_NUMBER 3" +.TH OPENSSL_VERSION_NUMBER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, OpenSSL_version, OpenSSL_version_num \- get OpenSSL version number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& #include +\& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL +\& #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx" +\& +\& #include +\& +\& unsigned long OpenSSL_version_num(); +\& const char *OpenSSL_version(int t); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1OPENSSL_VERSION_NUMBER\s0 is a numeric release version identifier: +.PP +.Vb 1 +\& MNNFFPPS: major minor fix patch status +.Ve +.PP +The status nibble has one of the values 0 for development, 1 to e for betas +1 to 14, and f for release. +.PP +for example +.PP +.Vb 3 +\& 0x000906000 == 0.9.6 dev +\& 0x000906023 == 0.9.6b beta 3 +\& 0x00090605f == 0.9.6e release +.Ve +.PP +Versions prior to 0.9.3 have identifiers < 0x0930. +Versions between 0.9.3 and 0.9.5 had a version identifier with this +interpretation: +.PP +.Vb 1 +\& MMNNFFRBB major minor fix final beta/patch +.Ve +.PP +for example +.PP +.Vb 2 +\& 0x000904100 == 0.9.4 release +\& 0x000905000 == 0.9.5 dev +.Ve +.PP +Version 0.9.5a had an interim interpretation that is like the current one, +except the patch level got the highest bit set, to keep continuity. The +number was therefore 0x0090581f. +.PP +\&\s-1OPENSSL_VERSION_TEXT\s0 is the text variant of the version number and the +release date. For example, +\&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". +.PP +\&\fBOpenSSL_version_num()\fR returns the version number. +.PP +\&\fBOpenSSL_version()\fR returns different strings depending on \fBt\fR: +.IP "\s-1OPENSSL_VERSION\s0" 4 +.IX Item "OPENSSL_VERSION" +The text variant of the version number and the release date. For example, +\&\*(L"OpenSSL 1.0.1a 15 Oct 2015\*(R". +.IP "\s-1OPENSSL_CFLAGS\s0" 4 +.IX Item "OPENSSL_CFLAGS" +The compiler flags set for the compilation process in the form +\&\*(L"compiler: ...\*(R" if available or \*(L"compiler: information not available\*(R" +otherwise. +.IP "\s-1OPENSSL_BUILT_ON\s0" 4 +.IX Item "OPENSSL_BUILT_ON" +The date of the build process in the form \*(L"built on: ...\*(R" if available +or \*(L"built on: date not available\*(R" otherwise. +.IP "\s-1OPENSSL_PLATFORM\s0" 4 +.IX Item "OPENSSL_PLATFORM" +The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: ...\*(R" +if available or \*(L"platform: information not available\*(R" otherwise. +.IP "\s-1OPENSSL_DIR\s0" 4 +.IX Item "OPENSSL_DIR" +The \*(L"\s-1OPENSSLDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1OPENSSLDIR: \*(R"..."\*(L"\s0 +if available or \*(R"\s-1OPENSSLDIR: N/A"\s0 otherwise. +.IP "\s-1OPENSSL_ENGINES_DIR\s0" 4 +.IX Item "OPENSSL_ENGINES_DIR" +The \*(L"\s-1ENGINESDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1ENGINESDIR: \*(R"..."\*(L"\s0 +if available or \*(R"\s-1ENGINESDIR: N/A"\s0 otherwise. +.PP +For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOpenSSL_version_num()\fR returns the version number. +.PP +\&\fBOpenSSL_version()\fR returns requested version strings. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_config.3 b/secure/lib/libcrypto/man/man3/OPENSSL_config.3 new file mode 100644 index 000000000000..ea738358f653 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_config.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_CONFIG 3" +.TH OPENSSL_CONFIG 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_config, OPENSSL_no_config \- simple OpenSSL configuration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void OPENSSL_config(const char *appname); +\& void OPENSSL_no_config(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR and +reads from the application section \fBappname\fR. If \fBappname\fR is \s-1NULL\s0 then +the default section, \fBopenssl_conf\fR, will be used. +Errors are silently ignored. +Multiple calls have no effect. +.PP +\&\fBOPENSSL_no_config()\fR disables configuration. If called before \fBOPENSSL_config()\fR +no configuration takes place. +.PP +If the application is built with \fB\s-1OPENSSL_LOAD_CONF\s0\fR defined, then a +call to \fBOpenSSL_add_all_algorithms()\fR will implicitly call \fBOPENSSL_config()\fR +first. +.SH "NOTES" +.IX Header "NOTES" +The \fBOPENSSL_config()\fR function is designed to be a very simple \*(L"call it and +forget it\*(R" function. +It is however \fBmuch\fR better than nothing. Applications which need finer +control over their configuration functionality should use the configuration +functions such as \fBCONF_modules_load()\fR directly. This function is deprecated +and its use should be avoided. +Applications should instead call \fBCONF_modules_load()\fR during +initialization (that is before starting any threads). +.PP +There are several reasons why calling the OpenSSL configuration routines is +advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). +However very few applications currently support the control interface and so +very few can load and use dynamic ENGINEs. Equally in future more sophisticated +ENGINEs will require certain control operations to customize them. If an +application calls \fBOPENSSL_config()\fR it doesn't need to know or care about +\&\s-1ENGINE\s0 control operations because they can be performed by editing a +configuration file. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL_CONF\s0\fR" 4 +.IX Item "OPENSSL_CONF" +The path to the config file. +Ignored in set-user-ID and set-group-ID programs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Neither \fBOPENSSL_config()\fR nor \fBOPENSSL_no_config()\fR return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), +\&\fBCONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_no_config()\fR and \fBOPENSSL_config()\fR functions were +deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 b/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 new file mode 100644 index 000000000000..599dc0197990 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_fork_prepare.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_FORK_PREPARE 3" +.TH OPENSSL_FORK_PREPARE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_fork_prepare, OPENSSL_fork_parent, OPENSSL_fork_child \&\- OpenSSL fork handlers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_fork_prepare(void); +\& void OPENSSL_fork_parent(void); +\& void OPENSSL_fork_child(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL has state that should be reset when a process forks. For example, +the entropy pool used to generate random numbers (and therefore encryption +keys) should not be shared across multiple programs. +The \fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR, and \fBOPENSSL_fork_child()\fR +functions are used to reset this internal state. +.PP +Platforms without \fBfork\fR\|(2) will probably not need to use these functions. +Platforms with \fBfork\fR\|(2) but without \fBpthread_atfork\fR\|(3) will probably need +to call them manually, as described in the following paragraph. Platforms +such as Linux that have both functions will normally not need to call these +functions as the OpenSSL library will do so automatically. +.PP +\&\fBOPENSSL_init_crypto\fR\|(3) will register these functions with the appropriate +handler, when the \fB\s-1OPENSSL_INIT_ATFORK\s0\fR flag is used. For other +applications, these functions can be called directly. They should be used +according to the calling sequence described by the \fBpthread_atfork\fR\|(3) +documentation, which is summarized here. \fBOPENSSL_fork_prepare()\fR should +be called before a \fBfork()\fR is done. After the \fBfork()\fR returns, the parent +process should call \fBOPENSSL_fork_parent()\fR and the child process should +call \fBOPENSSL_fork_child()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOPENSSL_fork_prepare()\fR, \fBOPENSSL_fork_parent()\fR and \fBOPENSSL_fork_child()\fR do not +return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 new file mode 100644 index 000000000000..c2e3b850f0ca --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_ia32cap.3 @@ -0,0 +1,295 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_IA32CAP 3" +.TH OPENSSL_IA32CAP 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_ia32cap \- the x86[_64] processor capabilities vector +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& env OPENSSL_ia32cap=... +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL supports a range of x86[_64] instruction set extensions. These +extensions are denoted by individual bits in capability vector returned +by processor in \s-1EDX:ECX\s0 register pair after executing \s-1CPUID\s0 instruction +with EAX=1 input value (see Intel Application Note #241618). This vector +is copied to memory upon toolkit initialization and used to choose +between different code paths to provide optimal performance across wide +range of processors. For the moment of this writing following bits are +significant: +.IP "bit #4 denoting presence of Time-Stamp Counter." 4 +.IX Item "bit #4 denoting presence of Time-Stamp Counter." +.PD 0 +.IP "bit #19 denoting availability of \s-1CLFLUSH\s0 instruction;" 4 +.IX Item "bit #19 denoting availability of CLFLUSH instruction;" +.IP "bit #20, reserved by Intel, is used to choose among \s-1RC4\s0 code paths;" 4 +.IX Item "bit #20, reserved by Intel, is used to choose among RC4 code paths;" +.IP "bit #23 denoting \s-1MMX\s0 support;" 4 +.IX Item "bit #23 denoting MMX support;" +.IP "bit #24, \s-1FXSR\s0 bit, denoting availability of \s-1XMM\s0 registers;" 4 +.IX Item "bit #24, FXSR bit, denoting availability of XMM registers;" +.IP "bit #25 denoting \s-1SSE\s0 support;" 4 +.IX Item "bit #25 denoting SSE support;" +.IP "bit #26 denoting \s-1SSE2\s0 support;" 4 +.IX Item "bit #26 denoting SSE2 support;" +.IP "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" 4 +.IX Item "bit #28 denoting Hyperthreading, which is used to distinguish cores with shared cache;" +.IP "bit #30, reserved by Intel, denotes specifically Intel CPUs;" 4 +.IX Item "bit #30, reserved by Intel, denotes specifically Intel CPUs;" +.IP "bit #33 denoting availability of \s-1PCLMULQDQ\s0 instruction;" 4 +.IX Item "bit #33 denoting availability of PCLMULQDQ instruction;" +.IP "bit #41 denoting \s-1SSSE3,\s0 Supplemental \s-1SSE3,\s0 support;" 4 +.IX Item "bit #41 denoting SSSE3, Supplemental SSE3, support;" +.IP "bit #43 denoting \s-1AMD XOP\s0 support (forced to zero on non-AMD CPUs);" 4 +.IX Item "bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs);" +.IP "bit #54 denoting availability of \s-1MOVBE\s0 instruction;" 4 +.IX Item "bit #54 denoting availability of MOVBE instruction;" +.IP "bit #57 denoting AES-NI instruction set extension;" 4 +.IX Item "bit #57 denoting AES-NI instruction set extension;" +.IP "bit #58, \s-1XSAVE\s0 bit, lack of which in combination with \s-1MOVBE\s0 is used to identify Atom Silvermont core;" 4 +.IX Item "bit #58, XSAVE bit, lack of which in combination with MOVBE is used to identify Atom Silvermont core;" +.IP "bit #59, \s-1OSXSAVE\s0 bit, denoting availability of \s-1YMM\s0 registers;" 4 +.IX Item "bit #59, OSXSAVE bit, denoting availability of YMM registers;" +.IP "bit #60 denoting \s-1AVX\s0 extension;" 4 +.IX Item "bit #60 denoting AVX extension;" +.IP "bit #62 denoting availability of \s-1RDRAND\s0 instruction;" 4 +.IX Item "bit #62 denoting availability of RDRAND instruction;" +.PD +.PP +For example, in 32\-bit application context clearing bit #26 at run-time +disables high-performance \s-1SSE2\s0 code present in the crypto library, while +clearing bit #24 disables \s-1SSE2\s0 code operating on 128\-bit \s-1XMM\s0 register +bank. You might have to do the latter if target OpenSSL application is +executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under control of \s-1OS\s0 that does not +enable \s-1XMM\s0 registers. Historically address of the capability vector copy +was exposed to application through \fBOPENSSL_ia32cap_loc()\fR, but not +anymore. Now the only way to affect the capability detection is to set +OPENSSL_ia32cap environment variable prior target application start. To +give a specific example, on Intel P4 processor 'env +OPENSSL_ia32cap=0x16980010 apps/openssl', or better yet 'env +OPENSSL_ia32cap=~0x1000000 apps/openssl' would achieve the desired +effect. Alternatively you can reconfigure the toolkit with no\-sse2 +option and recompile. +.PP +Less intuitive is clearing bit #28, or ~0x10000000 in the \*(L"environment +variable\*(R" terms. The truth is that it's not copied from \s-1CPUID\s0 output +verbatim, but is adjusted to reflect whether or not the data cache is +actually shared between logical cores. This in turn affects the decision +on whether or not expensive countermeasures against cache-timing attacks +are applied, most notably in \s-1AES\s0 assembler module. +.PP +The capability vector is further extended with \s-1EBX\s0 value returned by +\&\s-1CPUID\s0 with EAX=7 and ECX=0 as input. Following bits are significant: +.IP "bit #64+3 denoting availability of \s-1BMI1\s0 instructions, e.g. \s-1ANDN\s0;" 4 +.IX Item "bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;" +.PD 0 +.IP "bit #64+5 denoting availability of \s-1AVX2\s0 instructions;" 4 +.IX Item "bit #64+5 denoting availability of AVX2 instructions;" +.IP "bit #64+8 denoting availability of \s-1BMI2\s0 instructions, e.g. \s-1MULX\s0 and \s-1RORX\s0;" 4 +.IX Item "bit #64+8 denoting availability of BMI2 instructions, e.g. MULX and RORX;" +.IP "bit #64+16 denoting availability of \s-1AVX512F\s0 extension;" 4 +.IX Item "bit #64+16 denoting availability of AVX512F extension;" +.IP "bit #64+18 denoting availability of \s-1RDSEED\s0 instruction;" 4 +.IX Item "bit #64+18 denoting availability of RDSEED instruction;" +.IP "bit #64+19 denoting availability of \s-1ADCX\s0 and \s-1ADOX\s0 instructions;" 4 +.IX Item "bit #64+19 denoting availability of ADCX and ADOX instructions;" +.IP "bit #64+21 denoting availability of VPMADD52[\s-1LH\s0]UQ instructions, a.k.a. \s-1AVX512IFMA\s0 extension;" 4 +.IX Item "bit #64+21 denoting availability of VPMADD52[LH]UQ instructions, a.k.a. AVX512IFMA extension;" +.IP "bit #64+29 denoting availability of \s-1SHA\s0 extension;" 4 +.IX Item "bit #64+29 denoting availability of SHA extension;" +.IP "bit #64+30 denoting availability of \s-1AVX512BW\s0 extension;" 4 +.IX Item "bit #64+30 denoting availability of AVX512BW extension;" +.IP "bit #64+31 denoting availability of \s-1AVX512VL\s0 extension;" 4 +.IX Item "bit #64+31 denoting availability of AVX512VL extension;" +.IP "bit #64+41 denoting availability of \s-1VAES\s0 extension;" 4 +.IX Item "bit #64+41 denoting availability of VAES extension;" +.IP "bit #64+42 denoting availability of \s-1VPCLMULQDQ\s0 extension;" 4 +.IX Item "bit #64+42 denoting availability of VPCLMULQDQ extension;" +.PD +.PP +To control this extended capability word use ':' as delimiter when +setting up OPENSSL_ia32cap environment variable. For example assigning +\&':~0x20' would disable \s-1AVX2\s0 code paths, and ':0' \- all post-AVX +extensions. +.PP +It should be noted that whether or not some of the most \*(L"fancy\*(R" +extension code paths are actually assembled depends on current assembler +version. Base minimum of \s-1AES\-NI/PCLMULQDQ, SSSE3\s0 and \s-1SHA\s0 extension code +paths are always assembled. Apart from that, minimum assembler version +requirements are summarized in below table: +.PP +.Vb 8 +\& Extension | GNU as | nasm | llvm +\& \-\-\-\-\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\- +\& AVX | 2.19 | 2.09 | 3.0 +\& AVX2 | 2.22 | 2.10 | 3.1 +\& ADCX/ADOX | 2.23 | 2.10 | 3.3 +\& AVX512 | 2.25 | 2.11.8 | see NOTES +\& AVX512IFMA | 2.26 | 2.11.8 | see NOTES +\& VAES | 2.30 | 2.13.3 | +.Ve +.SH "NOTES" +.IX Header "NOTES" +Even though \s-1AVX512\s0 support was implemented in llvm 3.6, compilation of +assembly modules apparently requires explicit \-march flag. But then +compiler generates processor-specific code, which in turn contradicts +the mere idea of run-time switch execution facilitated by the variable +in question. Till the limitation is lifted, it's possible to work around +the problem by making build procedure use following script: +.PP +.Vb 2 +\& #!/bin/sh +\& exec clang \-no\-integrated\-as "$@" +.Ve +.PP +instead of real clang. In which case it doesn't matter which clang +version is used, as it is \s-1GNU\s0 assembler version that will be checked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Not available. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 b/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 new file mode 100644 index 000000000000..18c08554a47c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_init_crypto.3 @@ -0,0 +1,379 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INIT_CRYPTO 3" +.TH OPENSSL_INIT_CRYPTO 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_INIT_new, OPENSSL_INIT_set_config_filename, OPENSSL_INIT_set_config_appname, OPENSSL_INIT_set_config_file_flags, OPENSSL_INIT_free, OPENSSL_init_crypto, OPENSSL_cleanup, OPENSSL_atexit, OPENSSL_thread_stop \- OpenSSL initialisation and deinitialisation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_cleanup(void); +\& int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +\& int OPENSSL_atexit(void (*handler)(void)); +\& void OPENSSL_thread_stop(void); +\& +\& OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +\& int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, +\& const char* filename); +\& int OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *init, +\& unsigned long flags); +\& int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *init, +\& const char* name); +\& void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During normal operation OpenSSL (libcrypto) will allocate various resources at +start up that must, subsequently, be freed on close down of the library. +Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. +.PP +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. +.PP +However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function \fBOPENSSL_init_crypto()\fR can be used for this purpose for +libcrypto (see also \fBOPENSSL_init_ssl\fR\|(3) for the libssl +equivalent). +.PP +Numerous internal OpenSSL functions call \fBOPENSSL_init_crypto()\fR. +Therefore, in order to perform non-default initialisation, +\&\fBOPENSSL_init_crypto()\fR \s-1MUST\s0 be called by application code prior to +any other OpenSSL function calls. +.PP +The \fBopts\fR parameter specifies which aspects of libcrypto should be +initialised. Valid options are: +.IP "\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS" +Suppress automatic loading of the libcrypto error strings. This option is +not a default option. Once selected subsequent calls to +\&\fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_CRYPTO_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_CRYPTO_STRINGS" +Automatic loading of the libcrypto error strings. With this option the +library will automatically load the libcrypto error strings. +This option is a default option. Once selected subsequent calls to +\&\fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0" 4 +.IX Item "OPENSSL_INIT_ADD_ALL_CIPHERS" +With this option the library will automatically load and make available all +libcrypto ciphers. This option is a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0" 4 +.IX Item "OPENSSL_INIT_ADD_ALL_DIGESTS" +With this option the library will automatically load and make available all +libcrypto digests. This option is a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_CIPHERS\s0" 4 +.IX Item "OPENSSL_INIT_NO_ADD_ALL_CIPHERS" +With this option the library will suppress automatic loading of libcrypto +ciphers. This option is not a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_ADD_ALL_CIPHERS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_NO_ADD_ALL_DIGESTS\s0" 4 +.IX Item "OPENSSL_INIT_NO_ADD_ALL_DIGESTS" +With this option the library will suppress automatic loading of libcrypto +digests. This option is not a default option. Once selected subsequent +calls to \fBOPENSSL_init_crypto()\fR with the option +\&\fB\s-1OPENSSL_INIT_ADD_ALL_DIGESTS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_CONFIG\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_CONFIG" +With this option an OpenSSL configuration file will be automatically loaded and +used by calling \fBOPENSSL_config()\fR. This is not a default option for libcrypto. +As of OpenSSL 1.1.1 this is a default option for libssl (see +\&\fBOPENSSL_init_ssl\fR\|(3) for further details about libssl initialisation). See the +description of \fBOPENSSL_INIT_new()\fR, below. +.IP "\s-1OPENSSL_INIT_NO_LOAD_CONFIG\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_CONFIG" +With this option the loading of OpenSSL configuration files will be suppressed. +It is the equivalent of calling \fBOPENSSL_no_config()\fR. This is not a default +option. +.IP "\s-1OPENSSL_INIT_ASYNC\s0" 4 +.IX Item "OPENSSL_INIT_ASYNC" +With this option the library with automatically initialise the libcrypto async +sub-library (see \fBASYNC_start_job\fR\|(3)). This is a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_RDRAND\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_RDRAND" +With this option the library will automatically load and initialise the +\&\s-1RDRAND\s0 engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_DYNAMIC\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_DYNAMIC" +With this option the library will automatically load and initialise the +dynamic engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_OPENSSL\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_OPENSSL" +With this option the library will automatically load and initialise the +openssl engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_CRYPTODEV\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_CRYPTODEV" +With this option the library will automatically load and initialise the +cryptodev engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_CAPI\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_CAPI" +With this option the library will automatically load and initialise the +\&\s-1CAPI\s0 engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_PADLOCK\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_PADLOCK" +With this option the library will automatically load and initialise the +padlock engine (if available). This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_AFALG\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_AFALG" +With this option the library will automatically load and initialise the +\&\s-1AFALG\s0 engine. This not a default option. +.IP "\s-1OPENSSL_INIT_ENGINE_ALL_BUILTIN\s0" 4 +.IX Item "OPENSSL_INIT_ENGINE_ALL_BUILTIN" +With this option the library will automatically load and initialise all the +built in engines listed above with the exception of the openssl and afalg +engines. This not a default option. +.IP "\s-1OPENSSL_INIT_ATFORK\s0" 4 +.IX Item "OPENSSL_INIT_ATFORK" +With this option the library will register its fork handlers. +See \fBOPENSSL_fork_prepare\fR\|(3) for details. +.IP "\s-1OPENSSL_INIT_NO_ATEXIT\s0" 4 +.IX Item "OPENSSL_INIT_NO_ATEXIT" +By default OpenSSL will attempt to clean itself up when the process exits via an +\&\*(L"atexit\*(R" handler. Using this option suppresses that behaviour. This means that +the application will have to clean up OpenSSL explicitly using +\&\fBOPENSSL_cleanup()\fR. +.PP +Multiple options may be combined together in a single call to +\&\fBOPENSSL_init_crypto()\fR. For example: +.PP +.Vb 2 +\& OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS +\& | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL); +.Ve +.PP +The \fBOPENSSL_cleanup()\fR function deinitialises OpenSSL (both libcrypto +and libssl). All resources allocated by OpenSSL are freed. Typically there +should be no need to call this function directly as it is initiated +automatically on application exit. This is done via the standard C library +\&\fBatexit()\fR function. In the event that the application will close in a manner +that will not call the registered \fBatexit()\fR handlers then the application should +call \fBOPENSSL_cleanup()\fR directly. Developers of libraries using OpenSSL +are discouraged from calling this function and should instead, typically, rely +on auto-deinitialisation. This is to avoid error conditions where both an +application and a library it depends on both use OpenSSL, and the library +deinitialises it before the application has finished using it. +.PP +Once \fBOPENSSL_cleanup()\fR has been called the library cannot be reinitialised. +Attempts to call \fBOPENSSL_init_crypto()\fR will fail and an \s-1ERR_R_INIT_FAIL\s0 error +will be added to the error stack. Note that because initialisation has failed +OpenSSL error strings will not be available, only an error code. This code can +be put through the openssl errstr command line application to produce a human +readable error (see \fBerrstr\fR\|(1)). +.PP +The \fBOPENSSL_atexit()\fR function enables the registration of a +function to be called during \fBOPENSSL_cleanup()\fR. Stop handlers are +called after deinitialisation of resources local to a thread, but before other +process wide resources are freed. In the event that multiple stop handlers are +registered, no guarantees are made about the order of execution. +.PP +The \fBOPENSSL_thread_stop()\fR function deallocates resources associated +with the current thread. Typically this function will be called automatically by +the library when the thread exits. This should only be called directly if +resources should be freed at an earlier time, or under the circumstances +described in the \s-1NOTES\s0 section below. +.PP +The \fB\s-1OPENSSL_INIT_LOAD_CONFIG\s0\fR flag will load a configuration file, as with +\&\fBCONF_modules_load_file\fR\|(3) with \s-1NULL\s0 filename and application name and the +\&\fB\s-1CONF_MFLAGS_IGNORE_MISSING_FILE\s0\fR, \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR and +\&\fB\s-1CONF_MFLAGS_DEFAULT_SECTION\s0\fR flags. +The filename, application name, and flags can be customized by providing a +non-null \fB\s-1OPENSSL_INIT_SETTINGS\s0\fR object. +The object can be allocated via \fB\fBOPENSSL_init_new()\fB\fR. +The \fB\fBOPENSSL_INIT_set_config_filename()\fB\fR function can be used to specify a +non-default filename, which is copied and need not refer to persistent storage. +Similarly, \fBOPENSSL_INIT_set_config_appname()\fR can be used to specify a +non-default application name. +Finally, OPENSSL_INIT_set_file_flags can be used to specify non-default flags. +If the \fB\s-1CONF_MFLAGS_IGNORE_RETURN_CODES\s0\fR flag is not included, any errors in +the configuration file will cause an error return from \fBOPENSSL_init_crypto\fR +or indirectly \fBOPENSSL_init_ssl\fR\|(3). +The object can be released with \fBOPENSSL_INIT_free()\fR when done. +.SH "NOTES" +.IX Header "NOTES" +Resources local to a thread are deallocated automatically when the thread exits +(e.g. in a pthreads environment, when \fBpthread_exit()\fR is called). On Windows +platforms this is done in response to a \s-1DLL_THREAD_DETACH\s0 message being sent to +the libcrypto32.dll entry point. Some windows functions may cause threads to exit +without sending this message (for example \fBExitProcess()\fR). If the application +uses such functions, then the application must free up OpenSSL resources +directly via a call to \fBOPENSSL_thread_stop()\fR on each thread. Similarly this +message will also not be sent if OpenSSL is linked statically, and therefore +applications using static linking should also call \fBOPENSSL_thread_stop()\fR on each +thread. Additionally if OpenSSL is loaded dynamically via \fBLoadLibrary()\fR and the +threads are not destroyed until after \fBFreeLibrary()\fR is called then each thread +should call \fBOPENSSL_thread_stop()\fR prior to the \fBFreeLibrary()\fR call. +.PP +On Linux/Unix where OpenSSL has been loaded via \fBdlopen()\fR and the application is +multi-threaded and if \fBdlclose()\fR is subsequently called prior to the threads +being destroyed then OpenSSL will not be able to deallocate resources associated +with those threads. The application should either call \fBOPENSSL_thread_stop()\fR on +each thread prior to the \fBdlclose()\fR call, or alternatively the original \fBdlopen()\fR +call should use the \s-1RTLD_NODELETE\s0 flag (where available on the platform). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions OPENSSL_init_crypto, \fBOPENSSL_atexit()\fR and +\&\fBOPENSSL_INIT_set_config_appname()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_ssl\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_init_crypto()\fR, \fBOPENSSL_cleanup()\fR, \fBOPENSSL_atexit()\fR, +\&\fBOPENSSL_thread_stop()\fR, \fBOPENSSL_INIT_new()\fR, \fBOPENSSL_INIT_set_config_appname()\fR +and \fBOPENSSL_INIT_free()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 b/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 new file mode 100644 index 000000000000..349bbd3aae08 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_init_ssl.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INIT_SSL 3" +.TH OPENSSL_INIT_SSL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_init_ssl \- OpenSSL (libssl and libcrypto) initialisation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During normal operation OpenSSL (libssl and libcrypto) will allocate various +resources at start up that must, subsequently, be freed on close down of the +library. Additionally some resources are allocated on a per thread basis (if the +application is multi-threaded), and these resources must be freed prior to the +thread closing. +.PP +As of version 1.1.0 OpenSSL will automatically allocate all resources that it +needs so no explicit initialisation is required. Similarly it will also +automatically deinitialise as required. +.PP +However, there may be situations when explicit initialisation is desirable or +needed, for example when some non-default initialisation is required. The +function \fBOPENSSL_init_ssl()\fR can be used for this purpose. Calling +this function will explicitly initialise \s-1BOTH\s0 libcrypto and libssl. To +explicitly initialise \s-1ONLY\s0 libcrypto see the +\&\fBOPENSSL_init_crypto\fR\|(3) function. +.PP +Numerous internal OpenSSL functions call \fBOPENSSL_init_ssl()\fR. +Therefore, in order to perform non-default initialisation, +\&\fBOPENSSL_init_ssl()\fR \s-1MUST\s0 be called by application code prior to +any other OpenSSL function calls. +.PP +The \fBopts\fR parameter specifies which aspects of libssl and libcrypto should be +initialised. Valid options for libcrypto are described on the +\&\fBOPENSSL_init_crypto\fR\|(3) page. In addition to any libcrypto +specific option the following libssl options can also be used: +.IP "\s-1OPENSSL_INIT_NO_LOAD_SSL_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_NO_LOAD_SSL_STRINGS" +Suppress automatic loading of the libssl error strings. This option is +not a default option. Once selected subsequent calls to +\&\fBOPENSSL_init_ssl()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. +.IP "\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0" 4 +.IX Item "OPENSSL_INIT_LOAD_SSL_STRINGS" +Automatic loading of the libssl error strings. This option is a +default option. Once selected subsequent calls to +\&\fBOPENSSL_init_ssl()\fR with the option +\&\fB\s-1OPENSSL_INIT_LOAD_SSL_STRINGS\s0\fR will be ignored. +.PP +\&\fBOPENSSL_init_ssl()\fR takes a \fBsettings\fR parameter which can be used to +set parameter values. See \fBOPENSSL_init_crypto\fR\|(3) for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fBOPENSSL_init_ssl()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_init_crypto\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_init_ssl()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 b/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 new file mode 100644 index 000000000000..8bd2a1e85a30 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_instrument_bus.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_INSTRUMENT_BUS 3" +.TH OPENSSL_INSTRUMENT_BUS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_instrument_bus, OPENSSL_instrument_bus2 \- instrument references to memory bus +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 4 +\& #ifdef OPENSSL_CPUID_OBJ +\& size_t OPENSSL_instrument_bus(int *vector, size_t num); +\& size_t OPENSSL_instrument_bus2(int *vector, size_t num, size_t max); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +It was empirically found that timings of references to primary memory +are subject to irregular, apparently non-deterministic variations. The +subroutines in question instrument these references for purposes of +gathering randomness for random number generator. In order to make it +bus-bound a 'flush cache line' instruction is used between probes. In +addition probes are added to \fBvector\fR elements in atomic or +interlocked manner, which should contribute additional noise on +multi-processor systems. This also means that \fBvector[num]\fR should be +zeroed upon invocation (if you want to retrieve actual probe values). +.PP +\&\fBOPENSSL_instrument_bus()\fR performs \fBnum\fR probes and records the number of +oscillator cycles every probe took. +.PP +\&\fBOPENSSL_instrument_bus2()\fR on the other hand \fBaccumulates\fR consecutive +probes with the same value, i.e. in a way it records duration of +periods when probe values appeared deterministic. The subroutine +performs at most \fBmax\fR probes in attempt to fill the \fBvector[num]\fR, +with \fBmax\fR value of 0 meaning \*(L"as many as it takes.\*(R" +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Return value of 0 indicates that \s-1CPU\s0 is not capable of performing the +benchmark, either because oscillator counter or 'flush cache line' is +not available on current platform. For reference, on x86 'flush cache +line' was introduced with the \s-1SSE2\s0 extensions. +.PP +Otherwise number of recorded values is returned. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2011\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 new file mode 100644 index 000000000000..6ae621919108 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_load_builtin_modules.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_LOAD_BUILTIN_MODULES 3" +.TH OPENSSL_LOAD_BUILTIN_MODULES 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module \- add standard configuration modules +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void OPENSSL_load_builtin_modules(void); +\& void ASN1_add_oid_module(void); +\& void ENGINE_add_conf_module(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL +configuration modules to the internal list. They can then be used by the +OpenSSL configuration code. +.PP +\&\fBASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module. +.PP +\&\fBENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. +.SH "NOTES" +.IX Header "NOTES" +If the simple configuration function \fBOPENSSL_config()\fR is called then +\&\fBOPENSSL_load_builtin_modules()\fR is called automatically. +.PP +Applications which use the configuration functions directly will need to +call \fBOPENSSL_load_builtin_modules()\fR themselves \fIbefore\fR any other +configuration code. +.PP +Applications should call \fBOPENSSL_load_builtin_modules()\fR to load all +configuration modules instead of adding modules selectively: otherwise +functionality may be missing from the application if an when new +modules are added. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), \fBOPENSSL_config\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 b/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 new file mode 100644 index 000000000000..d4d9cc8b38ff --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_malloc.3 @@ -0,0 +1,371 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_MALLOC 3" +.TH OPENSSL_MALLOC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OPENSSL_malloc_init, OPENSSL_malloc, OPENSSL_zalloc, OPENSSL_realloc, OPENSSL_free, OPENSSL_clear_realloc, OPENSSL_clear_free, OPENSSL_cleanse, CRYPTO_malloc, CRYPTO_zalloc, CRYPTO_realloc, CRYPTO_free, OPENSSL_strdup, OPENSSL_strndup, OPENSSL_memdup, OPENSSL_strlcpy, OPENSSL_strlcat, OPENSSL_hexstr2buf, OPENSSL_buf2hexstr, OPENSSL_hexchar2int, CRYPTO_strdup, CRYPTO_strndup, OPENSSL_mem_debug_push, OPENSSL_mem_debug_pop, CRYPTO_mem_debug_push, CRYPTO_mem_debug_pop, CRYPTO_clear_realloc, CRYPTO_clear_free, CRYPTO_get_mem_functions, CRYPTO_set_mem_functions, CRYPTO_get_alloc_counts, CRYPTO_set_mem_debug, CRYPTO_mem_ctrl, CRYPTO_mem_leaks, CRYPTO_mem_leaks_fp, CRYPTO_mem_leaks_cb, OPENSSL_MALLOC_FAILURES, OPENSSL_MALLOC_FD \&\- Memory allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OPENSSL_malloc_init(void) +\& +\& void *OPENSSL_malloc(size_t num) +\& void *OPENSSL_zalloc(size_t num) +\& void *OPENSSL_realloc(void *addr, size_t num) +\& void OPENSSL_free(void *addr) +\& char *OPENSSL_strdup(const char *str) +\& char *OPENSSL_strndup(const char *str, size_t s) +\& size_t OPENSSL_strlcat(char *dst, const char *src, size_t size); +\& size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size); +\& void *OPENSSL_memdup(void *data, size_t s) +\& void *OPENSSL_clear_realloc(void *p, size_t old_len, size_t num) +\& void OPENSSL_clear_free(void *str, size_t num) +\& void OPENSSL_cleanse(void *ptr, size_t len); +\& +\& unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +\& char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); +\& int OPENSSL_hexchar2int(unsigned char c); +\& +\& void *CRYPTO_malloc(size_t num, const char *file, int line) +\& void *CRYPTO_zalloc(size_t num, const char *file, int line) +\& void *CRYPTO_realloc(void *p, size_t num, const char *file, int line) +\& void CRYPTO_free(void *str, const char *, int) +\& char *CRYPTO_strdup(const char *p, const char *file, int line) +\& char *CRYPTO_strndup(const char *p, size_t num, const char *file, int line) +\& void *CRYPTO_clear_realloc(void *p, size_t old_len, size_t num, +\& const char *file, int line) +\& void CRYPTO_clear_free(void *str, size_t num, const char *, int) +\& +\& void CRYPTO_get_mem_functions( +\& void *(**m)(size_t, const char *, int), +\& void *(**r)(void *, size_t, const char *, int), +\& void (**f)(void *, const char *, int)) +\& int CRYPTO_set_mem_functions( +\& void *(*m)(size_t, const char *, int), +\& void *(*r)(void *, size_t, const char *, int), +\& void (*f)(void *, const char *, int)) +\& +\& void CRYPTO_get_alloc_counts(int *m, int *r, int *f) +\& +\& int CRYPTO_set_mem_debug(int onoff) +\& +\& env OPENSSL_MALLOC_FAILURES=... +\& env OPENSSL_MALLOC_FD=... +\& +\& int CRYPTO_mem_ctrl(int mode); +\& +\& int OPENSSL_mem_debug_push(const char *info) +\& int OPENSSL_mem_debug_pop(void); +\& +\& int CRYPTO_mem_debug_push(const char *info, const char *file, int line); +\& int CRYPTO_mem_debug_pop(void); +\& +\& int CRYPTO_mem_leaks(BIO *b); +\& int CRYPTO_mem_leaks_fp(FILE *fp); +\& int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), +\& void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL memory allocation is handled by the \fBOPENSSL_xxx\fR \s-1API.\s0 These are +generally macro's that add the standard C \fB_\|_FILE_\|_\fR and \fB_\|_LINE_\|_\fR +parameters and call a lower-level \fBCRYPTO_xxx\fR \s-1API.\s0 +Some functions do not add those parameters, but exist for consistency. +.PP +\&\fBOPENSSL_malloc_init()\fR does nothing and does not need to be called. It is +included for compatibility with older versions of OpenSSL. +.PP +\&\fBOPENSSL_malloc()\fR, \fBOPENSSL_realloc()\fR, and \fBOPENSSL_free()\fR are like the +C \fBmalloc()\fR, \fBrealloc()\fR, and \fBfree()\fR functions. +\&\fBOPENSSL_zalloc()\fR calls \fBmemset()\fR to zero the memory before returning. +.PP +\&\fBOPENSSL_clear_realloc()\fR and \fBOPENSSL_clear_free()\fR should be used +when the buffer at \fBaddr\fR holds sensitive information. +The old buffer is filled with zero's by calling \fBOPENSSL_cleanse()\fR +before ultimately calling \fBOPENSSL_free()\fR. +.PP +\&\fBOPENSSL_cleanse()\fR fills \fBptr\fR of size \fBlen\fR with a string of 0's. +Use \fBOPENSSL_cleanse()\fR with care if the memory is a mapping of a file. +If the storage controller uses write compression, then its possible +that sensitive tail bytes will survive zeroization because the block of +zeros will be compressed. If the storage controller uses wear leveling, +then the old sensitive data will not be overwritten; rather, a block of +0's will be written at a new physical location. +.PP +\&\fBOPENSSL_strdup()\fR, \fBOPENSSL_strndup()\fR and \fBOPENSSL_memdup()\fR are like the +equivalent C functions, except that memory is allocated by calling the +\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. +.PP +\&\fBOPENSSL_strlcpy()\fR, +\&\fBOPENSSL_strlcat()\fR and \fBOPENSSL_strnlen()\fR are equivalents of the common C +library functions and are provided for portability. +.PP +\&\fBOPENSSL_hexstr2buf()\fR parses \fBstr\fR as a hex string and returns a +pointer to the parsed value. The memory is allocated by calling +\&\fBOPENSSL_malloc()\fR and should be released by calling \fBOPENSSL_free()\fR. +If \fBlen\fR is not \s-1NULL,\s0 it is filled in with the output length. +Colons between two-character hex \*(L"bytes\*(R" are ignored. +An odd number of hex digits is an error. +.PP +\&\fBOPENSSL_buf2hexstr()\fR takes the specified buffer and length, and returns +a hex string for value, or \s-1NULL\s0 on error. +\&\fBBuffer\fR cannot be \s-1NULL\s0; if \fBlen\fR is 0 an empty string is returned. +.PP +\&\fBOPENSSL_hexchar2int()\fR converts a character to the hexadecimal equivalent, +or returns \-1 on error. +.PP +If no allocations have been done, it is possible to \*(L"swap out\*(R" the default +implementations for \fBOPENSSL_malloc()\fR, OPENSSL_realloc and \fBOPENSSL_free()\fR +and replace them with alternate versions (hooks). +\&\fBCRYPTO_get_mem_functions()\fR function fills in the given arguments with the +function pointers for the current implementations. +With \fBCRYPTO_set_mem_functions()\fR, you can specify a different set of functions. +If any of \fBm\fR, \fBr\fR, or \fBf\fR are \s-1NULL,\s0 then the function is not changed. +.PP +The default implementation can include some debugging capability (if enabled +at build-time). +This adds some overhead by keeping a list of all memory allocations, and +removes items from the list when they are free'd. +This is most useful for identifying memory leaks. +\&\fBCRYPTO_set_mem_debug()\fR turns this tracking on and off. In order to have +any effect, is must be called before any of the allocation functions +(e.g., \fBCRYPTO_malloc()\fR) are called, and is therefore normally one of the +first lines of \fBmain()\fR in an application. +\&\fBCRYPTO_mem_ctrl()\fR provides fine-grained control of memory leak tracking. +To enable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of +the \fB\s-1CRYPTO_MEM_CHECK_ON\s0\fR. +To disable tracking call \fBCRYPTO_mem_ctrl()\fR with a \fBmode\fR argument of +the \fB\s-1CRYPTO_MEM_CHECK_OFF\s0\fR. +.PP +While checking memory, it can be useful to store additional context +about what is being done. +For example, identifying the field names when parsing a complicated +data structure. +\&\fBOPENSSL_mem_debug_push()\fR (which calls \fBCRYPTO_mem_debug_push()\fR) +attachs an identifying string to the allocation stack. +This must be a global or other static string; it is not copied. +\&\fBOPENSSL_mem_debug_pop()\fR removes identifying state from the stack. +.PP +At the end of the program, calling \fBCRYPTO_mem_leaks()\fR or +\&\fBCRYPTO_mem_leaks_fp()\fR will report all \*(L"leaked\*(R" memory, writing it +to the specified \s-1BIO\s0 \fBb\fR or \s-1FILE\s0 \fBfp\fR. These functions return 1 if +there are no leaks, 0 if there are leaks and \-1 if an error occurred. +.PP +\&\fBCRYPTO_mem_leaks_cb()\fR does the same as \fBCRYPTO_mem_leaks()\fR, but instead +of writing to a given \s-1BIO,\s0 the callback function is called for each +output string with the string, length, and userdata \fBu\fR as the callback +parameters. +.PP +If the library is built with the \f(CW\*(C`crypto\-mdebug\*(C'\fR option, then one +function, \fBCRYPTO_get_alloc_counts()\fR, and two additional environment +variables, \fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR and \fB\s-1OPENSSL_MALLOC_FD\s0\fR, +are available. +.PP +The function \fBCRYPTO_get_alloc_counts()\fR fills in the number of times +each of \fBCRYPTO_malloc()\fR, \fBCRYPTO_realloc()\fR, and \fBCRYPTO_free()\fR have been +called, into the values pointed to by \fBmcount\fR, \fBrcount\fR, and \fBfcount\fR, +respectively. If a pointer is \s-1NULL,\s0 then the corresponding count is not stored. +.PP +The variable +\&\fB\s-1OPENSSL_MALLOC_FAILURES\s0\fR controls how often allocations should fail. +It is a set of fields separated by semicolons, which each field is a count +(defaulting to zero) and an optional atsign and percentage (defaulting +to 100). If the count is zero, then it lasts forever. For example, +\&\f(CW\*(C`100;@25\*(C'\fR or \f(CW\*(C`100@0;0@25\*(C'\fR means the first 100 allocations pass, then all +other allocations (until the program exits or crashes) have a 25% chance of +failing. +.PP +If the variable \fB\s-1OPENSSL_MALLOC_FD\s0\fR is parsed as a positive integer, then +it is taken as an open file descriptor, and a record of all allocations is +written to that descriptor. If an allocation will fail, and the platform +supports it, then a backtrace will be written to the descriptor. This can +be useful because a malloc may fail but not be checked, and problems will +only occur later. The following example in classic shell syntax shows how +to use this (will not work on all platforms): +.PP +.Vb 5 +\& OPENSSL_MALLOC_FAILURES=\*(Aq200;@10\*(Aq +\& export OPENSSL_MALLOC_FAILURES +\& OPENSSL_MALLOC_FD=3 +\& export OPENSSL_MALLOC_FD +\& ...app invocation... 3>/tmp/log$$ +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOPENSSL_malloc_init()\fR, \fBOPENSSL_free()\fR, \fBOPENSSL_clear_free()\fR +\&\fBCRYPTO_free()\fR, \fBCRYPTO_clear_free()\fR and \fBCRYPTO_get_mem_functions()\fR +return no value. +.PP +\&\fBCRYPTO_mem_leaks()\fR, \fBCRYPTO_mem_leaks_fp()\fR and \fBCRYPTO_mem_leaks_cb()\fR return 1 if +there are no leaks, 0 if there are leaks and \-1 if an error occurred. +.PP +\&\fBOPENSSL_malloc()\fR, \fBOPENSSL_zalloc()\fR, \fBOPENSSL_realloc()\fR, +\&\fBOPENSSL_clear_realloc()\fR, +\&\fBCRYPTO_malloc()\fR, \fBCRYPTO_zalloc()\fR, \fBCRYPTO_realloc()\fR, +\&\fBCRYPTO_clear_realloc()\fR, +\&\fBOPENSSL_buf2hexstr()\fR, \fBOPENSSL_hexstr2buf()\fR, +\&\fBOPENSSL_strdup()\fR, and \fBOPENSSL_strndup()\fR +return a pointer to allocated memory or \s-1NULL\s0 on error. +.PP +\&\fBCRYPTO_set_mem_functions()\fR and \fBCRYPTO_set_mem_debug()\fR +return 1 on success or 0 on failure (almost +always because allocations have already happened). +.PP +\&\fBCRYPTO_mem_ctrl()\fR returns \-1 if an error occurred, otherwise the +previous value of the mode. +.PP +\&\fBOPENSSL_mem_debug_push()\fR and \fBOPENSSL_mem_debug_pop()\fR +return 1 on success or 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +While it's permitted to swap out only a few and not all the functions +with \fBCRYPTO_set_mem_functions()\fR, it's recommended to swap them all out +at once. \fIThis applies specially if OpenSSL was built with the +configuration option\fR \f(CW\*(C`crypto\-mdebug\*(C'\fR \fIenabled. In case, swapping out +only, say, the \f(BImalloc()\fI implementation is outright dangerous.\fR +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 b/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 new file mode 100644 index 000000000000..032d205fd785 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OPENSSL_secure_malloc.3 @@ -0,0 +1,260 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_SECURE_MALLOC 3" +.TH OPENSSL_SECURE_MALLOC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized, CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc, OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free, CRYPTO_secure_free, OPENSSL_secure_clear_free, CRYPTO_secure_clear_free, OPENSSL_secure_actual_size, CRYPTO_secure_used \- secure heap storage +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int CRYPTO_secure_malloc_init(size_t size, int minsize); +\& +\& int CRYPTO_secure_malloc_initialized(); +\& +\& int CRYPTO_secure_malloc_done(); +\& +\& void *OPENSSL_secure_malloc(size_t num); +\& void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +\& +\& void *OPENSSL_secure_zalloc(size_t num); +\& void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +\& +\& void OPENSSL_secure_free(void* ptr); +\& void CRYPTO_secure_free(void *ptr, const char *, int); +\& +\& void OPENSSL_secure_clear_free(void* ptr, size_t num); +\& void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *, int); +\& +\& size_t OPENSSL_secure_actual_size(const void *ptr); +\& +\& size_t CRYPTO_secure_used(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In order to help protect applications (particularly long-running servers) +from pointer overruns or underruns that could return arbitrary data from +the program's dynamic memory area, where keys and other sensitive +information might be stored, OpenSSL supports the concept of a \*(L"secure heap.\*(R" +The level and type of security guarantees depend on the operating system. +It is a good idea to review the code and see if it addresses your +threat model and concerns. +.PP +If a secure heap is used, then private key \fB\s-1BIGNUM\s0\fR values are stored there. +This protects long-term storage of private keys, but will not necessarily +put all intermediate values and computations there. +.PP +\&\fBCRYPTO_secure_malloc_init()\fR creates the secure heap, with the specified +\&\f(CW\*(C`size\*(C'\fR in bytes. The \f(CW\*(C`minsize\*(C'\fR parameter is the minimum size to +allocate from the heap. Both \f(CW\*(C`size\*(C'\fR and \f(CW\*(C`minsize\*(C'\fR must be a power +of two. +.PP +\&\fBCRYPTO_secure_malloc_initialized()\fR indicates whether or not the secure +heap as been initialized and is available. +.PP +\&\fBCRYPTO_secure_malloc_done()\fR releases the heap and makes the memory unavailable +to the process if all secure memory has been freed. +It can take noticeably long to complete. +.PP +\&\fBOPENSSL_secure_malloc()\fR allocates \f(CW\*(C`num\*(C'\fR bytes from the heap. +If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fBOPENSSL_malloc()\fR. +It is a macro that expands to +\&\fBCRYPTO_secure_malloc()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters. +.PP +\&\fBOPENSSL_secure_zalloc()\fR and \fBCRYPTO_secure_zalloc()\fR are like +\&\fBOPENSSL_secure_malloc()\fR and \fBCRYPTO_secure_malloc()\fR, respectively, +except that they call \fBmemset()\fR to zero the memory before returning. +.PP +\&\fBOPENSSL_secure_free()\fR releases the memory at \f(CW\*(C`ptr\*(C'\fR back to the heap. +It must be called with a value previously obtained from +\&\fBOPENSSL_secure_malloc()\fR. +If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fBOPENSSL_free()\fR. +It exists for consistency with \fBOPENSSL_secure_malloc()\fR , and +is a macro that expands to \fBCRYPTO_secure_free()\fR and adds the \f(CW\*(C`_\|_FILE_\|_\*(C'\fR +and \f(CW\*(C`_\|_LINE_\|_\*(C'\fR parameters.. +.PP +\&\fBOPENSSL_secure_clear_free()\fR is similar to \fBOPENSSL_secure_free()\fR except +that it has an additional \f(CW\*(C`num\*(C'\fR parameter which is used to clear +the memory if it was not allocated from the secure heap. +If \fBCRYPTO_secure_malloc_init()\fR is not called, this is equivalent to +calling \fBOPENSSL_clear_free()\fR. +.PP +\&\fBOPENSSL_secure_actual_size()\fR tells the actual size allocated to the +pointer; implementations may allocate more space than initially +requested, in order to \*(L"round up\*(R" and reduce secure heap fragmentation. +.PP +\&\fBCRYPTO_secure_used()\fR returns the number of bytes allocated in the +secure heap. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBCRYPTO_secure_malloc_init()\fR returns 0 on failure, 1 if successful, +and 2 if successful but the heap could not be protected by memory +mapping. +.PP +\&\fBCRYPTO_secure_malloc_initialized()\fR returns 1 if the secure heap is +available (that is, if \fBCRYPTO_secure_malloc_init()\fR has been called, +but \fBCRYPTO_secure_malloc_done()\fR has not been called or failed) or 0 if not. +.PP +\&\fBOPENSSL_secure_malloc()\fR and \fBOPENSSL_secure_zalloc()\fR return a pointer into +the secure heap of the requested size, or \f(CW\*(C`NULL\*(C'\fR if memory could not be +allocated. +.PP +\&\fBCRYPTO_secure_allocated()\fR returns 1 if the pointer is in the secure heap, or 0 if not. +.PP +\&\fBCRYPTO_secure_malloc_done()\fR returns 1 if the secure memory area is released, or 0 if not. +.PP +\&\fBOPENSSL_secure_free()\fR and \fBOPENSSL_secure_clear_free()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_malloc\fR\|(3), +\&\fBBN_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOPENSSL_secure_clear_free()\fR function was added in OpenSSL 1.1.0g. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 new file mode 100644 index 000000000000..ea47f5858d9e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_INFO.3 @@ -0,0 +1,314 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_INFO 3" +.TH OSSL_STORE_INFO 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_INFO, OSSL_STORE_INFO_get_type, OSSL_STORE_INFO_get0_NAME, OSSL_STORE_INFO_get0_NAME_description, OSSL_STORE_INFO_get0_PARAMS, OSSL_STORE_INFO_get0_PKEY, OSSL_STORE_INFO_get0_CERT, OSSL_STORE_INFO_get0_CRL, OSSL_STORE_INFO_get1_NAME, OSSL_STORE_INFO_get1_NAME_description, OSSL_STORE_INFO_get1_PARAMS, OSSL_STORE_INFO_get1_PKEY, OSSL_STORE_INFO_get1_CERT, OSSL_STORE_INFO_get1_CRL, OSSL_STORE_INFO_type_string, OSSL_STORE_INFO_free, OSSL_STORE_INFO_new_NAME, OSSL_STORE_INFO_set0_NAME_description, OSSL_STORE_INFO_new_PARAMS, OSSL_STORE_INFO_new_PKEY, OSSL_STORE_INFO_new_CERT, OSSL_STORE_INFO_new_CRL \- Functions to manipulate OSSL_STORE_INFO objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_info_st OSSL_STORE_INFO; +\& +\& int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *store_info); +\& const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *store_info); +\& char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *store_info); +\& const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO +\& *store_info); +\& char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *store_info); +\& EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *store_info); +\& X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *store_info); +\& X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *store_info); +\& X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *store_info); +\& X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *store_info); +\& +\& const char *OSSL_STORE_INFO_type_string(int type); +\& +\& void OSSL_STORE_INFO_free(OSSL_STORE_INFO *store_info); +\& +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); +\& int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(DSA *dsa_params); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); +\& OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are primarily useful for applications to retrieve +supported objects from \fB\s-1OSSL_STORE_INFO\s0\fR objects and for scheme specific +loaders to create \fB\s-1OSSL_STORE_INFO\s0\fR holders. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_INFO\s0\fR is an opaque type that's just an intermediary holder for +the objects that have been retrieved by \fBOSSL_STORE_load()\fR and similar +functions. +Supported OpenSSL type object can be extracted using one of +\&\fBSTORE_INFO_get0_TYPE()\fR. +The life time of this extracted object is as long as the life time of +the \fB\s-1OSSL_STORE_INFO\s0\fR it was extracted from, so care should be taken not +to free the latter too early. +As an alternative, \fBSTORE_INFO_get1_TYPE()\fR extracts a duplicate (or the +same object with its reference count increased), which can be used +after the containing \fB\s-1OSSL_STORE_INFO\s0\fR has been freed. +The object returned by \fBSTORE_INFO_get1_TYPE()\fR must be freed separately +by the caller. +See \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 for more information on the types that are +supported. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_STORE_INFO_get_type()\fR takes a \fB\s-1OSSL_STORE_INFO\s0\fR and returns the \s-1STORE\s0 +type number for the object inside. +\&\fBSTORE_INFO_get_type_string()\fR takes a \s-1STORE\s0 type number and returns a +short string describing it. +.PP +\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all take a +\&\fB\s-1OSSL_STORE_INFO\s0\fR and return the held object of the appropriate OpenSSL +type provided that's what's held. +.PP +\&\fBOSSL_STORE_INFO_get1_NAME()\fR, \fBOSSL_STORE_INFO_get1_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get1_PARAMS()\fR, \fBOSSL_STORE_INFO_get1_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get1_CERT()\fR and \fBOSSL_STORE_INFO_get1_CRL()\fR all take a +\&\fB\s-1OSSL_STORE_INFO\s0\fR and return a duplicate of the held object of the +appropriate OpenSSL type provided that's what's held. +.PP +\&\fBOSSL_STORE_INFO_free()\fR frees a \fB\s-1OSSL_STORE_INFO\s0\fR and its contained type. +.PP +\&\fBOSSL_STORE_INFO_new_NAME()\fR , \fBOSSL_STORE_INFO_new_PARAMS()\fR, +\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and +\&\fBOSSL_STORE_INFO_new_CRL()\fR create a \fB\s-1OSSL_STORE_INFO\s0\fR +object to hold the given input object. +Additionally, for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR` objects, +\&\fBOSSL_STORE_INFO_set0_NAME_description()\fR can be used to add an extra +description. +This description is meant to be human readable and should be used for +information printout. +.SH "SUPPORTED OBJECTS" +.IX Header "SUPPORTED OBJECTS" +Currently supported object types are: +.IP "\s-1OSSL_STORE_INFO_NAME\s0" 4 +.IX Item "OSSL_STORE_INFO_NAME" +A name is exactly that, a name. +It's like a name in a directory, but formatted as a complete \s-1URI.\s0 +For example, the path in \s-1URI\s0 \f(CW\*(C`file:/foo/bar/\*(C'\fR could include a file +named \f(CW\*(C`cookie.pem\*(C'\fR, and in that case, the returned \fB\s-1OSSL_STORE_INFO_NAME\s0\fR +object would have the \s-1URI\s0 \f(CW\*(C`file:/foo/bar/cookie.pem\*(C'\fR, which can be +used by the application to get the objects in that file. +This can be applied to all schemes that can somehow support a listing +of object URIs. +.Sp +For \f(CW\*(C`file:\*(C'\fR URIs that are used without the explicit scheme, the +returned name will be the path of each object, so if \f(CW\*(C`/foo/bar\*(C'\fR was +given and that path has the file \f(CW\*(C`cookie.pem\*(C'\fR, the name +\&\f(CW\*(C`/foo/bar/cookie.pem\*(C'\fR will be returned. +.Sp +The returned \s-1URI\s0 is considered canonical and must be unique and permanent +for the storage where the object (or collection of objects) resides. +Each loader is responsible for ensuring that it only returns canonical +URIs. +However, it's possible that certain schemes allow an object (or collection +thereof) to be reached with alternative URIs; just because one \s-1URI\s0 is +canonical doesn't mean that other variants can't be used. +.Sp +At the discretion of the loader that was used to get these names, an +extra description may be attached as well. +.IP "\s-1OSSL_STORE_INFO_PARAMS\s0" 4 +.IX Item "OSSL_STORE_INFO_PARAMS" +Key parameters. +.IP "\s-1OSSL_STORE_INFO_PKEY\s0" 4 +.IX Item "OSSL_STORE_INFO_PKEY" +A private/public key of some sort. +.IP "\s-1OSSL_STORE_INFO_CERT\s0" 4 +.IX Item "OSSL_STORE_INFO_CERT" +An X.509 certificate. +.IP "\s-1OSSL_STORE_INFO_CRL\s0" 4 +.IX Item "OSSL_STORE_INFO_CRL" +A X.509 certificate revocation list. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_INFO_get_type()\fR returns the \s-1STORE\s0 type number of the given +\&\fB\s-1OSSL_STORE_INFO\s0\fR. +There is no error value. +.PP +\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return +a pointer to the OpenSSL object on success, \s-1NULL\s0 otherwise. +.PP +\&\fBOSSL_STORE_INFO_get0_NAME()\fR, \fBOSSL_STORE_INFO_get0_NAME_description()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR and \fBOSSL_STORE_INFO_get0_CRL()\fR all return +a pointer to a duplicate of the OpenSSL object on success, \s-1NULL\s0 otherwise. +.PP +\&\fBOSSL_STORE_INFO_type_string()\fR returns a string on success, or \fB\s-1NULL\s0\fR on +failure. +.PP +\&\fBOSSL_STORE_INFO_new_NAME()\fR, \fBOSSL_STORE_INFO_new_PARAMS()\fR, +\&\fBOSSL_STORE_INFO_new_PKEY()\fR, \fBOSSL_STORE_INFO_new_CERT()\fR and +\&\fBOSSL_STORE_INFO_new_CRL()\fR return a \fB\s-1OSSL_STORE_INFO\s0\fR +pointer on success, or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fBOSSL_STORE_INFO_set0_NAME_description()\fR returns 1 on success, or 0 on +failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fBOSSL_STORE_INFO\s0()\fR, \fBOSSL_STORE_INFO_get_type()\fR, \fBOSSL_STORE_INFO_get0_NAME()\fR, +\&\fBOSSL_STORE_INFO_get0_PARAMS()\fR, \fBOSSL_STORE_INFO_get0_PKEY()\fR, +\&\fBOSSL_STORE_INFO_get0_CERT()\fR, \fBOSSL_STORE_INFO_get0_CRL()\fR, +\&\fBOSSL_STORE_INFO_type_string()\fR, \fBOSSL_STORE_INFO_free()\fR, \fBOSSL_STORE_INFO_new_NAME()\fR, +\&\fBOSSL_STORE_INFO_new_PARAMS()\fR, \fBOSSL_STORE_INFO_new_PKEY()\fR, +\&\fBOSSL_STORE_INFO_new_CERT()\fR and \fBOSSL_STORE_INFO_new_CRL()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 new file mode 100644 index 000000000000..45b15c3a644a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_LOADER.3 @@ -0,0 +1,362 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_LOADER 3" +.TH OSSL_STORE_LOADER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_LOADER, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, OSSL_STORE_LOADER_get0_engine, OSSL_STORE_LOADER_get0_scheme, OSSL_STORE_LOADER_set_open, OSSL_STORE_LOADER_set_ctrl, OSSL_STORE_LOADER_set_expect, OSSL_STORE_LOADER_set_find, OSSL_STORE_LOADER_set_load, OSSL_STORE_LOADER_set_eof, OSSL_STORE_LOADER_set_error, OSSL_STORE_LOADER_set_close, OSSL_STORE_LOADER_free, OSSL_STORE_register_loader, OSSL_STORE_unregister_loader, OSSL_STORE_open_fn, OSSL_STORE_ctrl_fn, OSSL_STORE_expect_fn, OSSL_STORE_find_fn, OSSL_STORE_load_fn, OSSL_STORE_eof_fn, OSSL_STORE_error_fn, OSSL_STORE_close_fn \- Types and functions to manipulate, register and unregister STORE loaders for different URI schemes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_loader_st OSSL_STORE_LOADER; +\& +\& OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); +\& const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER +\& *store_loader); +\& const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER +\& *store_loader); +\& +\& /* struct ossl_store_loader_ctx_st is defined differently by each loader */ +\& typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; +\& +\& typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const char *uri, +\& const UI_METHOD *ui_method, +\& void *ui_data); +\& int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_open_fn store_open_function); +\& typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, +\& va_list args); +\& int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_ctrl_fn store_ctrl_function); +\& typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); +\& int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, +\& OSSL_STORE_expect_fn expect_function); +\& typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, +\& OSSL_STORE_SEARCH *criteria); +\& int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, +\& OSSL_STORE_find_fn find_function); +\& typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, +\& UI_METHOD *ui_method, +\& void *ui_data); +\& int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_load_fn store_load_function); +\& typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_eof_fn store_eof_function); +\& typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_error_fn store_error_function); +\& typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); +\& int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *store_loader, +\& OSSL_STORE_close_fn store_close_function); +\& void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *store_loader); +\& +\& int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); +\& OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions help applications and engines to create loaders for +schemes they support. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_LOADER\s0\fR is the type to hold a loader. +It contains a scheme and the functions needed to implement +\&\fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR, \fBOSSL_STORE_error()\fR and +\&\fBOSSL_STORE_close()\fR for this scheme. +.PP +\&\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR is a type template, to be defined by each loader +using \fBstruct ossl_store_loader_ctx_st { ... }\fR. +.PP +\&\fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, \fBOSSL_STORE_expect_fn\fR, +\&\fBOSSL_STORE_find_fn\fR, \fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR, +and \fBOSSL_STORE_close_fn\fR +are the function pointer types used within a \s-1STORE\s0 loader. +The functions pointed at define the functionality of the given loader. +.IP "\fBOSSL_STORE_open_fn\fR" 4 +.IX Item "OSSL_STORE_open_fn" +This function takes a \s-1URI\s0 and is expected to interpret it in the best +manner possible according to the scheme the loader implements, it also +takes a \fB\s-1UI_METHOD\s0\fR and associated data, to be used any time +something needs to be prompted for. +Furthermore, this function is expected to initialize what needs to be +initialized, to create a private data store (\fB\s-1OSSL_STORE_LOADER_CTX\s0\fR, see +above), and to return it. +If something goes wrong, this function is expected to return \s-1NULL.\s0 +.IP "\fBOSSL_STORE_ctrl_fn\fR" 4 +.IX Item "OSSL_STORE_ctrl_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer, a command number +\&\fBcmd\fR and a \fBva_list\fR \fBargs\fR and is used to manipulate loader +specific parameters. +.Sp +Loader specific command numbers must begin at \fB\s-1OSSL_STORE_C_CUSTOM_START\s0\fR. +Any number below that is reserved for future globally known command +numbers. +.Sp +This function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_expect_fn\fR" 4 +.IX Item "OSSL_STORE_expect_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1OSSL_STORE_INFO\s0\fR +identity \fBexpected\fR, and is used to tell the loader what object type is +expected. +\&\fBexpected\fR may be zero to signify that no specific object type is expected. +.Sp +This function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_find_fn\fR" 4 +.IX Item "OSSL_STORE_find_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR search criterion, and is used to tell the loader what +to search for. +.Sp +When called with the loader context being \fB\s-1NULL\s0\fR, this function is expected +to return 1 if the loader supports the criterion, otherwise 0. +.Sp +When called with the loader context being something other than \fB\s-1NULL\s0\fR, this +function is expected to return 1 on success, 0 on error. +.IP "\fBOSSL_STORE_load_fn\fR" 4 +.IX Item "OSSL_STORE_load_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and a \fB\s-1UI_METHOD\s0\fR +with associated data. +It's expected to load the next available data, mold it into a data +structure that can be wrapped in a \fB\s-1OSSL_STORE_INFO\s0\fR using one of the +\&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3) functions. +If no more data is available or an error occurs, this function is +expected to return \s-1NULL.\s0 +The \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_error_fn\fR functions must indicate if +it was in fact the end of data or if an error occurred. +.Sp +Note that this function retrieves \fIone\fR data item only. +.IP "\fBOSSL_STORE_eof_fn\fR" 4 +.IX Item "OSSL_STORE_eof_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +return 1 to indicate that the end of available data has been reached. +It is otherwise expected to return 0. +.IP "\fBOSSL_STORE_error_fn\fR" 4 +.IX Item "OSSL_STORE_error_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +return 1 to indicate that an error occurred in a previous call to the +\&\fBOSSL_STORE_load_fn\fR function. +It is otherwise expected to return 0. +.IP "\fBOSSL_STORE_close_fn\fR" 4 +.IX Item "OSSL_STORE_close_fn" +This function takes a \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer and is expected to +close or shut down what needs to be closed, and finally free the +contents of the \fB\s-1OSSL_STORE_LOADER_CTX\s0\fR pointer. +It returns 1 on success and 0 on error. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_STORE_LOADER_new()\fR creates a new \fB\s-1OSSL_STORE_LOADER\s0\fR. +It takes an \fB\s-1ENGINE\s0\fR \fBe\fR and a string \fBscheme\fR. +\&\fBscheme\fR must \fIalways\fR be set. +Both \fBe\fR and \fBscheme\fR are used as is and must therefore be alive as +long as the created loader is. +.PP +\&\fBOSSL_STORE_LOADER_get0_engine()\fR returns the engine of the \fBstore_loader\fR. +\&\fBOSSL_STORE_LOADER_get0_scheme()\fR returns the scheme of the \fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_open()\fR sets the opener function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_ctrl()\fR sets the control function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_expect()\fR sets the expect function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_load()\fR sets the loader function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_eof()\fR sets the end of file checker function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_set_close()\fR sets the closing function for the +\&\fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_LOADER_free()\fR frees the given \fBstore_loader\fR. +.PP +\&\fBOSSL_STORE_register_loader()\fR register the given \fBstore_loader\fR and thereby +makes it available for use with \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, +\&\fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR. +.PP +\&\fBOSSL_STORE_unregister_loader()\fR unregister the store loader for the given +\&\fBscheme\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fBfile:\fR scheme has built in support. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions with the types \fBOSSL_STORE_open_fn\fR, \fBOSSL_STORE_ctrl_fn\fR, +\&\fBOSSL_STORE_expect_fn\fR, +\&\fBOSSL_STORE_load_fn\fR, \fBOSSL_STORE_eof_fn\fR and \fBOSSL_STORE_close_fn\fR have the +same return values as \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_expect()\fR, +\&\fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR, respectively. +.PP +\&\fBOSSL_STORE_LOADER_new()\fR returns a pointer to a \fB\s-1OSSL_STORE_LOADER\s0\fR on success, +or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fBOSSL_STORE_LOADER_set_open()\fR, \fBOSSL_STORE_LOADER_set_ctrl()\fR, +\&\fBOSSL_STORE_LOADER_set_load()\fR, \fBOSSL_STORE_LOADER_set_eof()\fR and +\&\fBOSSL_STORE_LOADER_set_close()\fR return 1 on success, or 0 on failure. +.PP +\&\fBOSSL_STORE_register_loader()\fR returns 1 on success, or 0 on failure. +.PP +\&\fBOSSL_STORE_unregister_loader()\fR returns the unregistered loader on success, +or \fB\s-1NULL\s0\fR on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_open\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fBOSSL_STORE_LOADER\s0()\fR, \s-1\fBOSSL_STORE_LOADER_CTX\s0()\fR, \fBOSSL_STORE_LOADER_new()\fR, +\&\fBOSSL_STORE_LOADER_set0_scheme()\fR, \fBOSSL_STORE_LOADER_set_open()\fR, +\&\fBOSSL_STORE_LOADER_set_ctrl()\fR, \fBOSSL_STORE_LOADER_set_load()\fR, +\&\fBOSSL_STORE_LOADER_set_eof()\fR, \fBOSSL_STORE_LOADER_set_close()\fR, +\&\fBOSSL_STORE_LOADER_free()\fR, \fBOSSL_STORE_register_loader()\fR, +\&\fBOSSL_STORE_unregister_loader()\fR, \fBOSSL_STORE_open_fn()\fR, \fBOSSL_STORE_ctrl_fn()\fR, +\&\fBOSSL_STORE_load_fn()\fR, \fBOSSL_STORE_eof_fn()\fR and \fBOSSL_STORE_close_fn()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 new file mode 100644 index 000000000000..b707a97cd9be --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_SEARCH.3 @@ -0,0 +1,300 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_SEARCH 3" +.TH OSSL_STORE_SEARCH 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_SEARCH, OSSL_STORE_SEARCH_by_name, OSSL_STORE_SEARCH_by_issuer_serial, OSSL_STORE_SEARCH_by_key_fingerprint, OSSL_STORE_SEARCH_by_alias, OSSL_STORE_SEARCH_free, OSSL_STORE_SEARCH_get_type, OSSL_STORE_SEARCH_get0_name, OSSL_STORE_SEARCH_get0_serial, OSSL_STORE_SEARCH_get0_bytes, OSSL_STORE_SEARCH_get0_string, OSSL_STORE_SEARCH_get0_digest \&\- Type and functions to create OSSL_STORE search criteria +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_search_st OSSL_STORE_SEARCH; +\& +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, +\& const ASN1_INTEGER +\& *serial); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, +\& const unsigned char +\& *bytes, int len); +\& OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); +\& +\& void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); +\& +\& int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); +\& X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); +\& const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH +\& *criterion); +\& const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH +\& *criterion, size_t *length); +\& const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); +\& const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH +\& *criterion); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to specify search criteria to help search for specific +objects through other names than just the \s-1URI\s0 that's given to \fBOSSL_STORE_open()\fR. +For example, this can be useful for an application that has received a \s-1URI\s0 +and then wants to add on search criteria in a uniform and supported manner. +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR is an opaque type that holds the constructed search +criterion, and that can be given to an \s-1OSSL_STORE\s0 context with +\&\fBOSSL_STORE_find()\fR. +.PP +The calling application owns the allocation of an \fB\s-1OSSL_STORE_SEARCH\s0\fR at all +times, and should therefore be careful not to deallocate it before +\&\fBOSSL_STORE_close()\fR has been called for the \s-1OSSL_STORE\s0 context it was given +to. +.SS "Application Functions" +.IX Subsection "Application Functions" +\&\fBOSSL_STORE_SEARCH_by_name()\fR, +\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +and \fBOSSL_STORE_SEARCH_by_alias()\fR +are used to create an \fB\s-1OSSL_STORE_SEARCH\s0\fR from a subject name, an issuer name +and serial number pair, a key fingerprint, and an alias (for example a friendly +name). +The parameters that are provided are not copied, only referred to in a +criterion, so they must have at least the same life time as the created +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +.PP +\&\fBOSSL_STORE_SEARCH_free()\fR is used to free the \fB\s-1OSSL_STORE_SEARCH\s0\fR. +.SS "Loader Functions" +.IX Subsection "Loader Functions" +\&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type for the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +.PP +\&\fBOSSL_STORE_SEARCH_get0_name()\fR, \fBOSSL_STORE_SEARCH_get0_serial()\fR, +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, \fBOSSL_STORE_SEARCH_get0_string()\fR, +and \fBOSSL_STORE_SEARCH_get0_digest()\fR +are used to retrieve different data from a \fB\s-1OSSL_STORE_SEARCH\s0\fR, as +available for each type. +For more information, see \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 below. +.SH "SUPPORTED CRITERION TYPES" +.IX Header "SUPPORTED CRITERION TYPES" +Currently supported criterion types are: +.IP "\s-1OSSL_STORE_SEARCH_BY_NAME\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_NAME" +This criterion supports a search by exact match of subject name. +The subject name itself is a \fBX509_NAME\fR pointer. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_name()\fR, +and the actual subject name is retrieved with \fBOSSL_STORE_SEARCH_get0_name()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_ISSUER_SERIAL\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_ISSUER_SERIAL" +This criterion supports a search by exact match of both issuer name and serial +number. +The issuer name itself is a \fBX509_NAME\fR pointer, and the serial number is +a \fB\s-1ASN1_INTEGER\s0\fR pointer. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_issuer_serial()\fR +and the actual issuer name and serial number are retrieved with +\&\fBOSSL_STORE_SEARCH_get0_name()\fR and \fBOSSL_STORE_SEARCH_get0_serial()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT" +This criterion supports a search by exact match of key fingerprint. +The key fingerprint in itself is a string of bytes and its length, as +well as the algorithm that was used to compute the fingerprint. +The digest may be left unspecified (\s-1NULL\s0), and in that case, the +loader has to decide on a default digest and compare fingerprints +accordingly. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR +and the actual fingerprint and its length can be retrieved with +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR. +The digest can be retrieved with \fBOSSL_STORE_SEARCH_get0_digest()\fR. +.IP "\s-1OSSL_STORE_SEARCH_BY_ALIAS\s0" 4 +.IX Item "OSSL_STORE_SEARCH_BY_ALIAS" +This criterion supports a search by match of an alias of some kind. +The alias in itself is a simple C string. +A criterion of this type is created with \fBOSSL_STORE_SEARCH_by_alias()\fR +and the actual alias is retrieved with \fBOSSL_STORE_SEARCH_get0_string()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_SEARCH_by_name()\fR, +\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +and \fBOSSL_STORE_SEARCH_by_alias()\fR +return a \fB\s-1OSSL_STORE_SEARCH\s0\fR pointer on success, or \fB\s-1NULL\s0\fR on failure. +.PP +\&\fBOSSL_STORE_SEARCH_get_type()\fR returns the criterion type of the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR. +There is no error value. +.PP +\&\fBOSSL_STORE_SEARCH_get0_name()\fR returns a \fBX509_NAME\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fBOSSL_STORE_SEARCH_get0_serial()\fR returns a \fB\s-1ASN1_INTEGER\s0\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR returns a \fBconst unsigned char\fR pointer and +sets \fB*length\fR to the strings length on success, or \fB\s-1NULL\s0\fR when the given +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fBOSSL_STORE_SEARCH_get0_string()\fR returns a \fBconst char\fR pointer on success, +or \fB\s-1NULL\s0\fR when the given \fB\s-1OSSL_STORE_SEARCH\s0\fR was of a different type. +.PP +\&\fBOSSL_STORE_SEARCH_get0_digest()\fR returns a \fBconst \s-1EVP_MD\s0\fR pointer. +\&\fB\s-1NULL\s0\fR is a valid value and means that the store loader default will +be used when applicable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBOSSL_STORE_supports_search\fR\|(3), \fBOSSL_STORE_find\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1OSSL_STORE_SEARCH\s0\fR, +\&\fBOSSL_STORE_SEARCH_by_name()\fR, +\&\fBOSSL_STORE_SEARCH_by_issuer_serial()\fR, +\&\fBOSSL_STORE_SEARCH_by_key_fingerprint()\fR, +\&\fBOSSL_STORE_SEARCH_by_alias()\fR, +\&\fBOSSL_STORE_SEARCH_free()\fR, +\&\fBOSSL_STORE_SEARCH_get_type()\fR, +\&\fBOSSL_STORE_SEARCH_get0_name()\fR, +\&\fBOSSL_STORE_SEARCH_get0_serial()\fR, +\&\fBOSSL_STORE_SEARCH_get0_bytes()\fR, +and \fBOSSL_STORE_SEARCH_get0_string()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 new file mode 100644 index 000000000000..3a6ae5f85a79 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_expect.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_EXPECT 3" +.TH OSSL_STORE_EXPECT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_expect, OSSL_STORE_supports_search, OSSL_STORE_find \&\- Specify what object type is expected +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); +\& +\& int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int criterion_type); +\& +\& int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBOSSL_STORE_expect()\fR helps applications filter what \fBOSSL_STORE_load()\fR returns +by specifying a \fB\s-1OSSL_STORE_INFO\s0\fR type. +For example, if \f(CW\*(C`file:/foo/bar/store.pem\*(C'\fR contains several different objects +and only the certificates are interesting, the application can simply say +that it expects the type \fB\s-1OSSL_STORE_INFO_CERT\s0\fR. +All known object types (see \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3)) +except for \fB\s-1OSSL_STORE_INFO_NAME\s0\fR are supported. +.PP +\&\fBOSSL_STORE_find()\fR helps applications specify a criterion for a more fine +grained search of objects. +.PP +\&\fBOSSL_STORE_supports_search()\fR checks if the loader of the given \s-1OSSL_STORE\s0 +context supports the given search type. +See \*(L"\s-1SUPPORTED CRITERION TYPES\*(R"\s0 in \s-1OSSL_STORE_SEARCH\s0 for information on the +supported search criterion types. +.PP +\&\fBOSSL_STORE_expect()\fR and OSSL_STORE_find \fImust\fR be called before the first +\&\fBOSSL_STORE_load()\fR of a given session, or they will fail. +.SH "NOTES" +.IX Header "NOTES" +If a more elaborate filter is required by the application, a better choice +would be to use a post-processing function. +See \fBOSSL_STORE_open\fR\|(3) for more information. +.PP +However, some loaders may take advantage of the knowledge of an expected type +to make object retrieval more efficient, so if a single type is expected, this +method is usually preferable. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_expect()\fR returns 1 on success, or 0 on failure. +.PP +\&\fBOSSL_STORE_supports_search()\fR returns 1 if the criterion is supported, or 0 +otherwise. +.PP +\&\fBOSSL_STORE_find()\fR returns 1 on success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3), +\&\fBOSSL_STORE_load\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBOSSL_STORE_expect()\fR, \fBOSSL_STORE_supports_search()\fR and \fBOSSL_STORE_find()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 b/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 new file mode 100644 index 000000000000..b69fe039e421 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OSSL_STORE_open.3 @@ -0,0 +1,281 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE_OPEN 3" +.TH OSSL_STORE_OPEN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OSSL_STORE_CTX, OSSL_STORE_post_process_info_fn, OSSL_STORE_open, OSSL_STORE_ctrl, OSSL_STORE_load, OSSL_STORE_eof, OSSL_STORE_error, OSSL_STORE_close \- Types and functions to read objects from a URI +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ossl_store_ctx_st OSSL_STORE_CTX; +\& +\& typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, +\& void *); +\& +\& OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, +\& void *ui_data, +\& OSSL_STORE_post_process_info_fn post_process, +\& void *post_process_data); +\& int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); +\& OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_error(OSSL_STORE_CTX *ctx); +\& int OSSL_STORE_close(OSSL_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions help the application to fetch supported objects (see +\&\*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3) for information on which those are) +from a given \s-1URI\s0 (see \*(L"\s-1SUPPORTED SCHEMES\*(R"\s0 for more information on +the supported \s-1URI\s0 schemes). +The general method to do so is to \*(L"open\*(R" the \s-1URI\s0 using \fBOSSL_STORE_open()\fR, +read each available and supported object using \fBOSSL_STORE_load()\fR as long as +\&\fBOSSL_STORE_eof()\fR hasn't been reached, and finish it off with \fBOSSL_STORE_close()\fR. +.PP +The retrieved information is stored in a \fB\s-1OSSL_STORE_INFO\s0\fR, which is further +described in \s-1\fBOSSL_STORE_INFO\s0\fR\|(3). +.SS "Types" +.IX Subsection "Types" +\&\fB\s-1OSSL_STORE_CTX\s0\fR is a context variable that holds all the internal +information for \fBOSSL_STORE_open()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and +\&\fBOSSL_STORE_close()\fR to work together. +.SS "Functions" +.IX Subsection "Functions" +\&\fBOSSL_STORE_open()\fR takes a uri or path \fBuri\fR, password \s-1UI\s0 method +\&\fBui_method\fR with associated data \fBui_data\fR, and post processing +callback \fBpost_process\fR with associated data \fBpost_process_data\fR, +opens a channel to the data located at that \s-1URI\s0 and returns a +\&\fB\s-1OSSL_STORE_CTX\s0\fR with all necessary internal information. +The given \fBui_method\fR and \fBui_data_data\fR will be reused by all +functions that use \fB\s-1OSSL_STORE_CTX\s0\fR when interaction is needed. +The given \fBpost_process\fR and \fBpost_process_data\fR will be reused by +\&\fBOSSL_STORE_load()\fR to manipulate or drop the value to be returned. +The \fBpost_process\fR function drops values by returning \fB\s-1NULL\s0\fR, which +will cause \fBOSSL_STORE_load()\fR to start its process over with loading +the next object, until \fBpost_process\fR returns something other than +\&\fB\s-1NULL\s0\fR, or the end of data is reached as indicated by \fBOSSL_STORE_eof()\fR. +.PP +\&\fBOSSL_STORE_ctrl()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, and command number \fBcmd\fR and +more arguments not specified here. +The available loader specific command numbers and arguments they each +take depends on the loader that's used and is documented together with +that loader. +.PP +There are also global controls available: +.IP "\fB\s-1OSSL_STORE_C_USE_SECMEM\s0\fR" 4 +.IX Item "OSSL_STORE_C_USE_SECMEM" +Controls if the loader should attempt to use secure memory for any +allocated \fB\s-1OSSL_STORE_INFO\s0\fR and its contents. +This control expects one argument, a pointer to an \fBint\fR that is expected to +have the value 1 (yes) or 0 (no). +Any other value is an error. +.PP +\&\fBOSSL_STORE_load()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, tries to load the next available +object and return it wrapped with \fB\s-1OSSL_STORE_INFO\s0\fR. +.PP +\&\fBOSSL_STORE_eof()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if we've reached the end +of data. +.PP +\&\fBOSSL_STORE_error()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR and checks if an error occurred in +the last \fBOSSL_STORE_load()\fR call. +Note that it may still be meaningful to try and load more objects, unless +\&\fBOSSL_STORE_eof()\fR shows that the end of data has been reached. +.PP +\&\fBOSSL_STORE_close()\fR takes a \fB\s-1OSSL_STORE_CTX\s0\fR, closes the channel that was opened +by \fBOSSL_STORE_open()\fR and frees all other information that was stored in the +\&\fB\s-1OSSL_STORE_CTX\s0\fR, as well as the \fB\s-1OSSL_STORE_CTX\s0\fR itself. +.SH "SUPPORTED SCHEMES" +.IX Header "SUPPORTED SCHEMES" +The basic supported scheme is \fBfile:\fR. +Any other scheme can be added dynamically, using +\&\fBOSSL_STORE_register_loader()\fR. +.SH "NOTES" +.IX Header "NOTES" +A string without a scheme prefix (that is, a non-URI string) is +implicitly interpreted as using the \fIfile:\fR scheme. +.PP +There are some tools that can be used together with +\&\fBOSSL_STORE_open()\fR to determine if any failure is caused by an unparsable +\&\s-1URI,\s0 or if it's a different error (such as memory allocation +failures); if the \s-1URI\s0 was parsable but the scheme unregistered, the +top error will have the reason \f(CW\*(C`OSSL_STORE_R_UNREGISTERED_SCHEME\*(C'\fR. +.PP +These functions make no direct assumption regarding the pass phrase received +from the password callback. +The loaders may make assumptions, however. +For example, the \fBfile:\fR scheme loader inherits the assumptions made by +OpenSSL functionality that handles the different file types; this is mostly +relevant for PKCS#12 objects. +See \fBpassphrase\-encoding\fR\|(7) for further information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBOSSL_STORE_open()\fR returns a pointer to a \fB\s-1OSSL_STORE_CTX\s0\fR on success, or +\&\fB\s-1NULL\s0\fR on failure. +.PP +\&\fBOSSL_STORE_load()\fR returns a pointer to a \fB\s-1OSSL_STORE_INFO\s0\fR on success, or +\&\fB\s-1NULL\s0\fR on error or when end of data is reached. +Use \fBOSSL_STORE_error()\fR and \fBOSSL_STORE_eof()\fR to determine the meaning of a +returned \fB\s-1NULL\s0\fR. +.PP +\&\fBOSSL_STORE_eof()\fR returns 1 if the end of data has been reached, otherwise +0. +.PP +\&\fBOSSL_STORE_error()\fR returns 1 if an error occurred in an \fBOSSL_STORE_load()\fR call, +otherwise 0. +.PP +\&\fBOSSL_STORE_ctrl()\fR and \fBOSSL_STORE_close()\fR returns 1 on success, or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \fBOSSL_STORE_register_loader\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1\fBOSSL_STORE_CTX\s0()\fR, \fBOSSL_STORE_post_process_info_fn()\fR, \fBOSSL_STORE_open()\fR, +\&\fBOSSL_STORE_ctrl()\fR, \fBOSSL_STORE_load()\fR, \fBOSSL_STORE_eof()\fR and \fBOSSL_STORE_close()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 new file mode 100644 index 000000000000..262ded0944e8 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/OpenSSL_add_all_algorithms.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OPENSSL_ADD_ALL_ALGORITHMS 3" +.TH OPENSSL_ADD_ALL_ALGORITHMS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup \- add algorithms to internal table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& # if OPENSSL_API_COMPAT < 0x10100000L +\& void OpenSSL_add_all_algorithms(void); +\& void OpenSSL_add_all_ciphers(void); +\& void OpenSSL_add_all_digests(void); +\& +\& void EVP_cleanup(void) +\&# endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL keeps an internal table of digest algorithms and ciphers. It uses +this table to lookup ciphers via functions such as \fBEVP_get_cipher_byname()\fR. +.PP +\&\fBOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. +.PP +\&\fBOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and +ciphers). +.PP +\&\fBOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including +password based encryption algorithms. +.PP +In versions prior to 1.1.0 \fBEVP_cleanup()\fR removed all ciphers and digests from +the table. It no longer has any effect in OpenSSL 1.1.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBEVP_DigestInit\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBOpenSSL_add_all_algorithms()\fR, \fBOpenSSL_add_all_ciphers()\fR, +\&\fBOpenSSL_add_all_digests()\fR, and \fBEVP_cleanup()\fR, functions +were deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_crypto()\fR and should +not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 b/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 new file mode 100644 index 000000000000..08eb6eb4bbdc --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PEM_bytes_read_bio.3 @@ -0,0 +1,216 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_BYTES_READ_BIO 3" +.TH PEM_BYTES_READ_BIO 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_bytes_read_bio, PEM_bytes_read_bio_secmem \- read a PEM\-encoded data structure from a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, +\& const char *name, BIO *bp, pem_password_cb *cb, +\& void *u); +\& int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm, +\& const char *name, BIO *bp, pem_password_cb *cb, +\& void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_bytes_read_bio()\fR reads PEM-formatted (\s-1RFC 1421\s0) data from the \s-1BIO\s0 +\&\fIbp\fR for the data type given in \fIname\fR (\s-1RSA PRIVATE KEY, CERTIFICATE,\s0 +etc.). If multiple PEM-encoded data structures are present in the same +stream, \fBPEM_bytes_read_bio()\fR will skip non-matching data types and +continue reading. Non-PEM data present in the stream may cause an +error. +.PP +The \s-1PEM\s0 header may indicate that the following data is encrypted; if so, +the data will be decrypted, waiting on user input to supply a passphrase +if needed. The password callback \fIcb\fR and rock \fIu\fR are used to obtain +the decryption passphrase, if applicable. +.PP +Some data types have compatibility aliases, such as a file containing +X509 \s-1CERTIFICATE\s0 matching a request for the deprecated type \s-1CERTIFICATE.\s0 +The actual type indicated by the file is returned in \fI*pnm\fR if \fIpnm\fR is +non-NULL. The caller must free the storage pointed to by \fI*pnm\fR. +.PP +The returned data is the DER-encoded form of the requested type, in +\&\fI*pdata\fR with length \fI*plen\fR. The caller must free the storage pointed +to by \fI*pdata\fR. +.PP +\&\fBPEM_bytes_read_bio_secmem()\fR is similar to \fBPEM_bytes_read_bio()\fR, but uses +memory from the secure heap for its temporary buffers and the storage +returned in \fI*pdata\fR and \fI*pnm\fR. Accordingly, the caller must use +\&\fBOPENSSL_secure_free()\fR to free that storage. +.SH "NOTES" +.IX Header "NOTES" +\&\fBPEM_bytes_read_bio_secmem()\fR only enforces that the secure heap is used for +storage allocated within the \s-1PEM\s0 processing stack. The \s-1BIO\s0 stack from +which input is read may also use temporary buffers, which are not necessarily +allocated from the secure heap. In cases where it is desirable to ensure +that the contents of the \s-1PEM\s0 file only appears in memory from the secure heap, +care is needed in generating the \s-1BIO\s0 passed as \fIbp\fR. In particular, the +use of \fBBIO_s_file()\fR indicates the use of the operating system stdio +functionality, which includes buffering as a feature; \fBBIO_s_fd()\fR is likely +to be more appropriate in such cases. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_bytes_read_bio()\fR and \fBPEM_bytes_read_bio_secmem()\fR return 1 for success or +0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBPEM\s0\fR\|(3), +\&\fBPEM_read_bio_ex\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBPEM_bytes_read_bio_secmem()\fR was introduced in OpenSSL 1.1.1 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PEM_read.3 b/secure/lib/libcrypto/man/man3/PEM_read.3 new file mode 100644 index 000000000000..3b8dbd89ac05 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PEM_read.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ 3" +.TH PEM_READ 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write, PEM_write_bio, PEM_read, PEM_read_bio, PEM_do_header, PEM_get_EVP_CIPHER_INFO \&\- PEM encoding routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write(FILE *fp, const char *name, const char *header, +\& const unsigned char *data, long len) +\& int PEM_write_bio(BIO *bp, const char *name, const char *header, +\& const unsigned char *data, long len) +\& +\& int PEM_read(FILE *fp, char **name, char **header, +\& unsigned char **data, long *len); +\& int PEM_read_bio(BIO *bp, char **name, char **header, +\& unsigned char **data, long *len); +\& +\& int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cinfo); +\& int PEM_do_header(EVP_CIPHER_INFO *cinfo, unsigned char *data, long *len, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions read and write PEM-encoded objects, using the \s-1PEM\s0 +type \fBname\fR, any additional \fBheader\fR information, and the raw +\&\fBdata\fR of length \fBlen\fR. +.PP +\&\s-1PEM\s0 is the term used for binary content encoding first defined in \s-1IETF +RFC 1421.\s0 The content is a series of base64\-encoded lines, surrounded +by begin/end markers each on their own line. For example: +.PP +.Vb 4 +\& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- +\& MIICdg.... +\& ... bhTQ== +\& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- +.Ve +.PP +Optional header line(s) may appear after the begin line, and their +existence depends on the type of object being written or read. +.PP +\&\fBPEM_write()\fR writes to the file \fBfp\fR, while \fBPEM_write_bio()\fR writes to +the \s-1BIO\s0 \fBbp\fR. The \fBname\fR is the name to use in the marker, the +\&\fBheader\fR is the header value or \s-1NULL,\s0 and \fBdata\fR and \fBlen\fR specify +the data and its length. +.PP +The final \fBdata\fR buffer is typically an \s-1ASN.1\s0 object which can be decoded with +the \fBd2i\fR function appropriate to the type \fBname\fR; see \fBd2i_X509\fR\|(3) +for examples. +.PP +\&\fBPEM_read()\fR reads from the file \fBfp\fR, while \fBPEM_read_bio()\fR reads +from the \s-1BIO\s0 \fBbp\fR. +Both skip any non-PEM data that precedes the start of the next \s-1PEM\s0 object. +When an object is successfully retrieved, the type name from the \*(L"\-\-\-\-BEGIN +\-\-\-\-\-\*(R" is returned via the \fBname\fR argument, any encapsulation headers +are returned in \fBheader\fR and the base64\-decoded content and its length are +returned via \fBdata\fR and \fBlen\fR respectively. +The \fBname\fR, \fBheader\fR and \fBdata\fR pointers are allocated via \fBOPENSSL_malloc()\fR +and should be freed by the caller via \fBOPENSSL_free()\fR when no longer needed. +.PP +\&\fBPEM_get_EVP_CIPHER_INFO()\fR can be used to determine the \fBdata\fR returned by +\&\fBPEM_read()\fR or \fBPEM_read_bio()\fR is encrypted and to retrieve the associated cipher +and \s-1IV.\s0 +The caller passes a pointer to structure of type \fB\s-1EVP_CIPHER_INFO\s0\fR via the +\&\fBcinfo\fR argument and the \fBheader\fR returned via \fBPEM_read()\fR or \fBPEM_read_bio()\fR. +If the call is successful 1 is returned and the cipher and \s-1IV\s0 are stored at the +address pointed to by \fBcinfo\fR. +When the header is malformed, or not supported or when the cipher is unknown +or some internal error happens 0 is returned. +This function is deprecated, see \fB\s-1NOTES\s0\fR below. +.PP +\&\fBPEM_do_header()\fR can then be used to decrypt the data if the header +indicates encryption. +The \fBcinfo\fR argument is a pointer to the structure initialized by the previous +call to \fBPEM_get_EVP_CIPHER_INFO()\fR. +The \fBdata\fR and \fBlen\fR arguments are those returned by the previous call to +\&\fBPEM_read()\fR or \fBPEM_read_bio()\fR. +The \fBcb\fR and \fBu\fR arguments make it possible to override the default password +prompt function as described in \fBPEM_read_PrivateKey\fR\|(3). +On successful completion the \fBdata\fR is decrypted in place, and \fBlen\fR is +updated to indicate the plaintext length. +This function is deprecated, see \fB\s-1NOTES\s0\fR below. +.PP +If the data is a priori known to not be encrypted, then neither \fBPEM_do_header()\fR +nor \fBPEM_get_EVP_CIPHER_INFO()\fR need be called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_read()\fR and \fBPEM_read_bio()\fR return 1 on success and 0 on failure, the latter +includes the case when no more \s-1PEM\s0 objects remain in the input file. +To distinguish end of file from more serious errors the caller must peek at the +error stack and check for \fB\s-1PEM_R_NO_START_LINE\s0\fR, which indicates that no more +\&\s-1PEM\s0 objects were found. See \fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_REASON\s0\fR\|(3). +.PP +\&\fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR return 1 on success, and 0 on +failure. +The \fBdata\fR is likely meaningless if these functions fail. +.SH "NOTES" +.IX Header "NOTES" +The \fBPEM_get_EVP_CIPHER_INFO()\fR and \fBPEM_do_header()\fR functions are deprecated. +This is because the underlying \s-1PEM\s0 encryption format is obsolete, and should +be avoided. +It uses an encryption format with an OpenSSL-specific key-derivation function, +which employs \s-1MD5\s0 with an iteration count of 1! +Instead, private keys should be stored in PKCS#8 form, with a strong PKCS#5 +v2.0 \s-1PBE.\s0 +See \fBPEM_write_PrivateKey\fR\|(3) and \fBd2i_PKCS8PrivateKey_bio\fR\|(3). +.PP +\&\fBPEM_do_header()\fR makes no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_peek_last_error\fR\|(3), \s-1\fBERR_GET_LIB\s0\fR\|(3), +\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 b/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 new file mode 100644 index 000000000000..40005ae8c6b9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PEM_read_CMS.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_CMS 3" +.TH PEM_READ_CMS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DECLARE_PEM_rw, PEM_read_CMS, PEM_read_bio_CMS, PEM_write_CMS, PEM_write_bio_CMS, PEM_write_DHxparams, PEM_write_bio_DHxparams, PEM_read_ECPKParameters, PEM_read_bio_ECPKParameters, PEM_write_ECPKParameters, PEM_write_bio_ECPKParameters, PEM_read_ECPrivateKey, PEM_write_ECPrivateKey, PEM_write_bio_ECPrivateKey, PEM_read_EC_PUBKEY, PEM_read_bio_EC_PUBKEY, PEM_write_EC_PUBKEY, PEM_write_bio_EC_PUBKEY, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_PKCS8, PEM_read_bio_PKCS8, PEM_write_PKCS8, PEM_write_bio_PKCS8, PEM_write_PKCS8_PRIV_KEY_INFO, PEM_read_bio_PKCS8_PRIV_KEY_INFO, PEM_read_PKCS8_PRIV_KEY_INFO, PEM_write_bio_PKCS8_PRIV_KEY_INFO, PEM_read_SSL_SESSION, PEM_read_bio_SSL_SESSION, PEM_write_SSL_SESSION, PEM_write_bio_SSL_SESSION \&\- PEM object encoding routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_PEM_rw(name, TYPE) +\& +\& TYPE *PEM_read_TYPE(FILE *fp, TYPE **a, pem_password_cb *cb, void *u); +\& TYPE *PEM_read_bio_TYPE(BIO *bp, TYPE **a, pem_password_cb *cb, void *u); +\& int PEM_write_TYPE(FILE *fp, const TYPE *a); +\& int PEM_write_bio_TYPE(BIO *bp, const TYPE *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description below, \fI\s-1TYPE\s0\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. +The macro \fBDECLARE_PEM_rw\fR expands to the set of declarations shown in +the next four lines of the synopsis. +.PP +These routines convert between local instances of \s-1ASN1\s0 datatypes and +the \s-1PEM\s0 encoding. For more information on the templates, see +\&\s-1\fBASN1_ITEM\s0\fR\|(3). For more information on the lower-level routines used +by the functions here, see \fBPEM_read\fR\|(3). +.PP +\&\fBPEM_read_TYPE()\fR reads a PEM-encoded object of \fI\s-1TYPE\s0\fR from the file \fBfp\fR +and returns it. The \fBcb\fR and \fBu\fR parameters are as described in +\&\fBpem_password_cb\fR\|(3). +.PP +\&\fBPEM_read_bio_TYPE()\fR is similar to \fBPEM_read_TYPE()\fR but reads from the \s-1BIO\s0 \fBbp\fR. +.PP +\&\fBPEM_write_TYPE()\fR writes the \s-1PEM\s0 encoding of the object \fBa\fR to the file \fBfp\fR. +.PP +\&\fBPEM_write_bio_TYPE()\fR similarly writes to the \s-1BIO\s0 \fBbp\fR. +.SH "NOTES" +.IX Header "NOTES" +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_read_TYPE()\fR and \fBPEM_read_bio_TYPE()\fR return a pointer to an allocated +object, which should be released by calling \fBTYPE_free()\fR, or \s-1NULL\s0 on error. +.PP +\&\fBPEM_write_TYPE()\fR and \fBPEM_write_bio_TYPE()\fR return the number of bytes written +or zero on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_read\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 b/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 new file mode 100644 index 000000000000..675bfcce7eb5 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PEM_read_bio_PrivateKey.3 @@ -0,0 +1,613 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_BIO_PRIVATEKEY 3" +.TH PEM_READ_BIO_PRIVATEKEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +pem_password_cb, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_bio_PrivateKey_traditional, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7 \- PEM routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int pem_password_cb(char *buf, int size, int rwflag, void *u); +\& +\& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, +\& const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); +\& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x); +\& +\& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x); +\& int PEM_write_RSAPublicKey(FILE *fp, RSA *x); +\& +\& RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +\& RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x); +\& int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x); +\& +\& DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); +\& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); +\& +\& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); +\& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_DSAparams(BIO *bp, DSA *x); +\& int PEM_write_DSAparams(FILE *fp, DSA *x); +\& +\& DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); +\& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_DHparams(BIO *bp, DH *x); +\& int PEM_write_DHparams(FILE *fp, DH *x); +\& +\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509(BIO *bp, X509 *x); +\& int PEM_write_X509(FILE *fp, X509 *x); +\& +\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x); +\& int PEM_write_X509_AUX(FILE *fp, X509 *x); +\& +\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x); +\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x); +\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x); +\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x); +\& +\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x); +\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x); +\& +\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u); +\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u); +\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x); +\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In +this sense \s-1PEM\s0 format is simply base64 encoded data surrounded +by header lines. +.PP +For more details about the meaning of arguments see the +\&\fB\s-1PEM FUNCTION ARGUMENTS\s0\fR section. +.PP +Each operation has four functions associated with it. For +brevity the term "\fB\s-1TYPE\s0\fR functions" will be used below to collectively +refer to the \fBPEM_read_bio_TYPE()\fR, \fBPEM_read_TYPE()\fR, +\&\fBPEM_write_bio_TYPE()\fR, and \fBPEM_write_TYPE()\fR functions. +.PP +The \fBPrivateKey\fR functions read or write a private key in \s-1PEM\s0 format using an +\&\s-1EVP_PKEY\s0 structure. The write routines use PKCS#8 private key format and are +equivalent to \fBPEM_write_bio_PKCS8PrivateKey()\fR.The read functions transparently +handle traditional and PKCS#8 format encrypted and unencrypted keys. +.PP +\&\fBPEM_write_bio_PrivateKey_traditional()\fR writes out a private key in the +\&\*(L"traditional\*(R" format with a simple private key marker and should only +be used for compatibility with legacy programs. +.PP +\&\fBPEM_write_bio_PKCS8PrivateKey()\fR and \fBPEM_write_PKCS8PrivateKey()\fR write a private +key in an \s-1EVP_PKEY\s0 structure in PKCS#8 EncryptedPrivateKeyInfo format using +PKCS#5 v2.0 password based encryption algorithms. The \fBcipher\fR argument +specifies the encryption algorithm to use: unlike some other \s-1PEM\s0 routines the +encryption is applied at the PKCS#8 level and not in the \s-1PEM\s0 headers. If +\&\fBcipher\fR is \s-1NULL\s0 then no encryption is used and a PKCS#8 PrivateKeyInfo +structure is used instead. +.PP +\&\fBPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fBPEM_write_PKCS8PrivateKey_nid()\fR +also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however +it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm +to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the +corresponding \s-1OBJECT IDENTIFIER\s0 (see \s-1NOTES\s0 section). +.PP +The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 +structure. The public key is encoded as a SubjectPublicKeyInfo +structure. +.PP +The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an +\&\s-1RSA\s0 structure. The write routines uses traditional format. The read +routines handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1RSA.\s0 +.PP +The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an +\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey +structure. +.PP +The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using +an \s-1RSA\s0 structure. However the public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1RSA.\s0 +.PP +The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a +\&\s-1DSA\s0 structure. The write routines uses traditional format. The read +routines handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1DSA.\s0 +.PP +The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using +a \s-1DSA\s0 structure. The public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1DSA.\s0 +.PP +The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 +structure. The parameters are encoded using a Dss-Parms structure +as defined in \s-1RFC2459.\s0 +.PP +The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0 +structure. The parameters are encoded using a PKCS#3 DHparameter +structure. +.PP +The \fBX509\fR functions process an X509 certificate using an X509 +structure. They will also process a trusted X509 certificate but +any trust settings are discarded. +.PP +The \fBX509_AUX\fR functions process a trusted X509 certificate using +an X509 structure. +.PP +The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 +certificate request using an X509_REQ structure. The \fBX509_REQ\fR +write functions use \fB\s-1CERTIFICATE REQUEST\s0\fR in the header whereas +the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW CERTIFICATE REQUEST\s0\fR +(as required by some CAs). The \fBX509_REQ\fR read functions will +handle either form so there are no \fBX509_REQ_NEW\fR read functions. +.PP +The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL +structure. +.PP +The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0 +structure. +.SH "PEM FUNCTION ARGUMENTS" +.IX Header "PEM FUNCTION ARGUMENTS" +The \s-1PEM\s0 functions have many common arguments. +.PP +The \fBbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from +or write to. +.PP +The \fBfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to +read from or write to. +.PP +The \s-1PEM\s0 read functions all take an argument \fB\s-1TYPE\s0 **x\fR and return +a \fB\s-1TYPE\s0 *\fR pointer. Where \fB\s-1TYPE\s0\fR is whatever structure the function +uses. If \fBx\fR is \s-1NULL\s0 then the parameter is ignored. If \fBx\fR is not +\&\s-1NULL\s0 but \fB*x\fR is \s-1NULL\s0 then the structure returned will be written +to \fB*x\fR. If neither \fBx\fR nor \fB*x\fR is \s-1NULL\s0 then an attempt is made +to reuse the structure at \fB*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). +Irrespective of the value of \fBx\fR a pointer to the structure is always +returned (or \s-1NULL\s0 if an error occurred). +.PP +The \s-1PEM\s0 functions which write private keys take an \fBenc\fR parameter +which specifies the encryption algorithm to use, encryption is done +at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private +key is written in unencrypted form. +.PP +The \fBcb\fR argument is the callback to use when querying for the pass +phrase used for encrypted \s-1PEM\s0 structures (normally only private keys). +.PP +For the \s-1PEM\s0 write routines if the \fBkstr\fR parameter is not \s-1NULL\s0 then +\&\fBklen\fR bytes at \fBkstr\fR are used as the passphrase and \fBcb\fR is +ignored. +.PP +If the \fBcb\fR parameters is set to \s-1NULL\s0 and the \fBu\fR parameter is not +\&\s-1NULL\s0 then the \fBu\fR parameter is interpreted as a null terminated string +to use as the passphrase. If both \fBcb\fR and \fBu\fR are \s-1NULL\s0 then the +default callback routine is used which will typically prompt for the +passphrase on the current terminal with echoing turned off. +.PP +The default passphrase callback is sometimes inappropriate (for example +in a \s-1GUI\s0 application) so an alternative can be supplied. The callback +routine has the following form: +.PP +.Vb 1 +\& int cb(char *buf, int size, int rwflag, void *u); +.Ve +.PP +\&\fBbuf\fR is the buffer to write the passphrase to. \fBsize\fR is the maximum +length of the passphrase (i.e. the size of buf). \fBrwflag\fR is a flag +which is set to 0 when reading and 1 when writing. A typical routine +will ask the user to verify the passphrase (for example by prompting +for it twice) if \fBrwflag\fR is 1. The \fBu\fR parameter has the same +value as the \fBu\fR parameter passed to the \s-1PEM\s0 routine. It allows +arbitrary data to be passed to the callback by the application +(for example a window handle in a \s-1GUI\s0 application). The callback +\&\fBmust\fR return the number of characters in the passphrase or \-1 if +an error occurred. +.SH "NOTES" +.IX Header "NOTES" +The old \fBPrivateKey\fR write routines are retained for compatibility. +New applications should write private keys using the +\&\fBPEM_write_bio_PKCS8PrivateKey()\fR or \fBPEM_write_PKCS8PrivateKey()\fR routines +because they are more secure (they use an iteration count of 2048 whereas +the traditional routines use a count of 1) unless compatibility with older +versions of OpenSSL is important. +.PP +The \fBPrivateKey\fR read routines can be used in all applications because +they handle all formats transparently. +.PP +A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like +this: +.PP +.Vb 1 +\& X509 *x; +\& +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +.PP +this is a bug because an attempt will be made to reuse the data at \fBx\fR +which is an uninitialised pointer. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "PEM ENCRYPTION FORMAT" +.IX Header "PEM ENCRYPTION FORMAT" +These old \fBPrivateKey\fR routines use a non standard technique for encryption. +.PP +The private key (or other data) takes the following form: +.PP +.Vb 3 +\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- +\& Proc\-Type: 4,ENCRYPTED +\& DEK\-Info: DES\-EDE3\-CBC,3F17F5316E2BAC89 +\& +\& ...base64 encoded data... +\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- +.Ve +.PP +The line beginning with \fIProc-Type\fR contains the version and the +protection on the encapsulated data. The line beginning \fIDEK-Info\fR +contains two comma separated values: the encryption algorithm name as +used by \fBEVP_get_cipherbyname()\fR and an initialization vector used by the +cipher encoded as a set of hexadecimal digits. After those two lines is +the base64\-encoded encrypted data. +.PP +The encryption key is derived using \fBEVP_BytesToKey()\fR. The cipher's +initialization vector is passed to \fBEVP_BytesToKey()\fR as the \fBsalt\fR +parameter. Internally, \fB\s-1PKCS5_SALT_LEN\s0\fR bytes of the salt are used +(regardless of the size of the initialization vector). The user's +password is passed to \fBEVP_BytesToKey()\fR using the \fBdata\fR and \fBdatal\fR +parameters. Finally, the library uses an iteration count of 1 for +\&\fBEVP_BytesToKey()\fR. +.PP +The \fBkey\fR derived by \fBEVP_BytesToKey()\fR along with the original initialization +vector is then used to decrypt the encrypted data. The \fBiv\fR produced by +\&\fBEVP_BytesToKey()\fR is not utilized or needed, and \s-1NULL\s0 should be passed to +the function. +.PP +The pseudo code to derive the key would look similar to: +.PP +.Vb 2 +\& EVP_CIPHER* cipher = EVP_des_ede3_cbc(); +\& EVP_MD* md = EVP_md5(); +\& +\& unsigned int nkey = EVP_CIPHER_key_length(cipher); +\& unsigned int niv = EVP_CIPHER_iv_length(cipher); +\& unsigned char key[nkey]; +\& unsigned char iv[niv]; +\& +\& memcpy(iv, HexToBin("3F17F5316E2BAC89"), niv); +\& rc = EVP_BytesToKey(cipher, md, iv /*salt*/, pword, plen, 1, key, NULL /*iv*/); +\& if (rc != nkey) +\& /* Error */ +\& +\& /* On success, use key and iv to initialize the cipher */ +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse +an existing structure. Therefore the following: +.PP +.Vb 1 +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +.PP +where \fBx\fR already contains a valid certificate, may not work, whereas: +.PP +.Vb 2 +\& X509_free(x); +\& x = PEM_read_bio_X509(bp, NULL, 0, NULL); +.Ve +.PP +is guaranteed to work. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The read routines return either a pointer to the structure read or \s-1NULL\s0 +if an error occurred. +.PP +The write routines return 1 for success or 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Although the \s-1PEM\s0 routines take several arguments in almost all applications +most of them are set to 0 or \s-1NULL.\s0 +.PP +Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 +.PP +.Vb 1 +\& X509 *x; +\& +\& x = PEM_read_bio_X509(bp, NULL, 0, NULL); +\& if (x == NULL) +\& /* Error */ +.Ve +.PP +Alternative method: +.PP +.Vb 1 +\& X509 *x = NULL; +\& +\& if (!PEM_read_bio_X509(bp, &x, 0, NULL)) +\& /* Error */ +.Ve +.PP +Write a certificate to a \s-1BIO:\s0 +.PP +.Vb 2 +\& if (!PEM_write_bio_X509(bp, x)) +\& /* Error */ +.Ve +.PP +Write a private key (using traditional format) to a \s-1BIO\s0 using +triple \s-1DES\s0 encryption, the pass phrase is prompted for: +.PP +.Vb 2 +\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) +\& /* Error */ +.Ve +.PP +Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple +\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R": +.PP +.Vb 3 +\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), +\& NULL, 0, 0, "hello")) +\& /* Error */ +.Ve +.PP +Read a private key from a \s-1BIO\s0 using a pass phrase callback: +.PP +.Vb 3 +\& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); +\& if (key == NULL) +\& /* Error */ +.Ve +.PP +Skeleton pass phrase callback: +.PP +.Vb 2 +\& int pass_cb(char *buf, int size, int rwflag, void *u) +\& { +\& +\& /* We\*(Aqd probably do something else if \*(Aqrwflag\*(Aq is 1 */ +\& printf("Enter pass phrase for \e"%s\e"\en", (char *)u); +\& +\& /* get pass phrase, length \*(Aqlen\*(Aq into \*(Aqtmp\*(Aq */ +\& char *tmp = "hello"; +\& if (tmp == NULL) /* An error occurred */ +\& return \-1; +\& +\& size_t len = strlen(tmp); +\& +\& if (len > size) +\& len = size; +\& memcpy(buf, tmp, len); +\& return len; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_EncryptInit\fR\|(3), \fBEVP_BytesToKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The old Netscape certificate sequences were no longer documented +in OpenSSL 1.1.0; applications should use the \s-1PKCS7\s0 standard instead +as they will be formally deprecated in a future releases. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 b/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 new file mode 100644 index 000000000000..f70f75118bc0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PEM_read_bio_ex.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_READ_BIO_EX 3" +.TH PEM_READ_BIO_EX 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_read_bio_ex, PEM_FLAG_SECURE, PEM_FLAG_EAY_COMPATIBLE, PEM_FLAG_ONLY_B64 \- read PEM format files with custom processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #define PEM_FLAG_SECURE 0x1 +\& #define PEM_FLAG_EAY_COMPATIBLE 0x2 +\& #define PEM_FLAG_ONLY_B64 0x4 +\& int PEM_read_bio_ex(BIO *in, char **name, char **header, +\& unsigned char **data, long *len, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_read_bio_ex()\fR reads in \s-1PEM\s0 formatted data from an input \s-1BIO,\s0 outputting +the name of the type of contained data, the header information regarding +the possibly encrypted data, and the binary data payload (after base64 decoding). +It should generally only be used to implement PEM_read_bio_\-family functions +for specific data types or other usage, but is exposed to allow greater flexibility +over how processing is performed, if needed. +.PP +If \s-1PEM_FLAG_SECURE\s0 is set, the intermediate buffers used to read in lines of +input are allocated from the secure heap. +.PP +If \s-1PEM_FLAG_EAY_COMPATIBLE\s0 is set, a simple algorithm is used to remove whitespace +and control characters from the end of each line, so as to be compatible with +the historical behavior of \fBPEM_read_bio()\fR. +.PP +If \s-1PEM_FLAG_ONLY_B64\s0 is set, all characters are required to be valid base64 +characters (or newlines); non\-base64 characters are treated as end of input. +.PP +If neither \s-1PEM_FLAG_EAY_COMPATIBLE\s0 or \s-1PEM_FLAG_ONLY_B64\s0 is set, control characters +are ignored. +.PP +If both \s-1PEM_FLAG_EAY_COMPATIBLE\s0 and \s-1PEM_FLAG_ONLY_B64\s0 are set, an error is returned; +these options are not compatible with each other. +.SH "NOTES" +.IX Header "NOTES" +The caller must release the storage allocated for *name, *header, and *data. +If \s-1PEM_FLAG_SECURE\s0 was set, use \fBOPENSSL_secure_free()\fR; otherwise, +\&\fBOPENSSL_free()\fR is used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_read_bio_ex()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBPEM\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBPEM_read_bio_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 new file mode 100644 index 000000000000..19c4dab8d38a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PEM_write_bio_CMS_stream.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_WRITE_BIO_CMS_STREAM 3" +.TH PEM_WRITE_BIO_CMS_STREAM 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write_bio_CMS_stream \- output CMS_ContentInfo structure in PEM format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_write_bio_CMS_stream()\fR outputs a CMS_ContentInfo structure in \s-1PEM\s0 format. +.PP +It is otherwise identical to the function \fBSMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fBPEM_write_bio_CMS()\fR supporting +streaming. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_write_bio_CMS_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3), +\&\fBPEM_write\fR\|(3), +\&\fBSMIME_write_CMS\fR\|(3), +\&\fBi2d_CMS_bio_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBPEM_write_bio_CMS_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 new file mode 100644 index 000000000000..ec4423998dda --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PEM_write_bio_PKCS7_stream.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PEM_WRITE_BIO_PKCS7_STREAM 3" +.TH PEM_WRITE_BIO_PKCS7_STREAM 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PEM_write_bio_PKCS7_stream \- output PKCS7 structure in PEM format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPEM_write_bio_PKCS7_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1PEM\s0 format. +.PP +It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fBPEM_write_bio_PKCS7()\fR supporting +streaming. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPEM_write_bio_PKCS7_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3), +\&\fBSMIME_write_PKCS7\fR\|(3), +\&\fBi2d_PKCS7_bio_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBPEM_write_bio_PKCS7_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_create.3 b/secure/lib/libcrypto/man/man3/PKCS12_create.3 new file mode 100644 index 000000000000..6bb17b22ac78 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_create.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_CREATE 3" +.TH PKCS12_CREATE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_create \- create a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, +\& X509 *cert, STACK_OF(X509) *ca, +\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_create()\fR creates a PKCS#12 structure. +.PP +\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for +the supplied certificate and key. \fBpkey\fR is the private key to include in +the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR +is an optional set of certificates to also include in the structure. +.PP +\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used +for the key and certificate respectively. The modes +\&\s-1GCM, CCM, XTS,\s0 and \s-1OCB\s0 are unsupported. \fBiter\fR is the encryption algorithm +iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use. +\&\fBkeytype\fR is the type of key. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR +can all be set to zero and sensible defaults will be used. +.PP +These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 +encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 +(currently 2048) and a \s-1MAC\s0 iteration count of 1. +.PP +The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with +old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility +is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0 +.PP +\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension +that is only currently interpreted by \s-1MSIE.\s0 If set to zero the flag is omitted, +if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR +it can be used for signing and encryption. This option was useful for old +export grade software which could use signing only keys of arbitrary size but +had restrictions on the permissible sizes of keys which could be used for +encryption. +.PP +If a certificate contains an \fBalias\fR or \fBkeyid\fR then this will be +used for the corresponding \fBfriendlyName\fR or \fBlocalKeyID\fR in the +\&\s-1PKCS12\s0 structure. +.PP +Either \fBpkey\fR, \fBcert\fR or both can be \fB\s-1NULL\s0\fR to indicate that no key or +certificate is required. In previous versions both had to be present or +a fatal error is returned. +.PP +\&\fBnid_key\fR or \fBnid_cert\fR can be set to \-1 indicating that no encryption +should be used. +.PP +\&\fBmac_iter\fR can be set to \-1 and the \s-1MAC\s0 will then be omitted entirely. +.PP +\&\fBPKCS12_create()\fR makes assumptions regarding the encoding of the given pass +phrase. +See \fBpassphrase\-encoding\fR\|(7) for more information. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_create()\fR returns a valid \fB\s-1PKCS12\s0\fR structure or \s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_PKCS12\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 b/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 new file mode 100644 index 000000000000..ee2f83dab2e1 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_newpass.3 @@ -0,0 +1,246 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_NEWPASS 3" +.TH PKCS12_NEWPASS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_newpass \- change the password of a PKCS12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_newpass()\fR changes the password of a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is a pointer to a \s-1PKCS12\s0 structure. \fBoldpass\fR is the existing password +and \fBnewpass\fR is the new password. +.SH "NOTES" +.IX Header "NOTES" +Each of \fBoldpass\fR and \fBnewpass\fR is independently interpreted as a string in +the \s-1UTF\-8\s0 encoding. If it is not valid \s-1UTF\-8,\s0 it is assumed to be \s-1ISO8859\-1\s0 +instead. +.PP +In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +\&\fBUI_OpenSSL\fR\|(3), for example. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_newpass()\fR returns 1 on success or 0 on failure. Applications can +retrieve the most recent error from \fBPKCS12_newpass()\fR with \fBERR_get_error()\fR. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example loads a PKCS#12 file, changes its password and writes out +the result to a new file. +.PP +.Vb 5 +\& #include +\& #include +\& #include +\& #include +\& #include +\& +\& int main(int argc, char **argv) +\& { +\& FILE *fp; +\& PKCS12 *p12; +\& +\& if (argc != 5) { +\& fprintf(stderr, "Usage: pkread p12file password newpass opfile\en"); +\& return 1; +\& } +\& if ((fp = fopen(argv[1], "rb")) == NULL) { +\& fprintf(stderr, "Error opening file %s\en", argv[1]); +\& return 1; +\& } +\& p12 = d2i_PKCS12_fp(fp, NULL); +\& fclose(fp); +\& if (p12 == NULL) { +\& fprintf(stderr, "Error reading PKCS#12 file\en"); +\& ERR_print_errors_fp(stderr); +\& return 1; +\& } +\& if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { +\& fprintf(stderr, "Error changing password\en"); +\& ERR_print_errors_fp(stderr); +\& PKCS12_free(p12); +\& return 1; +\& } +\& if ((fp = fopen(argv[4], "wb")) == NULL) { +\& fprintf(stderr, "Error opening file %s\en", argv[4]); +\& PKCS12_free(p12); +\& return 1; +\& } +\& i2d_PKCS12_fp(fp, p12); +\& PKCS12_free(p12); +\& fclose(fp); +\& return 0; +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +If the PKCS#12 structure does not have a password, then you must use the empty +string "" for \fBoldpass\fR. Using \s-1NULL\s0 for \fBoldpass\fR will result in a +\&\fBPKCS12_newpass()\fR failure. +.PP +If the wrong password is used for \fBoldpass\fR then the function will fail, +with a \s-1MAC\s0 verification error. In rare cases the \s-1PKCS12\s0 structure does not +contain a \s-1MAC:\s0 in this case it will usually fail with a decryption padding +error. +.SH "BUGS" +.IX Header "BUGS" +The password format is a \s-1NULL\s0 terminated \s-1ASCII\s0 string which is converted to +Unicode form internally. As a result some passwords cannot be supplied to +this function. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPKCS12_create\fR\|(3), \fBERR_get_error\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PKCS12_parse.3 b/secure/lib/libcrypto/man/man3/PKCS12_parse.3 new file mode 100644 index 000000000000..b4859dffd6fd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS12_parse.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS12_PARSE 3" +.TH PKCS12_PARSE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS12_parse \- parse a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, +\& STACK_OF(X509) **ca); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. +If successful the private key will be written to \fB*pkey\fR, the corresponding +certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> in +which case additional certificates will be discarded. \fB*ca\fR can also be a +valid \s-1STACK\s0 in which case additional certificates are appended to \fB*ca\fR. If +\&\fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. +.PP +The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each +certificate will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the +\&\fBX509\fR structure. +.PP +The parameter \fBpass\fR is interpreted as a string in the \s-1UTF\-8\s0 encoding. If it +is not valid \s-1UTF\-8,\s0 then it is assumed to be \s-1ISO8859\-1\s0 instead. +.PP +In particular, this means that passwords in the locale character set +(or code page on Windows) must potentially be converted to \s-1UTF\-8\s0 before +use. This may include passwords from local text files, or input from +the terminal or command line. Refer to the documentation of +\&\fBUI_OpenSSL\fR\|(3), for example. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS12_parse()\fR returns 1 for success and zero if an error occurred. +.PP +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +Only a single private key and corresponding certificate is returned by this +function. More complex PKCS#12 files with multiple private keys will only +return the first match. +.PP +Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in +certificates. Other attributes are discarded. +.PP +Attributes currently cannot be stored in the private key \fB\s-1EVP_PKEY\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_PKCS12\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 b/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 new file mode 100644 index 000000000000..6dad8bbcb7ea --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS5_PBKDF2_HMAC.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS5_PBKDF2_HMAC 3" +.TH PKCS5_PBKDF2_HMAC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 \- password based derivation routines with salt and iteration count +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, +\& const unsigned char *salt, int saltlen, int iter, +\& const EVP_MD *digest, +\& int keylen, unsigned char *out); +\& +\& int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, +\& const unsigned char *salt, int saltlen, int iter, +\& int keylen, unsigned char *out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR derives a key from a password using a salt and iteration count +as specified in \s-1RFC 2898.\s0 +.PP +\&\fBpass\fR is the password used in the derivation of length \fBpasslen\fR. \fBpass\fR +is an optional parameter and can be \s-1NULL.\s0 If \fBpasslen\fR is \-1, then the +function will calculate the length of \fBpass\fR using \fBstrlen()\fR. +.PP +\&\fBsalt\fR is the salt used in the derivation of length \fBsaltlen\fR. If the +\&\fBsalt\fR is \s-1NULL,\s0 then \fBsaltlen\fR must be 0. The function will not +attempt to calculate the length of the \fBsalt\fR because it is not assumed to +be \s-1NULL\s0 terminated. +.PP +\&\fBiter\fR is the iteration count and its value should be greater than or +equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any +\&\fBiter\fR less than 1 is treated as a single iteration. +.PP +\&\fBdigest\fR is the message digest function used in the derivation. Values include +any of the EVP_* message digests. \s-1\fBPKCS5_PBKDF2_HMAC_SHA1\s0()\fR calls +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR with \fBEVP_sha1()\fR. +.PP +The derived key will be written to \fBout\fR. The size of the \fBout\fR buffer +is specified via \fBkeylen\fR. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBpass\fR, a salt in \fBsalt\fR, +and an iteration count. +.PP +Increasing the \fBiter\fR parameter slows down the algorithm which makes it +harder for an attacker to perform a brute force attack using a large number +of candidate passwords. +.PP +These functions make no assumption regarding the given password. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBPKCS5_PBKDF2_HMAC\s0()\fR and \s-1\fBPBKCS5_PBKDF2_HMAC_SHA1\s0()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), \fBRAND_bytes\fR\|(3), +\&\fBEVP_BytesToKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 new file mode 100644 index 000000000000..fe851a464d0c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS7_decrypt.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_DECRYPT 3" +.TH PKCS7_DECRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Although the recipients certificate is not needed to decrypt the data it is needed +to locate the appropriate (of possible several) recipients in the PKCS#7 structure. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +\&\fBPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would +be better if it could look up the correct key and certificate from a database. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 new file mode 100644 index 000000000000..32925ae972bd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS7_encrypt.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_ENCRYPT 3" +.TH PKCS7_ENCRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_encrypt \- create a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, +\& int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient +certificates supplied to this function must all contain \s-1RSA\s0 public keys, though +they do not have to be signed using the \s-1RSA\s0 algorithm. +.PP +\&\fBEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use +because most clients will support it. +.PP +Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 +bit \s-1RC2.\s0 These can be used by passing \fBEVP_rc2_40_cbc()\fR and \fBEVP_rc2_64_cbc()\fR +respectively. +.PP +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of +its parameters. +.PP +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fBPKCS7_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are +prepended to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then +\&\fB\s-1PKCS7_TEXT\s0\fR is ignored. +.PP +If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output +suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not +properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable +results. +.PP +Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, +\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_PKCS7()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_encrypt()\fR returns either a \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_decrypt\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PKCS7_sign.3 b/secure/lib/libcrypto/man/man3/PKCS7_sign.3 new file mode 100644 index 000000000000..68ff3757dc52 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS7_sign.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_SIGN 3" +.TH PKCS7_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_sign \- create a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, +\& BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR is +the certificate to sign with, \fBpkey\fR is the corresponding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7 +structure (for example any intermediate CAs in the chain). +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the +\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. +.PP +The data being signed is included in the \s-1PKCS7\s0 structure, unless +\&\fB\s-1PKCS7_DETACHED\s0\fR is set in which case it is omitted. This is used for \s-1PKCS7\s0 +detached signatures which are used in S/MIME plaintext signed messages for +example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as +required by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation +occurs. This option should be used if the supplied data is in binary format +otherwise the translation will corrupt it. +.PP +The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no +authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +the SMIMECapabilities are omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of +these algorithms is disabled then it will not be included. +.PP +If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is +just initialized ready to perform the signing operation. The signing is however +\&\fBnot\fR performed and the data to be signed is not read from the \fBdata\fR +parameter. Signing is deferred until after the data has been written. In this +way data can be signed in a single pass. +.PP +If the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output to +which additional signers and capabilities can be added before finalization. +.SH "NOTES" +.IX Header "NOTES" +If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR +complete and outputting its contents via a function that does not properly +finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results. +.PP +Several functions including \fBSMIME_write_PKCS7()\fR, \fBi2d_PKCS7_bio_stream()\fR, +\&\fBPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization +can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using +\&\fBBIO_new_PKCS7()\fR. +.PP +If a signer is specified it will use the default digest for the signing +algorithm. This is \fB\s-1SHA1\s0\fR for both \s-1RSA\s0 and \s-1DSA\s0 keys. +.PP +The \fBcerts\fR, \fBsigncert\fR and \fBpkey\fR parameters can all be +\&\fB\s-1NULL\s0\fR if the \fB\s-1PKCS7_PARTIAL\s0\fR flag is set. One or more signers can be added +using the function \fBPKCS7_sign_add_signer()\fR. \fBPKCS7_final()\fR must also be +called to finalize the structure if streaming is not enabled. Alternative +signing digests can also be specified using this method. +.PP +If \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certificates only +PKCS#7 structure is output. +.PP +In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters must +\&\fB\s-1NOT\s0\fR be \s-1NULL.\s0 +.SH "BUGS" +.IX Header "BUGS" +Some advanced attributes such as counter signatures are not supported. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error +occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1PKCS7_PARTIAL\s0\fR flag, and the ability for \fBcerts\fR, \fBsigncert\fR, +and \fBpkey\fR parameters to be \fB\s-1NULL\s0\fR were added in OpenSSL 1.0.0. +.PP +The \fB\s-1PKCS7_STREAM\s0\fR flag was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 new file mode 100644 index 000000000000..0383e9379c4a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS7_sign_add_signer.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_SIGN_ADD_SIGNER 3" +.TH PKCS7_SIGN_ADD_SIGNER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_sign_add_signer \- add a signer PKCS7 signed data structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, +\& EVP_PKEY *pkey, const EVP_MD *md, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_sign_add_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to a \s-1PKCS7\s0 signed data structure +\&\fBp7\fR. +.PP +The \s-1PKCS7\s0 structure should be obtained from an initial call to \fBPKCS7_sign()\fR +with the flag \fB\s-1PKCS7_PARTIAL\s0\fR set or in the case or re-signing a valid \s-1PKCS7\s0 +signed data structure. +.PP +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1PKCS7_REUSE_DIGEST\s0\fR flag is set the returned \s-1PKCS7\s0 structure +is not complete and must be finalized either by streaming (if applicable) or +a call to \fBPKCS7_final()\fR. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of this function is to provide finer control over a PKCS#7 +signed data structure where the simpler \fBPKCS7_sign()\fR function defaults are +not appropriate. For example if multiple signers or non default digest +algorithms are needed. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1PKCS7_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the \s-1PKCS7\s0 structure: to add a signer to an existing structure. +An error occurs if a matching digest value cannot be found to copy. The +returned \s-1PKCS7\s0 structure will be valid and finalized when this flag is set. +.PP +If \fB\s-1PKCS7_PARTIAL\s0\fR is set in addition to \fB\s-1PKCS7_REUSE_DIGEST\s0\fR then the +\&\fB\s-1PKCS7_SIGNER_INO\s0\fR structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fBPKCS7_SIGNER_INFO_sign()\fR is +needed to finalize it. +.PP +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the +\&\fBsigncert\fR parameter though. This can reduce the size of the signature if the +signers certificate can be obtained by other means: for example a previously +signed message. +.PP +The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported list of +ciphers in an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no +authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just +the SMIMECapabilities are omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of +these algorithms is disabled then it will not be included. +.PP +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +structure just added, this can be used to set additional attributes +before it is finalized. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0 +structure just added or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_final\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +The \fBPPKCS7_sign_add_signer()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2007\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/PKCS7_verify.3 b/secure/lib/libcrypto/man/man3/PKCS7_verify.3 new file mode 100644 index 000000000000..f4e703cabf27 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/PKCS7_verify.3 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PKCS7_VERIFY 3" +.TH PKCS7_VERIFY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +PKCS7_verify, PKCS7_get0_signers \- verify a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, +\& BIO *indata, BIO *out, int flags); +\& +\& STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signer's certificate. \fBstore\fR is a trusted certificate store (used for +chain verification). \fBindata\fR is the signed data if the content is not +present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR +if it is not \s-1NULL.\s0 +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fBPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does +\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR +and \fBflags\fR parameters have the same meanings as in \fBPKCS7_verify()\fR. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must +be signedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. If the content is +not detached and \fBindata\fR is not \fB\s-1NULL\s0\fR, then the structure has both +embedded and external content. To treat this as an error, use the flag +\&\fB\s-1PKCS7_NO_DUAL_CONTENT\s0\fR. +The default behavior allows this, for compatibility with older +versions of OpenSSL. +.PP +An attempt is made to locate all the signer's certificates, first looking in +the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates +contained in the \fBp7\fR structure itself. If any signer's certificates cannot be +located the operation fails. +.PP +Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If any chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and +the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR parameter +to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is +meaningful to \fBPKCS7_get0_signers()\fR. +.PP +If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signer's certificate. This means that all the signers +certificates must be in the \fBcerts\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. +.PP +If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are +not used as untrusted CAs. This means that the whole verify chain (apart from +the signer's certificate) must be contained in the trusted store. +.PP +If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification +and any signed message will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBPKCS7_verify()\fR returns one for a successful verification and zero +if an error occurs. +.PP +\&\fBPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. +.PP +The error can be obtained from \fBERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signers certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fBPKCS7_sign()\fR also applies to \fBPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 new file mode 100644 index 000000000000..5fe6de926940 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_DRBG_generate.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_GENERATE 3" +.TH RAND_DRBG_GENERATE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_generate, RAND_DRBG_bytes \&\- generate random bytes using the given drbg instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_generate(RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen, +\& int prediction_resistance, +\& const unsigned char *adin, size_t adinlen); +\& +\& int RAND_DRBG_bytes(RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_generate()\fR generates \fBoutlen\fR random bytes using the given +\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. +.PP +Before generating the output, the \s-1DRBG\s0 instance checks whether the maximum +number of generate requests (\fIreseed interval\fR) or the maximum timespan +(\fIreseed time interval\fR) since its last seeding have been reached. +If this is the case, the \s-1DRBG\s0 reseeds automatically. +Additionally, an immediate reseeding can be requested by setting the +\&\fBprediction_resistance\fR flag to 1. See \s-1NOTES\s0 section for more details. +.PP +The caller can optionally provide additional data to be used for reseeding +by passing a pointer \fBadin\fR to a buffer of length \fBadinlen\fR. +This additional data is mixed into the internal state of the random +generator but does not contribute to the entropy count. +The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and +\&\fBadinlen\fR to 0; +.PP +\&\fBRAND_DRBG_bytes()\fR generates \fBoutlen\fR random bytes using the given +\&\s-1DRBG\s0 instance \fBdrbg\fR and stores them in the buffer at \fBout\fR. +This function is a wrapper around the \fBRAND_DRBG_generate()\fR call, +which collects some additional data from low entropy sources +(e.g., a high resolution timer) and calls +RAND_DRBG_generate(drbg, out, outlen, 0, adin, adinlen). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_generate()\fR and \fBRAND_DRBG_bytes()\fR return 1 on success, +and 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The \fIreseed interval\fR and \fIreseed time interval\fR of the \fBdrbg\fR are set to +reasonable default values, which in general do not have to be adjusted. +If necessary, they can be changed using \fBRAND_DRBG_set_reseed_interval\fR\|(3) +and \fBRAND_DRBG_set_reseed_time_interval\fR\|(3), respectively. +.PP +A request for prediction resistance can only be satisfied by pulling fresh +entropy from one of the approved entropy sources listed in section 5.5.2 of +[\s-1NIST SP 800\-90C\s0]. +Since the default \s-1DRBG\s0 implementation does not have access to such an approved +entropy source, a request for prediction resistance will always fail. +In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 new file mode 100644 index 000000000000..06ce85135219 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_DRBG_get0_master.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_GET0_MASTER 3" +.TH RAND_DRBG_GET0_MASTER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_get0_master, RAND_DRBG_get0_public, RAND_DRBG_get0_private \&\- get access to the global RAND_DRBG instances +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RAND_DRBG *RAND_DRBG_get0_master(void); +\& RAND_DRBG *RAND_DRBG_get0_public(void); +\& RAND_DRBG *RAND_DRBG_get0_private(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The default \s-1RAND API\s0 implementation (\fBRAND_OpenSSL()\fR) utilizes three +shared \s-1DRBG\s0 instances which are accessed via the \s-1RAND API:\s0 +.PP +The and \s-1DRBG\s0 are thread-local instances, which are used +by \fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR, respectively. +The \s-1DRBG\s0 is a global instance, which is not intended to be used +directly, but is used internally to reseed the other two instances. +.PP +These functions here provide access to the shared \s-1DRBG\s0 instances. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_get0_master()\fR returns a pointer to the \s-1DRBG\s0 instance. +.PP +\&\fBRAND_DRBG_get0_public()\fR returns a pointer to the \s-1DRBG\s0 instance. +.PP +\&\fBRAND_DRBG_get0_private()\fR returns a pointer to the \s-1DRBG\s0 instance. +.SH "NOTES" +.IX Header "NOTES" +It is not thread-safe to access the \s-1DRBG\s0 instance. +The and \s-1DRBG\s0 instance can be accessed safely, because +they are thread-local. Note however, that changes to these two instances +apply only to the current thread. +.PP +For that reason it is recommended not to change the settings of these +three instances directly. +Instead, an application should change the default settings for new \s-1DRBG\s0 instances +at initialization time, before creating additional threads. +.PP +During initialization, it is possible to change the reseed interval +and reseed time interval. +It is also possible to exchange the reseeding callbacks entirely. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_DRBG_set_callbacks\fR\|(3), +\&\fBRAND_DRBG_set_reseed_defaults\fR\|(3), +\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\fBRAND_DRBG_set_callbacks\fR\|(3), +\&\fBRAND_DRBG_generate\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 new file mode 100644 index 000000000000..592206cfd92a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_DRBG_new.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_NEW 3" +.TH RAND_DRBG_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_new, RAND_DRBG_secure_new, RAND_DRBG_set, RAND_DRBG_set_defaults, RAND_DRBG_instantiate, RAND_DRBG_uninstantiate, RAND_DRBG_free \&\- initialize and cleanup a RAND_DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& +\& RAND_DRBG *RAND_DRBG_new(int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& RAND_DRBG *RAND_DRBG_secure_new(int type, +\& unsigned int flags, +\& RAND_DRBG *parent); +\& +\& int RAND_DRBG_set(RAND_DRBG *drbg, +\& int type, unsigned int flags); +\& +\& int RAND_DRBG_set_defaults(int type, unsigned int flags); +\& +\& int RAND_DRBG_instantiate(RAND_DRBG *drbg, +\& const unsigned char *pers, size_t perslen); +\& +\& int RAND_DRBG_uninstantiate(RAND_DRBG *drbg); +\& +\& void RAND_DRBG_free(RAND_DRBG *drbg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR +create a new \s-1DRBG\s0 instance of the given \fBtype\fR, allocated from the heap resp. +the secure heap +(using \fBOPENSSL_zalloc()\fR resp. \fBOPENSSL_secure_zalloc()\fR). +.PP +\&\fBRAND_DRBG_set()\fR initializes the \fBdrbg\fR with the given \fBtype\fR and \fBflags\fR. +.PP +\&\fBRAND_DRBG_set_defaults()\fR sets the default \fBtype\fR and \fBflags\fR for new \s-1DRBG\s0 +instances. +.PP +Currently, all \s-1DRBG\s0 types are based on AES-CTR, so \fBtype\fR can be one of the +following values: NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr. +Before the \s-1DRBG\s0 can be used to generate random bits, it is necessary to set +its type and to instantiate it. +.PP +The optional \fBflags\fR argument specifies a set of bit flags which can be +joined using the | operator. Currently, the only flag is +\&\s-1RAND_DRBG_FLAG_CTR_NO_DF,\s0 which disables the use of a the derivation function +ctr_df. For an explanation, see [\s-1NIST SP 800\-90A\s0 Rev. 1]. +.PP +If a \fBparent\fR instance is specified then this will be used instead of +the default entropy source for reseeding the \fBdrbg\fR. It is said that the +\&\fBdrbg\fR is \fIchained\fR to its \fBparent\fR. +For more information, see the \s-1NOTES\s0 section. +.PP +\&\fBRAND_DRBG_instantiate()\fR +seeds the \fBdrbg\fR instance using random input from trusted entropy sources. +Optionally, a personalization string \fBpers\fR of length \fBperslen\fR can be +specified. +To omit the personalization string, set \fBpers\fR=NULL and \fBperslen\fR=0; +.PP +\&\fBRAND_DRBG_uninstantiate()\fR +clears the internal state of the \fBdrbg\fR and puts it back in the +uninstantiated state. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_new()\fR and \fBRAND_DRBG_secure_new()\fR return a pointer to a \s-1DRBG\s0 +instance allocated on the heap, resp. secure heap. +.PP +\&\fBRAND_DRBG_set()\fR, +\&\fBRAND_DRBG_instantiate()\fR, and +\&\fBRAND_DRBG_uninstantiate()\fR +return 1 on success, and 0 on failure. +.PP +\&\fBRAND_DRBG_free()\fR does not return a value. +.SH "NOTES" +.IX Header "NOTES" +The \s-1DRBG\s0 design supports \fIchaining\fR, which means that a \s-1DRBG\s0 instance can +use another \fBparent\fR \s-1DRBG\s0 instance instead of the default entropy source +to obtain fresh random input for reseeding, provided that \fBparent\fR \s-1DRBG\s0 +instance was properly instantiated, either from a trusted entropy source, +or from yet another parent \s-1DRBG\s0 instance. +For a detailed description of the reseeding process, see \s-1\fBRAND_DRBG\s0\fR\|(7). +.PP +The default \s-1DRBG\s0 type and flags are applied only during creation of a \s-1DRBG\s0 +instance. +To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances +(, resp. and ), it is necessary to call +\&\fBRAND_DRBG_set_defaults()\fR before creating any thread and before calling any +cryptographic routines that obtain random data directly or indirectly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBOPENSSL_zalloc\fR\|(3), +\&\fBOPENSSL_secure_zalloc\fR\|(3), +\&\fBRAND_DRBG_generate\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 new file mode 100644 index 000000000000..06925afeb218 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_DRBG_reseed.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_RESEED 3" +.TH RAND_DRBG_RESEED 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_reseed, RAND_DRBG_set_reseed_interval, RAND_DRBG_set_reseed_time_interval, RAND_DRBG_set_reseed_defaults \&\- reseed a RAND_DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_reseed(RAND_DRBG *drbg, +\& const unsigned char *adin, size_t adinlen, +\& int prediction_resistance); +\& +\& int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, +\& unsigned int interval); +\& +\& int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, +\& time_t interval); +\& +\& int RAND_DRBG_set_reseed_defaults( +\& unsigned int master_reseed_interval, +\& unsigned int slave_reseed_interval, +\& time_t master_reseed_time_interval, +\& time_t slave_reseed_time_interval +\& ); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_reseed()\fR +reseeds the given \fBdrbg\fR, obtaining entropy input from its entropy source +and mixing in the specified additional data provided in the buffer \fBadin\fR +of length \fBadinlen\fR. +The additional data can be omitted by setting \fBadin\fR to \s-1NULL\s0 and \fBadinlen\fR +to 0. +An immediate reseeding from a live entropy source can be requested by setting +the \fBprediction_resistance\fR flag to 1. +This feature is not implemented yet, so reseeding with prediction resistance +requested will always fail. +.PP +\&\fBRAND_DRBG_set_reseed_interval()\fR +sets the reseed interval of the \fBdrbg\fR, which is the maximum allowed number +of generate requests between consecutive reseedings. +If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the +number of generate requests since its last seeding exceeds the given reseed +interval. +If \fBinterval\fR == 0, then this feature is disabled. +.PP +\&\fBRAND_DRBG_set_reseed_time_interval()\fR +sets the reseed time interval of the \fBdrbg\fR, which is the maximum allowed +number of seconds between consecutive reseedings. +If \fBinterval\fR > 0, then the \fBdrbg\fR will reseed automatically whenever the +elapsed time since its last reseeding exceeds the given reseed time interval. +If \fBinterval\fR == 0, then this feature is disabled. +.PP +\&\fBRAND_DRBG_set_reseed_defaults()\fR sets the default values for the reseed interval +(\fBmaster_reseed_interval\fR and \fBslave_reseed_interval\fR) +and the reseed time interval +(\fBmaster_reseed_time_interval\fR and \fBslave_reseed_tme_interval\fR) +of \s-1DRBG\s0 instances. +The default values are set independently for master \s-1DRBG\s0 instances (which don't +have a parent) and slave \s-1DRBG\s0 instances (which are chained to a parent \s-1DRBG\s0). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_reseed()\fR, +\&\fBRAND_DRBG_set_reseed_interval()\fR, and +\&\fBRAND_DRBG_set_reseed_time_interval()\fR, +return 1 on success, 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The default OpenSSL random generator is already set up for automatic reseeding, +so in general it is not necessary to reseed it explicitly, or to modify +its reseeding thresholds. +.PP +Normally, the entropy input for seeding a \s-1DRBG\s0 is either obtained from a +trusted os entropy source or from a parent \s-1DRBG\s0 instance, which was seeded +(directly or indirectly) from a trusted os entropy source. +In exceptional cases it is possible to replace the reseeding mechanism entirely +by providing application defined callbacks using \fBRAND_DRBG_set_callbacks()\fR. +.PP +The reseeding default values are applied only during creation of a \s-1DRBG\s0 instance. +To ensure that they are applied to the global and thread-local \s-1DRBG\s0 instances +(, resp. and ), it is necessary to call +\&\fBRAND_DRBG_set_reseed_defaults()\fR before creating any thread and before calling any + cryptographic routines that obtain random data directly or indirectly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_DRBG_generate\fR\|(3), +\&\fBRAND_DRBG_bytes\fR\|(3), +\&\fBRAND_DRBG_set_callbacks\fR\|(3). +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 new file mode 100644 index 000000000000..49a765968ceb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_DRBG_set_callbacks.3 @@ -0,0 +1,268 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_SET_CALLBACKS 3" +.TH RAND_DRBG_SET_CALLBACKS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_set_callbacks, RAND_DRBG_get_entropy_fn, RAND_DRBG_cleanup_entropy_fn, RAND_DRBG_get_nonce_fn, RAND_DRBG_cleanup_nonce_fn \&\- set callbacks for reseeding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& +\& int RAND_DRBG_set_callbacks(RAND_DRBG *drbg, +\& RAND_DRBG_get_entropy_fn get_entropy, +\& RAND_DRBG_cleanup_entropy_fn cleanup_entropy, +\& RAND_DRBG_get_nonce_fn get_nonce, +\& RAND_DRBG_cleanup_nonce_fn cleanup_nonce); +.Ve +.SS "Callback Functions" +.IX Subsection "Callback Functions" +.Vb 6 +\& typedef size_t (*RAND_DRBG_get_entropy_fn)( +\& RAND_DRBG *drbg, +\& unsigned char **pout, +\& int entropy, +\& size_t min_len, size_t max_len, +\& int prediction_resistance); +\& +\& typedef void (*RAND_DRBG_cleanup_entropy_fn)( +\& RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +\& +\& typedef size_t (*RAND_DRBG_get_nonce_fn)( +\& RAND_DRBG *drbg, +\& unsigned char **pout, +\& int entropy, +\& size_t min_len, size_t max_len); +\& +\& typedef void (*RAND_DRBG_cleanup_nonce_fn)( +\& RAND_DRBG *drbg, +\& unsigned char *out, size_t outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_set_callbacks()\fR sets the callbacks for obtaining fresh entropy and +the nonce when reseeding the given \fBdrbg\fR. +The callback functions are implemented and provided by the caller. +Their parameter lists need to match the function prototypes above. +.PP +Setting the callbacks is allowed only if the \s-1DRBG\s0 has not been initialized yet. +Otherwise, the operation will fail. +To change the settings for one of the three shared DRBGs it is necessary to call +\&\fBRAND_DRBG_uninstantiate()\fR first. +.PP +The \fBget_entropy\fR() callback is called by the \fBdrbg\fR when it requests fresh +random input. +It is expected that the callback allocates and fills a random buffer of size +\&\fBmin_len\fR <= size <= \fBmax_len\fR (in bytes) which contains at least \fBentropy\fR +bits of randomness. +The \fBprediction_resistance\fR flag indicates whether the reseeding was +triggered by a prediction resistance request. +.PP +The buffer's address is to be returned in *\fBpout\fR and the number of collected +randomness bytes as return value. +.PP +If the callback fails to acquire at least \fBentropy\fR bits of randomness, +it must indicate an error by returning a buffer length of 0. +.PP +If \fBprediction_resistance\fR was requested and the random source of the \s-1DRBG\s0 +does not satisfy the conditions requested by [\s-1NIST SP 800\-90C\s0], then +it must also indicate an error by returning a buffer length of 0. +See \s-1NOTES\s0 section for more details. +.PP +The \fBcleanup_entropy\fR() callback is called from the \fBdrbg\fR to to clear and +free the buffer allocated previously by \fBget_entropy()\fR. +The values \fBout\fR and \fBoutlen\fR are the random buffer's address and length, +as returned by the \fBget_entropy()\fR callback. +.PP +The \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks are used to obtain a nonce +and free it again. A nonce is only required for instantiation (not for reseeding) +and only in the case where the \s-1DRBG\s0 uses a derivation function. +The callbacks are analogous to \fBget_entropy()\fR and \fBcleanup_entropy()\fR, +except for the missing prediction_resistance flag. +.PP +If the derivation function is disabled, then no nonce is used for instantiation, +and the \fBget_nonce\fR() and \fBcleanup_nonce\fR() callbacks can be omitted by +setting them to \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_set_callbacks()\fR return 1 on success, and 0 on failure +.SH "NOTES" +.IX Header "NOTES" +It is important that \fBcleanup_entropy\fR() and \fBcleanup_nonce\fR() clear the buffer +contents safely before freeing it, in order not to leave sensitive information +about the \s-1DRBG\s0's state in memory. +.PP +A request for prediction resistance can only be satisfied by pulling fresh +entropy from one of the approved entropy sources listed in section 5.5.2 of +[\s-1NIST SP 800\-90C\s0]. +Since the default implementation of the get_entropy callback does not have access +to such an approved entropy source, a request for prediction resistance will +always fail. +In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 +.PP +The derivation function is disabled during initialization by calling the +\&\fBRAND_DRBG_set()\fR function with the \s-1RAND_DRBG_FLAG_CTR_NO_DF\s0 flag. +For more information on the derivation function and when it can be omitted, +see [\s-1NIST SP 800\-90A\s0 Rev. 1]. Roughly speaking it can be omitted if the random +source has \*(L"full entropy\*(R", i.e., contains 8 bits of entropy per byte. +.PP +Even if a nonce is required, the \fBget_nonce\fR() and \fBcleanup_nonce\fR() +callbacks can be omitted by setting them to \s-1NULL.\s0 +In this case the \s-1DRBG\s0 will automatically request an extra amount of entropy +(using the \fBget_entropy\fR() and \fBcleanup_entropy\fR() callbacks) which it will +utilize for the nonce, following the recommendations of [\s-1NIST SP 800\-90A\s0 Rev. 1], +section 8.6.7. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_DRBG_new\fR\|(3), +\&\fBRAND_DRBG_reseed\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1RAND_DRBG\s0 functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 b/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 new file mode 100644 index 000000000000..cd94b4a2af1b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_DRBG_set_ex_data.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG_SET_EX_DATA 3" +.TH RAND_DRBG_SET_EX_DATA 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG_set_ex_data, RAND_DRBG_get_ex_data, RAND_DRBG_get_ex_new_index \&\- store and retrieve extra data from the DRBG instance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *data); +\& +\& void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx); +\& +\& int RAND_DRBG_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_DRBG_set_ex_data()\fR enables an application to store arbitrary application +specific data \fBdata\fR in a \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The index \fBidx\fR should +be a value previously returned from a call to \fBRAND_DRBG_get_ex_new_index()\fR. +.PP +\&\fBRAND_DRBG_get_ex_data()\fR retrieves application specific data previously stored +in an \s-1RAND_DRBG\s0 instance \fBdrbg\fR. The \fBidx\fR value should be the same as that +used when originally storing the data. +.PP +For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and +\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and +\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_DRBG_set_ex_data()\fR returns 1 for success or 0 for failure. +.PP +\&\fBRAND_DRBG_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on +failure. \s-1NULL\s0 may also be a valid value. +.SH "NOTES" +.IX Header "NOTES" +RAND_DRBG_get_ex_new_index(...) is implemented as a macro and equivalent to +CRYPTO_get_ex_new_index(\s-1CRYPTO_EX_INDEX_DRBG,...\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBCRYPTO_get_ex_data\fR\|(3), +\&\fBCRYPTO_set_ex_data\fR\|(3), +\&\fBCRYPTO_get_ex_new_index\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RAND_add.3 b/secure/lib/libcrypto/man/man3/RAND_add.3 new file mode 100644 index 000000000000..d7d2cd0a6436 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_add.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_ADD 3" +.TH RAND_ADD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_add, RAND_poll, RAND_seed, RAND_status, RAND_event, RAND_screen, RAND_keep_random_devices_open \&\- add randomness to the PRNG or get its status +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_status(void); +\& int RAND_poll(); +\& +\& void RAND_add(const void *buf, int num, double randomness); +\& void RAND_seed(const void *buf, int num); +\& +\& void RAND_keep_random_devices_open(int keep); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); +\& void RAND_screen(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions can be used to seed the random generator and to check its +seeded state. +In general, manual (re\-)seeding of the default OpenSSL random generator +(\fBRAND_OpenSSL\fR\|(3)) is not necessary (but allowed), since it does (re\-)seed +itself automatically using trusted system entropy sources. +This holds unless the default \s-1RAND_METHOD\s0 has been replaced or OpenSSL was +built with automatic reseeding disabled, see \s-1\fBRAND\s0\fR\|(7) for more details. +.PP +\&\fBRAND_status()\fR indicates whether or not the random generator has been sufficiently +seeded. If not, functions such as \fBRAND_bytes\fR\|(3) will fail. +.PP +\&\fBRAND_poll()\fR uses the system's capabilities to seed the random generator using +random input obtained from polling various trusted entropy sources. +The default choice of the entropy source can be modified at build time, +see \s-1\fBRAND\s0\fR\|(7) for more details. +.PP +\&\fBRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the internal state +of the random generator. +This function will not normally be needed, as mentioned above. +The \fBrandomness\fR argument is an estimate of how much randomness is +contained in +\&\fBbuf\fR, in bytes, and should be a number between zero and \fBnum\fR. +Details about sources of randomness and how to estimate their randomness +can be found in the literature; for example [\s-1NIST SP 800\-90B\s0]. +The content of \fBbuf\fR cannot be recovered from subsequent random generator output. +Applications that intend to save and restore random state in an external file +should consider using \fBRAND_load_file\fR\|(3) instead. +.PP +\&\fBRAND_seed()\fR is equivalent to \fBRAND_add()\fR with \fBrandomness\fR set to \fBnum\fR. +.PP +\&\fBRAND_keep_random_devices_open()\fR is used to control file descriptor +usage by the random seed sources. Some seed sources maintain open file +descriptors by default, which allows such sources to operate in a +\&\fBchroot\fR\|(2) jail without the associated device nodes being available. When +the \fBkeep\fR argument is zero, this call disables the retention of file +descriptors. Conversely, a non-zero argument enables the retention of +file descriptors. This function is usually called during initialization +and it takes effect immediately. +.PP +\&\fBRAND_event()\fR and \fBRAND_screen()\fR are equivalent to \fBRAND_poll()\fR and exist +for compatibility reasons only. See \s-1HISTORY\s0 section below. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_status()\fR returns 1 if the random generator has been seeded +with enough data, 0 otherwise. +.PP +\&\fBRAND_poll()\fR returns 1 if it generated seed data, 0 otherwise. +.PP +\&\fBRAND_event()\fR returns \fBRAND_status()\fR. +.PP +The other functions do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_egd\fR\|(3), +\&\fBRAND_load_file\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRAND_event()\fR and \fBRAND_screen()\fR were deprecated in OpenSSL 1.1.0 and should +not be used. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RAND_bytes.3 b/secure/lib/libcrypto/man/man3/RAND_bytes.3 new file mode 100644 index 000000000000..a90138882f5d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_bytes.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_BYTES 3" +.TH RAND_BYTES 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes \- generate random data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_bytes(unsigned char *buf, int num); +\& int RAND_priv_bytes(unsigned char *buf, int num); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& int RAND_pseudo_bytes(unsigned char *buf, int num); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes +into \fBbuf\fR. +.PP +\&\fBRAND_priv_bytes()\fR has the same semantics as \fBRAND_bytes()\fR. It is intended to +be used for generating values that should remain private. If using the +default \s-1RAND_METHOD,\s0 this function uses a separate \*(L"private\*(R" \s-1PRNG\s0 +instance so that a compromise of the \*(L"public\*(R" \s-1PRNG\s0 instance will not +affect the secrecy of these private values, as described in \s-1\fBRAND\s0\fR\|(7) +and \s-1\fBRAND_DRBG\s0\fR\|(7). +.SH "NOTES" +.IX Header "NOTES" +Always check the error return value of \fBRAND_bytes()\fR and +\&\fBRAND_priv_bytes()\fR and do not take randomness for granted: an error occurs +if the \s-1CSPRNG\s0 has not been seeded with enough randomness to ensure an +unpredictable byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_bytes()\fR and \fBRAND_priv_bytes()\fR +return 1 on success, \-1 if not supported by the current +\&\s-1RAND\s0 method, or 0 on other failure. The error code can be +obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_priv_bytes\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +.IP "\(bu" 2 +\&\fBRAND_pseudo_bytes()\fR was deprecated in OpenSSL 1.1.0; use \fBRAND_bytes()\fR instead. +.IP "\(bu" 2 +The \fBRAND_priv_bytes()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RAND_cleanup.3 b/secure/lib/libcrypto/man/man3/RAND_cleanup.3 new file mode 100644 index 000000000000..8a4c7f7d035f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_cleanup.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_CLEANUP 3" +.TH RAND_CLEANUP 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_cleanup \- erase the PRNG state +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void RAND_cleanup(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Prior to OpenSSL 1.1.0, \fBRAND_cleanup()\fR released all resources used by +the \s-1PRNG.\s0 As of version 1.1.0, it does nothing and should not be called, +since no explicit initialisation or de-initialisation is necessary. See +\&\fBOPENSSL_init_crypto\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_cleanup()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRAND_cleanup()\fR was deprecated in OpenSSL 1.1.0; do not use it. +See \fBOPENSSL_init_crypto\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RAND_egd.3 b/secure/lib/libcrypto/man/man3/RAND_egd.3 new file mode 100644 index 000000000000..17cc7cee6732 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_egd.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_EGD 3" +.TH RAND_EGD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes \- query entropy gathering daemon +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_egd_bytes(const char *path, int num); +\& int RAND_egd(const char *path); +\& +\& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +On older platforms without a good source of randomness such as \f(CW\*(C`/dev/urandom\*(C'\fR, +it is possible to query an Entropy Gathering Daemon (\s-1EGD\s0) over a local +socket to obtain randomness and seed the OpenSSL \s-1RNG.\s0 +The protocol used is defined by the EGDs available at + or . +.PP +\&\fBRAND_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at the +specified socket \fBpath\fR, and passes the data it receives into \fBRAND_add()\fR. +\&\fBRAND_egd()\fR is equivalent to \fBRAND_egd_bytes()\fR with \fBnum\fR set to 255. +.PP +\&\fBRAND_query_egd_bytes()\fR requests \fBnum\fR bytes of randomness from an \s-1EGD\s0 at +the specified socket \fBpath\fR, where \fBnum\fR must be less than 256. +If \fBbuf\fR is \fB\s-1NULL\s0\fR, it is equivalent to \fBRAND_egd_bytes()\fR. +If \fBbuf\fR is not \fB\s-1NULL\s0\fR, then the data is copied to the buffer and +\&\fBRAND_add()\fR is not called. +.PP +OpenSSL can be configured at build time to try to use the \s-1EGD\s0 for seeding +automatically. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_egd()\fR and \fBRAND_egd_bytes()\fR return the number of bytes read from the +daemon on success, or \-1 if the connection failed or the daemon did not +return enough data to fully seed the \s-1PRNG.\s0 +.PP +\&\fBRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on +success, or \-1 if the connection failed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RAND_load_file.3 b/secure/lib/libcrypto/man/man3/RAND_load_file.3 new file mode 100644 index 000000000000..07bf78761f4a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_load_file.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_LOAD_FILE 3" +.TH RAND_LOAD_FILE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_load_file, RAND_write_file, RAND_file_name \- PRNG seed file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RAND_load_file(const char *filename, long max_bytes); +\& +\& int RAND_write_file(const char *filename); +\& +\& const char *RAND_file_name(char *buf, size_t num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and +adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is non-negative, +up to \fBmax_bytes\fR are read; +if \fBmax_bytes\fR is \-1, the complete file is read. +Do not load the same file multiple times unless its contents have +been updated by \fBRAND_write_file()\fR between reads. +Also, note that \fBfilename\fR should be adequately protected so that an +attacker cannot replace or examine the contents. +If \fBfilename\fR is not a regular file, then user is considered to be +responsible for any side effects, e.g. non-anticipated blocking or +capture of controlling terminal. +.PP +\&\fBRAND_write_file()\fR writes a number of random bytes (currently 128) to +file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling +\&\fBRAND_load_file()\fR in a later session. +.PP +\&\fBRAND_file_name()\fR generates a default path for the random seed +file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the +filename. +.PP +On all systems, if the environment variable \fB\s-1RANDFILE\s0\fR is set, its +value will be used as the seed file name. +Otherwise, the file is called \f(CW\*(C`.rnd\*(C'\fR, found in platform dependent locations: +.IP "On Windows (in order of preference)" 4 +.IX Item "On Windows (in order of preference)" +.Vb 1 +\& %HOME%, %USERPROFILE%, %SYSTEMROOT%, C:\e +.Ve +.IP "On \s-1VMS\s0" 4 +.IX Item "On VMS" +.Vb 1 +\& SYS$LOGIN: +.Ve +.IP "On all other systems" 4 +.IX Item "On all other systems" +.Vb 1 +\& $HOME +.Ve +.PP +If \f(CW$HOME\fR (on non-Windows and non-VMS system) is not set either, or +\&\fBnum\fR is too small for the path name, an error occurs. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_load_file()\fR returns the number of bytes read or \-1 on error. +.PP +\&\fBRAND_write_file()\fR returns the number of bytes written, or \-1 if the +bytes written were generated without appropriate seeding. +.PP +\&\fBRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 new file mode 100644 index 000000000000..e9c414f8e7da --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RAND_set_rand_method.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_SET_RAND_METHOD 3" +.TH RAND_SET_RAND_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_set_rand_method, RAND_get_rand_method, RAND_OpenSSL \- select RAND method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RAND_METHOD *RAND_OpenSSL(void); +\& +\& int RAND_set_rand_method(const RAND_METHOD *meth); +\& +\& const RAND_METHOD *RAND_get_rand_method(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number +generation. +.PP +\&\fBRAND_OpenSSL()\fR returns the default \fB\s-1RAND_METHOD\s0\fR implementation by OpenSSL. +This implementation ensures that the \s-1PRNG\s0 state is unique for each thread. +.PP +If an \fB\s-1ENGINE\s0\fR is loaded that provides the \s-1RAND API,\s0 however, it will +be used instead of the method returned by \fBRAND_OpenSSL()\fR. +.PP +\&\fBRAND_set_rand_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. If an +\&\s-1ENGINE\s0 was providing the method, it will be released first. +.PP +\&\fBRAND_get_rand_method()\fR returns a pointer to the current \fB\s-1RAND_METHOD\s0\fR. +.SH "THE RAND_METHOD STRUCTURE" +.IX Header "THE RAND_METHOD STRUCTURE" +.Vb 8 +\& typedef struct rand_meth_st { +\& void (*seed)(const void *buf, int num); +\& int (*bytes)(unsigned char *buf, int num); +\& void (*cleanup)(void); +\& void (*add)(const void *buf, int num, int randomness); +\& int (*pseudorand)(unsigned char *buf, int num); +\& int (*status)(void); +\& } RAND_METHOD; +.Ve +.PP +The fields point to functions that are used by, in order, +\&\fBRAND_seed()\fR, \fBRAND_bytes()\fR, internal \s-1RAND\s0 cleanup, \fBRAND_add()\fR, \fBRAND_pseudo_rand()\fR +and \fBRAND_status()\fR. +Each pointer may be \s-1NULL\s0 if the function is not implemented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRAND_set_rand_method()\fR returns 1 on success and 0 on failue. +\&\fBRAND_get_rand_method()\fR and \fBRAND_OpenSSL()\fR return pointers to the respective +methods. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_bytes\fR\|(3), +\&\fBENGINE_by_id\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RC4_set_key.3 b/secure/lib/libcrypto/man/man3/RC4_set_key.3 new file mode 100644 index 000000000000..e2ed19a87ec6 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RC4_set_key.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RC4_SET_KEY 3" +.TH RC4_SET_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RC4_set_key, RC4 \- RC4 encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +\& +\& void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, +\& unsigned char *outdata); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements the Alleged \s-1RC4\s0 cipher, which is described for +example in \fIApplied Cryptography\fR. It is believed to be compatible +with RC4[\s-1TM\s0], a proprietary cipher of \s-1RSA\s0 Security Inc. +.PP +\&\s-1RC4\s0 is a stream cipher with variable key length. Typically, 128 bit +(16 byte) keys are used for strong encryption, but shorter insecure +key sizes have been widely used due to export restrictions. +.PP +\&\s-1RC4\s0 consists of a key setup phase and the actual encryption or +decryption phase. +.PP +\&\fBRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long +key at \fBdata\fR. +.PP +\&\s-1\fBRC4\s0()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using +\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \s-1\fBRC4\s0()\fR calls with +the same \fBkey\fR yield a continuous key stream. +.PP +Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random +key stream to produce the output), decryption uses the same function +calls as encryption. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRC4_set_key()\fR and \s-1\fBRC4\s0()\fR do not return values. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fBEVP_EncryptInit\fR\|(3) etc. instead of calling these +functions directly. +.PP +It is difficult to securely use stream ciphers. For example, do not perform +multiple encryptions using the same key stream. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_EncryptInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 b/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 new file mode 100644 index 000000000000..1de93985960b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RIPEMD160_Init.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RIPEMD160_INIT 3" +.TH RIPEMD160_INIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- RIPEMD\-160 hash function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, +\& unsigned char *md); +\& +\& int RIPEMD160_Init(RIPEMD160_CTX *c); +\& int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); +\& int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RIPEMD\-160\s0 is a cryptographic hash function with a +160 bit output. +.PP +\&\s-1\fBRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. +.PP +\&\fBRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have +space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases +the \fB\s-1RIPEMD160_CTX\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBRIPEMD160\s0()\fR returns a pointer to the hash value. +.PP +\&\fBRIPEMD160_Init()\fR, \fBRIPEMD160_Update()\fR and \fBRIPEMD160_Final()\fR return 1 for +success, 0 otherwise. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling these +functions directly. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC 10118\-3:2016\s0 Dedicated Hash-Function 1 (\s-1RIPEMD\-160\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 b/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 new file mode 100644 index 000000000000..eb950af7ce6b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_blinding_on.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_BLINDING_ON 3" +.TH RSA_BLINDING_ON 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_blinding_on, RSA_blinding_off \- protect the RSA operation from timing attacks +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +\& +\& void RSA_blinding_off(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RSA\s0 is vulnerable to timing attacks. In a setup where attackers can +measure the time of \s-1RSA\s0 decryption or signature operations, blinding +must be used to protect the \s-1RSA\s0 operation from that attack. +.PP +\&\fBRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a +random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and +initialized \fB\s-1BN_CTX\s0\fR. +.PP +\&\fBRSA_blinding_off()\fR turns blinding off and frees the memory used for +the blinding factor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. +.PP +\&\fBRSA_blinding_off()\fR returns no value. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_check_key.3 b/secure/lib/libcrypto/man/man3/RSA_check_key.3 new file mode 100644 index 000000000000..1044c5dcc190 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_check_key.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_CHECK_KEY 3" +.TH RSA_CHECK_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_check_key_ex, RSA_check_key \- validate private RSA keys +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb); +\& +\& int RSA_check_key(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_check_key_ex()\fR function validates \s-1RSA\s0 keys. +It checks that \fBp\fR and \fBq\fR are +in fact prime, and that \fBn = p*q\fR. +.PP +It does not work on \s-1RSA\s0 public keys that have only the modulus +and public exponent elements populated. +It also checks that \fBd*e = 1 mod (p\-1*q\-1)\fR, +and that \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are set correctly or are \fB\s-1NULL\s0\fR. +It performs integrity checks on all +the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private +key data too. +Therefore, it cannot be used with any arbitrary \s-1RSA\s0 key object, +even if it is otherwise fit for regular \s-1RSA\s0 operation. +.PP +The \fBcb\fR parameter is a callback that will be invoked in the same +manner as \fBBN_is_prime_ex\fR\|(3). +.PP +\&\fBRSA_check_key()\fR is equivalent to \fBRSA_check_key_ex()\fR with a \s-1NULL\s0 \fBcb\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_check_key_ex()\fR and \fBRSA_check_key()\fR +return 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise. +They return \-1 if an error occurs while checking the key. +.PP +If the key is invalid or an error occurred, the reason code can be +obtained using \fBERR_get_error\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work +transparently with any underlying \s-1ENGINE\s0 implementation because it uses the +key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can +override the way key data is stored and handled, and can even provide +support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR +key data at all! If the \s-1ENGINE\s0 in question is only being used for +acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data +is complete and untouched, but this can't be assumed in the general case. +.SH "BUGS" +.IX Header "BUGS" +A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need +to be considered. Right now \fBRSA_check_key()\fR simply uses the \s-1RSA\s0 structure +elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and +completely violating encapsulation and object-orientation in the process). +The best fix will probably be to introduce a \*(L"\fBcheck_key()\fR\*(R" handler to the +\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also +provide their own verifiers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_is_prime_ex\fR\|(3), +\&\fBERR_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRSA_check_key_ex()\fR appeared after OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_generate_key.3 b/secure/lib/libcrypto/man/man3/RSA_generate_key.3 new file mode 100644 index 000000000000..5abf9b196a70 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_generate_key.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_GENERATE_KEY 3" +.TH RSA_GENERATE_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_generate_key_ex, RSA_generate_key, RSA_generate_multi_prime_key \- generate RSA key pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +\& int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); +.Ve +.PP +Deprecated: +.PP +.Vb 4 +\& #if OPENSSL_API_COMPAT < 0x00908000L +\& RSA *RSA_generate_key(int bits, unsigned long e, +\& void (*callback)(int, int, void *), void *cb_arg); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_generate_key_ex()\fR generates a 2\-prime \s-1RSA\s0 key pair and stores it in the +\&\fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The pseudo-random number generator must +be seeded prior to calling \fBRSA_generate_key_ex()\fR. +.PP +\&\fBRSA_generate_multi_prime_key()\fR generates a multi-prime \s-1RSA\s0 key pair and stores +it in the \fB\s-1RSA\s0\fR structure provided in \fBrsa\fR. The number of primes is given by +the \fBprimes\fR parameter. The random number generator must be seeded when +calling \fBRSA_generate_multi_prime_key()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +The modulus size will be of length \fBbits\fR, the number of primes to form the +modulus will be \fBprimes\fR, and the public exponent will be \fBe\fR. Key sizes +with \fBnum\fR < 1024 should be considered insecure. The exponent is an odd +number, typically 3, 17 or 65537. +.PP +In order to maintain adequate security level, the maximum number of permitted +\&\fBprimes\fR depends on modulus bit length: +.PP +.Vb 3 +\& <1024 | >=1024 | >=4096 | >=8192 +\& \-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-+\-\-\-\-\-\-\- +\& 2 | 3 | 4 | 5 +.Ve +.PP +A callback function may be used to provide feedback about the +progress of the key generation. If \fBcb\fR is not \fB\s-1NULL\s0\fR, it +will be called as follows using the \fBBN_GENCB_call()\fR function +described on the \fBBN_generate_prime\fR\|(3) page. +.PP +\&\fBRSA_generate_key()\fR is similar to \fBRSA_generate_key_ex()\fR but +expects an old-style callback function; see +\&\fBBN_generate_prime\fR\|(3) for information on the old-style callback. +.IP "\(bu" 2 +While a random prime number is generated, it is called as +described in \fBBN_generate_prime\fR\|(3). +.IP "\(bu" 2 +When the n\-th randomly generated prime is rejected as not +suitable for the key, \fBBN_GENCB_call(cb, 2, n)\fR is called. +.IP "\(bu" 2 +When a random p has been found with p\-1 relatively prime to \fBe\fR, +it is called as \fBBN_GENCB_call(cb, 3, 0)\fR. +.PP +The process is then repeated for prime q and other primes (if any) +with \fBBN_GENCB_call(cb, 3, i)\fR where \fBi\fR indicates the i\-th prime. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_generate_multi_prime_key()\fR returns 1 on success or 0 on error. +\&\fBRSA_generate_key_ex()\fR returns 1 on success or 0 on error. +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.PP +\&\fBRSA_generate_key()\fR returns a pointer to the \s-1RSA\s0 structure or +\&\fB\s-1NULL\s0\fR if the key generation fails. +.SH "BUGS" +.IX Header "BUGS" +\&\fBBN_GENCB_call(cb, 2, x)\fR is used with two different meanings. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), \fBBN_generate_prime\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRSA_generate_key()\fR was deprecated in OpenSSL 0.9.8; use +\&\fBRSA_generate_key_ex()\fR instead. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_get0_key.3 b/secure/lib/libcrypto/man/man3/RSA_get0_key.3 new file mode 100644 index 000000000000..036edf25a138 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_get0_key.3 @@ -0,0 +1,298 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_GET0_KEY 3" +.TH RSA_GET0_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key, RSA_get0_factors, RSA_get0_crt_params, RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q, RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_clear_flags, RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count, RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params, RSA_set0_multi_prime_params, RSA_get_version \&\- Routines for getting and setting data in an RSA object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +\& int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +\& int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +\& void RSA_get0_key(const RSA *r, +\& const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +\& void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +\& void RSA_get0_crt_params(const RSA *r, +\& const BIGNUM **dmp1, const BIGNUM **dmq1, +\& const BIGNUM **iqmp); +\& const BIGNUM *RSA_get0_n(const RSA *d); +\& const BIGNUM *RSA_get0_e(const RSA *d); +\& const BIGNUM *RSA_get0_d(const RSA *d); +\& const BIGNUM *RSA_get0_p(const RSA *d); +\& const BIGNUM *RSA_get0_q(const RSA *d); +\& const BIGNUM *RSA_get0_dmp1(const RSA *r); +\& const BIGNUM *RSA_get0_dmq1(const RSA *r); +\& const BIGNUM *RSA_get0_iqmp(const RSA *r); +\& void RSA_clear_flags(RSA *r, int flags); +\& int RSA_test_flags(const RSA *r, int flags); +\& void RSA_set_flags(RSA *r, int flags); +\& ENGINE *RSA_get0_engine(RSA *r); +\& int RSA_get_multi_prime_extra_count(const RSA *r); +\& int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); +\& int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], +\& const BIGNUM *coeffs[]); +\& int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], +\& BIGNUM *coeffs[], int pnum); +\& int RSA_get_version(RSA *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \s-1RSA\s0 object contains the components for the public and private key, +\&\fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR. \fBn\fR is +the modulus common to both public and private key, \fBe\fR is the public +exponent and \fBd\fR is the private exponent. \fBp\fR, \fBq\fR, \fBdmp1\fR, +\&\fBdmq1\fR and \fBiqmp\fR are the factors for the second representation of a +private key (see PKCS#1 section 3 Key Types), where \fBp\fR and \fBq\fR are +the first and second factor of \fBn\fR and \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR +are the exponents and coefficient for \s-1CRT\s0 calculations. +.PP +For multi-prime \s-1RSA\s0 (defined in \s-1RFC 8017\s0), there are also one or more +\&'triplet' in an \s-1RSA\s0 object. A triplet contains three members, \fBr\fR, \fBd\fR +and \fBt\fR. \fBr\fR is the additional prime besides \fBp\fR and \fBq\fR. \fBd\fR and +\&\fBt\fR are the exponent and coefficient for \s-1CRT\s0 calculations. +.PP +The \fBn\fR, \fBe\fR and \fBd\fR parameters can be obtained by calling +\&\fBRSA_get0_key()\fR. If they have not been set yet, then \fB*n\fR, \fB*e\fR and +\&\fB*d\fR will be set to \s-1NULL.\s0 Otherwise, they are set to pointers to +their respective values. These point directly to the internal +representations of the values and therefore should not be freed +by the caller. +.PP +The \fBn\fR, \fBe\fR and \fBd\fR parameter values can be set by calling +\&\fBRSA_set0_key()\fR and passing the new values for \fBn\fR, \fBe\fR and \fBd\fR as +parameters to the function. The values \fBn\fR and \fBe\fR must be non-NULL +the first time this function is called on a given \s-1RSA\s0 object. The +value \fBd\fR may be \s-1NULL.\s0 On subsequent calls any of these values may be +\&\s-1NULL\s0 which means the corresponding \s-1RSA\s0 field is left untouched. +Calling this function transfers the memory management of the values to +the \s-1RSA\s0 object, and therefore the values that have been passed in +should not be freed by the caller after this function has been called. +.PP +In a similar fashion, the \fBp\fR and \fBq\fR parameters can be obtained and +set with \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR, and the \fBdmp1\fR, +\&\fBdmq1\fR and \fBiqmp\fR parameters can be obtained and set with +\&\fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. +.PP +For \fBRSA_get0_key()\fR, \fBRSA_get0_factors()\fR, and \fBRSA_get0_crt_params()\fR, +\&\s-1NULL\s0 value \s-1BIGNUM\s0 ** output parameters are permitted. The functions +ignore \s-1NULL\s0 parameters but return values for other, non-NULL, parameters. +.PP +For multi-prime \s-1RSA,\s0 \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR +can be used to obtain other primes and related \s-1CRT\s0 parameters. The +return values are stored in an array of \fB\s-1BIGNUM\s0 *\fR. \fBRSA_set0_multi_prime_params()\fR +sets a collect of multi-prime 'triplet' members (prime, exponent and coefficient) +into an \s-1RSA\s0 object. +.PP +Any of the values \fBn\fR, \fBe\fR, \fBd\fR, \fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR, and \fBiqmp\fR can also be +retrieved separately by the corresponding function +\&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, +\&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR, respectively. +.PP +\&\fBRSA_set_flags()\fR sets the flags in the \fBflags\fR parameter on the \s-1RSA\s0 +object. Multiple flags can be passed in one go (bitwise ORed together). +Any flags that are already set are left set. \fBRSA_test_flags()\fR tests to +see whether the flags passed in the \fBflags\fR parameter are currently +set in the \s-1RSA\s0 object. Multiple flags can be tested in one go. All +flags that are currently set are returned, or zero if none of the +flags are set. \fBRSA_clear_flags()\fR clears the specified flags within the +\&\s-1RSA\s0 object. +.PP +\&\fBRSA_get0_engine()\fR returns a handle to the \s-1ENGINE\s0 that has been set for +this \s-1RSA\s0 object, or \s-1NULL\s0 if no such \s-1ENGINE\s0 has been set. +.PP +\&\fBRSA_get_version()\fR returns the version of an \s-1RSA\s0 object \fBr\fR. +.SH "NOTES" +.IX Header "NOTES" +Values retrieved with \fBRSA_get0_key()\fR are owned by the \s-1RSA\s0 object used +in the call and may therefore \fInot\fR be passed to \fBRSA_set0_key()\fR. If +needed, duplicate the received value using \fBBN_dup()\fR and pass the +duplicate. The same applies to \fBRSA_get0_factors()\fR and \fBRSA_set0_factors()\fR +as well as \fBRSA_get0_crt_params()\fR and \fBRSA_set0_crt_params()\fR. +.PP +The caller should obtain the size by calling \fBRSA_get_multi_prime_extra_count()\fR +in advance and allocate sufficient buffer to store the return values before +calling \fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_params()\fR. +.PP +\&\fBRSA_set0_multi_prime_params()\fR always clears the original multi-prime +triplets in \s-1RSA\s0 object \fBr\fR and assign the new set of triplets into it. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_set0_key()\fR, \fBRSA_set0_factors()\fR, \fBRSA_set0_crt_params()\fR and +\&\fBRSA_set0_multi_prime_params()\fR return 1 on success or 0 on failure. +.PP +\&\fBRSA_get0_n()\fR, \fBRSA_get0_e()\fR, \fBRSA_get0_d()\fR, \fBRSA_get0_p()\fR, \fBRSA_get0_q()\fR, +\&\fBRSA_get0_dmp1()\fR, \fBRSA_get0_dmq1()\fR, and \fBRSA_get0_iqmp()\fR +return the respective value. +.PP +\&\fBRSA_get0_multi_prime_factors()\fR and \fBRSA_get0_multi_prime_crt_params()\fR return +1 on success or 0 on failure. +.PP +\&\fBRSA_get_multi_prime_extra_count()\fR returns two less than the number of primes +in use, which is 0 for traditional \s-1RSA\s0 and the number of extra primes for +multi-prime \s-1RSA.\s0 +.PP +\&\fBRSA_get_version()\fR returns \fB\s-1RSA_ASN1_VERSION_MULTI\s0\fR for multi-prime \s-1RSA\s0 and +\&\fB\s-1RSA_ASN1_VERSION_DEFAULT\s0\fR for normal two-prime \s-1RSA,\s0 as defined in \s-1RFC 8017.\s0 +.PP +\&\fBRSA_test_flags()\fR returns the current state of the flags in the \s-1RSA\s0 object. +.PP +\&\fBRSA_get0_engine()\fR returns the \s-1ENGINE\s0 set for the \s-1RSA\s0 object or \s-1NULL\s0 if no +\&\s-1ENGINE\s0 has been set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRSA_new\fR\|(3), \fBRSA_size\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBRSA_get_multi_prime_extra_count()\fR, \fBRSA_get0_multi_prime_factors()\fR, +\&\fBRSA_get0_multi_prime_crt_params()\fR, \fBRSA_set0_multi_prime_params()\fR, +and \fBRSA_get_version()\fR functions were added in OpenSSL 1.1.1. +.PP +Other functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_meth_new.3 b/secure/lib/libcrypto/man/man3/RSA_meth_new.3 new file mode 100644 index 000000000000..78f324356590 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_meth_new.3 @@ -0,0 +1,382 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_METH_NEW 3" +.TH RSA_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name, RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags, RSA_meth_get_pub_enc, RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec, RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec, RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp, RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init, RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish, RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify, RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen, RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen \&\- Routines to build up RSA methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RSA_METHOD *RSA_meth_new(const char *name, int flags); +\& void RSA_meth_free(RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +\& +\& const char *RSA_meth_get0_name(const RSA_METHOD *meth); +\& int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +\& +\& int RSA_meth_get_flags(const RSA_METHOD *meth); +\& int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +\& +\& void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +\& int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); +\& +\& int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& int RSA_meth_set_pub_enc(RSA_METHOD *rsa, +\& int (*pub_enc)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding)); +\& +\& int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) +\& (int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& int RSA_meth_set_pub_dec(RSA_METHOD *rsa, +\& int (*pub_dec)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding)); +\& +\& int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding); +\& int RSA_meth_set_priv_enc(RSA_METHOD *rsa, +\& int (*priv_enc)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding)); +\& +\& int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, +\& int padding); +\& int RSA_meth_set_priv_dec(RSA_METHOD *rsa, +\& int (*priv_dec)(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding)); +\& +\& /* Can be null */ +\& int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i, +\& RSA *rsa, BN_CTX *ctx); +\& int RSA_meth_set_mod_exp(RSA_METHOD *rsa, +\& int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, +\& BN_CTX *ctx)); +\& +\& /* Can be null */ +\& int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, +\& int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *m_ctx)); +\& +\& /* called at new */ +\& int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa); +\& int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa)); +\& +\& /* called at free */ +\& int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); +\& int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa)); +\& +\& int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m, +\& unsigned int m_length, +\& unsigned char *sigret, +\& unsigned int *siglen, const RSA *rsa); +\& int RSA_meth_set_sign(RSA_METHOD *rsa, +\& int (*sign)(int type, const unsigned char *m, +\& unsigned int m_length, unsigned char *sigret, +\& unsigned int *siglen, const RSA *rsa)); +\& +\& int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m, +\& unsigned int m_length, +\& const unsigned char *sigbuf, +\& unsigned int siglen, const RSA *rsa); +\& int RSA_meth_set_verify(RSA_METHOD *rsa, +\& int (*verify)(int dtype, const unsigned char *m, +\& unsigned int m_length, +\& const unsigned char *sigbuf, +\& unsigned int siglen, const RSA *rsa)); +\& +\& int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e, +\& BN_GENCB *cb); +\& int RSA_meth_set_keygen(RSA_METHOD *rsa, +\& int (*keygen)(RSA *rsa, int bits, BIGNUM *e, +\& BN_GENCB *cb)); +\& +\& int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, +\& int primes, BIGNUM *e, +\& BN_GENCB *cb); +\& +\& int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, +\& int (*keygen) (RSA *rsa, int bits, +\& int primes, BIGNUM *e, +\& BN_GENCB *cb)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1RSA_METHOD\s0\fR type is a structure used for the provision of custom +\&\s-1RSA\s0 implementations. It provides a set of functions used by OpenSSL +for the implementation of the various \s-1RSA\s0 capabilities. See the rsa +page for more information. +.PP +\&\fBRSA_meth_new()\fR creates a new \fB\s-1RSA_METHOD\s0\fR structure. It should be +given a unique \fBname\fR and a set of \fBflags\fR. The \fBname\fR should be a +\&\s-1NULL\s0 terminated string, which will be duplicated and stored in the +\&\fB\s-1RSA_METHOD\s0\fR object. It is the callers responsibility to free the +original string. The flags will be used during the construction of a +new \fB\s-1RSA\s0\fR object based on this \fB\s-1RSA_METHOD\s0\fR. Any new \fB\s-1RSA\s0\fR object +will have those flags set by default. +.PP +\&\fBRSA_meth_dup()\fR creates a duplicate copy of the \fB\s-1RSA_METHOD\s0\fR object +passed as a parameter. This might be useful for creating a new +\&\fB\s-1RSA_METHOD\s0\fR based on an existing one, but with some differences. +.PP +\&\fBRSA_meth_free()\fR destroys an \fB\s-1RSA_METHOD\s0\fR structure and frees up any +memory associated with it. +.PP +\&\fBRSA_meth_get0_name()\fR will return a pointer to the name of this +\&\s-1RSA_METHOD.\s0 This is a pointer to the internal name string and so +should not be freed by the caller. \fBRSA_meth_set1_name()\fR sets the name +of the \s-1RSA_METHOD\s0 to \fBname\fR. The string is duplicated and the copy is +stored in the \s-1RSA_METHOD\s0 structure, so the caller remains responsible +for freeing the memory associated with the name. +.PP +\&\fBRSA_meth_get_flags()\fR returns the current value of the flags associated +with this \s-1RSA_METHOD.\s0 \fBRSA_meth_set_flags()\fR provides the ability to set +these flags. +.PP +The functions \fBRSA_meth_get0_app_data()\fR and \fBRSA_meth_set0_app_data()\fR +provide the ability to associate implementation specific data with the +\&\s-1RSA_METHOD.\s0 It is the application's responsibility to free this data +before the \s-1RSA_METHOD\s0 is freed via a call to \fBRSA_meth_free()\fR. +.PP +\&\fBRSA_meth_get_sign()\fR and \fBRSA_meth_set_sign()\fR get and set the function +used for creating an \s-1RSA\s0 signature respectively. This function will be +called in response to the application calling \fBRSA_sign()\fR. The +parameters for the function have the same meaning as for \fBRSA_sign()\fR. +.PP +\&\fBRSA_meth_get_verify()\fR and \fBRSA_meth_set_verify()\fR get and set the +function used for verifying an \s-1RSA\s0 signature respectively. This +function will be called in response to the application calling +\&\fBRSA_verify()\fR. The parameters for the function have the same meaning as +for \fBRSA_verify()\fR. +.PP +\&\fBRSA_meth_get_mod_exp()\fR and \fBRSA_meth_set_mod_exp()\fR get and set the +function used for \s-1CRT\s0 computations. +.PP +\&\fBRSA_meth_get_bn_mod_exp()\fR and \fBRSA_meth_set_bn_mod_exp()\fR get and set +the function used for \s-1CRT\s0 computations, specifically the following +value: +.PP +.Vb 1 +\& r = a ^ p mod m +.Ve +.PP +Both the \fBmod_exp()\fR and \fBbn_mod_exp()\fR functions are called by the +default OpenSSL method during encryption, decryption, signing and +verification. +.PP +\&\fBRSA_meth_get_init()\fR and \fBRSA_meth_set_init()\fR get and set the function +used for creating a new \s-1RSA\s0 instance respectively. This function will +be called in response to the application calling \fBRSA_new()\fR (if the +current default \s-1RSA_METHOD\s0 is this one) or \fBRSA_new_method()\fR. The +\&\fBRSA_new()\fR and \fBRSA_new_method()\fR functions will allocate the memory for +the new \s-1RSA\s0 object, and a pointer to this newly allocated structure +will be passed as a parameter to the function. This function may be +\&\s-1NULL.\s0 +.PP +\&\fBRSA_meth_get_finish()\fR and \fBRSA_meth_set_finish()\fR get and set the +function used for destroying an instance of an \s-1RSA\s0 object respectively. +This function will be called in response to the application calling +\&\fBRSA_free()\fR. A pointer to the \s-1RSA\s0 to be destroyed is passed as a +parameter. The destroy function should be used for \s-1RSA\s0 implementation +specific clean up. The memory for the \s-1RSA\s0 itself should not be freed +by this function. This function may be \s-1NULL.\s0 +.PP +\&\fBRSA_meth_get_keygen()\fR and \fBRSA_meth_set_keygen()\fR get and set the +function used for generating a new \s-1RSA\s0 key pair respectively. This +function will be called in response to the application calling +\&\fBRSA_generate_key_ex()\fR. The parameter for the function has the same +meaning as for \fBRSA_generate_key_ex()\fR. +.PP +\&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR get +and set the function used for generating a new multi-prime \s-1RSA\s0 key pair +respectively. This function will be called in response to the application calling +\&\fBRSA_generate_multi_prime_key()\fR. The parameter for the function has the same +meaning as for \fBRSA_generate_multi_prime_key()\fR. +.PP +\&\fBRSA_meth_get_pub_enc()\fR, \fBRSA_meth_set_pub_enc()\fR, +\&\fBRSA_meth_get_pub_dec()\fR, \fBRSA_meth_set_pub_dec()\fR, +\&\fBRSA_meth_get_priv_enc()\fR, \fBRSA_meth_set_priv_enc()\fR, +\&\fBRSA_meth_get_priv_dec()\fR, \fBRSA_meth_set_priv_dec()\fR get and set the +functions used for public and private key encryption and decryption. +These functions will be called in response to the application calling +\&\fBRSA_public_encrypt()\fR, \fBRSA_private_decrypt()\fR, \fBRSA_private_encrypt()\fR and +\&\fBRSA_public_decrypt()\fR and take the same parameters as those. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_meth_new()\fR and \fBRSA_meth_dup()\fR return the newly allocated +\&\s-1RSA_METHOD\s0 object or \s-1NULL\s0 on failure. +.PP +\&\fBRSA_meth_get0_name()\fR and \fBRSA_meth_get_flags()\fR return the name and +flags associated with the \s-1RSA_METHOD\s0 respectively. +.PP +All other RSA_meth_get_*() functions return the appropriate function +pointer that has been set in the \s-1RSA_METHOD,\s0 or \s-1NULL\s0 if no such +pointer has yet been set. +.PP +RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on +success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRSA_new\fR\|(3), \fBRSA_generate_key_ex\fR\|(3), \fBRSA_sign\fR\|(3), +\&\fBRSA_set_method\fR\|(3), \fBRSA_size\fR\|(3), \fBRSA_get0_key\fR\|(3), +\&\fBRSA_generate_multi_prime_key\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBRSA_meth_get_multi_prime_keygen()\fR and \fBRSA_meth_set_multi_prime_keygen()\fR were +added in OpenSSL 1.1.1. +.PP +Other functions described here were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_new.3 b/secure/lib/libcrypto/man/man3/RSA_new.3 new file mode 100644 index 000000000000..fe37bcc9d2fe --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_new.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_NEW 3" +.TH RSA_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_new, RSA_free \- allocate and free RSA objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& RSA *RSA_new(void); +\& +\& void RSA_free(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to +calling RSA_new_method(\s-1NULL\s0). +.PP +\&\fBRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is +erased before the memory is returned to the system. +If \fBrsa\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). Otherwise it returns +a pointer to the newly allocated structure. +.PP +\&\fBRSA_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRSA_generate_key\fR\|(3), +\&\fBRSA_new_method\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 new file mode 100644 index 000000000000..419fe86f0445 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_padding_add_PKCS1_type_1.3 @@ -0,0 +1,276 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 3" +.TH RSA_PADDING_ADD_PKCS1_TYPE_1 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1, RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption padding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, +\& const unsigned char *p, int pl); +\& +\& int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len, +\& const unsigned char *p, int pl); +\& +\& int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, +\& const unsigned char *p, int pl, +\& const EVP_MD *md, const EVP_MD *mgf1md); +\& +\& int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len, +\& const unsigned char *p, int pl, +\& const EVP_MD *md, const EVP_MD *mgf1md); +\& +\& int RSA_padding_add_SSLv23(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_SSLv23(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +\& +\& int RSA_padding_add_none(unsigned char *to, int tlen, +\& const unsigned char *f, int fl); +\& +\& int RSA_padding_check_none(unsigned char *to, int tlen, +\& const unsigned char *f, int fl, int rsa_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, +decrypt, sign and verify functions. Normally they should not be called +from application programs. +.PP +However, they can also be called directly to implement padding for other +asymmetric ciphers. \fBRSA_padding_add_PKCS1_OAEP()\fR and +\&\fBRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined +with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding +parameter. +.PP +\&\fBRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into +\&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR +does not meet the size requirements of the encoding method. +.PP +The following encoding methods are implemented: +.IP "PKCS1_type_1" 4 +.IX Item "PKCS1_type_1" +\&\s-1PKCS\s0 #1 v2.0 EMSA\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 1); used for signatures +.IP "PKCS1_type_2" 4 +.IX Item "PKCS1_type_2" +\&\s-1PKCS\s0 #1 v2.0 EME\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 2) +.IP "\s-1PKCS1_OAEP\s0" 4 +.IX Item "PKCS1_OAEP" +\&\s-1PKCS\s0 #1 v2.0 EME-OAEP +.IP "SSLv23" 4 +.IX Item "SSLv23" +\&\s-1PKCS\s0 #1 EME\-PKCS1\-v1_5 with SSL-specific modification +.IP "none" 4 +.IX Item "none" +simply copy the data +.PP +The random number generator must be seeded prior to calling +\&\fBRSA_padding_add_xxx()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fBRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain +a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective +encoding method and stores the recovered data of at most \fBtlen\fR bytes +(for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR) +at \fBto\fR. +.PP +For \fBRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter +of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0. +.PP +For \fBRSA_padding_xxx_OAEP_mgf1()\fR, \fBmd\fR points to the md hash, +if \fBmd\fR is \fB\s-1NULL\s0\fR that means md=sha1, and \fBmgf1md\fR points to +the mgf1 hash, if \fBmgf1md\fR is \fB\s-1NULL\s0\fR that means mgf1md=md. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. +The \fBRSA_padding_check_xxx()\fR functions return the length of the +recovered data, \-1 on error. Error codes can be obtained by calling +\&\fBERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +The result of \fBRSA_padding_check_PKCS1_type_2()\fR is a very sensitive +information which can potentially be used to mount a Bleichenbacher +padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1 +v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding. If that is not +possible, the result of \fBRSA_padding_check_PKCS1_type_2()\fR should be +checked in constant time if it matches the expected length of the +plaintext and additionally some application specific consistency +checks on the plaintext need to be performed in constant time. +If the plaintext is rejected it must be kept secret which of the +checks caused the application to reject the message. +Do not remove the zero-padding from the decrypted raw \s-1RSA\s0 data +which was computed by \fBRSA_private_decrypt()\fR with \fB\s-1RSA_NO_PADDING\s0\fR, +as this would create a small timing side channel which could be +used to mount a Bleichenbacher attack against any padding mode +including \s-1PKCS1_OAEP.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRSA_public_encrypt\fR\|(3), +\&\fBRSA_private_decrypt\fR\|(3), +\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_print.3 b/secure/lib/libcrypto/man/man3/RSA_print.3 new file mode 100644 index 000000000000..cd740a5a73cd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_print.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PRINT 3" +.TH RSA_PRINT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_print, RSA_print_fp, DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_print(BIO *bp, RSA *x, int offset); +\& int RSA_print_fp(FILE *fp, RSA *x, int offset); +\& +\& #include +\& +\& int DSAparams_print(BIO *bp, DSA *x); +\& int DSAparams_print_fp(FILE *fp, DSA *x); +\& int DSA_print(BIO *bp, DSA *x, int offset); +\& int DSA_print_fp(FILE *fp, DSA *x, int offset); +\& +\& #include +\& +\& int DHparams_print(BIO *bp, DH *x); +\& int DHparams_print_fp(FILE *fp, DH *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A human-readable hexadecimal output of the components of the \s-1RSA\s0 +key, \s-1DSA\s0 parameters or key or \s-1DH\s0 parameters is printed to \fBbp\fR or \fBfp\fR. +.PP +The output lines are indented by \fBoffset\fR spaces. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 on success, 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_bn2bin\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 new file mode 100644 index 000000000000..9fb76a68059a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_private_encrypt.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PRIVATE_ENCRYPT 3" +.TH RSA_PRIVATE_ENCRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_private_encrypt, RSA_public_decrypt \- low level signature operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_private_encrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& int RSA_public_decrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions handle \s-1RSA\s0 signatures at a low level. +.PP +\&\fBRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a +message digest with an algorithm identifier) using the private key +\&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to +\&\fBRSA_size(rsa)\fR bytes of memory. +.PP +\&\fBpadding\fR denotes one of the following modes: +.IP "\s-1RSA_PKCS1_PADDING\s0" 4 +.IX Item "RSA_PKCS1_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the +\&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or +verifying \s-1PKCS\s0 #1 signatures, \fBRSA_sign\fR\|(3) and \fBRSA_verify\fR\|(3) should be +used. +.IP "\s-1RSA_NO_PADDING\s0" 4 +.IX Item "RSA_NO_PADDING" +Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement +cryptographically sound padding modes in the application code. +Signing user data directly with \s-1RSA\s0 is insecure. +.PP +\&\fBRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR +bytes long signature at \fBfrom\fR using the signer's public key +\&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the +message digest (which is smaller than \fBRSA_size(rsa) \- +11\fR). \fBpadding\fR is the padding mode that was used to sign the data. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_private_encrypt()\fR returns the size of the signature (i.e., +RSA_size(rsa)). \fBRSA_public_decrypt()\fR returns the size of the +recovered message digest. +.PP +On error, \-1 is returned; the error codes can be +obtained by \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRSA_sign\fR\|(3), \fBRSA_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 new file mode 100644 index 000000000000..a58a81bea289 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_public_encrypt.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_PUBLIC_ENCRYPT 3" +.TH RSA_PUBLIC_ENCRYPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_public_encrypt, RSA_private_decrypt \- RSA public key cryptography +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_public_encrypt(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& int RSA_private_decrypt(int flen, const unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a +session key) using the public key \fBrsa\fR and stores the ciphertext in +\&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +.PP +\&\fBpadding\fR denotes one of the following modes: +.IP "\s-1RSA_PKCS1_PADDING\s0" 4 +.IX Item "RSA_PKCS1_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode. +However, it is highly recommended to use \s-1RSA_PKCS1_OAEP_PADDING\s0 in +new applications. \s-1SEE WARNING BELOW.\s0 +.IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4 +.IX Item "RSA_PKCS1_OAEP_PADDING" +EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1, MGF1\s0 and an empty +encoding parameter. This mode is recommended for all new applications. +.IP "\s-1RSA_SSLV23_PADDING\s0" 4 +.IX Item "RSA_SSLV23_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding with an SSL-specific modification that denotes +that the server is \s-1SSL3\s0 capable. +.IP "\s-1RSA_NO_PADDING\s0" 4 +.IX Item "RSA_NO_PADDING" +Raw \s-1RSA\s0 encryption. This mode should \fIonly\fR be used to implement +cryptographically sound padding modes in the application code. +Encrypting user data directly with \s-1RSA\s0 is insecure. +.PP +\&\fBflen\fR must not be more than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 +based padding modes, not more than RSA_size(\fBrsa\fR) \- 42 for +\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0 +When a padding mode other than \s-1RSA_NO_PADDING\s0 is in use, then +\&\fBRSA_public_encrypt()\fR will include some random bytes into the ciphertext +and therefore the ciphertext will be different each time, even if the +plaintext and the public key are exactly identical. +The returned ciphertext in \fBto\fR will always be zero padded to exactly +RSA_size(\fBrsa\fR) bytes. +\&\fBto\fR and \fBfrom\fR may overlap. +.PP +\&\fBRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the +private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBflen\fR should +be equal to RSA_size(\fBrsa\fR) but may be smaller, when leading zero +bytes are in the ciphertext. Those are not important and may be removed, +but \fBRSA_public_encrypt()\fR does not do that. \fBto\fR must point +to a memory section large enough to hold the maximal possible decrypted +data (which is equal to RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING,\s0 +RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 based padding modes and +RSA_size(\fBrsa\fR) \- 42 for \s-1RSA_PKCS1_OAEP_PADDING\s0). +\&\fBpadding\fR is the padding mode that was used to encrypt the data. +\&\fBto\fR and \fBfrom\fR may overlap. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_public_encrypt()\fR returns the size of the encrypted data (i.e., +RSA_size(\fBrsa\fR)). \fBRSA_private_decrypt()\fR returns the size of the +recovered plaintext. A return value of 0 is not an error and +means only that the plaintext was empty. +.PP +On error, \-1 is returned; the error codes can be +obtained by \fBERR_get_error\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +Decryption failures in the \s-1RSA_PKCS1_PADDING\s0 mode leak information +which can potentially be used to mount a Bleichenbacher padding oracle +attack. This is an inherent weakness in the \s-1PKCS\s0 #1 v1.5 padding +design. Prefer \s-1RSA_PKCS1_OAEP_PADDING.\s0 +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL, PKCS\s0 #1 v2.0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBRAND_bytes\fR\|(3), +\&\fBRSA_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_set_method.3 b/secure/lib/libcrypto/man/man3/RSA_set_method.3 new file mode 100644 index 000000000000..5a87cc5e1610 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_set_method.3 @@ -0,0 +1,315 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SET_METHOD 3" +.TH RSA_SET_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_set_default_method, RSA_get_default_method, RSA_set_method, RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, RSA_new_method \- select RSA method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void RSA_set_default_method(const RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_get_default_method(void); +\& +\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); +\& +\& RSA_METHOD *RSA_get_method(const RSA *rsa); +\& +\& RSA_METHOD *RSA_PKCS1_OpenSSL(void); +\& +\& int RSA_flags(const RSA *rsa); +\& +\& RSA *RSA_new_method(ENGINE *engine); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 +operations. By modifying the method, alternative implementations such as +hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1RSA API\s0 functions are affected by the +use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. +.PP +Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fBRSA_PKCS1_OpenSSL()\fR. +.PP +\&\fBRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 +structures created later. +\&\fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1RSA,\s0 so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fBRSA_get_default_method()\fR returns a pointer to the current default +\&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on +whether the \s-1ENGINE API\s0 is being used, so this function is no longer +recommended. +.PP +\&\fBRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the +previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1RSA\s0 keys that only +work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected +results. +.PP +\&\fBRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. +This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if +it is, the return value can only be guaranteed to be valid as long as the +\&\s-1RSA\s0 key itself is valid and does not have its implementation changed by +\&\fBRSA_set_method()\fR. +.PP +\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current +\&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section. +.PP +\&\fBRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that +\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the +default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, +the \s-1RSA_METHOD\s0 controlled by \fBRSA_set_default_method()\fR is used. +.PP +\&\fBRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. +.PP +\&\fBRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that +\&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, +the default method is used. +.SH "THE RSA_METHOD STRUCTURE" +.IX Header "THE RSA_METHOD STRUCTURE" +.Vb 4 +\& typedef struct rsa_meth_st +\& { +\& /* name of the implementation */ +\& const char *name; +\& +\& /* encrypt */ +\& int (*rsa_pub_enc)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* verify arbitrary data */ +\& int (*rsa_pub_dec)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* sign arbitrary data */ +\& int (*rsa_priv_enc)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* decrypt */ +\& int (*rsa_priv_dec)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& +\& /* compute r0 = r0 ^ I mod rsa\->n (May be NULL for some implementations) */ +\& int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); +\& +\& /* compute r = a ^ p mod m (May be NULL for some implementations) */ +\& int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +\& +\& /* called at RSA_new */ +\& int (*init)(RSA *rsa); +\& +\& /* called at RSA_free */ +\& int (*finish)(RSA *rsa); +\& +\& /* +\& * RSA_FLAG_EXT_PKEY \- rsa_mod_exp is called for private key +\& * operations, even if p,q,dmp1,dmq1,iqmp +\& * are NULL +\& * RSA_METHOD_FLAG_NO_CHECK \- don\*(Aqt check pub/private match +\& */ +\& int flags; +\& +\& char *app_data; /* ?? */ +\& +\& int (*rsa_sign)(int type, +\& const unsigned char *m, unsigned int m_length, +\& unsigned char *sigret, unsigned int *siglen, const RSA *rsa); +\& int (*rsa_verify)(int dtype, +\& const unsigned char *m, unsigned int m_length, +\& const unsigned char *sigbuf, unsigned int siglen, +\& const RSA *rsa); +\& /* keygen. If NULL builtin RSA key generation will be used */ +\& int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +\& +\& } RSA_METHOD; +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_PKCS1_OpenSSL()\fR, \fBRSA_PKCS1_null_method()\fR, \fBRSA_get_default_method()\fR +and \fBRSA_get_method()\fR return pointers to the respective RSA_METHODs. +.PP +\&\fBRSA_set_default_method()\fR returns no value. +.PP +\&\fBRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation +that was replaced. However, this return value should probably be ignored +because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated +at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a +result of the \fBRSA_set_method()\fR function releasing its handle to the +\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR +declaration in a future release. +.PP +\&\fBRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained +by \fBERR_get_error\fR\|(3) if the allocation fails. Otherwise +it returns a pointer to the newly allocated structure. +.SH "BUGS" +.IX Header "BUGS" +The behaviour of \fBRSA_flags()\fR is a mis-feature that is left as-is for now +to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the +encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key +itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key +(which is what this function returns). If the flags element of an \s-1RSA\s0 key +is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not +be reflected in the return value of the \fBRSA_flags()\fR function \- in effect +\&\fBRSA_flags()\fR behaves more like an \fBRSA_default_flags()\fR function (which does +not currently exist). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRSA_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBRSA_null_method()\fR, which was a partial attempt to avoid patent issues, +was replaced to always return \s-1NULL\s0 in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_sign.3 b/secure/lib/libcrypto/man/man3/RSA_sign.3 new file mode 100644 index 000000000000..edb5431df973 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_sign.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIGN 3" +.TH RSA_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_sign, RSA_verify \- RSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_sign(int type, const unsigned char *m, unsigned int m_len, +\& unsigned char *sigret, unsigned int *siglen, RSA *rsa); +\& +\& int RSA_verify(int type, const unsigned char *m, unsigned int m_len, +\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the +private key \fBrsa\fR using RSASSA\-PKCS1\-v1_5 as specified in \s-1RFC 3447.\s0 It +stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. +\&\fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the +key that can be used. +See \fBRSA_private_encrypt\fR\|(3) for lower-level +operations. +.PP +\&\fBtype\fR denotes the message digest algorithm that was used to generate +\&\fBm\fR. +If \fBtype\fR is \fBNID_md5_sha1\fR, +an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding +and no algorithm identifier) is created. +.PP +\&\fBRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes +the message digest algorithm that was used to generate the signature. +\&\fBrsa\fR is the signer's public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_sign()\fR returns 1 on success. +\&\fBRSA_verify()\fR returns 1 on successful verification. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL, PKCS\s0 #1 v2.0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRSA_private_encrypt\fR\|(3), +\&\fBRSA_public_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 new file mode 100644 index 000000000000..e4c5e8b12e66 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_sign_ASN1_OCTET_STRING.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIGN_ASN1_OCTET_STRING 3" +.TH RSA_SIGN_ASN1_OCTET_STRING 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- RSA signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigret, +\& unsigned int *siglen, RSA *rsa); +\& +\& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigbuf, +\& unsigned int siglen, RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size +\&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1 +padding. It stores the signature in \fBsigret\fR and the signature size +in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of +memory. +.PP +\&\fBdummy\fR is ignored. +.PP +The random number generator must be seeded when calling +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR. +If the automatic seeding or reseeding of the OpenSSL \s-1CSPRNG\s0 fails due to +external circumstances (see \s-1\fBRAND\s0\fR\|(7)), the operation will fail. +.PP +\&\fBRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR +of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string +\&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's +public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise. +\&\fBRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0 +otherwise. +.PP +The error codes can be obtained by \fBERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +These functions serve no recognizable purpose. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBRAND_bytes\fR\|(3), \fBRSA_sign\fR\|(3), +\&\fBRSA_verify\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/RSA_size.3 b/secure/lib/libcrypto/man/man3/RSA_size.3 new file mode 100644 index 000000000000..023b799d556b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/RSA_size.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA_SIZE 3" +.TH RSA_SIZE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA_size, RSA_bits, RSA_security_bits \- get RSA modulus size or security bits +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int RSA_size(const RSA *rsa); +\& +\& int RSA_bits(const RSA *rsa); +\& +\& int RSA_security_bits(const RSA *rsa) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBRSA_size()\fR returns the \s-1RSA\s0 modulus size in bytes. It can be used to +determine how much memory must be allocated for an \s-1RSA\s0 encrypted +value. +.PP +\&\fBRSA_bits()\fR returns the number of significant bits. +.PP +\&\fBrsa\fR and \fBrsa\->n\fR must not be \fB\s-1NULL\s0\fR. +.PP +\&\fBRSA_security_bits()\fR returns the number of security bits of the given \fBrsa\fR +key. See \fBBN_security_bits\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBRSA_size()\fR returns the size of modulus in bytes. +.PP +\&\fBDSA_bits()\fR returns the number of bits in the key. +.PP +\&\fBRSA_security_bits()\fR returns the number of security bits. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBN_num_bits\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBRSA_bits()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SCT_new.3 b/secure/lib/libcrypto/man/man3/SCT_new.3 new file mode 100644 index 000000000000..268e489a840c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SCT_new.3 @@ -0,0 +1,306 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_NEW 3" +.TH SCT_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_new, SCT_new_from_base64, SCT_free, SCT_LIST_free, SCT_get_version, SCT_set_version, SCT_get_log_entry_type, SCT_set_log_entry_type, SCT_get0_log_id, SCT_set0_log_id, SCT_set1_log_id, SCT_get_timestamp, SCT_set_timestamp, SCT_get_signature_nid, SCT_set_signature_nid, SCT_get0_signature, SCT_set0_signature, SCT_set1_signature, SCT_get0_extensions, SCT_set0_extensions, SCT_set1_extensions, SCT_get_source, SCT_set_source \&\- A Certificate Transparency Signed Certificate Timestamp +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef enum { +\& CT_LOG_ENTRY_TYPE_NOT_SET = \-1, +\& CT_LOG_ENTRY_TYPE_X509 = 0, +\& CT_LOG_ENTRY_TYPE_PRECERT = 1 +\& } ct_log_entry_type_t; +\& +\& typedef enum { +\& SCT_VERSION_NOT_SET = \-1, +\& SCT_VERSION_V1 = 0 +\& } sct_version_t; +\& +\& typedef enum { +\& SCT_SOURCE_UNKNOWN, +\& SCT_SOURCE_TLS_EXTENSION, +\& SCT_SOURCE_X509V3_EXTENSION, +\& SCT_SOURCE_OCSP_STAPLED_RESPONSE +\& } sct_source_t; +\& +\& SCT *SCT_new(void); +\& SCT *SCT_new_from_base64(unsigned char version, +\& const char *logid_base64, +\& ct_log_entry_type_t entry_type, +\& uint64_t timestamp, +\& const char *extensions_base64, +\& const char *signature_base64); +\& +\& void SCT_free(SCT *sct); +\& void SCT_LIST_free(STACK_OF(SCT) *a); +\& +\& sct_version_t SCT_get_version(const SCT *sct); +\& int SCT_set_version(SCT *sct, sct_version_t version); +\& +\& ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); +\& int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); +\& +\& size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); +\& int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); +\& int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len); +\& +\& uint64_t SCT_get_timestamp(const SCT *sct); +\& void SCT_set_timestamp(SCT *sct, uint64_t timestamp); +\& +\& int SCT_get_signature_nid(const SCT *sct); +\& int SCT_set_signature_nid(SCT *sct, int nid); +\& +\& size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); +\& void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); +\& int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len); +\& +\& size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); +\& void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); +\& int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len); +\& +\& sct_source_t SCT_get_source(const SCT *sct); +\& int SCT_set_source(SCT *sct, sct_source_t source); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Signed Certificate Timestamps (SCTs) are defined by \s-1RFC 6962,\s0 Section 3.2. +They constitute a promise by a Certificate Transparency (\s-1CT\s0) log to publicly +record a certificate. By cryptographically verifying that a log did indeed issue +an \s-1SCT,\s0 some confidence can be gained that the certificate is publicly known. +.PP +An internal representation of an \s-1SCT\s0 can be created in one of two ways. +The first option is to create a blank \s-1SCT,\s0 using \fBSCT_new()\fR, and then populate +it using: +.IP "\(bu" 2 +\&\fBSCT_set_version()\fR to set the \s-1SCT\s0 version. +.Sp +Only \s-1SCT_VERSION_V1\s0 is currently supported. +.IP "\(bu" 2 +\&\fBSCT_set_log_entry_type()\fR to set the type of certificate the \s-1SCT\s0 was issued for: +.Sp +\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. +\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. +.IP "\(bu" 2 +\&\fBSCT_set0_log_id()\fR or \fBSCT_set1_log_id()\fR to set the LogID of the \s-1CT\s0 log that the \s-1SCT\s0 came from. +.Sp +The former takes ownership, whereas the latter makes a copy. +See \s-1RFC 6962,\s0 Section 3.2 for the definition of LogID. +.IP "\(bu" 2 +\&\fBSCT_set_timestamp()\fR to set the time the \s-1SCT\s0 was issued (epoch time in milliseconds). +.IP "\(bu" 2 +\&\fBSCT_set_signature_nid()\fR to set the \s-1NID\s0 of the signature. +.IP "\(bu" 2 +\&\fBSCT_set0_signature()\fR or \fBSCT_set1_signature()\fR to set the raw signature value. +.Sp +The former takes ownership, whereas the latter makes a copy. +.IP "\(bu" 2 +\&\fBSCT_set0_extensions()\fR or \fBSCT_set1_extensions\fR to provide \s-1SCT\s0 extensions. +.Sp +The former takes ownership, whereas the latter makes a copy. +.PP +Alternatively, the \s-1SCT\s0 can be pre-populated from the following data using +\&\fBSCT_new_from_base64()\fR: +.IP "\(bu" 2 +The \s-1SCT\s0 version (only \s-1SCT_VERSION_V1\s0 is currently supported). +.IP "\(bu" 2 +The LogID (see \s-1RFC 6962,\s0 Section 3.2), base64 encoded. +.IP "\(bu" 2 +The type of certificate the \s-1SCT\s0 was issued for: +\&\fB\s-1CT_LOG_ENTRY_TYPE_X509\s0\fR for a normal certificate. +\&\fB\s-1CT_LOG_ENTRY_TYPE_PRECERT\s0\fR for a pre-certificate. +.IP "\(bu" 2 +The time that the \s-1SCT\s0 was issued (epoch time in milliseconds). +.IP "\(bu" 2 +The \s-1SCT\s0 extensions, base64 encoded. +.IP "\(bu" 2 +The \s-1SCT\s0 signature, base64 encoded. +.PP +\&\fBSCT_set_source()\fR can be used to record where the \s-1SCT\s0 was found +(\s-1TLS\s0 extension, X.509 certificate extension or \s-1OCSP\s0 response). This is not +required for verifying the \s-1SCT.\s0 +.SH "NOTES" +.IX Header "NOTES" +Some of the setters return int, instead of void. These will all return 1 on +success, 0 on failure. They will not make changes on failure. +.PP +All of the setters will reset the validation status of the \s-1SCT\s0 to +\&\s-1SCT_VALIDATION_STATUS_NOT_SET\s0 (see \fBSCT_validate\fR\|(3)). +.PP +\&\fBSCT_set_source()\fR will call \fBSCT_set_log_entry_type()\fR if the type of +certificate the \s-1SCT\s0 was issued for can be inferred from where the \s-1SCT\s0 was found. +For example, an \s-1SCT\s0 found in an X.509 extension must have been issued for a pre\- +certificate. +.PP +\&\fBSCT_set_source()\fR will not refuse unknown values. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSCT_set_version()\fR returns 1 if the specified version is supported, 0 otherwise. +.PP +\&\fBSCT_set_log_entry_type()\fR returns 1 if the specified log entry type is supported, 0 otherwise. +.PP +\&\fBSCT_set0_log_id()\fR and \fBSCT_set1_log_id\fR return 1 if the specified LogID is a +valid \s-1SHA\-256\s0 hash, 0 otherwise. Additionally, \fBSCT_set1_log_id\fR returns 0 if +malloc fails. +.PP +\&\fBSCT_set_signature_nid\fR returns 1 if the specified \s-1NID\s0 is supported, 0 otherwise. +.PP +\&\fBSCT_set1_extensions\fR and \fBSCT_set1_signature\fR return 1 if the supplied buffer +is copied successfully, 0 otherwise (i.e. if malloc fails). +.PP +\&\fBSCT_set_source\fR returns 1 on success, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBSCT_validate\fR\|(3), +\&\fBOBJ_nid2obj\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SCT_print.3 b/secure/lib/libcrypto/man/man3/SCT_print.3 new file mode 100644 index 000000000000..9fba55dcd2ca --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SCT_print.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_PRINT 3" +.TH SCT_PRINT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_print, SCT_LIST_print, SCT_validation_status_string \- Prints Signed Certificate Timestamps in a human\-readable way +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); +\& void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, +\& const char *separator, const CTLOG_STORE *logs); +\& const char *SCT_validation_status_string(const SCT *sct); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSCT_print()\fR prints a single Signed Certificate Timestamp (\s-1SCT\s0) to a bio in +a human-readable format. \fBSCT_LIST_print()\fR prints an entire list of SCTs in a +similar way. A separator can be specified to delimit each \s-1SCT\s0 in the output. +.PP +The output can be indented by a specified number of spaces. If a \fB\s-1CTLOG_STORE\s0\fR +is provided, it will be used to print the description of the \s-1CT\s0 log that issued +each \s-1SCT\s0 (if that log is in the \s-1CTLOG_STORE\s0). Alternatively, \s-1NULL\s0 can be passed +as the \s-1CTLOG_STORE\s0 parameter to disable this feature. +.PP +\&\fBSCT_validation_status_string()\fR will return the validation status of an \s-1SCT\s0 as +a human-readable string. Call \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR +beforehand in order to set the validation status of an \s-1SCT\s0 first. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSCT_validation_status_string()\fR returns a null-terminated string representing +the validation status of an \fB\s-1SCT\s0\fR object. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBbio\fR\|(7), +\&\fBCTLOG_STORE_new\fR\|(3), +\&\fBSCT_validate\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SCT_validate.3 b/secure/lib/libcrypto/man/man3/SCT_validate.3 new file mode 100644 index 000000000000..44c760832342 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SCT_validate.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCT_VALIDATE 3" +.TH SCT_VALIDATE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SCT_validate, SCT_LIST_validate, SCT_get_validation_status \- checks Signed Certificate Timestamps (SCTs) are valid +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef enum { +\& SCT_VALIDATION_STATUS_NOT_SET, +\& SCT_VALIDATION_STATUS_UNKNOWN_LOG, +\& SCT_VALIDATION_STATUS_VALID, +\& SCT_VALIDATION_STATUS_INVALID, +\& SCT_VALIDATION_STATUS_UNVERIFIED, +\& SCT_VALIDATION_STATUS_UNKNOWN_VERSION +\& } sct_validation_status_t; +\& +\& int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); +\& int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx); +\& sct_validation_status_t SCT_get_validation_status(const SCT *sct); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSCT_validate()\fR will check that an \s-1SCT\s0 is valid and verify its signature. +\&\fBSCT_LIST_validate()\fR performs the same checks on an entire stack of SCTs. +The result of the validation checks can be obtained by passing the \s-1SCT\s0 to +\&\fBSCT_get_validation_status()\fR. +.PP +A \s-1CT_POLICY_EVAL_CTX\s0 must be provided that specifies: +.IP "\(bu" 2 +The certificate the \s-1SCT\s0 was issued for. +.Sp +Failure to provide the certificate will result in the validation status being +\&\s-1SCT_VALIDATION_STATUS_UNVERIFIED.\s0 +.IP "\(bu" 2 +The issuer of that certificate. +.Sp +This is only required if the \s-1SCT\s0 was issued for a pre-certificate +(see \s-1RFC 6962\s0). If it is required but not provided, the validation status will +be \s-1SCT_VALIDATION_STATUS_UNVERIFIED.\s0 +.IP "\(bu" 2 +A \s-1CTLOG_STORE\s0 that contains the \s-1CT\s0 log that issued this \s-1SCT.\s0 +.Sp +If the \s-1SCT\s0 was issued by a log that is not in this \s-1CTLOG_STORE,\s0 the validation +status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_LOG.\s0 +.PP +If the \s-1SCT\s0 is of an unsupported version (only v1 is currently supported), the +validation status will be \s-1SCT_VALIDATION_STATUS_UNKNOWN_VERSION.\s0 +.PP +If the \s-1SCT\s0's signature is incorrect, its timestamp is in the future (relative to +the time in \s-1CT_POLICY_EVAL_CTX\s0), or if it is otherwise invalid, the validation +status will be \s-1SCT_VALIDATION_STATUS_INVALID.\s0 +.PP +If all checks pass, the validation status will be \s-1SCT_VALIDATION_STATUS_VALID.\s0 +.SH "NOTES" +.IX Header "NOTES" +A return value of 0 from \fBSCT_LIST_validate()\fR should not be interpreted as a +failure. At a minimum, only one valid \s-1SCT\s0 may provide sufficient confidence +that a certificate has been publicly logged. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSCT_validate()\fR returns a negative integer if an internal error occurs, 0 if the +\&\s-1SCT\s0 fails validation, or 1 if the \s-1SCT\s0 passes validation. +.PP +\&\fBSCT_LIST_validate()\fR returns a negative integer if an internal error occurs, 0 +if any of SCTs fails validation, or 1 if they all pass validation. +.PP +\&\fBSCT_get_validation_status()\fR returns the validation status of the \s-1SCT.\s0 +If \fBSCT_validate()\fR or \fBSCT_LIST_validate()\fR have not been passed that \s-1SCT,\s0 the +returned value will be \s-1SCT_VALIDATION_STATUS_NOT_SET.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SHA256_Init.3 b/secure/lib/libcrypto/man/man3/SHA256_Init.3 new file mode 100644 index 000000000000..8e07cce30a80 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SHA256_Init.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SHA256_INIT 3" +.TH SHA256_INIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SHA1, SHA1_Init, SHA1_Update, SHA1_Final, SHA224, SHA224_Init, SHA224_Update, SHA224_Final, SHA256, SHA256_Init, SHA256_Update, SHA256_Final, SHA384, SHA384_Init, SHA384_Update, SHA384_Final, SHA512, SHA512_Init, SHA512_Update, SHA512_Final \- Secure Hash Algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SHA1_Init(SHA_CTX *c); +\& int SHA1_Update(SHA_CTX *c, const void *data, size_t len); +\& int SHA1_Final(unsigned char *md, SHA_CTX *c); +\& unsigned char *SHA1(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA224_Init(SHA256_CTX *c); +\& int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); +\& int SHA224_Final(unsigned char *md, SHA256_CTX *c); +\& unsigned char *SHA224(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA256_Init(SHA256_CTX *c); +\& int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); +\& int SHA256_Final(unsigned char *md, SHA256_CTX *c); +\& unsigned char *SHA256(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA384_Init(SHA512_CTX *c); +\& int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); +\& int SHA384_Final(unsigned char *md, SHA512_CTX *c); +\& unsigned char *SHA384(const unsigned char *d, size_t n, +\& unsigned char *md); +\& +\& int SHA512_Init(SHA512_CTX *c); +\& int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); +\& int SHA512_Final(unsigned char *md, SHA512_CTX *c); +\& unsigned char *SHA512(const unsigned char *d, size_t n, +\& unsigned char *md); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Applications should use the higher level functions +\&\fBEVP_DigestInit\fR\|(3) etc. instead of calling the hash +functions directly. +.PP +\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a +160 bit output. +.PP +\&\s-1\fBSHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest +is placed in a static array. Note: setting \fBmd\fR to \s-1NULL\s0 is \fBnot thread safe\fR. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fBSHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. +.PP +\&\fBSHA1_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fBSHA1_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR. +.PP +The \s-1SHA224, SHA256, SHA384\s0 and \s-1SHA512\s0 families of functions operate in the +same way as for the \s-1SHA1\s0 functions. Note that \s-1SHA224\s0 and \s-1SHA256\s0 use a +\&\fB\s-1SHA256_CTX\s0\fR object instead of \fB\s-1SHA_CTX\s0\fR. \s-1SHA384\s0 and \s-1SHA512\s0 use \fB\s-1SHA512_CTX\s0\fR. +The buffer \fBmd\fR must have space for the output from the \s-1SHA\s0 variant being used +(defined by \s-1SHA224_DIGEST_LENGTH, SHA256_DIGEST_LENGTH, SHA384_DIGEST_LENGTH\s0 and +\&\s-1SHA512_DIGEST_LENGTH\s0). Also note that, as for the \s-1\fBSHA1\s0()\fR function above, the +\&\s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR functions are not thread safe if +\&\fBmd\fR is \s-1NULL.\s0 +.PP +The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be +used only when backward compatibility is required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1\fBSHA1\s0()\fR, \s-1\fBSHA224\s0()\fR, \s-1\fBSHA256\s0()\fR, \s-1\fBSHA384\s0()\fR and \s-1\fBSHA512\s0()\fR return a pointer to the hash +value. +.PP +\&\fBSHA1_Init()\fR, \fBSHA1_Update()\fR and \fBSHA1_Final()\fR and equivalent \s-1SHA224, SHA256, +SHA384\s0 and \s-1SHA512\s0 functions return 1 for success, 0 otherwise. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-4\s0 (Secure Hash +Standard), +\&\s-1ANSI X9.30\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 new file mode 100644 index 000000000000..3dc53482cd07 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SMIME_read_CMS.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_READ_CMS 3" +.TH SMIME_READ_CMS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_read_CMS \- parse S/MIME message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_ContentInfo *SMIME_read_CMS(BIO *in, BIO **bcont); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_read_CMS()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in a memory bio which is +written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL.\s0 +.PP +The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an +error occurred. +.SH "NOTES" +.IX Header "NOTES" +If \fB*bcont\fR is not \s-1NULL\s0 then the message is clear text signed. \fB*bcont\fR can +then be passed to \fBCMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set. +.PP +Otherwise the type of the returned structure can be determined +using \fBCMS_get0_type()\fR. +.PP +To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be +initialized to \s-1NULL.\s0 For example: +.PP +.Vb 2 +\& BIO *cont = NULL; +\& CMS_ContentInfo *cms; +\& +\& cms = SMIME_read_CMS(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fBSMIME_read_CMS()\fR is somewhat primitive. While it will +handle most S/MIME messages more complex compound formats may not work. +.PP +The parser assumes that the CMS_ContentInfo structure is always base64 encoded +and will not handle the case where it is in binary format or uses quoted +printable format. +.PP +The use of a memory \s-1BIO\s0 to hold the signed content limits the size of message +which can be processed due to memory restraints: a streaming single pass option +should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_read_CMS()\fR returns a valid \fBCMS_ContentInfo\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_type\fR\|(3), +\&\fBSMIME_read_CMS\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3), +\&\fBCMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 new file mode 100644 index 000000000000..ded4ed00e699 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SMIME_read_PKCS7.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_READ_PKCS7 3" +.TH SMIME_READ_PKCS7 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_read_PKCS7 \- parse S/MIME message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_read_PKCS7()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in +a memory bio which is written to \fB*bcont\fR, otherwise +\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR. +.PP +The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an +error occurred. +.SH "NOTES" +.IX Header "NOTES" +If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text +signed. \fB*bcont\fR can then be passed to \fBPKCS7_verify()\fR with +the \fB\s-1PKCS7_DETACHED\s0\fR flag set. +.PP +Otherwise the type of the returned structure can be determined +using \fBPKCS7_type_is_enveloped()\fR, etc. +.PP +To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR +\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: +.PP +.Vb 2 +\& BIO *cont = NULL; +\& PKCS7 *p7; +\& +\& p7 = SMIME_read_PKCS7(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fBSMIME_read_PKCS7()\fR is somewhat primitive. +While it will handle most S/MIME messages more complex compound +formats may not work. +.PP +The parser assumes that the \s-1PKCS7\s0 structure is always base64 +encoded and will not handle the case where it is in binary format +or uses quoted printable format. +.PP +The use of a memory \s-1BIO\s0 to hold the signed content limits the size +of message which can be processed due to memory restraints: a +streaming single pass option should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR +if an error occurred. The error can be obtained from \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), +\&\fBSMIME_read_PKCS7\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 new file mode 100644 index 000000000000..2a93267c4d92 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SMIME_write_CMS.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_WRITE_CMS 3" +.TH SMIME_WRITE_CMS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_write_CMS \- convert CMS structure to S/MIME format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SMIME_write_CMS(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_write_CMS()\fR adds the appropriate \s-1MIME\s0 headers to a \s-1CMS\s0 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBcms\fR is the appropriate +\&\fBCMS_ContentInfo\fR structure. If streaming is enabled then the content must be +supplied in the \fBdata\fR argument. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1CMS_DETACHED\s0\fR is set then cleartext signing will be used, this option only +makes sense for SignedData where \fB\s-1CMS_DETACHED\s0\fR is also set when \fBCMS_sign()\fR is +called. +.PP +If the \fB\s-1CMS_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are added to +the content, this only makes sense if \fB\s-1CMS_DETACHED\s0\fR is also set. +.PP +If the \fB\s-1CMS_STREAM\s0\fR flag is set streaming is performed. This flag should only +be set if \fB\s-1CMS_STREAM\s0\fR was also set in the previous call to a CMS_ContentInfo +creation function. +.PP +If cleartext signing is being used and \fB\s-1CMS_STREAM\s0\fR not set then the data must +be read twice: once to compute the signature in \fBCMS_sign()\fR and once to output +the S/MIME message. +.PP +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. +.SH "BUGS" +.IX Header "BUGS" +\&\fBSMIME_write_CMS()\fR always base64 encodes \s-1CMS\s0 structures, there should be an +option to disable this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_write_CMS()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 new file mode 100644 index 000000000000..0d88ddd007b5 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SMIME_write_PKCS7.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SMIME_WRITE_PKCS7 3" +.TH SMIME_WRITE_PKCS7 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate \fB\s-1PKCS7\s0\fR +structure. If streaming is enabled then the content must be supplied in the +\&\fBdata\fR argument. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, +this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR +is also set when \fBPKCS7_sign()\fR is also called. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR +are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR +is also set. +.PP +If the \fB\s-1PKCS7_STREAM\s0\fR flag is set streaming is performed. This flag should +only be set if \fB\s-1PKCS7_STREAM\s0\fR was also set in the previous call to +\&\fBPKCS7_sign()\fR or \fBPKCS7_encrypt()\fR. +.PP +If cleartext signing is being used and \fB\s-1PKCS7_STREAM\s0\fR not set then +the data must be read twice: once to compute the signature in \fBPKCS7_sign()\fR +and once to output the S/MIME message. +.PP +If streaming is performed the content is output in \s-1BER\s0 format using indefinite +length constructed encoding except in the case of signed data with detached +content where the content is absent and \s-1DER\s0 format is used. +.SH "BUGS" +.IX Header "BUGS" +\&\fBSMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there +should be an option to disable this. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 b/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 new file mode 100644 index 000000000000..e82e668e4df8 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CIPHER_get_name.3 @@ -0,0 +1,325 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CIPHER_GET_NAME 3" +.TH SSL_CIPHER_GET_NAME 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CIPHER_get_name, SSL_CIPHER_standard_name, OPENSSL_cipher_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description, SSL_CIPHER_get_cipher_nid, SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_handshake_digest, SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, SSL_CIPHER_get_id, SSL_CIPHER_get_protocol_id \&\- get SSL_CIPHER properties +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher); +\& const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher); +\& const char *OPENSSL_cipher_name(const char *stdname); +\& int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits); +\& char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher); +\& char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int size); +\& int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +\& const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +\& int SSL_CIPHER_is_aead(const SSL_CIPHER *c); +\& const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +\& uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +\& uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the +\&\fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". +.PP +\&\fBSSL_CIPHER_standard_name()\fR returns a pointer to the standard \s-1RFC\s0 name of +\&\fBcipher\fR. If the \fBcipher\fR is \s-1NULL,\s0 it returns \*(L"(\s-1NONE\s0)\*(R". If the \fBcipher\fR +has no standard name, it returns \fB\s-1NULL\s0\fR. If \fBcipher\fR was defined in both +SSLv3 and \s-1TLS,\s0 it returns the \s-1TLS\s0 name. +.PP +\&\fBOPENSSL_cipher_name()\fR returns a pointer to the OpenSSL name of \fBstdname\fR. +If the \fBstdname\fR is \s-1NULL,\s0 or \fBstdname\fR has no corresponding OpenSSL name, +it returns \*(L"(\s-1NONE\s0)\*(R". Where both exist, \fBstdname\fR should be the \s-1TLS\s0 name rather +than the SSLv3 name. +.PP +\&\fBSSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. +If \fBcipher\fR is \s-1NULL, 0\s0 is returned. +.PP +\&\fBSSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol +version that first defined the cipher. It returns \*(L"(\s-1NONE\s0)\*(R" if \fBcipher\fR is \s-1NULL.\s0 +.PP +\&\fBSSL_CIPHER_get_cipher_nid()\fR returns the cipher \s-1NID\s0 corresponding to \fBc\fR. +If there is no cipher (e.g. for cipher suites with no encryption) then +\&\fBNID_undef\fR is returned. +.PP +\&\fBSSL_CIPHER_get_digest_nid()\fR returns the digest \s-1NID\s0 corresponding to the \s-1MAC\s0 +used by \fBc\fR during record encryption/decryption. If there is no digest (e.g. +for \s-1AEAD\s0 cipher suites) then \fBNID_undef\fR is returned. +.PP +\&\fBSSL_CIPHER_get_handshake_digest()\fR returns an \s-1EVP_MD\s0 for the digest used during +the \s-1SSL/TLS\s0 handshake when using the \s-1SSL_CIPHER\s0 \fBc\fR. Note that this may be +different to the digest used to calculate the \s-1MAC\s0 for encrypted records. +.PP +\&\fBSSL_CIPHER_get_kx_nid()\fR returns the key exchange \s-1NID\s0 corresponding to the method +used by \fBc\fR. If there is no key exchange, then \fBNID_undef\fR is returned. +If any appropriate key exchange algorithm can be used (as in the case of \s-1TLS 1.3\s0 +cipher suites) \fBNID_kx_any\fR is returned. Examples (not comprehensive): +.PP +.Vb 4 +\& NID_kx_rsa +\& NID_kx_ecdhe +\& NID_kx_dhe +\& NID_kx_psk +.Ve +.PP +\&\fBSSL_CIPHER_get_auth_nid()\fR returns the authentication \s-1NID\s0 corresponding to the method +used by \fBc\fR. If there is no authentication, then \fBNID_undef\fR is returned. +If any appropriate authentication algorithm can be used (as in the case of +\&\s-1TLS 1.3\s0 cipher suites) \fBNID_auth_any\fR is returned. Examples (not comprehensive): +.PP +.Vb 3 +\& NID_auth_rsa +\& NID_auth_ecdsa +\& NID_auth_psk +.Ve +.PP +\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher \fBc\fR is \s-1AEAD\s0 (e.g. \s-1GCM\s0 or +ChaCha20/Poly1305), and 0 if it is not \s-1AEAD.\s0 +.PP +\&\fBSSL_CIPHER_find()\fR returns a \fB\s-1SSL_CIPHER\s0\fR structure which has the cipher \s-1ID\s0 stored +in \fBptr\fR. The \fBptr\fR parameter is a two element array of \fBchar\fR, which stores the +two-byte \s-1TLS\s0 cipher \s-1ID\s0 (as allocated by \s-1IANA\s0) in network byte order. This parameter +is usually retrieved from a \s-1TLS\s0 packet by using functions like +\&\fBSSL_client_hello_get0_ciphers\fR\|(3). \fBSSL_CIPHER_find()\fR returns \s-1NULL\s0 if an +error occurs or the indicated cipher is not found. +.PP +\&\fBSSL_CIPHER_get_id()\fR returns the OpenSSL-specific \s-1ID\s0 of the given cipher \fBc\fR. That \s-1ID\s0 is +not the same as the IANA-specific \s-1ID.\s0 +.PP +\&\fBSSL_CIPHER_get_protocol_id()\fR returns the two-byte \s-1ID\s0 used in the \s-1TLS\s0 protocol of the given +cipher \fBc\fR. +.PP +\&\fBSSL_CIPHER_description()\fR returns a textual description of the cipher used +into the buffer \fBbuf\fR of length \fBlen\fR provided. If \fBbuf\fR is provided, it +must be at least 128 bytes, otherwise a buffer will be allocated using +\&\fBOPENSSL_malloc()\fR. If the provided buffer is too small, or the allocation fails, +\&\fB\s-1NULL\s0\fR is returned. +.PP +The string returned by \fBSSL_CIPHER_description()\fR consists of several fields +separated by whitespace: +.IP "" 4 +.IX Item "" +Textual representation of the cipher name. +.IP "" 4 +.IX Item "" +The minimum protocol version that the ciphersuite supports, such as \fBTLSv1.2\fR. +Note that this is not always the same as the protocol version in which the +ciphersuite was first defined because some ciphersuites are backwards compatible +with earlier protocol versions. +.IP "Kx=" 4 +.IX Item "Kx=" +Key exchange method such as \fB\s-1RSA\s0\fR, \fB\s-1ECDHE\s0\fR, etc. +.IP "Au=" 4 +.IX Item "Au=" +Authentication method such as \fB\s-1RSA\s0\fR, \fBNone\fR, etc.. None is the +representation of anonymous ciphers. +.IP "Enc=" 4 +.IX Item "Enc=" +Encryption method, with number of secret bits, such as \fB\s-1AESGCM\s0(128)\fR. +.IP "Mac=" 4 +.IX Item "Mac=" +Message digest, such as \fB\s-1SHA256\s0\fR. +.PP +Some examples for the output of \fBSSL_CIPHER_description()\fR: +.PP +.Vb 2 +\& ECDHE\-RSA\-AES256\-GCM\-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD +\& RSA\-PSK\-AES256\-CBC\-SHA384 TLSv1.0 Kx=RSAPSK Au=RSA Enc=AES(256) Mac=SHA384 +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CIPHER_get_name()\fR, \fBSSL_CIPHER_standard_name()\fR, \fBOPENSSL_cipher_name()\fR, +\&\fBSSL_CIPHER_get_version()\fR and \fBSSL_CIPHER_description()\fR return the corresponding +value in a null-terminated string for a specific cipher or \*(L"(\s-1NONE\s0)\*(R" +if the cipher is not found. +.PP +\&\fBSSL_CIPHER_get_bits()\fR returns a positive integer representing the number of +secret bits or 0 if an error occurred. +.PP +\&\fBSSL_CIPHER_get_cipher_nid()\fR, \fBSSL_CIPHER_get_digest_nid()\fR, +\&\fBSSL_CIPHER_get_kx_nid()\fR and \fBSSL_CIPHER_get_auth_nid()\fR return the \s-1NID\s0 value or +\&\fBNID_undef\fR if an error occurred. +.PP +\&\fBSSL_CIPHER_get_handshake_digest()\fR returns a valid \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 +if an error occurred. +.PP +\&\fBSSL_CIPHER_is_aead()\fR returns 1 if the cipher is \s-1AEAD\s0 or 0 otherwise. +.PP +\&\fBSSL_CIPHER_find()\fR returns a valid \fB\s-1SSL_CIPHER\s0\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBSSL_CIPHER_get_id()\fR returns a 4\-byte integer representing the OpenSSL-specific \s-1ID.\s0 +.PP +\&\fBSSL_CIPHER_get_protocol_id()\fR returns a 2\-byte integer representing the \s-1TLS\s0 +protocol-specific \s-1ID.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_current_cipher\fR\|(3), +\&\fBSSL_get_ciphers\fR\|(3), \fBciphers\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CIPHER_get_version()\fR function was updated to always return the +correct protocol string in OpenSSL 1.1.0. +.PP +The \fBSSL_CIPHER_description()\fR function was changed to return \fB\s-1NULL\s0\fR on error, +rather than a fixed string, in OpenSSL 1.1.0. +.PP +The \fBSSL_CIPHER_get_handshake_digest()\fR function was added in OpenSSL 1.1.1. +.PP +The \fBSSL_CIPHER_standard_name()\fR function was globally available in OpenSSL 1.1.1. + Before OpenSSL 1.1.1, tracing (\fBenable-ssl-trace\fR argument to Configure) was +required to enable this function. +.PP +The \fBOPENSSL_cipher_name()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 b/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 new file mode 100644 index 000000000000..5a2b59079f24 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_COMP_add_compression_method.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 3" +.TH SSL_COMP_ADD_COMPRESSION_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_COMP_add_compression_method, SSL_COMP_get_compression_methods, SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods \&\- handle SSL/TLS integrated compression methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); +\& STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +\& const char *SSL_COMP_get0_name(const SSL_COMP *comp); +\& int SSL_COMP_get_id(const SSL_COMP *comp); +.Ve +.PP +Deprecated: +.PP +.Vb 3 +\& #if OPENSSL_API_COMPAT < 0x10100000L +\& void SSL_COMP_free_compression_methods(void) +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with +the identifier \fBid\fR to the list of available compression methods. This +list is globally maintained for all \s-1SSL\s0 operations within this application. +It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. +.PP +\&\fBSSL_COMP_get_compression_methods()\fR returns a stack of all of the available +compression methods or \s-1NULL\s0 on error. +.PP +\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method \fBcomp\fR. +.PP +\&\fBSSL_COMP_get_id()\fR returns the id of the compression method \fBcomp\fR. +.PP +\&\fBSSL_COMP_free_compression_methods()\fR releases any resources acquired to +maintain the internal table of compression methods. +.SH "NOTES" +.IX Header "NOTES" +The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods +into the communication. The \s-1TLS RFC\s0 does however not specify compression +methods or their corresponding identifiers, so there is currently no compatible +way to integrate compression with unknown peers. It is therefore currently not +recommended to integrate compression into applications. Applications for +non-public use may agree on certain compression methods. Using different +compression methods with the same identifier will lead to connection failure. +.PP +An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) +will unconditionally send the list of all compression methods enabled with +\&\fBSSL_COMP_add_compression_method()\fR to the server during the handshake. +Unlike the mechanisms to set a cipher list, there is no method available to +restrict the list of compression method on a per connection basis. +.PP +An OpenSSL server will match the identifiers listed by a client against +its own compression methods and will unconditionally activate compression +when a matching identifier is found. There is no way to restrict the list +of compression methods supported on a per connection basis. +.PP +If enabled during compilation, the OpenSSL library will have the +\&\fBCOMP_zlib()\fR compression method available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_COMP_add_compression_method()\fR may return the following values: +.IP "0" 4 +The operation succeeded. +.IP "1" 4 +.IX Item "1" +The operation failed. Check the error queue to find out the reason. +.PP +\&\fBSSL_COMP_get_compression_methods()\fR returns the stack of compressions methods or +\&\s-1NULL\s0 on error. +.PP +\&\fBSSL_COMP_get0_name()\fR returns the name of the compression method or \s-1NULL\s0 on error. +.PP +\&\fBSSL_COMP_get_id()\fR returns the name of the compression method or \-1 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_COMP_free_compression_methods()\fR function was deprecated in OpenSSL 1.1.0. +The \fBSSL_COMP_get0_name()\fR and \fBSSL_comp_get_id()\fR functions were added in OpenSSL 1.1.0d. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 new file mode 100644 index 000000000000..fb4b99400d35 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_new.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_NEW 3" +.TH SSL_CONF_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_new, SSL_CONF_CTX_free \- SSL configuration allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CONF_CTX *SSL_CONF_CTX_new(void); +\& void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_CTX_new()\fR allocates and initialises an \fB\s-1SSL_CONF_CTX\s0\fR +structure for use with the \s-1SSL_CONF\s0 functions. +.PP +The function \fBSSL_CONF_CTX_free()\fR frees up the context \fBcctx\fR. +If \fBcctx\fR is \s-1NULL\s0 nothing is done. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_CTX_new()\fR returns either the newly allocated \fB\s-1SSL_CONF_CTX\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBSSL_CONF_CTX_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 new file mode 100644 index 000000000000..df9298ca6750 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set1_prefix.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET1_PREFIX 3" +.TH SSL_CONF_CTX_SET1_PREFIX 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set1_prefix \- Set configuration context command prefix +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_CTX_set1_prefix()\fR sets the command prefix of \fBcctx\fR +to \fBprefix\fR. If \fBprefix\fR is \fB\s-1NULL\s0\fR it is restored to the default value. +.SH "NOTES" +.IX Header "NOTES" +Command prefixes alter the commands recognised by subsequent \fBSSL_CONF_cmd()\fR +calls. For example for files, if the prefix \*(L"\s-1SSL\*(R"\s0 is set then command names +such as \*(L"SSLProtocol\*(R", \*(L"SSLOptions\*(R" etc. are recognised instead of \*(L"Protocol\*(R" +and \*(L"Options\*(R". Similarly for command lines if the prefix is \*(L"\-\-ssl\-\*(R" then +\&\*(L"\-\-ssl\-no_tls1_2\*(R" is recognised instead of \*(L"\-no_tls1_2\*(R". +.PP +If the \fB\s-1SSL_CONF_FLAG_CMDLINE\s0\fR flag is set then prefix checks are case +sensitive and \*(L"\-\*(R" is the default. In the unlikely even an application +explicitly wants to set no prefix it must be explicitly set to "". +.PP +If the \fB\s-1SSL_CONF_FLAG_FILE\s0\fR flag is set then prefix checks are case +insensitive and no prefix is the default. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_CTX_set1_prefix()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 new file mode 100644 index 000000000000..07db6d80339a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_flags.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET_FLAGS 3" +.TH SSL_CONF_CTX_SET_FLAGS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags \- Set or clear SSL configuration context flags +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +\& unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_CTX_set_flags()\fR sets \fBflags\fR in the context \fBcctx\fR. +.PP +The function \fBSSL_CONF_CTX_clear_flags()\fR clears \fBflags\fR in the context \fBcctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The flags set affect how subsequent calls to \fBSSL_CONF_cmd()\fR or +\&\fBSSL_CONF_argv()\fR behave. +.PP +Currently the following \fBflags\fR values are recognised: +.IP "\s-1SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE\s0" 4 +.IX Item "SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE" +recognise options intended for command line or configuration file use. At +least one of these flags must be set. +.IP "\s-1SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER\s0" 4 +.IX Item "SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER" +recognise options intended for use in \s-1SSL/TLS\s0 clients or servers. One or +both of these flags must be set. +.IP "\s-1SSL_CONF_FLAG_CERTIFICATE\s0" 4 +.IX Item "SSL_CONF_FLAG_CERTIFICATE" +recognise certificate and private key options. +.IP "\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0" 4 +.IX Item "SSL_CONF_FLAG_REQUIRE_PRIVATE" +If this option is set then if a private key is not specified for a certificate +it will attempt to load a private key from the certificate file when +\&\fBSSL_CONF_CTX_finish()\fR is called. If a key cannot be loaded from the certificate +file an error occurs. +.IP "\s-1SSL_CONF_FLAG_SHOW_ERRORS\s0" 4 +.IX Item "SSL_CONF_FLAG_SHOW_ERRORS" +indicate errors relating to unrecognised options or missing arguments in +the error queue. If this option isn't set such errors are only reflected +in the return values of \fBSSL_CONF_set_cmd()\fR or \fBSSL_CONF_set_argv()\fR +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_CTX_set_flags()\fR and \fBSSL_CONF_CTX_clear_flags()\fR returns the new flags +value after setting or clearing flags. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 new file mode 100644 index 000000000000..c35de3599c94 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_CTX_set_ssl_ctx.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CTX_SET_SSL_CTX 3" +.TH SSL_CONF_CTX_SET_SSL_CTX 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl \- set context to configure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); +\& void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR sets the context associated with \fBcctx\fR to the +\&\fB\s-1SSL_CTX\s0\fR structure \fBctx\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to +\&\fBctx\fR. +.PP +\&\fBSSL_CONF_CTX_set_ssl()\fR sets the context associated with \fBcctx\fR to the +\&\fB\s-1SSL\s0\fR structure \fBssl\fR. Any previous \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR associated with +\&\fBcctx\fR is cleared. Subsequent calls to \fBSSL_CONF_cmd()\fR will be sent to +\&\fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The context need not be set or it can be set to \fB\s-1NULL\s0\fR in which case only +syntax checking of commands is performed, where possible. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_CTX_set_ssl_ctx()\fR and \fBSSL_CTX_set_ssl()\fR do not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 new file mode 100644 index 000000000000..928984d31b7c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3 @@ -0,0 +1,777 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CMD 3" +.TH SSL_CONF_CMD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_cmd_value_type, SSL_CONF_cmd \- send configuration command +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +\& int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_cmd()\fR performs configuration operation \fBcmd\fR with +optional parameter \fBvalue\fR on \fBctx\fR. Its purpose is to simplify application +configuration of \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structures by providing a common +framework for command line options or configuration files. +.PP +\&\fBSSL_CONF_cmd_value_type()\fR returns the type of value that \fBcmd\fR refers to. +.SH "SUPPORTED COMMAND LINE COMMANDS" +.IX Header "SUPPORTED COMMAND LINE COMMANDS" +Currently supported \fBcmd\fR names for command lines (i.e. when the +flag \fB\s-1SSL_CONF_CMDLINE\s0\fR is set) are listed below. Note: all \fBcmd\fR names +are case sensitive. Unless otherwise stated commands can be used by +both clients and servers and the \fBvalue\fR parameter is not used. The default +prefix for command line commands is \fB\-\fR and that is reflected below. +.IP "\fB\-sigalgs\fR" 4 +.IX Item "-sigalgs" +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support. +.Sp +The \fBvalue\fR argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form \fBalgorithm+hash\fR or +\&\fBsignature_scheme\fR. \fBalgorithm\fR +is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm +\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. +Note: algorithm and hash names are case sensitive. +\&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, +specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, +or \fBrsa_pss_pss_sha256\fR. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.Sp +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +identifiers) are ignored in TLSv1.3 and will not be negotiated. +.IP "\fB\-client_sigalgs\fR" 4 +.IX Item "-client_sigalgs" +This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. +For servers the value is used in the +\&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. +For clients it is +used to determine which signature algorithm to use with the client certificate. +If a server does not request a certificate this option has no effect. +.Sp +The syntax of \fBvalue\fR is identical to \fB\-sigalgs\fR. If not set then +the value set for \fB\-sigalgs\fR will be used instead. +.IP "\fB\-groups\fR" 4 +.IX Item "-groups" +This sets the supported groups. For clients, the groups are +sent using the supported groups extension. For servers, it is used +to determine which group to use. This setting affects groups used for +signatures (in TLSv1.2 and earlier) and key exchange. The first group listed +will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 +\&\fBClientHello\fR. +.Sp +The \fBvalue\fR argument is a colon separated list of groups. The group can be +either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where +applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g \fBprime256v1\fR). Group +names are case sensitive. The list should be in order of preference with the +most preferred group first. +.IP "\fB\-curves\fR" 4 +.IX Item "-curves" +This is a synonym for the \*(L"\-groups\*(R" command. +.IP "\fB\-named_curve\fR" 4 +.IX Item "-named_curve" +This sets the temporary curve used for ephemeral \s-1ECDH\s0 modes. Only used by +servers +.Sp +The \fBvalue\fR argument is a curve name or the special value \fBauto\fR which +picks an appropriate curve based on client and server preferences. The curve +can be either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR) or an OpenSSL \s-1OID\s0 name +(e.g \fBprime256v1\fR). Curve names are case sensitive. +.IP "\fB\-cipher\fR" 4 +.IX Item "-cipher" +Sets the TLSv1.2 and below ciphersuite list to \fBvalue\fR. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax checking +of \fBvalue\fR is currently not performed unless a \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR structure is +associated with \fBcctx\fR. +.IP "\fB\-ciphersuites\fR" 4 +.IX Item "-ciphersuites" +Sets the available ciphersuites for TLSv1.3 to value. This is a simple colon +(\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See \fBciphers\fR\|(1) for more information. +.IP "\fB\-cert\fR" 4 +.IX Item "-cert" +Attempts to use the file \fBvalue\fR as the certificate for the appropriate +context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +structure is set. This option is only supported if certificate operations +are permitted. +.IP "\fB\-key\fR" 4 +.IX Item "-key" +Attempts to use the file \fBvalue\fR as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no \fB\-key\fR option is set then a private key is +not loaded unless the flag \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +.IP "\fB\-dhparam\fR" 4 +.IX Item "-dhparam" +Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fB\-record_padding\fR" 4 +.IX Item "-record_padding" +Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in +length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the +\&\fBvalue\fR must be >1 or <=16384. +.IP "\fB\-no_renegotiation\fR" 4 +.IX Item "-no_renegotiation" +Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +\&\fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +.IP "\fB\-min_protocol\fR, \fB\-max_protocol\fR" 4 +.IX Item "-min_protocol, -max_protocol" +Sets the minimum and maximum supported protocol. +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, +\&\fBTLSv1.1\fR, \fBTLSv1.2\fR, \fBTLSv1.3\fR for \s-1TLS\s0 and \fBDTLSv1\fR, \fBDTLSv1.2\fR for \s-1DTLS,\s0 +and \fBNone\fR for no limit. +If either bound is not specified then only the other bound applies, +if specified. +To restrict the supported protocol versions use these commands rather +than the deprecated alternative commands below. +.IP "\fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4 +.IX Item "-no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3" +Disables protocol support for SSLv3, TLSv1.0, TLSv1.1, TLSv1.2 or TLSv1.3 by +setting the corresponding options \fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, +\&\fBSSL_OP_NO_TLSv1_1\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR +respectively. These options are deprecated, instead use \fB\-min_protocol\fR and +\&\fB\-max_protocol\fR. +.IP "\fB\-bugs\fR" 4 +.IX Item "-bugs" +Various bug workarounds are set, same as setting \fB\s-1SSL_OP_ALL\s0\fR. +.IP "\fB\-comp\fR" 4 +.IX Item "-comp" +Enables support for \s-1SSL/TLS\s0 compression, same as clearing +\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +This command was introduced in OpenSSL 1.1.0. +As of OpenSSL 1.1.0, compression is off by default. +.IP "\fB\-no_comp\fR" 4 +.IX Item "-no_comp" +Disables support for \s-1SSL/TLS\s0 compression, same as setting +\&\fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +As of OpenSSL 1.1.0, compression is off by default. +.IP "\fB\-no_ticket\fR" 4 +.IX Item "-no_ticket" +Disables support for session tickets, same as setting \fB\s-1SSL_OP_NO_TICKET\s0\fR. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +Use server and not client preference order when determining which cipher suite, +signature algorithm or elliptic curve to use for an incoming connection. +Equivalent to \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.IP "\fB\-prioritize_chacha\fR" 4 +.IX Item "-prioritize_chacha" +Prioritize ChaCha ciphers when the client has a ChaCha20 cipher at the top of +its preference list. This usually indicates a client without \s-1AES\s0 hardware +acceleration (e.g. mobile) is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. +Only used by servers. Requires \fB\-serverpref\fR. +.IP "\fB\-no_resumption_on_reneg\fR" 4 +.IX Item "-no_resumption_on_reneg" +set \s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0 flag. Only used by servers. +.IP "\fB\-legacyrenegotiation\fR" 4 +.IX Item "-legacyrenegotiation" +permits the use of unsafe legacy renegotiation. Equivalent to setting +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.IP "\fB\-legacy_server_connect\fR, \fB\-no_legacy_server_connect\fR" 4 +.IX Item "-legacy_server_connect, -no_legacy_server_connect" +permits or prohibits the use of unsafe legacy renegotiation for OpenSSL +clients only. Equivalent to setting or clearing \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +Set by default. +.IP "\fB\-allow_no_dhe_kex\fR" 4 +.IX Item "-allow_no_dhe_kex" +In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. +.IP "\fB\-strict\fR" 4 +.IX Item "-strict" +enables strict mode protocol handling. Equivalent to setting +\&\fB\s-1SSL_CERT_FLAG_TLS_STRICT\s0\fR. +.IP "\fB\-anti_replay\fR, \fB\-no_anti_replay\fR" 4 +.IX Item "-anti_replay, -no_anti_replay" +Switches replay protection, on or off respectively. With replay protection on, +OpenSSL will automatically detect if a session ticket has been used more than +once, TLSv1.3 has been negotiated, and early data is enabled on the server. A +full handshake is forced if a session ticket is used a second or subsequent +time. Anti-Replay is on by default unless overridden by a configuration file and +is only used by servers. Anti-replay measures are required for compliance with +the TLSv1.3 specification. Some applications may be able to mitigate the replay +risks in other ways and in such cases the built-in OpenSSL functionality is not +required. Switching off anti-replay is equivalent to \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. +.SH "SUPPORTED CONFIGURATION FILE COMMANDS" +.IX Header "SUPPORTED CONFIGURATION FILE COMMANDS" +Currently supported \fBcmd\fR names for configuration files (i.e. when the +flag \fB\s-1SSL_CONF_FLAG_FILE\s0\fR is set) are listed below. All configuration file +\&\fBcmd\fR names are case insensitive so \fBsignaturealgorithms\fR is recognised +as well as \fBSignatureAlgorithms\fR. Unless otherwise stated the \fBvalue\fR names +are also case insensitive. +.PP +Note: the command prefix (if set) alters the recognised \fBcmd\fR values. +.IP "\fBCipherString\fR" 4 +.IX Item "CipherString" +Sets the ciphersuite list for TLSv1.2 and below to \fBvalue\fR. This list will be +combined with any configured TLSv1.3 ciphersuites. Note: syntax +checking of \fBvalue\fR is currently not performed unless an \fB\s-1SSL\s0\fR or \fB\s-1SSL_CTX\s0\fR +structure is associated with \fBcctx\fR. +.IP "\fBCiphersuites\fR" 4 +.IX Item "Ciphersuites" +Sets the available ciphersuites for TLSv1.3 to \fBvalue\fR. This is a simple colon +(\*(L":\*(R") separated list of TLSv1.3 ciphersuite names in order of preference. This +list will be combined any configured TLSv1.2 and below ciphersuites. +See \fBciphers\fR\|(1) for more information. +.IP "\fBCertificate\fR" 4 +.IX Item "Certificate" +Attempts to use the file \fBvalue\fR as the certificate for the appropriate +context. It currently uses \fBSSL_CTX_use_certificate_chain_file()\fR if an \fB\s-1SSL_CTX\s0\fR +structure is set or \fBSSL_use_certificate_file()\fR with filetype \s-1PEM\s0 if an \fB\s-1SSL\s0\fR +structure is set. This option is only supported if certificate operations +are permitted. +.IP "\fBPrivateKey\fR" 4 +.IX Item "PrivateKey" +Attempts to use the file \fBvalue\fR as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no \fBPrivateKey\fR option is set then a private key is +not loaded unless the \fB\s-1SSL_CONF_FLAG_REQUIRE_PRIVATE\s0\fR is set. +.IP "\fBChainCAFile\fR, \fBChainCAPath\fR, \fBVerifyCAFile\fR, \fBVerifyCAPath\fR" 4 +.IX Item "ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath" +These options indicate a file or directory used for building certificate +chains or verifying certificate chains. These options are only supported +if certificate operations are permitted. +.IP "\fBRequestCAFile\fR" 4 +.IX Item "RequestCAFile" +This option indicates a file containing a set of certificates in \s-1PEM\s0 form. +The subject names of the certificates are sent to the peer in the +\&\fBcertificate_authorities\fR extension for \s-1TLS 1.3\s0 (in ClientHello or +CertificateRequest) or in a certificate request for previous versions or +\&\s-1TLS.\s0 +.IP "\fBServerInfoFile\fR" 4 +.IX Item "ServerInfoFile" +Attempts to use the file \fBvalue\fR in the \*(L"serverinfo\*(R" extension using the +function SSL_CTX_use_serverinfo_file. +.IP "\fBDHParameters\fR" 4 +.IX Item "DHParameters" +Attempts to use the file \fBvalue\fR as the set of temporary \s-1DH\s0 parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. +.IP "\fBRecordPadding\fR" 4 +.IX Item "RecordPadding" +Attempts to pad TLSv1.3 records so that they are a multiple of \fBvalue\fR in +length on send. A \fBvalue\fR of 0 or 1 turns off padding. Otherwise, the +\&\fBvalue\fR must be >1 or <=16384. +.IP "\fBSignatureAlgorithms\fR" 4 +.IX Item "SignatureAlgorithms" +This sets the supported signature algorithms for TLSv1.2 and TLSv1.3. +For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support. +.Sp +The \fBvalue\fR argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form \fBalgorithm+hash\fR or +\&\fBsignature_scheme\fR. \fBalgorithm\fR +is one of \fB\s-1RSA\s0\fR, \fB\s-1DSA\s0\fR or \fB\s-1ECDSA\s0\fR and \fBhash\fR is a supported algorithm +\&\s-1OID\s0 short name such as \fB\s-1SHA1\s0\fR, \fB\s-1SHA224\s0\fR, \fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR of \fB\s-1SHA512\s0\fR. +Note: algorithm and hash names are case sensitive. +\&\fBsignature_scheme\fR is one of the signature schemes defined in TLSv1.3, +specified using the \s-1IETF\s0 name, e.g., \fBecdsa_secp256r1_sha256\fR, \fBed25519\fR, +or \fBrsa_pss_pss_sha256\fR. +.Sp +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. +.Sp +Note: algorithms which specify a PKCS#1 v1.5 signature scheme (either by +using \fB\s-1RSA\s0\fR as the \fBalgorithm\fR or by using one of the \fBrsa_pkcs1_*\fR +identifiers) are ignored in TLSv1.3 and will not be negotiated. +.IP "\fBClientSignatureAlgorithms\fR" 4 +.IX Item "ClientSignatureAlgorithms" +This sets the supported signature algorithms associated with client +authentication for TLSv1.2 and TLSv1.3. +For servers the value is used in the +\&\fBsignature_algorithms\fR field of a \fBCertificateRequest\fR message. +For clients it is +used to determine which signature algorithm to use with the client certificate. +If a server does not request a certificate this option has no effect. +.Sp +The syntax of \fBvalue\fR is identical to \fBSignatureAlgorithms\fR. If not set then +the value set for \fBSignatureAlgorithms\fR will be used instead. +.IP "\fBGroups\fR" 4 +.IX Item "Groups" +This sets the supported groups. For clients, the groups are +sent using the supported groups extension. For servers, it is used +to determine which group to use. This setting affects groups used for +signatures (in TLSv1.2 and earlier) and key exchange. The first group listed +will also be used for the \fBkey_share\fR sent by a client in a TLSv1.3 +\&\fBClientHello\fR. +.Sp +The \fBvalue\fR argument is a colon separated list of groups. The group can be +either the \fB\s-1NIST\s0\fR name (e.g. \fBP\-256\fR), some other commonly used name where +applicable (e.g. \fBX25519\fR) or an OpenSSL \s-1OID\s0 name (e.g \fBprime256v1\fR). Group +names are case sensitive. The list should be in order of preference with the +most preferred group first. +.IP "\fBCurves\fR" 4 +.IX Item "Curves" +This is a synonym for the \*(L"Groups\*(R" command. +.IP "\fBMinProtocol\fR" 4 +.IX Item "MinProtocol" +This sets the minimum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The value \fBNone\fR will disable the limit. +.IP "\fBMaxProtocol\fR" 4 +.IX Item "MaxProtocol" +This sets the maximum supported \s-1SSL, TLS\s0 or \s-1DTLS\s0 version. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The value \fBNone\fR will disable the limit. +.IP "\fBProtocol\fR" 4 +.IX Item "Protocol" +This can be used to enable or disable certain versions of the \s-1SSL, +TLS\s0 or \s-1DTLS\s0 protocol. +.Sp +The \fBvalue\fR argument is a comma separated list of supported protocols +to enable or disable. +If a protocol is preceded by \fB\-\fR that version is disabled. +.Sp +All protocol versions are enabled by default. +You need to disable at least one protocol version for this setting have any +effect. +Only enabling some protocol versions does not disable the other protocol +versions. +.Sp +Currently supported protocol values are \fBSSLv3\fR, \fBTLSv1\fR, \fBTLSv1.1\fR, +\&\fBTLSv1.2\fR, \fBTLSv1.3\fR, \fBDTLSv1\fR and \fBDTLSv1.2\fR. +The special value \fB\s-1ALL\s0\fR refers to all supported versions. +.Sp +This can't enable protocols that are disabled using \fBMinProtocol\fR +or \fBMaxProtocol\fR, but can disable protocols that are still allowed +by them. +.Sp +The \fBProtocol\fR command is fragile and deprecated; do not use it. +Use \fBMinProtocol\fR and \fBMaxProtocol\fR instead. +If you do use \fBProtocol\fR, make sure that the resulting range of enabled +protocols has no \*(L"holes\*(R", e.g. if \s-1TLS 1.0\s0 and \s-1TLS 1.2\s0 are both enabled, make +sure to also leave \s-1TLS 1.1\s0 enabled. +.IP "\fBOptions\fR" 4 +.IX Item "Options" +The \fBvalue\fR argument is a comma separated list of various flags to set. +If a flag string is preceded \fB\-\fR it is disabled. +See the \fBSSL_CTX_set_options\fR\|(3) function for more details of +individual options. +.Sp +Each option is listed below. Where an operation is enabled by default +the \fB\-flag\fR syntax is needed to disable it. +.Sp +\&\fBSessionTicket\fR: session ticket support, enabled by default. Inverse of +\&\fB\s-1SSL_OP_NO_TICKET\s0\fR: that is \fB\-SessionTicket\fR is the same as setting +\&\fB\s-1SSL_OP_NO_TICKET\s0\fR. +.Sp +\&\fBCompression\fR: \s-1SSL/TLS\s0 compression support, enabled by default. Inverse +of \fB\s-1SSL_OP_NO_COMPRESSION\s0\fR. +.Sp +\&\fBEmptyFragments\fR: use empty fragments as a countermeasure against a +\&\s-1SSL 3.0/TLS 1.0\s0 protocol vulnerability affecting \s-1CBC\s0 ciphers. It +is set by default. Inverse of \fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR. +.Sp +\&\fBBugs\fR: enable various bug workarounds. Same as \fB\s-1SSL_OP_ALL\s0\fR. +.Sp +\&\fBDHSingle\fR: enable single use \s-1DH\s0 keys, set by default. Inverse of +\&\fB\s-1SSL_OP_DH_SINGLE\s0\fR. Only used by servers. +.Sp +\&\fBECDHSingle\fR: enable single use \s-1ECDH\s0 keys, set by default. Inverse of +\&\fB\s-1SSL_OP_ECDH_SINGLE\s0\fR. Only used by servers. +.Sp +\&\fBServerPreference\fR: use server and not client preference order when +determining which cipher suite, signature algorithm or elliptic curve +to use for an incoming connection. Equivalent to +\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. Only used by servers. +.Sp +\&\fBPrioritizeChaCha\fR: prioritizes ChaCha ciphers when the client has a +ChaCha20 cipher at the top of its preference list. This usually indicates +a mobile client is in use. Equivalent to \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR. +Only used by servers. +.Sp +\&\fBNoResumptionOnRenegotiation\fR: set +\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR flag. Only used by servers. +.Sp +\&\fBNoRenegotiation\fR: disables all attempts at renegotiation in TLSv1.2 and +earlier, same as setting \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR. +.Sp +\&\fBUnsafeLegacyRenegotiation\fR: permits the use of unsafe legacy renegotiation. +Equivalent to \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR. +.Sp +\&\fBUnsafeLegacyServerConnect\fR: permits the use of unsafe legacy renegotiation +for OpenSSL clients only. Equivalent to \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR. +Set by default. +.Sp +\&\fBEncryptThenMac\fR: use encrypt-then-mac extension, enabled by +default. Inverse of \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR: that is, +\&\fB\-EncryptThenMac\fR is the same as setting \fB\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0\fR. +.Sp +\&\fBAllowNoDHEKEX\fR: In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on +resumption. This means that there will be no forward secrecy for the resumed +session. Equivalent to \fB\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0\fR. +.Sp +\&\fBMiddleboxCompat\fR: If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent +in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that +middleboxes that do not understand TLSv1.3 will not drop the connection. This +option is set by default. A future version of OpenSSL may not set this by +default. Equivalent to \fB\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0\fR. +.Sp +\&\fBAntiReplay\fR: If set then OpenSSL will automatically detect if a session ticket +has been used more than once, TLSv1.3 has been negotiated, and early data is +enabled on the server. A full handshake is forced if a session ticket is used a +second or subsequent time. This option is set by default and is only used by +servers. Anti-replay measures are required to comply with the TLSv1.3 +specification. Some applications may be able to mitigate the replay risks in +other ways and in such cases the built-in OpenSSL functionality is not required. +Disabling anti-replay is equivalent to setting \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR. +.IP "\fBVerifyMode\fR" 4 +.IX Item "VerifyMode" +The \fBvalue\fR argument is a comma separated list of flags to set. +.Sp +\&\fBPeer\fR enables peer verification: for clients only. +.Sp +\&\fBRequest\fR requests but does not require a certificate from the client. +Servers only. +.Sp +\&\fBRequire\fR requests and requires a certificate from the client: an error +occurs if the client does not present a certificate. Servers only. +.Sp +\&\fBOnce\fR requests a certificate from a client only on the initial connection: +not when renegotiating. Servers only. +.Sp +\&\fBRequestPostHandshake\fR configures the connection to support requests but does +not require a certificate from the client post-handshake. A certificate will +not be requested during the initial handshake. The server application must +provide a mechanism to request a certificate post-handshake. Servers only. +TLSv1.3 only. +.Sp +\&\fBRequiresPostHandshake\fR configures the connection to support requests and +requires a certificate from the client post-handshake: an error occurs if the +client does not present a certificate. A certificate will not be requested +during the initial handshake. The server application must provide a mechanism +to request a certificate post-handshake. Servers only. TLSv1.3 only. +.IP "\fBClientCAFile\fR, \fBClientCAPath\fR" 4 +.IX Item "ClientCAFile, ClientCAPath" +A file or directory of certificates in \s-1PEM\s0 format whose names are used as the +set of acceptable names for client CAs. Servers only. This option is only +supported if certificate operations are permitted. +.SH "SUPPORTED COMMAND TYPES" +.IX Header "SUPPORTED COMMAND TYPES" +The function \fBSSL_CONF_cmd_value_type()\fR currently returns one of the following +types: +.IP "\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_UNKNOWN" +The \fBcmd\fR string is unrecognised, this return value can be use to flag +syntax errors. +.IP "\fB\s-1SSL_CONF_TYPE_STRING\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_STRING" +The value is a string without any specific structure. +.IP "\fB\s-1SSL_CONF_TYPE_FILE\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_FILE" +The value is a file name. +.IP "\fB\s-1SSL_CONF_TYPE_DIR\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_DIR" +The value is a directory name. +.IP "\fB\s-1SSL_CONF_TYPE_NONE\s0\fR" 4 +.IX Item "SSL_CONF_TYPE_NONE" +The value string is not used e.g. a command line option which doesn't take an +argument. +.SH "NOTES" +.IX Header "NOTES" +The order of operations is significant. This can be used to set either defaults +or values which cannot be overridden. For example if an application calls: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +\& SSL_CONF_cmd(ctx, userparam, uservalue); +.Ve +.PP +it will disable SSLv3 support by default but the user can override it. If +however the call sequence is: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, userparam, uservalue); +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +.Ve +.PP +SSLv3 is \fBalways\fR disabled and attempt to override this by the user are +ignored. +.PP +By checking the return code of \fBSSL_CONF_cmd()\fR it is possible to query if a +given \fBcmd\fR is recognised, this is useful if \fBSSL_CONF_cmd()\fR values are +mixed with additional application specific operations. +.PP +For example an application might call \fBSSL_CONF_cmd()\fR and if it returns +\&\-2 (unrecognised command) continue with processing of application specific +commands. +.PP +Applications can also use \fBSSL_CONF_cmd()\fR to process command lines though the +utility function \fBSSL_CONF_cmd_argv()\fR is normally used instead. One way +to do this is to set the prefix to an appropriate value using +\&\fBSSL_CONF_CTX_set1_prefix()\fR, pass the current argument to \fBcmd\fR and the +following argument to \fBvalue\fR (which may be \s-1NULL\s0). +.PP +In this case if the return value is positive then it is used to skip that +number of arguments as they have been processed by \fBSSL_CONF_cmd()\fR. If \-2 is +returned then \fBcmd\fR is not recognised and application specific arguments +can be checked instead. If \-3 is returned a required argument is missing +and an error is indicated. If 0 is returned some other error occurred and +this can be reported back to the user. +.PP +The function \fBSSL_CONF_cmd_value_type()\fR can be used by applications to +check for the existence of a command or to perform additional syntax +checking or translation of the command value. For example if the return +value is \fB\s-1SSL_CONF_TYPE_FILE\s0\fR an application could translate a relative +pathname to an absolute pathname. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_cmd()\fR returns 1 if the value of \fBcmd\fR is recognised and \fBvalue\fR is +\&\fB\s-1NOT\s0\fR used and 2 if both \fBcmd\fR and \fBvalue\fR are used. In other words it +returns the number of arguments processed. This is useful when processing +command lines. +.PP +A return value of \-2 means \fBcmd\fR is not recognised. +.PP +A return value of \-3 means \fBcmd\fR is recognised and the command requires a +value but \fBvalue\fR is \s-1NULL.\s0 +.PP +A return code of 0 indicates that both \fBcmd\fR and \fBvalue\fR are valid but an +error occurred attempting to perform the operation: for example due to an +error in the syntax of \fBvalue\fR in this case the error queue may provide +additional information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set supported signature algorithms: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256"); +.Ve +.PP +There are various ways to select the supported protocols. +.PP +This set the minimum protocol version to TLSv1, and so disables SSLv3. +This is the recommended way to disable protocols. +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1"); +.Ve +.PP +The following also disables SSLv3: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "\-SSLv3"); +.Ve +.PP +The following will first enable all protocols, and then disable +SSLv3. +If no protocol versions were disabled before this has the same effect as +\&\*(L"\-SSLv3\*(R", but if some versions were disables this will re-enable them before +disabling SSLv3. +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "ALL,\-SSLv3"); +.Ve +.PP +Only enable TLSv1.2: +.PP +.Vb 2 +\& SSL_CONF_cmd(ctx, "MinProtocol", "TLSv1.2"); +\& SSL_CONF_cmd(ctx, "MaxProtocol", "TLSv1.2"); +.Ve +.PP +This also only enables TLSv1.2: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Protocol", "\-ALL,TLSv1.2"); +.Ve +.PP +Disable \s-1TLS\s0 session tickets: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Options", "\-SessionTicket"); +.Ve +.PP +Enable compression: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Options", "Compression"); +.Ve +.PP +Set supported curves to P\-256, P\-384: +.PP +.Vb 1 +\& SSL_CONF_cmd(ctx, "Curves", "P\-256:P\-384"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd_argv\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CONF_cmd()\fR function was added in OpenSSL 1.0.2. +.PP +The \fB\s-1SSL_OP_NO_SSL2\s0\fR option doesn't have effect since 1.1.0, but the macro +is retained for backwards compatibility. +.PP +The \fB\s-1SSL_CONF_TYPE_NONE\s0\fR was added in OpenSSL 1.1.0. In earlier versions of +OpenSSL passing a command which didn't take an argument would return +\&\fB\s-1SSL_CONF_TYPE_UNKNOWN\s0\fR. +.PP +\&\fBMinProtocol\fR and \fBMaxProtocol\fR where added in OpenSSL 1.1.0. +.PP +\&\fBAllowNoDHEKEX\fR and \fBPrioritizeChaCha\fR were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 new file mode 100644 index 000000000000..8df0077f8f7c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CONF_cmd_argv.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONF_CMD_ARGV 3" +.TH SSL_CONF_CMD_ARGV 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CONF_cmd_argv \- SSL configuration command line processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBSSL_CONF_cmd_argv()\fR processes at most two command line +arguments from \fBpargv\fR and \fBpargc\fR. The values of \fBpargv\fR and \fBpargc\fR +are updated to reflect the number of command options processed. The \fBpargc\fR +argument can be set to \fB\s-1NULL\s0\fR if it is not used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CONF_cmd_argv()\fR returns the number of command arguments processed: 0, 1, 2 +or a negative error code. +.PP +If \-2 is returned then an argument for a command is missing. +.PP +If \-1 is returned the command is recognised but couldn't be processed due +to an error: for example a syntax error in the argument. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CONF_CTX_new\fR\|(3), +\&\fBSSL_CONF_CTX_set_flags\fR\|(3), +\&\fBSSL_CONF_CTX_set1_prefix\fR\|(3), +\&\fBSSL_CONF_CTX_set_ssl_ctx\fR\|(3), +\&\fBSSL_CONF_cmd\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 new file mode 100644 index 000000000000..824827113bd4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_add1_chain_cert.3 @@ -0,0 +1,282 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD1_CHAIN_CERT 3" +.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, SSL_build_cert_chain, SSL_CTX_select_current_cert, SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert \- extra chain certificate processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); +\& int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); +\& int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); +\& int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); +\& +\& int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk); +\& int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk); +\& int SSL_add0_chain_cert(SSL *ssl, X509 *x509); +\& int SSL_add1_chain_cert(SSL *ssl, X509 *x509); +\& int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk); +\& int SSL_clear_chain_certs(SSL *ssl); +\& +\& int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags); +\& int SSL_build_cert_chain(SSL *ssl, flags); +\& +\& int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509); +\& int SSL_select_current_cert(SSL *ssl, X509 *x509); +\& int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op); +\& int SSL_set_current_cert(SSL *ssl, long op); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set0_chain()\fR and \fBSSL_CTX_set1_chain()\fR set the certificate chain +associated with the current certificate of \fBctx\fR to \fBsk\fR. +.PP +\&\fBSSL_CTX_add0_chain_cert()\fR and \fBSSL_CTX_add1_chain_cert()\fR append the single +certificate \fBx509\fR to the chain associated with the current certificate of +\&\fBctx\fR. +.PP +\&\fBSSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current +certificate of \fBctx\fR. +.PP +\&\fBSSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the +current certificate of \fBctx\fR. (This is implemented by calling +\&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). +.PP +\&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally +this uses the chain store or the verify store if the chain store is not set. +If the function is successful the built chain will replace any existing chain. +The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use +existing chain certificates as untrusted CAs, \fB\s-1SSL_BUILD_CHAIN_FLAG_NO_ROOT\s0\fR +to omit the root \s-1CA\s0 from the built chain, \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to +use all existing chain certificates only to build the chain (effectively +sanity checking and rearranging them if necessary), the flag +\&\fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR ignores any errors during verification: +if flag \fB\s-1SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR\s0\fR is also set verification errors +are cleared from the error queue. +.PP +Each of these functions operates on the \fIcurrent\fR end entity +(i.e. server or client) certificate. This is the last certificate loaded or +selected on the corresponding \fBctx\fR structure. +.PP +\&\fBSSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity +certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a +function such as \fBSSL_CTX_use_certificate()\fR. +.PP +\&\fBSSL_set0_chain()\fR, \fBSSL_set1_chain()\fR, \fBSSL_add0_chain_cert()\fR, +\&\fBSSL_add1_chain_cert()\fR, \fBSSL_get0_chain_certs()\fR, \fBSSL_clear_chain_certs()\fR, +\&\fBSSL_build_cert_chain()\fR, \fBSSL_select_current_cert()\fR and \fBSSL_set_current_cert()\fR +are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. +.PP +\&\fBSSL_CTX_set_current_cert()\fR changes the current certificate to a value based +on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use +the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid +certificate after the current certificate. These two operations can be +used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure. +.PP +\&\fBSSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. +If \fBssl\fR is a server and has sent a certificate to a connected client +this option sets that certificate to the current certificate and returns 1. +If the negotiated cipher suite is anonymous (and thus no certificate will +be sent) 2 is returned and the current certificate is unchanged. If \fBssl\fR +is not a server or a certificate has not been sent 0 is returned and +the current certificate is unchanged. +.PP +All these functions are implemented as macros. Those containing a \fB1\fR +increment the reference count of the supplied certificate or chain so it must +be freed at some point after the operation. Those containing a \fB0\fR do +not increment reference counts and the supplied certificate or chain +\&\fB\s-1MUST NOT\s0\fR be freed after the operation. +.SH "NOTES" +.IX Header "NOTES" +The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 +structures when \fBSSL_new()\fR is called. \s-1SSL\s0 structures will not be affected +by any chains subsequently changed in the parent \s-1SSL_CTX.\s0 +.PP +One chain can be set for each key type supported by a server. So, for example, +an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains. +.PP +The functions \fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR can +be used to check application configuration and to ensure any necessary +subordinate CAs are sent in the correct order. Misconfigured applications +sending incorrect certificate chains often cause problems with peers. +.PP +For example an application can add any set of certificates using +\&\fBSSL_CTX_use_certificate_chain_file()\fR then call \fBSSL_CTX_build_cert_chain()\fR +with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them. +.PP +Applications can issue non fatal warnings when checking chains by setting +the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return +value. +.PP +Calling \fBSSL_CTX_build_cert_chain()\fR or \fBSSL_build_cert_chain()\fR is more +efficient than the automatic chain building as it is only performed once. +Automatic chain building is performed on each new session. +.PP +If any certificates are added using these functions no certificates added +using \fBSSL_CTX_add_extra_chain_cert()\fR will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if +no server certificate is used because the cipher suites is anonymous and 0 +for failure. +.PP +\&\fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR return 1 for success +and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and +a verification error occurs then 2 is returned. +.PP +All other functions return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 new file mode 100644 index 000000000000..3466d37a64b3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_add_extra_chain_cert.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 3" +.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs \- add or clear extra chain certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); +\& long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the extra chain +certificates associated with \fBctx\fR. Several certificates can be added one +after another. +.PP +\&\fBSSL_CTX_clear_extra_chain_certs()\fR clears all extra chain certificates +associated with \fBctx\fR. +.PP +These functions are implemented as macros. +.SH "NOTES" +.IX Header "NOTES" +When sending a certificate chain, extra chain certificates are sent in order +following the end entity certificate. +.PP +If no chain is specified, the library will try to complete the chain from the +available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see +\&\fBSSL_CTX_load_verify_locations\fR\|(3). +.PP +The \fBx509\fR certificate provided to \fBSSL_CTX_add_extra_chain_cert()\fR will be +freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application +\&\fBshould not\fR free the \fBx509\fR object. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 +structure. Different chains for different certificates (for example if both +\&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 +structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this +function. For more flexibility functions such as \fBSSL_add1_chain_cert()\fR should +be used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_add_extra_chain_cert()\fR and \fBSSL_CTX_clear_extra_chain_certs()\fR return +1 on success and 0 for failure. Check out the error stack to find out the +reason for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +\&\fBSSL_CTX_set0_chain\fR\|(3) +\&\fBSSL_CTX_set1_chain\fR\|(3) +\&\fBSSL_CTX_add0_chain_cert\fR\|(3) +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) +\&\fBSSL_set0_chain\fR\|(3) +\&\fBSSL_set1_chain\fR\|(3) +\&\fBSSL_add0_chain_cert\fR\|(3) +\&\fBSSL_add1_chain_cert\fR\|(3) +\&\fBSSL_CTX_build_cert_chain\fR\|(3) +\&\fBSSL_build_cert_chain\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 new file mode 100644 index 000000000000..961d612c4895 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_add_session.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_ADD_SESSION 3" +.TH SSL_CTX_ADD_SESSION 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_add_session, SSL_CTX_remove_session \- manipulate session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); +\& +\& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The +reference count for session \fBc\fR is incremented by 1. If a session with +the same session id already exists, the old session is removed by calling +\&\fBSSL_SESSION_free\fR\|(3). +.PP +\&\fBSSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR and +marks it as non-resumable. \fBSSL_SESSION_free\fR\|(3) is called once for \fBc\fR. +.SH "NOTES" +.IX Header "NOTES" +When adding a new session to the internal session cache, it is examined +whether a session with the same session id already exists. In this case +it is assumed that both sessions are identical. If the same session is +stored in a different \s-1SSL_SESSION\s0 object, The old session is +removed and replaced by the new session. If the session is actually +identical (the \s-1SSL_SESSION\s0 object is identical), \fBSSL_CTX_add_session()\fR +is a no-op, and the return value is 0. +.PP +If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 +flag then the internal cache will not be populated automatically by new +sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal +cache will be searched automatically for session-resume requests (the +latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the +application can use \fBSSL_CTX_add_session()\fR directly to have full control +over the sessions that can be resumed if desired. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following values are returned by all functions: +.IP "0" 4 +The operation failed. In case of the add operation, it was tried to add +the same (identical) session twice. In case of the remove operation, the +session was not found in the cache. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 new file mode 100644 index 000000000000..b66d54e99729 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_config.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_CONFIG 3" +.TH SSL_CTX_CONFIG 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_config, SSL_config \- configure SSL_CTX or SSL structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_config(SSL_CTX *ctx, const char *name); +\& int SSL_config(SSL *s, const char *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fBSSL_CTX_config()\fR and \fBSSL_config()\fR configure an \fB\s-1SSL_CTX\s0\fR or +\&\fB\s-1SSL\s0\fR structure using the configuration \fBname\fR. +.SH "NOTES" +.IX Header "NOTES" +By calling \fBSSL_CTX_config()\fR or \fBSSL_config()\fR an application can perform many +complex tasks based on the contents of the configuration file: greatly +simplifying application configuration code. A degree of future proofing +can also be achieved: an application can support configuration features +in newer versions of OpenSSL automatically. +.PP +A configuration file must have been previously loaded, for example using +\&\fBCONF_modules_load_file()\fR. See \fBconfig\fR\|(5) for details of the configuration +file syntax. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_config()\fR and \fBSSL_config()\fR return 1 for success or 0 if an error +occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +If the file \*(L"config.cnf\*(R" contains the following: +.PP +.Vb 1 +\& testapp = test_sect +\& +\& [test_sect] +\& # list of configuration modules +\& +\& ssl_conf = ssl_sect +\& +\& [ssl_sect] +\& server = server_section +\& +\& [server_section] +\& RSA.Certificate = server\-rsa.pem +\& ECDSA.Certificate = server\-ecdsa.pem +\& Ciphers = ALL:!RC4 +.Ve +.PP +An application could call: +.PP +.Vb 4 +\& if (CONF_modules_load_file("config.cnf", "testapp", 0) <= 0) { +\& fprintf(stderr, "Error processing config file\en"); +\& goto err; +\& } +\& +\& ctx = SSL_CTX_new(TLS_server_method()); +\& +\& if (SSL_CTX_config(ctx, "server") == 0) { +\& fprintf(stderr, "Error configuring server.\en"); +\& goto err; +\& } +.Ve +.PP +In this example two certificates and the cipher list are configured without +the need for any additional application code. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBconfig\fR\|(5), +\&\fBSSL_CONF_cmd\fR\|(3), +\&\fBCONF_modules_load_file\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_config()\fR and \fBSSL_config()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 new file mode 100644 index 000000000000..be101b014709 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_ctrl.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_CTRL 3" +.TH SSL_CTX_CTRL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for SSL_CTX and SSL objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +\& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); +\& +\& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +\& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The SSL_*\fB_ctrl()\fR family of functions is used to manipulate settings of +the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments +\&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never +be called directly. All functionalities needed are made available via +other functions or macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The return values of the SSL*\fB_ctrl()\fR functions depend on the command +supplied via the \fBcmd\fR parameter. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 new file mode 100644 index 000000000000..230333d55cd9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_dane_enable.3 @@ -0,0 +1,508 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_DANE_ENABLE 3" +.TH SSL_CTX_DANE_ENABLE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_dane_enable, SSL_CTX_dane_mtype_set, SSL_dane_enable, SSL_dane_tlsa_add, SSL_get0_dane_authority, SSL_get0_dane_tlsa, SSL_CTX_dane_set_flags, SSL_CTX_dane_clear_flags, SSL_dane_set_flags, SSL_dane_clear_flags \&\- enable DANE TLS authentication of the remote TLS server in the local TLS client +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_dane_enable(SSL_CTX *ctx); +\& int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, +\& uint8_t mtype, uint8_t ord); +\& int SSL_dane_enable(SSL *s, const char *basedomain); +\& int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, +\& uint8_t mtype, unsigned const char *data, size_t dlen); +\& int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +\& int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, +\& uint8_t *mtype, unsigned const char **data, +\& size_t *dlen); +\& unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +\& unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +\& unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +\& unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement support for \s-1DANE TLSA\s0 (\s-1RFC6698\s0 and \s-1RFC7671\s0) +peer authentication. +.PP +\&\fBSSL_CTX_dane_enable()\fR must be called first to initialize the shared state +required for \s-1DANE\s0 support. +Individual connections associated with the context can then enable +per-connection \s-1DANE\s0 support as appropriate. +\&\s-1DANE\s0 authentication is implemented in the \fBX509_verify_cert\fR\|(3) function, and +applications that override \fBX509_verify_cert\fR\|(3) via +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3) are responsible to authenticate the peer +chain in whatever manner they see fit. +.PP +\&\fBSSL_CTX_dane_mtype_set()\fR may then be called zero or more times to adjust the +supported digest algorithms. +This must be done before any \s-1SSL\s0 handles are created for the context. +.PP +The \fBmtype\fR argument specifies a \s-1DANE TLSA\s0 matching type and the \fBmd\fR +argument specifies the associated digest algorithm handle. +The \fBord\fR argument specifies a strength ordinal. +Algorithms with a larger strength ordinal are considered more secure. +Strength ordinals are used to implement \s-1RFC7671\s0 digest algorithm agility. +Specifying a \fB\s-1NULL\s0\fR digest algorithm for a matching type disables +support for that matching type. +Matching type \fBFull\fR\|(0) cannot be modified or disabled. +.PP +By default, matching type \f(CW\*(C`SHA2\-256(1)\*(C'\fR (see \s-1RFC7218\s0 for definitions +of the \s-1DANE TLSA\s0 parameter acronyms) is mapped to \f(CW\*(C`EVP_sha256()\*(C'\fR +with a strength ordinal of \f(CW1\fR and matching type \f(CW\*(C`SHA2\-512(2)\*(C'\fR +is mapped to \f(CW\*(C`EVP_sha512()\*(C'\fR with a strength ordinal of \f(CW2\fR. +.PP +\&\fBSSL_dane_enable()\fR must be called before the \s-1SSL\s0 handshake is initiated with +\&\fBSSL_connect\fR\|(3) if (and only if) you want to enable \s-1DANE\s0 for that connection. +(The connection must be associated with a DANE-enabled \s-1SSL\s0 context). +The \fBbasedomain\fR argument specifies the \s-1RFC7671 TLSA\s0 base domain, +which will be the primary peer reference identifier for certificate +name checks. +Additional server names can be specified via \fBSSL_add1_host\fR\|(3). +The \fBbasedomain\fR is used as the default \s-1SNI\s0 hint if none has yet been +specified via \fBSSL_set_tlsext_host_name\fR\|(3). +.PP +\&\fBSSL_dane_tlsa_add()\fR may then be called one or more times, to load each of the +\&\s-1TLSA\s0 records that apply to the remote \s-1TLS\s0 peer. +(This too must be done prior to the beginning of the \s-1SSL\s0 handshake). +The arguments specify the fields of the \s-1TLSA\s0 record. +The \fBdata\fR field is provided in binary (wire \s-1RDATA\s0) form, not the hexadecimal +\&\s-1ASCII\s0 presentation form, with an explicit length passed via \fBdlen\fR. +The library takes a copy of the \fBdata\fR buffer contents and the caller may +free the original \fBdata\fR buffer when convenient. +A return value of 0 indicates that \*(L"unusable\*(R" \s-1TLSA\s0 records (with invalid or +unsupported parameters) were provided. +A negative return value indicates an internal error in processing the record. +.PP +The caller is expected to check the return value of each \fBSSL_dane_tlsa_add()\fR +call and take appropriate action if none are usable or an internal error +is encountered in processing some records. +.PP +If no \s-1TLSA\s0 records are added successfully, \s-1DANE\s0 authentication is not enabled, +and authentication will be based on any configured traditional trust-anchors; +authentication success in this case does not mean that the peer was +DANE-authenticated. +.PP +\&\fBSSL_get0_dane_authority()\fR can be used to get more detailed information about +the matched \s-1DANE\s0 trust-anchor after successful connection completion. +The return value is negative if \s-1DANE\s0 verification failed (or was not enabled), +0 if an \s-1EE TLSA\s0 record directly matched the leaf certificate, or a positive +number indicating the depth at which a \s-1TA\s0 record matched an issuer certificate. +The complete verified chain can be retrieved via \fBSSL_get0_verified_chain\fR\|(3). +The return value is an index into this verified chain, rather than the list of +certificates sent by the peer as returned by \fBSSL_get_peer_cert_chain\fR\|(3). +.PP +If the \fBmcert\fR argument is not \fB\s-1NULL\s0\fR and a \s-1TLSA\s0 record matched a chain +certificate, a pointer to the matching certificate is returned via \fBmcert\fR. +The returned address is a short-term internal reference to the certificate and +must not be freed by the application. +Applications that want to retain access to the certificate can call +\&\fBX509_up_ref\fR\|(3) to obtain a long-term reference which must then be freed via +\&\fBX509_free\fR\|(3) once no longer needed. +.PP +If no \s-1TLSA\s0 records directly matched any elements of the certificate chain, but +a \s-1\fBDANE\-TA\s0\fR\|(2) \s-1\fBSPKI\s0\fR\|(1) \fBFull\fR\|(0) record provided the public key that signed an +element of the chain, then that key is returned via \fBmspki\fR argument (if not +\&\s-1NULL\s0). +In this case the return value is the depth of the top-most element of the +validated certificate chain. +As with \fBmcert\fR this is a short-term internal reference, and +\&\fBEVP_PKEY_up_ref\fR\|(3) and \fBEVP_PKEY_free\fR\|(3) can be used to acquire and +release long-term references respectively. +.PP +\&\fBSSL_get0_dane_tlsa()\fR can be used to retrieve the fields of the \s-1TLSA\s0 record that +matched the peer certificate chain. +The return value indicates the match depth or failure to match just as with +\&\fBSSL_get0_dane_authority()\fR. +When the return value is non-negative, the storage pointed to by the \fBusage\fR, +\&\fBselector\fR, \fBmtype\fR and \fBdata\fR parameters is updated to the corresponding +\&\s-1TLSA\s0 record fields. +The \fBdata\fR field is in binary wire form, and is therefore not NUL-terminated, +its length is returned via the \fBdlen\fR parameter. +If any of these parameters is \s-1NULL,\s0 the corresponding field is not returned. +The \fBdata\fR parameter is set to a short-term internal-copy of the associated +data field and must not be freed by the application. +Applications that need long-term access to this field need to copy the content. +.PP +\&\fBSSL_CTX_dane_set_flags()\fR and \fBSSL_dane_set_flags()\fR can be used to enable +optional \s-1DANE\s0 verification features. +\&\fBSSL_CTX_dane_clear_flags()\fR and \fBSSL_dane_clear_flags()\fR can be used to disable +the same features. +The \fBflags\fR argument is a bitmask of the features to enable or disable. +The \fBflags\fR set for an \fB\s-1SSL_CTX\s0\fR context are copied to each \fB\s-1SSL\s0\fR handle +associated with that context at the time the handle is created. +Subsequent changes in the context's \fBflags\fR have no effect on the \fBflags\fR set +for the handle. +.PP +At present, the only available option is \fB\s-1DANE_FLAG_NO_DANE_EE_NAMECHECKS\s0\fR +which can be used to disable server name checks when authenticating via +\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records. +For some applications, primarily web browsers, it is not safe to disable name +checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can +convince a client that a connection to a victim server is instead a secure +connection to the malicious server. +The malicious server may then be able to violate cross-origin scripting +restrictions. +Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for +\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe +to do so. +In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0 +records already make it possible for a remote domain to redirect client +connections to any server of its choice, and in any case \s-1SMTP\s0 and \s-1XMPP\s0 clients +do not execute scripts downloaded from remote servers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions \fBSSL_CTX_dane_enable()\fR, \fBSSL_CTX_dane_mtype_set()\fR, +\&\fBSSL_dane_enable()\fR and \fBSSL_dane_tlsa_add()\fR return a positive value on success. +Negative return values indicate resource problems (out of memory, etc.) in the +\&\s-1SSL\s0 library, while a return value of \fB0\fR indicates incorrect usage or invalid +input, such as an unsupported \s-1TLSA\s0 record certificate usage, selector or +matching type. +Invalid input also includes malformed data, either a digest length that does +not match the digest algorithm, or a \f(CWFull(0)\fR (binary \s-1ASN.1 DER\s0 form) +certificate or a public key that fails to parse. +.PP +The functions \fBSSL_get0_dane_authority()\fR and \fBSSL_get0_dane_tlsa()\fR return a +negative value when \s-1DANE\s0 authentication failed or was not enabled, a +non-negative value indicates the chain depth at which the \s-1TLSA\s0 record matched a +chain certificate, or the depth of the top-most certificate, when the \s-1TLSA\s0 +record is a full public key that is its signer. +.PP +The functions \fBSSL_CTX_dane_set_flags()\fR, \fBSSL_CTX_dane_clear_flags()\fR, +\&\fBSSL_dane_set_flags()\fR and \fBSSL_dane_clear_flags()\fR return the \fBflags\fR in effect +before they were called. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R", and has +DNSSEC-validated \s-1TLSA\s0 records. +The calls below will perform \s-1DANE\s0 authentication and arrange to match either +the \s-1MX\s0 hostname or the destination domain name in the \s-1SMTP\s0 server certificate. +Wildcards are supported, but must match the entire label. +The actual name matched in the certificate (which might be a wildcard) is +retrieved, and must be copied by the application if it is to be retained beyond +the lifetime of the \s-1SSL\s0 connection. +.PP +.Vb 7 +\& SSL_CTX *ctx; +\& SSL *ssl; +\& int (*verify_cb)(int ok, X509_STORE_CTX *sctx) = NULL; +\& int num_usable = 0; +\& const char *nexthop_domain = "example.com"; +\& const char *dane_tlsa_domain = "smtp.example.com"; +\& uint8_t usage, selector, mtype; +\& +\& if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) +\& /* error */ +\& if (SSL_CTX_dane_enable(ctx) <= 0) +\& /* error */ +\& if ((ssl = SSL_new(ctx)) == NULL) +\& /* error */ +\& if (SSL_dane_enable(ssl, dane_tlsa_domain) <= 0) +\& /* error */ +\& +\& /* +\& * For many applications it is safe to skip DANE\-EE(3) namechecks. Do not +\& * disable the checks unless "unknown key share" attacks pose no risk for +\& * your application. +\& */ +\& SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); +\& +\& if (!SSL_add1_host(ssl, nexthop_domain)) +\& /* error */ +\& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +\& +\& for (... each TLSA record ...) { +\& unsigned char *data; +\& size_t len; +\& int ret; +\& +\& /* set usage, selector, mtype, data, len */ +\& +\& /* +\& * Opportunistic DANE TLS clients support only DANE\-TA(2) or DANE\-EE(3). +\& * They treat all other certificate usages, and in particular PKIX\-TA(0) +\& * and PKIX\-EE(1), as unusable. +\& */ +\& switch (usage) { +\& default: +\& case 0: /* PKIX\-TA(0) */ +\& case 1: /* PKIX\-EE(1) */ +\& continue; +\& case 2: /* DANE\-TA(2) */ +\& case 3: /* DANE\-EE(3) */ +\& break; +\& } +\& +\& ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len); +\& /* free data as appropriate */ +\& +\& if (ret < 0) +\& /* handle SSL library internal error */ +\& else if (ret == 0) +\& /* handle unusable TLSA record */ +\& else +\& ++num_usable; +\& } +\& +\& /* +\& * At this point, the verification mode is still the default SSL_VERIFY_NONE. +\& * Opportunistic DANE clients use unauthenticated TLS when all TLSA records +\& * are unusable, so continue the handshake even if authentication fails. +\& */ +\& if (num_usable == 0) { +\& /* Log all records unusable? */ +\& +\& /* Optionally set verify_cb to a suitable non\-NULL callback. */ +\& SSL_set_verify(ssl, SSL_VERIFY_NONE, verify_cb); +\& } else { +\& /* At least one usable record. We expect to verify the peer */ +\& +\& /* Optionally set verify_cb to a suitable non\-NULL callback. */ +\& +\& /* +\& * Below we elect to fail the handshake when peer verification fails. +\& * Alternatively, use the permissive SSL_VERIFY_NONE verification mode, +\& * complete the handshake, check the verification status, and if not +\& * verified disconnect gracefully at the application layer, especially if +\& * application protocol supports informing the server that authentication +\& * failed. +\& */ +\& SSL_set_verify(ssl, SSL_VERIFY_PEER, verify_cb); +\& } +\& +\& /* +\& * Load any saved session for resumption, making sure that the previous +\& * session applied the same security and authentication requirements that +\& * would be expected of a fresh connection. +\& */ +\& +\& /* Perform SSL_connect() handshake and handle errors here */ +\& +\& if (SSL_session_reused(ssl)) { +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& /* +\& * Resumed session was originally verified, this connection is +\& * authenticated. +\& */ +\& } else { +\& /* +\& * Resumed session was not originally verified, this connection is not +\& * authenticated. +\& */ +\& } +\& } else if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& const char *peername = SSL_get0_peername(ssl); +\& EVP_PKEY *mspki = NULL; +\& +\& int depth = SSL_get0_dane_authority(ssl, NULL, &mspki); +\& if (depth >= 0) { +\& (void) SSL_get0_dane_tlsa(ssl, &usage, &selector, &mtype, NULL, NULL); +\& printf("DANE TLSA %d %d %d %s at depth %d\en", usage, selector, mtype, +\& (mspki != NULL) ? "TA public key verified certificate" : +\& depth ? "matched TA certificate" : "matched EE certificate", +\& depth); +\& } +\& if (peername != NULL) { +\& /* Name checks were in scope and matched the peername */ +\& printf("Verified peername: %s\en", peername); +\& } +\& } else { +\& /* +\& * Not authenticated, presumably all TLSA rrs unusable, but possibly a +\& * callback suppressed connection termination despite the presence of +\& * usable TLSA RRs none of which matched. Do whatever is appropriate for +\& * fresh unauthenticated connections. +\& */ +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +It is expected that the majority of clients employing \s-1DANE TLS\s0 will be doing +\&\*(L"opportunistic \s-1DANE TLS\*(R"\s0 in the sense of \s-1RFC7672\s0 and \s-1RFC7435.\s0 +That is, they will use \s-1DANE\s0 authentication when DNSSEC-validated \s-1TLSA\s0 records +are published for a given peer, and otherwise will use unauthenticated \s-1TLS\s0 or +even cleartext. +.PP +Such applications should generally treat any \s-1TLSA\s0 records published by the peer +with usages \s-1\fBPKIX\-TA\s0\fR\|(0) and \s-1\fBPKIX\-EE\s0\fR\|(1) as \*(L"unusable\*(R", and should not include +them among the \s-1TLSA\s0 records used to authenticate peer connections. +In addition, some \s-1TLSA\s0 records with supported usages may be \*(L"unusable\*(R" as a +result of invalid or unsupported parameters. +.PP +When a peer has \s-1TLSA\s0 records, but none are \*(L"usable\*(R", an opportunistic +application must avoid cleartext, but cannot authenticate the peer, +and so should generally proceed with an unauthenticated connection. +Opportunistic applications need to note the return value of each +call to \fBSSL_dane_tlsa_add()\fR, and if all return 0 (due to invalid +or unsupported parameters) disable peer authentication by calling +\&\fBSSL_set_verify\fR\|(3) with \fBmode\fR equal to \fB\s-1SSL_VERIFY_NONE\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_new\fR\|(3), +\&\fBSSL_add1_host\fR\|(3), +\&\fBSSL_set_hostflags\fR\|(3), +\&\fBSSL_set_tlsext_host_name\fR\|(3), +\&\fBSSL_set_verify\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_get0_verified_chain\fR\|(3), +\&\fBSSL_get_peer_cert_chain\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_connect\fR\|(3), +\&\fBSSL_get0_peername\fR\|(3), +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_up_ref\fR\|(3), +\&\fBX509_free\fR\|(3), +\&\fBEVP_get_digestbyname\fR\|(3), +\&\fBEVP_PKEY_up_ref\fR\|(3), +\&\fBEVP_PKEY_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 new file mode 100644 index 000000000000..93c857189752 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_flush_sessions.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_FLUSH_SESSIONS 3" +.TH SSL_CTX_FLUSH_SESSIONS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_flush_sessions \- remove expired sessions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_flush_sessions()\fR causes a run through the session cache of +\&\fBctx\fR to remove sessions expired at time \fBtm\fR. +.SH "NOTES" +.IX Header "NOTES" +If enabled, the internal session cache will collect all sessions established +up to the specified maximum number (see \fBSSL_CTX_sess_set_cache_size()\fR). +As sessions will not be reused ones they are expired, they should be +removed from the cache to save resources. This can either be done +automatically whenever 255 new sessions were established (see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) +or manually by calling \fBSSL_CTX_flush_sessions()\fR. +.PP +The parameter \fBtm\fR specifies the time which should be used for the +expiration test, in most cases the actual time given by \fBtime\fR\|(0) +will be used. +.PP +\&\fBSSL_CTX_flush_sessions()\fR will only check sessions stored in the internal +cache. When a session is found and removed, the remove_session_cb is however +called to synchronize with the external cache (see +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_flush_sessions()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 new file mode 100644 index 000000000000..a9ede4208d0a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_free.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_FREE 3" +.TH SSL_CTX_FREE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_free \- free an allocated SSL_CTX object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_free(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the +\&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the reference count has reached 0. +.PP +It also calls the \fBfree()\fRing procedures for indirectly affected items, if +applicable: the session cache, the list of ciphers, the list of Client CAs, +the certificates and keys. +.PP +If \fBctx\fR is \s-1NULL\s0 nothing is done. +.SH "WARNINGS" +.IX Header "WARNINGS" +If a session-remove callback is set (\fBSSL_CTX_sess_set_remove_cb()\fR), this +callback will be called for each session being freed from \fBctx\fR's +session cache. This implies, that all corresponding sessions from an +external session cache are removed as well. If this is not desired, the user +should explicitly unset the callback by calling +SSL_CTX_sess_set_remove_cb(\fBctx\fR, \s-1NULL\s0) prior to calling \fBSSL_CTX_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_free()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_new\fR\|(3), \fBssl\fR\|(7), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 new file mode 100644 index 000000000000..0075c6a566b7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_get0_param.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_GET0_PARAM 3" +.TH SSL_CTX_GET0_PARAM 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param \- get and set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) +\& X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) +\& int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm) +\& int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR retrieve an internal pointer to +the verification parameters for \fBctx\fR or \fBssl\fR respectively. The returned +pointer must not be freed by the calling application. +.PP +\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR set the verification parameters +to \fBvpm\fR for \fBctx\fR or \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Typically parameters are retrieved from an \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR structure +using \fBSSL_CTX_get0_param()\fR or \fBSSL_get0_param()\fR and an application modifies +them to suit its needs: for example to add a hostname check. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_get0_param()\fR and \fBSSL_get0_param()\fR return a pointer to an +\&\fBX509_VERIFY_PARAM\fR structure. +.PP +\&\fBSSL_CTX_set1_param()\fR and \fBSSL_set1_param()\fR return 1 for success and 0 +for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Check hostname matches \*(L"www.foo.com\*(R" in peer certificate: +.PP +.Vb 2 +\& X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); +\& X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 new file mode 100644 index 000000000000..14b776021b9c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_get_verify_mode.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_GET_VERIFY_MODE 3" +.TH SSL_CTX_GET_VERIFY_MODE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +\& int SSL_get_verify_mode(const SSL *ssl); +\& int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +\& int SSL_get_verify_depth(const SSL *ssl); +\& int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); +\& int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_get_verify_mode()\fR returns the verification mode currently set in +\&\fBctx\fR. +.PP +\&\fBSSL_get_verify_mode()\fR returns the verification mode currently set in +\&\fBssl\fR. +.PP +\&\fBSSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set +in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fBSSL_get_verify_depth()\fR returns the verification depth limit currently set +in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fBSSL_CTX_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBctx\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.PP +\&\fBSSL_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBssl\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 new file mode 100644 index 000000000000..bc89d874942f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_has_client_custom_ext.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3" +.TH SSL_CTX_HAS_CLIENT_CUSTOM_EXT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_has_client_custom_ext \- check whether a handler exists for a particular client extension type +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_has_client_custom_ext()\fR checks whether a handler has been set for a +client extension of type \fBext_type\fR using \fBSSL_CTX_add_client_custom_ext()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Returns 1 if a handler has been set, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_add_client_custom_ext\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 new file mode 100644 index 000000000000..47c67cc2f572 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_load_verify_locations.3 @@ -0,0 +1,287 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 3" +.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_load_verify_locations, SSL_CTX_set_default_verify_paths, SSL_CTX_set_default_verify_dir, SSL_CTX_set_default_verify_file \- set default locations for trusted CA certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, +\& const char *CApath); +\& +\& int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +\& +\& int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +\& +\& int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at +which \s-1CA\s0 certificates for verification purposes are located. The certificates +available via \fBCAfile\fR and \fBCApath\fR are trusted. +.PP +\&\fBSSL_CTX_set_default_verify_paths()\fR specifies that the default locations from +which \s-1CA\s0 certificates are loaded should be used. There is one default directory +and one default file. The default \s-1CA\s0 certificates directory is called \*(L"certs\*(R" in +the default OpenSSL directory. Alternatively the \s-1SSL_CERT_DIR\s0 environment +variable can be defined to override this location. The default \s-1CA\s0 certificates +file is called \*(L"cert.pem\*(R" in the default OpenSSL directory. Alternatively the +\&\s-1SSL_CERT_FILE\s0 environment variable can be defined to override this location. +.PP +\&\fBSSL_CTX_set_default_verify_dir()\fR is similar to +\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default directory is +used. +.PP +\&\fBSSL_CTX_set_default_verify_file()\fR is similar to +\&\fBSSL_CTX_set_default_verify_paths()\fR except that just the default file is +used. +.SH "NOTES" +.IX Header "NOTES" +If \fBCAfile\fR is not \s-1NULL,\s0 it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 +format. The file can contain several \s-1CA\s0 certificates identified by +.PP +.Vb 3 +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& ... (CA certificate in base64 encoding) ... +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.Ve +.PP +sequences. Before, between, and after the certificates text is allowed +which can be used e.g. for descriptions of the certificates. +.PP +The \fBCAfile\fR is processed on execution of the \fBSSL_CTX_load_verify_locations()\fR +function. +.PP +If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates +in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are +looked up by the \s-1CA\s0 subject name hash value, which must hence be available. +If more than one \s-1CA\s0 certificate with the same name hash value exist, the +extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search +is performed in the ordering of the extension number, regardless of other +properties of the certificates. +Use the \fBc_rehash\fR utility to create the necessary links. +.PP +The certificates in \fBCApath\fR are only looked up when required, e.g. when +building the certificate chain or when actually performing the verification +of a peer certificate. +.PP +When looking up \s-1CA\s0 certificates, the OpenSSL library will first search the +certificates in \fBCAfile\fR, then those in \fBCApath\fR. Certificate matching +is done based on the subject name, the key identifier (if present), and the +serial number as taken from the certificate to be verified. If these data +do not match, the next certificate will be tried. If a first certificate +matching the parameters is found, the verification process will be performed; +no other certificates for the same parameters will be searched in case of +failure. +.PP +In server mode, when requesting a client certificate, the server must send +the list of CAs of which it will accept client certificates. This list +is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must +explicitly be set using the +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) +family of functions. +.PP +When building its own certificate chain, an OpenSSL client/server will +try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the +certificate chain was not explicitly specified (see +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +If several \s-1CA\s0 certificates matching the name, key identifier, and serial +number condition are available, only the first one will be examined. This +may lead to unexpected results if the same \s-1CA\s0 certificate is available +with different expiration dates. If a \*(L"certificate expired\*(R" verification +error occurs, no other certificate will be searched. Make sure to not +have expired certificates mixed with valid ones. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For SSL_CTX_load_verify_locations the following return values can occur: +.IP "0" 4 +The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the +processing at one of the locations specified failed. Check the error +stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.PP +\&\fBSSL_CTX_set_default_verify_paths()\fR, \fBSSL_CTX_set_default_verify_dir()\fR and +\&\fBSSL_CTX_set_default_verify_file()\fR all return 1 on success or 0 on failure. A +missing default location is still treated as a success. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a \s-1CA\s0 certificate file with descriptive text from the \s-1CA\s0 certificates +ca1.pem ca2.pem ca3.pem: +.PP +.Vb 5 +\& #!/bin/sh +\& rm CAfile.pem +\& for i in ca1.pem ca2.pem ca3.pem ; do +\& openssl x509 \-in $i \-text >> CAfile.pem +\& done +.Ve +.PP +Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates +for use as \fBCApath\fR: +.PP +.Vb 2 +\& cd /some/where/certs +\& c_rehash . +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_set_cert_store\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 new file mode 100644 index 000000000000..6126859c8104 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_new.3 @@ -0,0 +1,326 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_NEW 3" +.TH SSL_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method, SSL_CTX_new, SSL_CTX_up_ref, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method, DTLS_method, DTLS_server_method, DTLS_client_method, DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method, DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method \&\- create a new SSL_CTX object as framework for TLS/SSL or DTLS enabled functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CTX *SSL_CTX_new(const SSL_METHOD *method); +\& int SSL_CTX_up_ref(SSL_CTX *ctx); +\& +\& const SSL_METHOD *TLS_method(void); +\& const SSL_METHOD *TLS_server_method(void); +\& const SSL_METHOD *TLS_client_method(void); +\& +\& const SSL_METHOD *SSLv23_method(void); +\& const SSL_METHOD *SSLv23_server_method(void); +\& const SSL_METHOD *SSLv23_client_method(void); +\& +\& #ifndef OPENSSL_NO_SSL3_METHOD +\& const SSL_METHOD *SSLv3_method(void); +\& const SSL_METHOD *SSLv3_server_method(void); +\& const SSL_METHOD *SSLv3_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_METHOD +\& const SSL_METHOD *TLSv1_method(void); +\& const SSL_METHOD *TLSv1_server_method(void); +\& const SSL_METHOD *TLSv1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_1_METHOD +\& const SSL_METHOD *TLSv1_1_method(void); +\& const SSL_METHOD *TLSv1_1_server_method(void); +\& const SSL_METHOD *TLSv1_1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_TLS1_2_METHOD +\& const SSL_METHOD *TLSv1_2_method(void); +\& const SSL_METHOD *TLSv1_2_server_method(void); +\& const SSL_METHOD *TLSv1_2_client_method(void); +\& #endif +\& +\& const SSL_METHOD *DTLS_method(void); +\& const SSL_METHOD *DTLS_server_method(void); +\& const SSL_METHOD *DTLS_client_method(void); +\& +\& #ifndef OPENSSL_NO_DTLS1_METHOD +\& const SSL_METHOD *DTLSv1_method(void); +\& const SSL_METHOD *DTLSv1_server_method(void); +\& const SSL_METHOD *DTLSv1_client_method(void); +\& #endif +\& +\& #ifndef OPENSSL_NO_DTLS1_2_METHOD +\& const SSL_METHOD *DTLSv1_2_method(void); +\& const SSL_METHOD *DTLSv1_2_server_method(void); +\& const SSL_METHOD *DTLSv1_2_client_method(void); +\& #endif +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to +establish \s-1TLS/SSL\s0 or \s-1DTLS\s0 enabled connections. An \fB\s-1SSL_CTX\s0\fR object is +reference counted. Creating an \fB\s-1SSL_CTX\s0\fR object for the first time increments +the reference count. Freeing it (using SSL_CTX_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the +\&\fB\s-1SSL_CTX\s0\fR object are freed. \fBSSL_CTX_up_ref()\fR increments the reference count for +an existing \fB\s-1SSL_CTX\s0\fR structure. +.SH "NOTES" +.IX Header "NOTES" +The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. +The methods exist in a generic type (for client and server use), a server only +type, and a client only type. +\&\fBmethod\fR can be of the following types: +.IP "\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR" 4 +.IX Item "TLS_method(), TLS_server_method(), TLS_client_method()" +These are the general-purpose \fIversion-flexible\fR \s-1SSL/TLS\s0 methods. +The actual protocol version used will be negotiated to the highest version +mutually supported by the client and the server. +The supported protocols are SSLv3, TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. +Applications should use these methods, and avoid the version-specific +methods described below, which are deprecated. +.IP "\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR, \fBSSLv23_client_method()\fR" 4 +.IX Item "SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()" +These functions do not exist anymore, they have been renamed to +\&\fBTLS_method()\fR, \fBTLS_server_method()\fR and \fBTLS_client_method()\fR respectively. +Currently, the old function calls are renamed to the corresponding new +ones by preprocessor macros, to ensure that existing code which uses the +old function names still compiles. However, using the old function names +is deprecated and new code should call the new functions instead. +.IP "\fBTLSv1_2_method()\fR, \fBTLSv1_2_server_method()\fR, \fBTLSv1_2_client_method()\fR" 4 +.IX Item "TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1.2 protocol. These methods are deprecated. +.IP "\fBTLSv1_1_method()\fR, \fBTLSv1_1_server_method()\fR, \fBTLSv1_1_client_method()\fR" 4 +.IX Item "TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1.1 protocol. These methods are deprecated. +.IP "\fBTLSv1_method()\fR, \fBTLSv1_server_method()\fR, \fBTLSv1_client_method()\fR" 4 +.IX Item "TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1 protocol. These methods are deprecated. +.IP "\fBSSLv3_method()\fR, \fBSSLv3_server_method()\fR, \fBSSLv3_client_method()\fR" 4 +.IX Item "SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +SSLv3 protocol. +The SSLv3 protocol is deprecated and should not be used. +.IP "\fBDTLS_method()\fR, \fBDTLS_server_method()\fR, \fBDTLS_client_method()\fR" 4 +.IX Item "DTLS_method(), DTLS_server_method(), DTLS_client_method()" +These are the version-flexible \s-1DTLS\s0 methods. +Currently supported protocols are \s-1DTLS 1.0\s0 and \s-1DTLS 1.2.\s0 +.IP "\fBDTLSv1_2_method()\fR, \fBDTLSv1_2_server_method()\fR, \fBDTLSv1_2_client_method()\fR" 4 +.IX Item "DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()" +These are the version-specific methods for DTLSv1.2. +These methods are deprecated. +.IP "\fBDTLSv1_method()\fR, \fBDTLSv1_server_method()\fR, \fBDTLSv1_client_method()\fR" 4 +.IX Item "DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()" +These are the version-specific methods for DTLSv1. +These methods are deprecated. +.PP +\&\fBSSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, the +callbacks, the keys and certificates and the options to their default values. +.PP +\&\fBTLS_method()\fR, \fBTLS_server_method()\fR, \fBTLS_client_method()\fR, \fBDTLS_method()\fR, +\&\fBDTLS_server_method()\fR and \fBDTLS_client_method()\fR are the \fIversion-flexible\fR +methods. +All other methods only support one specific protocol version. +Use the \fIversion-flexible\fR methods instead of the version specific methods. +.PP +If you want to limit the supported protocols for the version flexible +methods you can use \fBSSL_CTX_set_min_proto_version\fR\|(3), +\&\fBSSL_set_min_proto_version\fR\|(3), \fBSSL_CTX_set_max_proto_version\fR\|(3) and +\&\fBSSL_set_max_proto_version\fR\|(3) functions. +Using these functions it is possible to choose e.g. \fBTLS_server_method()\fR +and be able to negotiate with all possible clients, but to only +allow newer protocols like \s-1TLS 1.0, TLS 1.1, TLS 1.2\s0 or \s-1TLS 1.3.\s0 +.PP +The list of protocols available can also be limited using the +\&\fBSSL_OP_NO_SSLv3\fR, \fBSSL_OP_NO_TLSv1\fR, \fBSSL_OP_NO_TLSv1_1\fR, +\&\fBSSL_OP_NO_TLSv1_3\fR, \fBSSL_OP_NO_TLSv1_2\fR and \fBSSL_OP_NO_TLSv1_3\fR +options of the +\&\fBSSL_CTX_set_options\fR\|(3) or \fBSSL_set_options\fR\|(3) functions, but this approach +is not recommended. Clients should avoid creating \*(L"holes\*(R" in the set of +protocols they support. When disabling a protocol, make sure that you also +disable either all previous or all subsequent protocol versions. +In clients, when a protocol version is disabled without disabling \fIall\fR +previous protocol versions, the effect is to also disable all subsequent +protocol versions. +.PP +The SSLv3 protocol is deprecated and should generally not be used. +Applications should typically use \fBSSL_CTX_set_min_proto_version\fR\|(3) to set +the minimum protocol to at least \fB\s-1TLS1_VERSION\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to find out +the reason. +.IP "Pointer to an \s-1SSL_CTX\s0 object" 4 +.IX Item "Pointer to an SSL_CTX object" +The return value points to an allocated \s-1SSL_CTX\s0 object. +.Sp +\&\fBSSL_CTX_up_ref()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CTX_free\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_CTX_set_min_proto_version\fR\|(3), \fBssl\fR\|(7), \fBSSL_set_connect_state\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +Support for SSLv2 and the corresponding \fBSSLv2_method()\fR, +\&\fBSSLv2_server_method()\fR and \fBSSLv2_client_method()\fR functions where +removed in OpenSSL 1.1.0. +.PP +\&\fBSSLv23_method()\fR, \fBSSLv23_server_method()\fR and \fBSSLv23_client_method()\fR +were deprecated and the preferred \fBTLS_method()\fR, \fBTLS_server_method()\fR +and \fBTLS_client_method()\fR functions were added in OpenSSL 1.1.0. +.PP +All version-specific methods were deprecated in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 new file mode 100644 index 000000000000..be8aa4da19a2 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_number.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_NUMBER 3" +.TH SSL_CTX_SESS_NUMBER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_sess_number(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_cb_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_misses(SSL_CTX *ctx); +\& long SSL_CTX_sess_timeouts(SSL_CTX *ctx); +\& long SSL_CTX_sess_cache_full(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_sess_number()\fR returns the current number of sessions in the internal +session cache. +.PP +\&\fBSSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +client mode. +.PP +\&\fBSSL_CTX_sess_connect_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in client mode. +.PP +\&\fBSSL_CTX_sess_connect_renegotiate()\fR returns the number of started renegotiations +in client mode. +.PP +\&\fBSSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +server mode. +.PP +\&\fBSSL_CTX_sess_accept_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in server mode. +.PP +\&\fBSSL_CTX_sess_accept_renegotiate()\fR returns the number of started renegotiations +in server mode. +.PP +\&\fBSSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. +In client mode a session set with \fBSSL_set_session\fR\|(3) +successfully reused is counted as a hit. In server mode a session successfully +retrieved from internal or external cache is counted as a hit. +.PP +\&\fBSSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions +from the external session cache in server mode. +.PP +\&\fBSSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients +that were not found in the internal session cache in server mode. +.PP +\&\fBSSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients +and either found in the internal or external session cache in server mode, + but that were invalid due to timeout. These sessions are not included in +the \fBSSL_CTX_sess_hits()\fR count. +.PP +\&\fBSSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed +because the maximum session cache size was exceeded. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return the values indicated in the \s-1DESCRIPTION\s0 section. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 new file mode 100644 index 000000000000..54da3301e959 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_cache_size.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 3" +.TH SSL_CTX_SESS_SET_CACHE_SIZE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); +\& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache +of context \fBctx\fR to \fBt\fR. +This value is a hint and not an absolute; see the notes below. +.PP +\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. +.SH "NOTES" +.IX Header "NOTES" +The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0 +currently 1024*20, so that up to 20000 sessions can be held. This size +can be modified using the \fBSSL_CTX_sess_set_cache_size()\fR call. A special +case is the size 0, which is used for unlimited size. +.PP +If adding the session makes the cache exceed its size, then unused +sessions are dropped from the end of the cache. +Cache space may also be reclaimed by calling +\&\fBSSL_CTX_flush_sessions\fR\|(3) to remove +expired sessions. +.PP +If the size of the session cache is reduced and more sessions are already +in the session cache, old session will be removed at the next time a +session shall be added. This removal is not synchronized with the +expiration of sessions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_sess_set_cache_size()\fR returns the previously valid size. +.PP +\&\fBSSL_CTX_sess_get_cache_size()\fR returns the currently valid size. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 new file mode 100644 index 000000000000..6e612b67cbfa --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_sess_set_get_cb.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESS_SET_GET_CB 3" +.TH SSL_CTX_SESS_SET_GET_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, +\& int (*new_session_cb)(SSL *, SSL_SESSION *)); +\& void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, +\& void (*remove_session_cb)(SSL_CTX *ctx, +\& SSL_SESSION *)); +\& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, +\& SSL_SESSION (*get_session_cb)(SSL *, +\& const unsigned char *, +\& int, int *)); +\& +\& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, +\& SSL_SESSION *sess); +\& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, +\& SSL_SESSION *sess); +\& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, +\& const unsigned char *data, +\& int len, int *copy); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically +called whenever a new session was negotiated. +.PP +\&\fBSSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is +automatically called whenever a session is removed by the \s-1SSL\s0 engine, +because it is considered faulty or the session has become obsolete because +of exceeding the timeout value. +.PP +\&\fBSSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, +whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session +could not be found in the internal session cache (see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)). +(\s-1SSL/TLS\s0 server only.) +.PP +\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR, and +\&\fBSSL_CTX_sess_get_get_cb()\fR retrieve the function pointers set by the +corresponding set callback functions. If a callback function has not been +set, the \s-1NULL\s0 pointer is returned. +.SH "NOTES" +.IX Header "NOTES" +In order to allow external session caching, synchronization with the internal +session cache is realized via callback functions. Inside these callback +functions, session can be saved to disk or put into a database using the +\&\fBd2i_SSL_SESSION\fR\|(3) interface. +.PP +The \fBnew_session_cb()\fR is called, whenever a new session has been negotiated +and session caching is enabled (see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)). +The \fBnew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session +\&\fBsess\fR. If the callback returns \fB0\fR, the session will be immediately +removed again. Note that in TLSv1.3, sessions are established after the main +handshake has completed. The server decides when to send the client the session +information and this may occur some time after the end of the handshake (or not +at all). This means that applications should expect the \fBnew_session_cb()\fR +function to be invoked during the handshake (for <= TLSv1.2) or after the +handshake (for TLSv1.3). It is also possible in TLSv1.3 for multiple sessions to +be established with a single connection. In these case the \fBnew_session_cb()\fR +function will be invoked multiple times. +.PP +In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for +resumption once. One way of enforcing that is for applications to call +\&\fBSSL_CTX_remove_session\fR\|(3) after a session has been used. +.PP +The \fBremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session +from the internal cache. This happens when the session is removed because +it is expired or when a connection was not shutdown cleanly. It also happens +for all sessions in the internal session cache when +\&\fBSSL_CTX_free\fR\|(3) is called. The \fBremove_session_cb()\fR is passed +the \fBctx\fR and the ssl session \fBsess\fR. It does not provide any feedback. +.PP +The \fBget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id +proposed by the client. The \fBget_session_cb()\fR is always called, also when +session caching was disabled. The \fBget_session_cb()\fR is passed the +\&\fBssl\fR connection, the session id of length \fBlength\fR at the memory location +\&\fBdata\fR. With the parameter \fBcopy\fR the callback can require the +\&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object, +Normally the reference count is not incremented and therefore the +session must not be explicitly freed with +\&\fBSSL_SESSION_free\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_sess_get_new_cb()\fR, \fBSSL_CTX_sess_get_remove_cb()\fR and \fBSSL_CTX_sess_get_get_cb()\fR +return different callback function pointers respectively. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 new file mode 100644 index 000000000000..d20de0f09b21 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_sessions.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SESSIONS 3" +.TH SSL_CTX_SESSIONS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_sessions \- access internal session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the +internal session cache for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The sessions in the internal session cache are kept in an +\&\s-1\fBLHASH\s0\fR\|(3) type database. It is possible to directly +access this database e.g. for searching. In parallel, the sessions +form a linked list which is maintained separately from the +\&\s-1\fBLHASH\s0\fR\|(3) operations, so that the database must not be +modified directly but by using the +\&\fBSSL_CTX_add_session\fR\|(3) family of functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_sessions()\fR returns a pointer to the lhash of \fB\s-1SSL_SESSION\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \s-1\fBLHASH\s0\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 new file mode 100644 index 000000000000..f123d0a00359 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set0_CA_list.3 @@ -0,0 +1,307 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET0_CA_LIST 3" +.TH SSL_CTX_SET0_CA_LIST 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_get_client_CA_list, SSL_CTX_get_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA, SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list, SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list, SSL_get0_peer_CA_list \&\- get or set CA list +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); +\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); +\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); +\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); +\& int SSL_add_client_CA(SSL *ssl, X509 *cacert); +\& +\& void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +\& void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +\& const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); +\& const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); +\& int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); +\& int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); +\& +\& const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions described here set and manage the list of \s-1CA\s0 names that are sent +between two communicating peers. +.PP +For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the +server to the client when requesting a client certificate. So any list of \s-1CA\s0 +names set is never sent from client to server and the list of \s-1CA\s0 names retrieved +by \fBSSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. +.PP +For \s-1TLS 1.3\s0 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR +extension and may be sent by a client (in the ClientHello message) or by +a server (when requesting a certificate). +.PP +In most cases it is not necessary to set \s-1CA\s0 names on the client side. The list +of \s-1CA\s0 names that are acceptable to the client will be sent in plaintext to the +server. This has privacy implications and may also have performance implications +if the list is large. This optional capability was introduced as part of TLSv1.3 +and therefore setting \s-1CA\s0 names on the client side will have no impact if that +protocol version has been disabled. Most servers do not need this and so this +should be avoided unless required. +.PP +The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the +server side. +.PP +\&\fBSSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for \fBctx\fR. Ownership of \fBlist\fR is transferred +to \fBctx\fR and it should not be freed by the caller. +.PP +\&\fBSSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for the chosen \fBssl\fR, overriding the +setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred +to \fBs\fR and it should not be freed by the caller. +.PP +\&\fBSSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for +\&\fBctx\fR using \fBSSL_CTX_set_client_CA_list()\fR. The returned list should not be freed +by the caller. +.PP +\&\fBSSL_get_client_CA_list()\fR returns the list of client CAs explicitly +set for \fBssl\fR using \fBSSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with +\&\fBSSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, +SSL_get_client_CA_list returns the list of client CAs sent from the server, if +any. The returned list should not be freed by the caller. +.PP +\&\fBSSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +\&\fBctx\fR. +.PP +\&\fBSSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +.PP +\&\fBSSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer +has sent. This can be called on either the server or the client side. The +returned list should not be freed by the caller. +.PP +The \*(L"generic \s-1CA\s0 list\*(R" functions below are very similar to the \*(L"client \s-1CA\s0 +list\*(R" functions except that they have an effect on both the server and client +sides. The lists of \s-1CA\s0 names managed are separate \- so you cannot (for example) +set \s-1CA\s0 names using the \*(L"client \s-1CA\s0 list\*(R" functions and then get them using the +\&\*(L"generic \s-1CA\s0 list\*(R" functions. Where a mix of the two types of functions has been +used on the server side then the \*(L"client \s-1CA\s0 list\*(R" functions take precedence. +Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions should be used in +preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on +the client side. +.PP +\&\fBSSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to +\&\fBname_list\fR. Ownership of \fBname_list\fR is transferred to \fBctx\fR and +it should not be freed by the caller. +.PP +\&\fBSSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR +overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership of +\&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller. +.PP +\&\fBSSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBctx\fR. The returned list should not be freed by the caller. +.PP +\&\fBSSL_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The +returned list should not be freed by the caller. +.PP +\&\fBSSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +list of CAs sent to peer for \fBctx\fR. +.PP +\&\fBSSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent +\&\fB\s-1SSL_CTX\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +When a \s-1TLS/SSL\s0 server requests a client certificate (see +\&\fB\fBSSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept +certificates, to the client. +.PP +This list must explicitly be set using \fBSSL_CTX_set_client_CA_list()\fR or +\&\fBSSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fBSSL_set_client_CA_list()\fR or +\&\fBSSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified +overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR +only contains the names, not the complete certificates); use +\&\fBSSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. +.PP +If the list of acceptable CAs is compiled in a file, the +\&\fBSSL_load_client_CA_file\fR\|(3) function can be used to help to import the +necessary data. +.PP +\&\fBSSL_CTX_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR, \fBSSL_add_client_CA()\fR and +\&\fBSSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no +list was specified before using \fBSSL_CTX_set_client_CA_list()\fR, +\&\fBSSL_CTX_set0_CA_list()\fR, \fBSSL_set_client_CA_list()\fR or \fBSSL_set0_CA_list()\fR, a +new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, +\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, \fBSSL_CTX_set0_CA_list()\fR +and \fBSSL_set0_CA_list()\fR do not return a value. +.PP +\&\fBSSL_CTX_get_client_CA_list()\fR, \fBSSL_get_client_CA_list()\fR, \fBSSL_CTX_get0_CA_list()\fR +and \fBSSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are +set. +.PP +\&\fBSSL_CTX_add_client_CA()\fR,\fBSSL_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR and +\&\fBSSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. +.PP +\&\fBSSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or +\&\fB\s-1NULL\s0\fR or an empty stack if no list was sent. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: +.PP +.Vb 1 +\& SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_load_client_CA_file\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 new file mode 100644 index 000000000000..7999810c736d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3 @@ -0,0 +1,238 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_CURVES 3" +.TH SSL_CTX_SET1_CURVES 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set1_groups, SSL_CTX_set1_groups_list, SSL_set1_groups, SSL_set1_groups_list, SSL_get1_groups, SSL_get_shared_group, SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve \&\- EC supported curve functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen); +\& int SSL_CTX_set1_groups_list(SSL_CTX *ctx, char *list); +\& +\& int SSL_set1_groups(SSL *ssl, int *glist, int glistlen); +\& int SSL_set1_groups_list(SSL *ssl, char *list); +\& +\& int SSL_get1_groups(SSL *ssl, int *groups); +\& int SSL_get_shared_group(SSL *s, int n); +\& +\& int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); +\& int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); +\& +\& int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); +\& int SSL_set1_curves_list(SSL *ssl, char *list); +\& +\& int SSL_get1_curves(SSL *ssl, int *curves); +\& int SSL_get_shared_curve(SSL *s, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +For all of the functions below that set the supported groups there must be at +least one group in the list. +.PP +\&\fBSSL_CTX_set1_groups()\fR sets the supported groups for \fBctx\fR to \fBglistlen\fR +groups in the array \fBglist\fR. The array consist of all NIDs of groups in +preference order. For a \s-1TLS\s0 client the groups are used directly in the +supported groups extension. For a \s-1TLS\s0 server the groups are used to +determine the set of shared groups. +.PP +\&\fBSSL_CTX_set1_groups_list()\fR sets the supported groups for \fBctx\fR to +string \fBlist\fR. The string is a colon separated list of group NIDs or +names, for example \*(L"P\-521:P\-384:P\-256\*(R". +.PP +\&\fBSSL_set1_groups()\fR and \fBSSL_set1_groups_list()\fR are similar except they set +supported groups for the \s-1SSL\s0 structure \fBssl\fR. +.PP +\&\fBSSL_get1_groups()\fR returns the set of supported groups sent by a client +in the supported groups extension. It returns the total number of +supported groups. The \fBgroups\fR parameter can be \fB\s-1NULL\s0\fR to simply +return the number of groups for memory allocation purposes. The +\&\fBgroups\fR array is in the form of a set of group NIDs in preference +order. It can return zero if the client did not send a supported groups +extension. +.PP +\&\fBSSL_get_shared_group()\fR returns shared group \fBn\fR for a server-side +\&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared groups is +returned, which may be zero. Other than for diagnostic purposes, +most applications will only be interested in the first shared group +so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range, +NID_undef is returned. +.PP +All these functions are implemented as macros. +.PP +The curve functions are synonyms for the equivalently named group functions and +are identical in every respect. They exist because, prior to \s-1TLS1.3,\s0 there was +only the concept of supported curves. In \s-1TLS1.3\s0 this was renamed to supported +groups, and extended to include Diffie Hellman groups. The group functions +should be used in preference. +.SH "NOTES" +.IX Header "NOTES" +If an application wishes to make use of several of these functions for +configuration purposes either on a command line or in a file it should +consider using the \s-1SSL_CONF\s0 interface instead of manually parsing options. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set1_groups()\fR, \fBSSL_CTX_set1_groups_list()\fR, \fBSSL_set1_groups()\fR and +\&\fBSSL_set1_groups_list()\fR, return 1 for success and 0 for failure. +.PP +\&\fBSSL_get1_groups()\fR returns the number of groups, which may be zero. +.PP +\&\fBSSL_get_shared_group()\fR returns the \s-1NID\s0 of shared group \fBn\fR or NID_undef if there +is no shared group \fBn\fR; or the total number of shared groups if \fBn\fR +is \-1. +.PP +When called on a client \fBssl\fR, \fBSSL_get_shared_group()\fR has no meaning and +returns \-1. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The curve functions were added in OpenSSL 1.0.2. The equivalent group +functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 new file mode 100644 index 000000000000..9dd61cd9bc97 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_sigalgs.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_SIGALGS 3" +.TH SSL_CTX_SET1_SIGALGS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set1_sigalgs, SSL_set1_sigalgs, SSL_CTX_set1_sigalgs_list, SSL_set1_sigalgs_list, SSL_CTX_set1_client_sigalgs, SSL_set1_client_sigalgs, SSL_CTX_set1_client_sigalgs_list, SSL_set1_client_sigalgs_list \- set supported signature algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set1_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); +\& long SSL_set1_sigalgs(SSL *ssl, const int *slist, long slistlen); +\& long SSL_CTX_set1_sigalgs_list(SSL_CTX *ctx, const char *str); +\& long SSL_set1_sigalgs_list(SSL *ssl, const char *str); +\& +\& long SSL_CTX_set1_client_sigalgs(SSL_CTX *ctx, const int *slist, long slistlen); +\& long SSL_set1_client_sigalgs(SSL *ssl, const int *slist, long slistlen); +\& long SSL_CTX_set1_client_sigalgs_list(SSL_CTX *ctx, const char *str); +\& long SSL_set1_client_sigalgs_list(SSL *ssl, const char *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set1_sigalgs()\fR and \fBSSL_set1_sigalgs()\fR set the supported signature +algorithms for \fBctx\fR or \fBssl\fR. The array \fBslist\fR of length \fBslistlen\fR +must consist of pairs of NIDs corresponding to digest and public key +algorithms. +.PP +\&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR set the supported +signature algorithms for \fBctx\fR or \fBssl\fR. The \fBstr\fR parameter +must be a null terminated string consisting of a colon separated list of +elements, where each element is either a combination of a public key +algorithm and a digest separated by \fB+\fR, or a \s-1TLS 1\s0.3\-style named +SignatureScheme such as rsa_pss_pss_sha256. +.PP +\&\fBSSL_CTX_set1_client_sigalgs()\fR, \fBSSL_set1_client_sigalgs()\fR, +\&\fBSSL_CTX_set1_client_sigalgs_list()\fR and \fBSSL_set1_client_sigalgs_list()\fR set +signature algorithms related to client authentication, otherwise they are +identical to \fBSSL_CTX_set1_sigalgs()\fR, \fBSSL_set1_sigalgs()\fR, +\&\fBSSL_CTX_set1_sigalgs_list()\fR and \fBSSL_set1_sigalgs_list()\fR. +.PP +All these functions are implemented as macros. The signature algorithm +parameter (integer array or string) is not freed: the application should +free it, if necessary. +.SH "NOTES" +.IX Header "NOTES" +If an application wishes to allow the setting of signature algorithms +as one of many user configurable options it should consider using the more +flexible \s-1SSL_CONF API\s0 instead. +.PP +The signature algorithms set by a client are used directly in the supported +signature algorithm in the client hello message. +.PP +The supported signature algorithms set by a server are not sent to the +client but are used to determine the set of shared signature algorithms +and (if server preferences are set with \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0) +their order. +.PP +The client authentication signature algorithms set by a server are sent +in a certificate request message if client authentication is enabled, +otherwise they are unused. +.PP +Similarly client authentication signature algorithms set by a client are +used to determined the set of client authentication shared signature +algorithms. +.PP +Signature algorithms will neither be advertised nor used if the security level +prohibits them (for example \s-1SHA1\s0 if the security level is 4 or more). +.PP +Currently the NID_md5, NID_sha1, NID_sha224, NID_sha256, NID_sha384 and +NID_sha512 digest NIDs are supported and the public key algorithm NIDs +\&\s-1EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_DSA\s0 and \s-1EVP_PKEY_EC.\s0 +.PP +The short or long name values for digests can be used in a string (for +example \*(L"\s-1MD5\*(R", \*(L"SHA1\*(R", \*(L"SHA224\*(R", \*(L"SHA256\*(R", \*(L"SHA384\*(R", \*(L"SHA512\*(R"\s0) and +the public key algorithm strings \*(L"\s-1RSA\*(R",\s0 \*(L"RSA-PSS\*(R", \*(L"\s-1DSA\*(R"\s0 or \*(L"\s-1ECDSA\*(R".\s0 +.PP +The \s-1TLS 1.3\s0 signature scheme names (such as \*(L"rsa_pss_pss_sha256\*(R") can also +be used with the \fB_list\fR forms of the \s-1API.\s0 +.PP +The use of \s-1MD5\s0 as a digest is strongly discouraged due to security weaknesses. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 +using an array: +.PP +.Vb 1 +\& const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA}; +\& +\& SSL_CTX_set1_sigalgs(ctx, slist, 4); +.Ve +.PP +Set supported signature algorithms to \s-1SHA256\s0 with \s-1ECDSA\s0 and \s-1SHA256\s0 with \s-1RSA\s0 +using a string: +.PP +.Vb 1 +\& SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256"); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_shared_sigalgs\fR\|(3), +\&\fBSSL_CONF_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 new file mode 100644 index 000000000000..ecae59de70f0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set1_verify_cert_store.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET1_VERIFY_CERT_STORE 3" +.TH SSL_CTX_SET1_VERIFY_CERT_STORE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, SSL_set0_chain_cert_store, SSL_set1_chain_cert_store \- set certificate verification or chain store +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); +\& +\& int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); +\& int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set0_verify_cert_store()\fR and \fBSSL_CTX_set1_verify_cert_store()\fR +set the certificate store used for certificate verification to \fBst\fR. +.PP +\&\fBSSL_CTX_set0_chain_cert_store()\fR and \fBSSL_CTX_set1_chain_cert_store()\fR +set the certificate store used for certificate chain building to \fBst\fR. +.PP +\&\fBSSL_set0_verify_cert_store()\fR, \fBSSL_set1_verify_cert_store()\fR, +\&\fBSSL_set0_chain_cert_store()\fR and \fBSSL_set1_chain_cert_store()\fR are similar +except they apply to \s-1SSL\s0 structure \fBssl\fR. +.PP +All these functions are implemented as macros. Those containing a \fB1\fR +increment the reference count of the supplied store so it must +be freed at some point after the operation. Those containing a \fB0\fR do +not increment reference counts and the supplied store \fB\s-1MUST NOT\s0\fR be freed +after the operation. +.SH "NOTES" +.IX Header "NOTES" +The stores pointers associated with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 +structures when \fBSSL_new()\fR is called. As a result \s-1SSL\s0 structures will not be +affected if the parent \s-1SSL_CTX\s0 store pointer is set to a new value. +.PP +The verification store is used to verify the certificate chain sent by the +peer: that is an \s-1SSL/TLS\s0 client will use the verification store to verify +the server's certificate chain and a \s-1SSL/TLS\s0 server will use it to verify +any client certificate chain. +.PP +The chain store is used to build the certificate chain. +.PP +If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set or a certificate chain is +configured already (for example using the functions such as +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) or +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)) then +automatic chain building is disabled. +.PP +If the mode \fB\s-1SSL_MODE_NO_AUTO_CHAIN\s0\fR is set then automatic chain building +is disabled. +.PP +If the chain or the verification store is not set then the store associated +with the parent \s-1SSL_CTX\s0 is used instead to retain compatibility with previous +versions of OpenSSL. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_set0_chain\fR\|(3) +\&\fBSSL_CTX_set1_chain\fR\|(3) +\&\fBSSL_CTX_add0_chain_cert\fR\|(3) +\&\fBSSL_CTX_add1_chain_cert\fR\|(3) +\&\fBSSL_set0_chain\fR\|(3) +\&\fBSSL_set1_chain\fR\|(3) +\&\fBSSL_add0_chain_cert\fR\|(3) +\&\fBSSL_add1_chain_cert\fR\|(3) +\&\fBSSL_CTX_build_cert_chain\fR\|(3) +\&\fBSSL_build_cert_chain\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 new file mode 100644 index 000000000000..6bfbd20db37d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_alpn_select_cb.3 @@ -0,0 +1,314 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_ALPN_SELECT_CB 3" +.TH SSL_CTX_SET_ALPN_SELECT_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_alpn_protos, SSL_set_alpn_protos, SSL_CTX_set_alpn_select_cb, SSL_CTX_set_next_proto_select_cb, SSL_CTX_set_next_protos_advertised_cb, SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated \&\- handle application layer protocol negotiation (ALPN) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, +\& unsigned int protos_len); +\& int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, +\& unsigned int protos_len); +\& void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, +\& int (*cb) (SSL *ssl, +\& const unsigned char **out, +\& unsigned char *outlen, +\& const unsigned char *in, +\& unsigned int inlen, +\& void *arg), void *arg); +\& void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, +\& unsigned int *len); +\& +\& void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, +\& int (*cb)(SSL *ssl, +\& const unsigned char **out, +\& unsigned int *outlen, +\& void *arg), +\& void *arg); +\& void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, +\& int (*cb)(SSL *s, +\& unsigned char **out, +\& unsigned char *outlen, +\& const unsigned char *in, +\& unsigned int inlen, +\& void *arg), +\& void *arg); +\& int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, +\& const unsigned char *server, +\& unsigned int server_len, +\& const unsigned char *client, +\& unsigned int client_len) +\& void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, +\& unsigned *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR are used by the client to +set the list of protocols available to be negotiated. The \fBprotos\fR must be in +protocol-list format, described below. The length of \fBprotos\fR is specified in +\&\fBprotos_len\fR. +.PP +\&\fBSSL_CTX_set_alpn_select_cb()\fR sets the application callback \fBcb\fR used by a +server to select which protocol to use for the incoming connection. When \fBcb\fR +is \s-1NULL, ALPN\s0 is not used. The \fBarg\fR value is a pointer which is passed to +the application callback. +.PP +\&\fBcb\fR is the application defined callback. The \fBin\fR, \fBinlen\fR parameters are a +vector in protocol-list format. The value of the \fBout\fR, \fBoutlen\fR vector +should be set to the value of a single protocol selected from the \fBin\fR, +\&\fBinlen\fR vector. The \fBout\fR buffer may point directly into \fBin\fR, or to a +buffer that outlives the handshake. The \fBarg\fR parameter is the pointer set via +\&\fBSSL_CTX_set_alpn_select_cb()\fR. +.PP +\&\fBSSL_select_next_proto()\fR is a helper function used to select protocols. It +implements the standard protocol selection. It is expected that this function +is called from the application callback \fBcb\fR. The protocol data in \fBserver\fR, +\&\fBserver_len\fR and \fBclient\fR, \fBclient_len\fR must be in the protocol-list format +described below. The first item in the \fBserver\fR, \fBserver_len\fR list that +matches an item in the \fBclient\fR, \fBclient_len\fR list is selected, and returned +in \fBout\fR, \fBoutlen\fR. The \fBout\fR value will point into either \fBserver\fR or +\&\fBclient\fR, so it should be copied immediately. If no match is found, the first +item in \fBclient\fR, \fBclient_len\fR is returned in \fBout\fR, \fBoutlen\fR. This +function can also be used in the \s-1NPN\s0 callback. +.PP +\&\fBSSL_CTX_set_next_proto_select_cb()\fR sets a callback \fBcb\fR that is called when a +client needs to select a protocol from the server's provided list, and a +user-defined pointer argument \fBarg\fR which will be passed to this callback. +For the callback itself, \fBout\fR +must be set to point to the selected protocol (which may be within \fBin\fR). +The length of the protocol name must be written into \fBoutlen\fR. The +server's advertised protocols are provided in \fBin\fR and \fBinlen\fR. The +callback can assume that \fBin\fR is syntactically valid. The client must +select a protocol. It is fatal to the connection if this callback returns +a value other than \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR. The \fBarg\fR parameter is the pointer +set via \fBSSL_CTX_set_next_proto_select_cb()\fR. +.PP +\&\fBSSL_CTX_set_next_protos_advertised_cb()\fR sets a callback \fBcb\fR that is called +when a \s-1TLS\s0 server needs a list of supported protocols for Next Protocol +Negotiation. The returned list must be in protocol-list format, described +below. The list is +returned by setting \fBout\fR to point to it and \fBoutlen\fR to its length. This +memory will not be modified, but the \fB\s-1SSL\s0\fR does keep a +reference to it. The callback should return \fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it +wishes to advertise. Otherwise, no such extension will be included in the +ServerHello. +.PP +\&\fBSSL_get0_alpn_selected()\fR returns a pointer to the selected protocol in \fBdata\fR +with length \fBlen\fR. It is not NUL-terminated. \fBdata\fR is set to \s-1NULL\s0 and \fBlen\fR +is set to 0 if no protocol has been selected. \fBdata\fR must not be freed. +.PP +\&\fBSSL_get0_next_proto_negotiated()\fR sets \fBdata\fR and \fBlen\fR to point to the +client's requested protocol for this connection. If the client did not +request any protocol or \s-1NPN\s0 is not enabled, then \fBdata\fR is set to \s-1NULL\s0 and +\&\fBlen\fR to 0. Note that +the client can request any protocol it chooses. The value returned from +this function need not be a member of the list of supported protocols +provided by the callback. +.SH "NOTES" +.IX Header "NOTES" +The protocol-lists must be in wire-format, which is defined as a vector of +non-empty, 8\-bit length-prefixed, byte strings. The length-prefix byte is not +included in the length. Each string is limited to 255 bytes. A byte-string +length of 0 is invalid. A truncated byte-string is invalid. The length of the +vector is not in the vector itself, but in a separate variable. +.PP +Example: +.PP +.Vb 5 +\& unsigned char vector[] = { +\& 6, \*(Aqs\*(Aq, \*(Aqp\*(Aq, \*(Aqd\*(Aq, \*(Aqy\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, +\& 8, \*(Aqh\*(Aq, \*(Aqt\*(Aq, \*(Aqt\*(Aq, \*(Aqp\*(Aq, \*(Aq/\*(Aq, \*(Aq1\*(Aq, \*(Aq.\*(Aq, \*(Aq1\*(Aq +\& }; +\& unsigned int length = sizeof(vector); +.Ve +.PP +The \s-1ALPN\s0 callback is executed after the servername callback; as that servername +callback may update the \s-1SSL_CTX,\s0 and subsequently, the \s-1ALPN\s0 callback. +.PP +If there is no \s-1ALPN\s0 proposed in the ClientHello, the \s-1ALPN\s0 callback is not +invoked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_alpn_protos()\fR and \fBSSL_set_alpn_protos()\fR return 0 on success, and +non\-0 on failure. \s-1WARNING:\s0 these functions reverse the return value convention. +.PP +\&\fBSSL_select_next_proto()\fR returns one of the following: +.IP "\s-1OPENSSL_NPN_NEGOTIATED\s0" 4 +.IX Item "OPENSSL_NPN_NEGOTIATED" +A match was found and is returned in \fBout\fR, \fBoutlen\fR. +.IP "\s-1OPENSSL_NPN_NO_OVERLAP\s0" 4 +.IX Item "OPENSSL_NPN_NO_OVERLAP" +No match was found. The first item in \fBclient\fR, \fBclient_len\fR is returned in +\&\fBout\fR, \fBoutlen\fR. +.PP +The \s-1ALPN\s0 select callback \fBcb\fR, must return one of the following: +.IP "\s-1SSL_TLSEXT_ERR_OK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_OK" +\&\s-1ALPN\s0 protocol selected. +.IP "\s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0" 4 +.IX Item "SSL_TLSEXT_ERR_ALERT_FATAL" +There was no overlap between the client's supplied list and the server +configuration. +.IP "\s-1SSL_TLSEXT_ERR_NOACK\s0" 4 +.IX Item "SSL_TLSEXT_ERR_NOACK" +\&\s-1ALPN\s0 protocol not selected, e.g., because no \s-1ALPN\s0 protocols are configured for +this connection. +.PP +The callback set using \fBSSL_CTX_set_next_proto_select_cb()\fR should return +\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if successful. Any other value is fatal to the connection. +.PP +The callback set using \fBSSL_CTX_set_next_protos_advertised_cb()\fR should return +\&\fB\s-1SSL_TLSEXT_ERR_OK\s0\fR if it wishes to advertise. Otherwise, no such extension +will be included in the ServerHello. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), +\&\fBSSL_CTX_set_tlsext_servername_arg\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 new file mode 100644 index 000000000000..b2cee6af31bb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_cb.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_CB 3" +.TH SSL_CTX_SET_CERT_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_cb, SSL_set_cert_cb \- handle certificate callback function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), +\& void *arg); +\& void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); +\& +\& int (*cert_cb)(SSL *ssl, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR sets the \fBcert_cb()\fR callback, +\&\fBarg\fR value is pointer which is passed to the application callback. +.PP +When \fBcert_cb()\fR is \s-1NULL,\s0 no callback function is used. +.PP +\&\fBcert_cb()\fR is the application defined callback. It is called before a +certificate will be used by a client or server. The callback can then inspect +the passed \fBssl\fR structure and set or clear any appropriate certificates. If +the callback is successful it \fB\s-1MUST\s0\fR return 1 even if no certificates have +been set. A zero is returned on error which will abort the handshake with a +fatal internal error alert. A negative return value will suspend the handshake +and the handshake function will return immediately. +\&\fBSSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to +indicate, that the handshake was suspended. The next call to the handshake +function will again lead to the call of \fBcert_cb()\fR. It is the job of the +\&\fBcert_cb()\fR to store information about the state of the last call, +if required to continue. +.SH "NOTES" +.IX Header "NOTES" +An application will typically call \fBSSL_use_certificate()\fR and +\&\fBSSL_use_PrivateKey()\fR to set the end entity certificate and private key. +It can add intermediate and optionally the root \s-1CA\s0 certificates using +\&\fBSSL_add1_chain_cert()\fR. +.PP +It might also call \fBSSL_certs_clear()\fR to delete any certificates associated +with the \fB\s-1SSL\s0\fR object. +.PP +The certificate callback functionality supersedes the (largely broken) +functionality provided by the old client certificate callback interface. +It is \fBalways\fR called even is a certificate is already set so the callback +can modify or delete the existing certificate. +.PP +A more advanced callback might examine the handshake parameters and set +whatever chain is appropriate. For example a legacy client supporting only +TLSv1.0 might receive a certificate chain signed using \s-1SHA1\s0 whereas a +TLSv1.2 or later client which advertises support for \s-1SHA256\s0 could receive a +chain using \s-1SHA256.\s0 +.PP +Normal server sanity checks are performed on any certificates set +by the callback. So if an \s-1EC\s0 chain is set for a curve the client does not +support it will \fBnot\fR be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_cert_cb()\fR and \fBSSL_set_cert_cb()\fR do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_use_certificate\fR\|(3), +\&\fBSSL_add1_chain_cert\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 new file mode 100644 index 000000000000..50afa6b0a815 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_store.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_STORE 3" +.TH SSL_CTX_SET_CERT_STORE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_store, SSL_CTX_set1_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); +\& void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); +\& X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage +of \fBctx\fR to/with \fBstore\fR. If another X509_STORE object is currently +set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. +.PP +\&\fBSSL_CTX_set1_cert_store()\fR sets/replaces the certificate verification storage +of \fBctx\fR to/with \fBstore\fR. The \fBstore\fR's reference count is incremented. +If another X509_STORE object is currently set in \fBctx\fR, it will be \fBX509_STORE_free()\fRed. +.PP +\&\fBSSL_CTX_get_cert_store()\fR returns a pointer to the current certificate +verification storage. +.SH "NOTES" +.IX Header "NOTES" +In order to verify the certificates presented by the peer, trusted \s-1CA\s0 +certificates must be accessed. These \s-1CA\s0 certificates are made available +via lookup methods, handled inside the X509_STORE. From the X509_STORE +the X509_STORE_CTX used when verifying certificates is created. +.PP +Typically the trusted certificate store is handled indirectly via using +\&\fBSSL_CTX_load_verify_locations\fR\|(3). +Using the \fBSSL_CTX_set_cert_store()\fR and \fBSSL_CTX_get_cert_store()\fR functions +it is possible to manipulate the X509_STORE object beyond the +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +call. +.PP +Currently no detailed documentation on how to use the X509_STORE +object is available. Not all members of the X509_STORE are used when +the verification takes place. So will e.g. the \fBverify_callback()\fR be +overridden with the \fBverify_callback()\fR set via the +\&\fBSSL_CTX_set_verify\fR\|(3) family of functions. +This document must therefore be updated when documentation about the +X509_STORE object and its handling becomes available. +.PP +\&\fBSSL_CTX_set_cert_store()\fR does not increment the \fBstore\fR's reference +count, so it should not be used to assign an X509_STORE that is owned +by another \s-1SSL_CTX.\s0 +.PP +To share X509_STOREs between two SSL_CTXs, use \fBSSL_CTX_get_cert_store()\fR +to get the X509_STORE from the first \s-1SSL_CTX,\s0 and then use +\&\fBSSL_CTX_set1_cert_store()\fR to assign to the second \s-1SSL_CTX\s0 and +increment the reference count of the X509_STORE. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +The X509_STORE structure used by an \s-1SSL_CTX\s0 is used for verifying peer +certificates and building certificate chains, it is also shared by +every child \s-1SSL\s0 structure. Applications wanting finer control can use +functions such as \fBSSL_CTX_set1_verify_cert_store()\fR instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_cert_store()\fR does not return diagnostic output. +.PP +\&\fBSSL_CTX_set1_cert_store()\fR does not return diagnostic output. +.PP +\&\fBSSL_CTX_get_cert_store()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 new file mode 100644 index 000000000000..79339b0eb09b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cert_verify_callback.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 3" +.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, +\& int (*callback)(X509_STORE_CTX *, void *), +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for +\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at +the time when \fBSSL_new\fR\|(3) is called. +.SH "NOTES" +.IX Header "NOTES" +Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification +function is called. If the application does not explicitly specify a +verification callback function, the built-in verification function is used. +If a verification callback \fIcallback\fR is specified via +\&\fBSSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called +instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored. +.PP +When the verification must be performed, \fIcallback\fR will be called with +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +argument \fIarg\fR is specified by the application when setting \fIcallback\fR. +.PP +\&\fIcallback\fR should return 1 to indicate verification success and 0 to +indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR +returns 0, the handshake will fail. As the verification procedure may +allow the connection to continue in the case of failure (by always +returning 1) the verification result must be set in any case using the +\&\fBerror\fR member of \fIx509_store_ctx\fR so that the calling application +will be informed about the detailed result of the verification procedure! +.PP +Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR +function set using \fBSSL_CTX_set_verify\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_cert_verify_callback()\fR does not return a value. +.SH "WARNINGS" +.IX Header "WARNINGS" +Do not mix the verification callback described in this function with the +\&\fBverify_callback\fR function called during the verification process. The +latter is set using the \fBSSL_CTX_set_verify\fR\|(3) +family of functions. +.PP +Providing a complete verification procedure including certificate purpose +settings etc is a complex task. The built-in procedure is quite powerful +and in most cases it should be sufficient to modify its behaviour using +the \fBverify_callback\fR function. +.SH "BUGS" +.IX Header "BUGS" +\&\fBSSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 new file mode 100644 index 000000000000..8d43da2e06fb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_cipher_list.3 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CIPHER_LIST 3" +.TH SSL_CTX_SET_CIPHER_LIST 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_cipher_list, SSL_set_cipher_list, SSL_CTX_set_ciphersuites, SSL_set_ciphersuites \&\- choose list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); +\& int SSL_set_cipher_list(SSL *ssl, const char *str); +\& +\& int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +\& int SSL_set_ciphersuites(SSL *s, const char *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cipher_list()\fR sets the list of available ciphers (TLSv1.2 and below) +for \fBctx\fR using the control string \fBstr\fR. The format of the string is described +in \fBciphers\fR\|(1). The list of ciphers is inherited by all +\&\fBssl\fR objects created from \fBctx\fR. This function does not impact TLSv1.3 +ciphersuites. Use \fBSSL_CTX_set_ciphersuites()\fR to configure those. +.PP +\&\fBSSL_set_cipher_list()\fR sets the list of ciphers (TLSv1.2 and below) only for +\&\fBssl\fR. +.PP +\&\fBSSL_CTX_set_ciphersuites()\fR is used to configure the available TLSv1.3 +ciphersuites for \fBctx\fR. This is a simple colon (\*(L":\*(R") separated list of TLSv1.3 +ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are: +.IP "\s-1TLS_AES_128_GCM_SHA256\s0" 4 +.IX Item "TLS_AES_128_GCM_SHA256" +.PD 0 +.IP "\s-1TLS_AES_256_GCM_SHA384\s0" 4 +.IX Item "TLS_AES_256_GCM_SHA384" +.IP "\s-1TLS_CHACHA20_POLY1305_SHA256\s0" 4 +.IX Item "TLS_CHACHA20_POLY1305_SHA256" +.IP "\s-1TLS_AES_128_CCM_SHA256\s0" 4 +.IX Item "TLS_AES_128_CCM_SHA256" +.IP "\s-1TLS_AES_128_CCM_8_SHA256\s0" 4 +.IX Item "TLS_AES_128_CCM_8_SHA256" +.PD +.PP +An empty list is permissible. The default value for the this setting is: +.PP +\&\*(L"\s-1TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256\*(R"\s0 +.PP +\&\fBSSL_set_ciphersuites()\fR is the same as \fBSSL_CTX_set_ciphersuites()\fR except it +configures the ciphersuites for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The control string \fBstr\fR for \fBSSL_CTX_set_cipher_list()\fR and +\&\fBSSL_set_cipher_list()\fR should be universally usable and not depend +on details of the library configuration (ciphers compiled in). Thus no +syntax checking takes place. Items that are not recognized, because the +corresponding ciphers are not compiled in or because they are mistyped, +are simply ignored. Failure is only flagged if no ciphers could be collected +at all. +.PP +It should be noted, that inclusion of a cipher to be used into the list is +a necessary condition. On the client side, the inclusion into the list is +also sufficient unless the security level excludes it. On the server side, +additional restrictions apply. All ciphers have additional requirements. +\&\s-1ADH\s0 ciphers don't need a certificate, but DH-parameters must have been set. +All other ciphers need a corresponding certificate and key. +.PP +A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. +\&\s-1RSA\s0 ciphers using \s-1DHE\s0 need a certificate and key and additional DH-parameters +(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). +.PP +A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. +\&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters +(see \fBSSL_CTX_set_tmp_dh_callback\fR\|(3)). +.PP +When these conditions are not met for any cipher in the list (e.g. a +client only supports export \s-1RSA\s0 ciphers with an asymmetric key length +of 512 bits and the server is not configured to use temporary \s-1RSA\s0 +keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated +and the handshake will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_cipher_list()\fR and \fBSSL_set_cipher_list()\fR return 1 if any cipher +could be selected and 0 on complete failure. +.PP +\&\fBSSL_CTX_set_ciphersuites()\fR and \fBSSL_set_ciphersuites()\fR return 1 if the requested +ciphersuite list was configured, and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_ciphers\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBciphers\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 new file mode 100644 index 000000000000..a91cc5e9af9d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_cert_cb.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CLIENT_CERT_CB 3" +.TH SSL_CTX_SET_CLIENT_CERT_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, +\& int (*client_cert_cb)(SSL *ssl, X509 **x509, +\& EVP_PKEY **pkey)); +\& int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, +\& EVP_PKEY **pkey); +\& int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_client_cert_cb()\fR sets the \fBclient_cert_cb()\fR callback, that is +called when a client certificate is requested by a server and no certificate +was yet set for the \s-1SSL\s0 object. +.PP +When \fBclient_cert_cb()\fR is \s-1NULL,\s0 no callback function is used. +.PP +\&\fBSSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback +function. +.PP +\&\fBclient_cert_cb()\fR is the application defined callback. If it wants to +set a certificate, a certificate/private key combination must be set +using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. The +certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. +If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate +will be sent. A negative return value will suspend the handshake and the +handshake function will return immediately. \fBSSL_get_error\fR\|(3) +will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was +suspended. The next call to the handshake function will again lead to the call +of \fBclient_cert_cb()\fR. It is the job of the \fBclient_cert_cb()\fR to store information +about the state of the last call, if required to continue. +.SH "NOTES" +.IX Header "NOTES" +During a handshake (or renegotiation) a server may request a certificate +from the client. A client certificate must only be sent, when the server +did send the request. +.PP +When a certificate was set using the +\&\fBSSL_CTX_use_certificate\fR\|(3) family of functions, +it will be sent to the server. The \s-1TLS\s0 standard requires that only a +certificate is sent, if it matches the list of acceptable CAs sent by the +server. This constraint is violated by the default behavior of the OpenSSL +library. Using the callback function it is possible to implement a proper +selection routine or to allow a user interaction to choose the certificate to +be sent. +.PP +If a callback function is defined and no certificate was yet defined for the +\&\s-1SSL\s0 object, the callback function will be called. +If the callback function returns a certificate, the OpenSSL library +will try to load the private key and certificate data into the \s-1SSL\s0 +object using the \fBSSL_use_certificate()\fR and \fBSSL_use_private_key()\fR functions. +Thus it will permanently install the certificate and key for this \s-1SSL\s0 +object. It will not be reset by calling \fBSSL_clear\fR\|(3). +If the callback returns no certificate, the OpenSSL library will not send +a certificate. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_get_client_cert_cb()\fR returns function pointer of \fBclient_cert_cb()\fR or +\&\s-1NULL\s0 if the callback is not set. +.SH "BUGS" +.IX Header "BUGS" +The \fBclient_cert_cb()\fR cannot return a complete certificate chain, it can +only return one client certificate. If the chain only has a length of 2, +the root \s-1CA\s0 certificate may be omitted according to the \s-1TLS\s0 standard and +thus a standard conforming answer can be sent to the server. For a +longer chain, the client must send the complete chain (with the option +to leave out the root \s-1CA\s0 certificate). This can only be accomplished by +either adding the intermediate \s-1CA\s0 certificates into the trusted +certificate store for the \s-1SSL_CTX\s0 object (resulting in having to add +\&\s-1CA\s0 certificates that otherwise maybe would not be trusted), or by adding +the chain certificates using the +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +function, which is only available for the \s-1SSL_CTX\s0 object as a whole and that +therefore probably can only apply for one client certificate, making +the concept of the callback function (to allow the choice from several +certificates) questionable. +.PP +Once the \s-1SSL\s0 object has been used in conjunction with the callback function, +the certificate will be set for the \s-1SSL\s0 object and will not be cleared +even when \fBSSL_clear\fR\|(3) is being called. It is therefore +mandatory to destroy the \s-1SSL\s0 object using \fBSSL_free\fR\|(3) +and create a new one to return to the previous state. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 new file mode 100644 index 000000000000..1a2b18a81c7c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_client_hello_cb.3 @@ -0,0 +1,262 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CLIENT_HELLO_CB 3" +.TH SSL_CTX_SET_CLIENT_HELLO_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_client_hello_cb, SSL_client_hello_cb_fn, SSL_client_hello_isv2, SSL_client_hello_get0_legacy_version, SSL_client_hello_get0_random, SSL_client_hello_get0_session_id, SSL_client_hello_get0_ciphers, SSL_client_hello_get0_compression_methods, SSL_client_hello_get1_extensions_present, SSL_client_hello_get0_ext \- callback functions for early server\-side ClientHello processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 10 +\& typedef int (*SSL_client_hello_cb_fn)(SSL *s, int *al, void *arg); +\& void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn *f, +\& void *arg); +\& int SSL_client_hello_isv2(SSL *s); +\& unsigned int SSL_client_hello_get0_legacy_version(SSL *s); +\& size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); +\& size_t SSL_client_hello_get0_compression_methods(SSL *s, +\& const unsigned char **out); +\& int SSL_client_hello_get1_extensions_present(SSL *s, int **out, +\& size_t *outlen); +\& int SSL_client_hello_get0_ext(SSL *s, int type, const unsigned char **out, +\& size_t *outlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_client_hello_cb()\fR sets the callback function, which is automatically +called during the early stages of ClientHello processing on the server. +The argument supplied when setting the callback is passed back to the +callback at runtime. A callback that returns failure (0) will cause the +connection to terminate, and callbacks returning failure should indicate +what alert value is to be sent in the \fBal\fR parameter. A callback may +also return a negative value to suspend the handshake, and the handshake +function will return immediately. \fBSSL_get_error\fR\|(3) will return +\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 to indicate that the handshake was suspended. +It is the job of the ClientHello callback to store information about the state +of the last call if needed to continue. On the next call into the handshake +function, the ClientHello callback will be called again, and, if it returns +success, normal handshake processing will continue from that point. +.PP +\&\fBSSL_client_hello_isv2()\fR indicates whether the ClientHello was carried in a +SSLv2 record and is in the SSLv2 format. The SSLv2 format has substantial +differences from the normal SSLv3 format, including using three bytes per +cipher suite, and not allowing extensions. Additionally, the SSLv2 format +\&'challenge' field is exposed via \fBSSL_client_hello_get0_random()\fR, padded to +\&\s-1SSL3_RANDOM_SIZE\s0 bytes with zeros if needed. For SSLv2 format ClientHellos, +\&\fBSSL_client_hello_get0_compression_methods()\fR returns a dummy list that only includes +the null compression method, since the SSLv2 format does not include a +mechanism by which to negotiate compression. +.PP +\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, +\&\fBSSL_client_hello_get0_ciphers()\fR, and +\&\fBSSL_client_hello_get0_compression_methods()\fR provide access to the corresponding +ClientHello fields, returning the field length and optionally setting an out +pointer to the octets of that field. +.PP +Similarly, \fBSSL_client_hello_get0_ext()\fR provides access to individual extensions +from the ClientHello on a per-extension basis. For the provided wire +protocol extension type value, the extension value and length are returned +in the output parameters (if present). +.PP +\&\fBSSL_client_hello_get1_extensions_present()\fR can be used prior to +\&\fBSSL_client_hello_get0_ext()\fR, to determine which extensions are present in the +ClientHello before querying for them. The \fBout\fR and \fBoutlen\fR parameters are +both required, and on success the caller must release the storage allocated for +\&\fB*out\fR using \fBOPENSSL_free()\fR. The contents of \fB*out\fR is an array of integers +holding the numerical value of the \s-1TLS\s0 extension types in the order they appear +in the ClientHello. \fB*outlen\fR contains the number of elements in the array. +In situations when the ClientHello has no extensions, the function will return +success with \fB*out\fR set to \s-1NULL\s0 and \fB*outlen\fR set to 0. +.SH "NOTES" +.IX Header "NOTES" +The ClientHello callback provides a vast window of possibilities for application +code to affect the \s-1TLS\s0 handshake. A primary use of the callback is to +allow the server to examine the server name indication extension provided +by the client in order to select an appropriate certificate to present, +and make other configuration adjustments relevant to that server name +and its configuration. Such configuration changes can include swapping out +the associated \s-1SSL_CTX\s0 pointer, modifying the server's list of permitted \s-1TLS\s0 +versions, changing the server's cipher list in response to the client's +cipher list, etc. +.PP +It is also recommended that applications utilize a ClientHello callback and +not use a servername callback, in order to avoid unexpected behavior that +occurs due to the relative order of processing between things like session +resumption and the historical servername callback. +.PP +The SSL_client_hello_* family of functions may only be called from code executing +within a ClientHello callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The application's supplied ClientHello callback returns +\&\s-1SSL_CLIENT_HELLO_SUCCESS\s0 on success, \s-1SSL_CLIENT_HELLO_ERROR\s0 on failure, and +\&\s-1SSL_CLIENT_HELLO_RETRY\s0 to suspend processing. +.PP +\&\fBSSL_client_hello_isv2()\fR returns 1 for SSLv2\-format ClientHellos and 0 otherwise. +.PP +\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, +\&\fBSSL_client_hello_get0_ciphers()\fR, and +\&\fBSSL_client_hello_get0_compression_methods()\fR return the length of the +corresponding ClientHello fields. If zero is returned, the output pointer +should not be assumed to be valid. +.PP +\&\fBSSL_client_hello_get0_ext()\fR returns 1 if the extension of type 'type' is present, and +0 otherwise. +.PP +\&\fBSSL_client_hello_get1_extensions_present()\fR returns 1 on success and 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_tlsext_servername_callback\fR\|(3), +SSL_bytes_to_cipher_list +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL\s0 ClientHello callback, \fBSSL_client_hello_isv2()\fR, +\&\fBSSL_client_hello_get0_random()\fR, \fBSSL_client_hello_get0_session_id()\fR, +\&\fBSSL_client_hello_get0_ciphers()\fR, \fBSSL_client_hello_get0_compression_methods()\fR, +\&\fBSSL_client_hello_get0_ext()\fR, and \fBSSL_client_hello_get1_extensions_present()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 new file mode 100644 index 000000000000..e0fdf43e2cd3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ct_validation_callback.3 @@ -0,0 +1,271 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3" +.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ssl_ct_validation_cb, SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_disable_ct, SSL_set_ct_validation_callback, SSL_CTX_set_ct_validation_callback, SSL_ct_is_enabled, SSL_CTX_ct_is_enabled \- control Certificate Transparency policy +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, +\& const STACK_OF(SCT) *scts, void *arg); +\& +\& int SSL_enable_ct(SSL *s, int validation_mode); +\& int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); +\& int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, +\& void *arg); +\& int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, +\& ssl_ct_validation_cb callback, +\& void *arg); +\& void SSL_disable_ct(SSL *s); +\& void SSL_CTX_disable_ct(SSL_CTX *ctx); +\& int SSL_ct_is_enabled(const SSL *s); +\& int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_enable_ct()\fR and \fBSSL_CTX_enable_ct()\fR enable the processing of signed +certificate timestamps (SCTs) either for a given \s-1SSL\s0 connection or for all +connections that share the given \s-1SSL\s0 context, respectively. +This is accomplished by setting a built-in \s-1CT\s0 validation callback. +The behaviour of the callback is determined by the \fBvalidation_mode\fR argument, +which can be either of \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR or +\&\fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR as described below. +.PP +If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_STRICT\s0\fR, then in a full +\&\s-1TLS\s0 handshake with the verification mode set to \fB\s-1SSL_VERIFY_PEER\s0\fR, if the peer +presents no valid SCTs the handshake will be aborted. +If the verification mode is \fB\s-1SSL_VERIFY_NONE\s0\fR, the handshake will continue +despite lack of valid SCTs. +However, in that case if the verification status before the built-in callback +was \fBX509_V_OK\fR it will be set to \fBX509_V_ERR_NO_VALID_SCTS\fR after the +callback. +Applications can call \fBSSL_get_verify_result\fR\|(3) to check the status at +handshake completion, even after session resumption since the verification +status is part of the saved session state. +See \fBSSL_set_verify\fR\|(3), <\fBSSL_get_verify_result\fR\|(3)>, \fBSSL_session_reused\fR\|(3). +.PP +If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR, then the +handshake continues, and the verification status is not modified, regardless of +the validation status of any SCTs. +The application can still inspect the validation status of the SCTs at +handshake completion. +Note that with session resumption there will not be any SCTs presented during +the handshake. +Therefore, in applications that delay \s-1SCT\s0 policy enforcement until after +handshake completion, such delayed \s-1SCT\s0 checks should only be performed when the +session is not resumed. +.PP +\&\fBSSL_set_ct_validation_callback()\fR and \fBSSL_CTX_set_ct_validation_callback()\fR +register a custom callback that may implement a different policy than either of +the above. +This callback can examine the peer's SCTs and determine whether they are +sufficient to allow the connection to continue. +The \s-1TLS\s0 handshake is aborted if the verification mode is not \fB\s-1SSL_VERIFY_NONE\s0\fR +and the callback returns a non-positive result. +.PP +An arbitrary callback context argument, \fBarg\fR, can be passed in when setting +the callback. +This will be passed to the callback whenever it is invoked. +Ownership of this context remains with the caller. +.PP +If no callback is set, SCTs will not be requested and Certificate Transparency +validation will not occur. +.PP +No callback will be invoked when the peer presents no certificate, e.g. by +employing an anonymous (aNULL) cipher suite. +In that case the handshake continues as it would had no callback been +requested. +Callbacks are also not invoked when the peer certificate chain is invalid or +validated via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509 +\&\s-1PKI,\s0 or no X.509 \s-1PKI\s0 at all, respectively. +Clients that require SCTs are expected to not have enabled any aNULL ciphers +nor to have specified server verification via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 +records. +.PP +\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether +enabled via the built-in or the custom callbacks, by setting a \s-1NULL\s0 callback. +These may be implemented as macros. +.PP +\&\fBSSL_ct_is_enabled()\fR and \fBSSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is +enabled via either \fBSSL_enable_ct()\fR or a non-null custom callback, and 0 +otherwise. +.SH "NOTES" +.IX Header "NOTES" +When \s-1SCT\s0 processing is enabled, \s-1OCSP\s0 stapling will be enabled. This is because +one possible source of SCTs is the \s-1OCSP\s0 response from a server. +.PP +The time returned by \fBSSL_SESSION_get_time()\fR will be used to evaluate whether any +presented SCTs have timestamps that are in the future (and therefore invalid). +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +Certificate Transparency validation cannot be enabled and so a callback cannot +be set if a custom client extension handler has been registered to handle \s-1SCT\s0 +extensions (\fBTLSEXT_TYPE_signed_certificate_timestamp\fR). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_enable_ct()\fR, \fBSSL_CTX_enable_ct()\fR, \fBSSL_CTX_set_ct_validation_callback()\fR and +\&\fBSSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully +set. +They return 0 if an error occurs, e.g. a custom client extension handler has +been setup to handle SCTs. +.PP +\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR do not return a result. +.PP +\&\fBSSL_CTX_ct_is_enabled()\fR and \fBSSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0 +validation callback is set, or 0 if no callback (or equivalently a \s-1NULL\s0 +callback) is set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +<\fBSSL_get_verify_result\fR\|(3)>, +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_set_verify\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 new file mode 100644 index 000000000000..3bdd74ecebc0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ctlog_list_file.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_CTLOG_LIST_FILE 3" +.TH SSL_CTX_SET_CTLOG_LIST_FILE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_default_ctlog_list_file, SSL_CTX_set_ctlog_list_file \- load a Certificate Transparency log list from a file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); +\& int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_default_ctlog_list_file()\fR loads a list of Certificate Transparency +(\s-1CT\s0) logs from the default file location, \*(L"ct_log_list.cnf\*(R", found in the +directory where OpenSSL is installed. +.PP +\&\fBSSL_CTX_set_ctlog_list_file()\fR loads a list of \s-1CT\s0 logs from a specific path. +See \fBCTLOG_STORE_new\fR\|(3) for the file format. +.SH "NOTES" +.IX Header "NOTES" +These functions will not clear the existing \s-1CT\s0 log list \- it will be appended +to. To replace the existing list, use SSL_CTX_set0_ctlog_store first. +.PP +If an error occurs whilst parsing a particular log entry in the file, that log +entry will be skipped. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_default_ctlog_list_file()\fR and \fBSSL_CTX_set_ctlog_list_file()\fR +return 1 if the log list is successfully loaded, and 0 if an error occurs. In +the case of an error, the log list may have been partially loaded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3), +\&\fBCTLOG_STORE_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 new file mode 100644 index 000000000000..3485cdb6edc1 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_default_passwd_cb.3 @@ -0,0 +1,240 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 3" +.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata, SSL_CTX_get_default_passwd_cb, SSL_CTX_get_default_passwd_cb_userdata, SSL_set_default_passwd_cb, SSL_set_default_passwd_cb_userdata, SSL_get_default_passwd_cb, SSL_get_default_passwd_cb_userdata \- set or get passwd callback for encrypted PEM file handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +\& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +\& pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +\& void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +\& +\& void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +\& void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +\& pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +\& void *SSL_get_default_passwd_cb_userdata(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_default_passwd_cb()\fR sets the default password callback called +when loading/storing a \s-1PEM\s0 certificate with encryption. +.PP +\&\fBSSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to userdata, \fBu\fR, +which will be provided to the password callback on invocation. +.PP +\&\fBSSL_CTX_get_default_passwd_cb()\fR returns a function pointer to the password +callback currently set in \fBctx\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned. +.PP +\&\fBSSL_CTX_get_default_passwd_cb_userdata()\fR returns a pointer to the userdata +currently set in \fBctx\fR. If no userdata was explicitly set, the \s-1NULL\s0 pointer +is returned. +.PP +\&\fBSSL_set_default_passwd_cb()\fR, \fBSSL_set_default_passwd_cb_userdata()\fR, +\&\fBSSL_get_default_passwd_cb()\fR and \fBSSL_get_default_passwd_cb_userdata()\fR perform +the same function as their \s-1SSL_CTX\s0 counterparts, but using an \s-1SSL\s0 object. +.PP +The password callback, which must be provided by the application, hands back the +password to be used during decryption. +On invocation a pointer to userdata +is provided. The function must store the password into the provided buffer +\&\fBbuf\fR which is of size \fBsize\fR. The actual length of the password must +be returned to the calling function. \fBrwflag\fR indicates whether the +callback is used for reading/decryption (rwflag=0) or writing/encryption +(rwflag=1). +For more details, see \fBpem_password_cb\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +When loading or storing private keys, a password might be supplied to +protect the private key. The way this password can be supplied may depend +on the application. If only one private key is handled, it can be practical +to have the callback handle the password dialog interactively. If several +keys have to be handled, it can be practical to ask for the password once, +then keep it in memory and use it several times. In the last case, the +password could be stored into the userdata storage and the +callback only returns the password already stored. +.PP +When asking for the password interactively, the callback can use +\&\fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1). +In this case the password dialog may ask for the same password twice +for comparison in order to catch typos, that would make decryption +impossible. +.PP +Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is +however not usual, as certificate information is considered public. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions do not provide diagnostic information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example returns the password provided as userdata to the +calling function. The password is considered to be a '\e0' terminated +string. If the password does not fit into the buffer, the password is +truncated. +.PP +.Vb 6 +\& int my_cb(char *buf, int size, int rwflag, void *u) +\& { +\& strncpy(buf, (char *)u, size); +\& buf[size \- 1] = \*(Aq\e0\*(Aq; +\& return strlen(buf); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_use_certificate\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_get_default_passwd_cb()\fR, \fBSSL_CTX_get_default_passwd_cb_userdata()\fR, +\&\fBSSL_set_default_passwd_cb()\fR and \fBSSL_set_default_passwd_cb_userdata()\fR were +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 new file mode 100644 index 000000000000..5985e6665802 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ex_data.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_EX_DATA 3" +.TH SSL_CTX_SET_EX_DATA 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_get_ex_data, SSL_CTX_set_ex_data, SSL_get_ex_data, SSL_set_ex_data \&\- Store and retrieve extra data from the SSL_CTX, SSL or SSL_SESSION +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx); +\& +\& int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg); +\& +\& void *SSL_get_ex_data(const SSL *s, int idx); +\& +\& int SSL_set_ex_data(SSL *s, int idx, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +SSL*\fB_set_ex_data()\fR functions can be used to store arbitrary user data into the +\&\fB\s-1SSL_CTX\s0\fR, or \fB\s-1SSL\s0\fR object. The user must supply a unique index +which they can subsequently use to retrieve the data using SSL*\fB_get_ex_data()\fR. +.PP +For more detailed information see \fBCRYPTO_get_ex_data\fR\|(3) and +\&\fBCRYPTO_set_ex_data\fR\|(3) which implement these functions and +\&\fBCRYPTO_get_ex_new_index\fR\|(3) for generating a unique index. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The SSL*\fB_set_ex_data()\fR functions return 1 if the item is successfully stored +and 0 if it is not. +The SSL*\fB_get_ex_data()\fR functions return the ex_data pointer if successful, +otherwise \s-1NULL.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBCRYPTO_get_ex_data\fR\|(3), \fBCRYPTO_set_ex_data\fR\|(3), +\&\fBCRYPTO_get_ex_new_index\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 new file mode 100644 index 000000000000..f8396c00f5cb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_generate_session_id.3 @@ -0,0 +1,267 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_GENERATE_SESSION_ID 3" +.TH SSL_CTX_SET_GENERATE_SESSION_ID 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id, GEN_SESSION_CB \&\- manipulate generation of SSL session IDs (server only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*GEN_SESSION_CB)(SSL *ssl, unsigned char *id, +\& unsigned int *id_len); +\& +\& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +\& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); +\& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, +\& unsigned int id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. +.PP +\&\fBSSL_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. +.PP +\&\fBSSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR +(of length \fBid_len\fR) is already contained in the internal session cache +of the parent context of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When a new session is established between client and server, the server +generates a session id. The session id is an arbitrary sequence of bytes. +The length of the session id is between 1 and 32 bytes. The session id is not +security critical but must be unique for the server. Additionally, the session id is +transmitted in the clear when reusing the session so it must not contain +sensitive information. +.PP +Without a callback being set, an OpenSSL server will generate a unique +session id from pseudo random numbers of the maximum possible length. +Using the callback function, the session id can be changed to contain +additional information like e.g. a host id in order to improve load balancing +or external caching techniques. +.PP +The callback function receives a pointer to the memory location to put +\&\fBid\fR into and a pointer to the maximum allowed length \fBid_len\fR. The +buffer at location \fBid\fR is only guaranteed to have the size \fBid_len\fR. +The callback is only allowed to generate a shorter id and reduce \fBid_len\fR; +the callback \fBmust never\fR increase \fBid_len\fR or write to the location +\&\fBid\fR exceeding the given limit. +.PP +The location \fBid\fR is filled with 0x00 before the callback is called, so the +callback may only fill part of the possible length and leave \fBid_len\fR +untouched while maintaining reproducibility. +.PP +Since the sessions must be distinguished, session ids must be unique. +Without the callback a random number is used, so that the probability +of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). +In order to assure the uniqueness of the generated session id, the callback must call +\&\fBSSL_has_matching_session_id()\fR and generate another id if a conflict occurs. +If an id conflict is not resolved, the handshake will fail. +If the application codes e.g. a unique host id, a unique process number, and +a unique sequence number into the session id, uniqueness could easily be +achieved without randomness added (it should however be taken care that +no confidential information is leaked this way). If the application can not +guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and +fill in the bytes not used to code special information with random data +to avoid collisions. +.PP +\&\fBSSL_has_matching_session_id()\fR will only query the internal session cache, +not the external one. Since the session id is generated before the +handshake is completed, it is not immediately added to the cache. If +another thread is using the same internal session cache, a race condition +can occur in that another thread generates the same session id. +Collisions can also occur when using an external session cache, since +the external cache is not tested with \fBSSL_has_matching_session_id()\fR +and the same race condition applies. +.PP +The callback must return 0 if it cannot generate a session id for whatever +reason and return 1 on success. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_generate_session_id()\fR and \fBSSL_set_generate_session_id()\fR +always return 1. +.PP +\&\fBSSL_has_matching_session_id()\fR returns 1 if another session with the +same id is already in the cache. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The callback function listed will generate a session id with the +server id given, and will fill the rest with pseudo random bytes: +.PP +.Vb 1 +\& const char session_id_prefix = "www\-18"; +\& +\& #define MAX_SESSION_ID_ATTEMPTS 10 +\& static int generate_session_id(SSL *ssl, unsigned char *id, +\& unsigned int *id_len) +\& { +\& unsigned int count = 0; +\& +\& do { +\& RAND_pseudo_bytes(id, *id_len); +\& /* +\& * Prefix the session_id with the required prefix. NB: If our +\& * prefix is too long, clip it \- but there will be worse effects +\& * anyway, eg. the server could only possibly create 1 session +\& * ID (ie. the prefix!) so all future session negotiations will +\& * fail due to conflicts. +\& */ +\& memcpy(id, session_id_prefix, strlen(session_id_prefix) < *id_len ? +\& strlen(session_id_prefix) : *id_len); +\& } while (SSL_has_matching_session_id(ssl, id, *id_len) +\& && ++count < MAX_SESSION_ID_ATTEMPTS); +\& if (count >= MAX_SESSION_ID_ATTEMPTS) +\& return 0; +\& return 1; +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_version\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 new file mode 100644 index 000000000000..e435ea52e379 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_info_callback.3 @@ -0,0 +1,285 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_INFO_CALLBACK 3" +.TH SSL_CTX_SET_INFO_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \&\- handle information callback for SSL connections +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); +\& void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))(); +\& +\& void SSL_set_info_callback(SSL *ssl, void (*callback)()); +\& void (*SSL_get_info_callback(const SSL *ssl))(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection +setup and use. The setting for \fBctx\fR is overridden from the setting for +a specific \s-1SSL\s0 object, if specified. +When \fBcallback\fR is \s-1NULL,\s0 no callback function is used. +.PP +\&\fBSSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \fBssl\fR during connection setup and use. +When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for +\&\fBctx\fR is used. +.PP +\&\fBSSL_CTX_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBctx\fR. +.PP +\&\fBSSL_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When setting up a connection and during use, it is possible to obtain state +information from the \s-1SSL/TLS\s0 engine. When set, an information callback function +is called whenever a significant event occurs such as: the state changes, +an alert appears, or an error occurs. +.PP +The callback function is called as \fBcallback(\s-1SSL\s0 *ssl, int where, int ret)\fR. +The \fBwhere\fR argument specifies information about where (in which context) +the callback function was called. If \fBret\fR is 0, an error condition occurred. +If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert +information. +.PP +\&\fBwhere\fR is a bitmask made up of the following bits: +.IP "\s-1SSL_CB_LOOP\s0" 4 +.IX Item "SSL_CB_LOOP" +Callback has been called to indicate state change or some other significant +state machine event. This may mean that the callback gets invoked more than once +per state in some situations. +.IP "\s-1SSL_CB_EXIT\s0" 4 +.IX Item "SSL_CB_EXIT" +Callback has been called to indicate exit of a handshake function. This will +happen after the end of a handshake, but may happen at other times too such as +on error or when \s-1IO\s0 might otherwise block and non-blocking is being used. +.IP "\s-1SSL_CB_READ\s0" 4 +.IX Item "SSL_CB_READ" +Callback has been called during read operation. +.IP "\s-1SSL_CB_WRITE\s0" 4 +.IX Item "SSL_CB_WRITE" +Callback has been called during write operation. +.IP "\s-1SSL_CB_ALERT\s0" 4 +.IX Item "SSL_CB_ALERT" +Callback has been called due to an alert being sent or received. +.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 +.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" +.PD 0 +.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 +.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" +.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" +.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" +.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" +.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" +.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_START" +.PD +Callback has been called because a new handshake is started. It also occurs when +resuming a handshake following a pause to handle early data. +.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_DONE" +Callback has been called because a handshake is finished. It also occurs if the +handshake is paused to allow the exchange of early data. +.PP +The current state information can be obtained using the +\&\fBSSL_state_string\fR\|(3) family of functions. +.PP +The \fBret\fR information can be evaluated using the +\&\fBSSL_alert_type_string\fR\|(3) family of functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_info_callback()\fR does not provide diagnostic information. +.PP +\&\fBSSL_get_info_callback()\fR returns the current setting. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example callback function prints state strings, information +about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0 +.PP +.Vb 4 +\& void apps_ssl_info_callback(SSL *s, int where, int ret) +\& { +\& const char *str; +\& int w = where & ~SSL_ST_MASK; +\& +\& if (w & SSL_ST_CONNECT) +\& str = "SSL_connect"; +\& else if (w & SSL_ST_ACCEPT) +\& str = "SSL_accept"; +\& else +\& str = "undefined"; +\& +\& if (where & SSL_CB_LOOP) { +\& BIO_printf(bio_err, "%s:%s\en", str, SSL_state_string_long(s)); +\& } else if (where & SSL_CB_ALERT) { +\& str = (where & SSL_CB_READ) ? "read" : "write"; +\& BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str, +\& SSL_alert_type_string_long(ret), +\& SSL_alert_desc_string_long(ret)); +\& } else if (where & SSL_CB_EXIT) { +\& if (ret == 0) { +\& BIO_printf(bio_err, "%s:failed in %s\en", +\& str, SSL_state_string_long(s)); +\& } else if (ret < 0) { +\& BIO_printf(bio_err, "%s:error in %s\en", +\& str, SSL_state_string_long(s)); +\& } +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_state_string\fR\|(3), +\&\fBSSL_alert_type_string\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 new file mode 100644 index 000000000000..1b8b17e2f61e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_keylog_callback.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_KEYLOG_CALLBACK 3" +.TH SSL_CTX_SET_KEYLOG_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_keylog_callback, SSL_CTX_get_keylog_callback, SSL_CTX_keylog_cb_func \- logging TLS key material +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); +\& +\& void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); +\& SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_keylog_callback()\fR sets the \s-1TLS\s0 key logging callback. This callback +is called whenever \s-1TLS\s0 key material is generated or received, in order to allow +applications to store this keying material for debugging purposes. +.PP +\&\fBSSL_CTX_get_keylog_callback()\fR retrieves the previously set \s-1TLS\s0 key logging +callback. If no callback has been set, this will return \s-1NULL.\s0 When there is no +key logging callback, or if SSL_CTX_set_keylog_callback is called with \s-1NULL\s0 as +the value of cb, no logging of key material will be done. +.PP +The key logging callback is called with two items: the \fBssl\fR object associated +with the connection, and \fBline\fR, a string containing the key material in the +format used by \s-1NSS\s0 for its \fB\s-1SSLKEYLOGFILE\s0\fR debugging output. To recreate that +file, the key logging callback should log \fBline\fR, followed by a newline. +\&\fBline\fR will always be a NULL-terminated string. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_get_keylog_callback()\fR returns a pointer to \fBSSL_CTX_keylog_cb_func\fR or +\&\s-1NULL\s0 if the callback is not set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 new file mode 100644 index 000000000000..60b97757e99c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_max_cert_list.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MAX_CERT_LIST 3" +.TH SSL_CTX_SET_MAX_CERT_LIST 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list \- manipulate allowed size for the peer's certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size); +\& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx); +\& +\& long SSL_set_max_cert_list(SSL *ssl, long size); +\& long SSL_get_max_cert_list(SSL *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be bytes. +The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time +\&\fBSSL_new\fR\|(3) is being called. +.PP +\&\fBSSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. +.PP +\&\fBSSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for \fBssl\fR to be bytes. This setting stays valid +until a new value is set. +.PP +\&\fBSSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During the handshake process, the peer may send a certificate chain. +The \s-1TLS/SSL\s0 standard does not give any maximum size of the certificate chain. +The OpenSSL library handles incoming data by a dynamically allocated buffer. +In order to prevent this buffer from growing without bounds due to data +received from a faulty or malicious peer, a maximum size for the certificate +chain is set. +.PP +The default value for the maximum certificate chain size is 100kB (30kB +on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate +chains (OpenSSL's default maximum chain length is 10, see +\&\fBSSL_CTX_set_verify\fR\|(3), and certificates +without special extensions have a typical size of 1\-2kB). +.PP +For special applications it can be necessary to extend the maximum certificate +chain size allowed to be sent by the peer, see e.g. the work on +\&\*(L"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\*(R" +and \*(L"\s-1TLS\s0 Delegation Protocol\*(R" at http://www.ietf.org/ and +http://www.globus.org/ . +.PP +Under normal conditions it should never be necessary to set a value smaller +than the default, as the buffer is handled dynamically and only uses the +memory actually required by the data sent by the peer. +.PP +If the maximum certificate chain size allowed is exceeded, the handshake will +fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_max_cert_list()\fR and \fBSSL_set_max_cert_list()\fR return the previously +set value. +.PP +\&\fBSSL_CTX_get_max_cert_list()\fR and \fBSSL_get_max_cert_list()\fR return the currently +set value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 new file mode 100644 index 000000000000..5efc3acf76dd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_min_proto_version.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MIN_PROTO_VERSION 3" +.TH SSL_CTX_SET_MIN_PROTO_VERSION 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_min_proto_version, SSL_CTX_set_max_proto_version, SSL_CTX_get_min_proto_version, SSL_CTX_get_max_proto_version, SSL_set_min_proto_version, SSL_set_max_proto_version, SSL_get_min_proto_version, SSL_get_max_proto_version \- Get and set minimum and maximum supported protocol version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version); +\& int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version); +\& int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); +\& int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); +\& +\& int SSL_set_min_proto_version(SSL *ssl, int version); +\& int SSL_set_max_proto_version(SSL *ssl, int version); +\& int SSL_get_min_proto_version(SSL *ssl); +\& int SSL_get_max_proto_version(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions get or set the minimum and maximum supported protocol versions +for the \fBctx\fR or \fBssl\fR. +This works in combination with the options set via +\&\fBSSL_CTX_set_options\fR\|(3) that also make it possible to disable +specific protocol versions. +Use these functions instead of disabling specific protocol versions. +.PP +Setting the minimum or maximum version to 0, will enable protocol +versions down to the lowest version, or up to the highest version +supported by the library, respectively. +.PP +Getters return 0 in case \fBctx\fR or \fBssl\fR have been configured to +automatically use the lowest or highest version supported by the library. +.PP +Currently supported versions are \fB\s-1SSL3_VERSION\s0\fR, \fB\s-1TLS1_VERSION\s0\fR, +\&\fB\s-1TLS1_1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR, \fB\s-1TLS1_3_VERSION\s0\fR for \s-1TLS\s0 and +\&\fB\s-1DTLS1_VERSION\s0\fR, \fB\s-1DTLS1_2_VERSION\s0\fR for \s-1DTLS.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These setter functions return 1 on success and 0 on failure. The getter +functions return the configured version or 0 for auto-configuration of +lowest or highest protocol, respectively. +.SH "NOTES" +.IX Header "NOTES" +All these functions are implemented using macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_options\fR\|(3), \fBSSL_CONF_cmd\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The setter functions were added in OpenSSL 1.1.0. The getter functions +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 new file mode 100644 index 000000000000..0f0ceaeeaf25 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_mode.3 @@ -0,0 +1,266 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MODE 3" +.TH SSL_CTX_SET_MODE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate SSL engine mode +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); +\& long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode); +\& long SSL_set_mode(SSL *ssl, long mode); +\& long SSL_clear_mode(SSL *ssl, long mode); +\& +\& long SSL_CTX_get_mode(SSL_CTX *ctx); +\& long SSL_get_mode(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR. +Options already set before are not cleared. +\&\fBSSL_CTX_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBctx\fR. +.PP +\&\fBSSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR. +Options already set before are not cleared. +\&\fBSSL_clear_mode()\fR removes the mode set via bitmask in \fBmode\fR from \fBssl\fR. +.PP +\&\fBSSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. +.PP +\&\fBSSL_get_mode()\fR returns the mode set for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The following mode changes are available: +.IP "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 +.IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" +Allow SSL_write_ex(..., n, &r) to return with 0 < r < n (i.e. report success +when just a single record has been written). This works in a similar way for +\&\fBSSL_write()\fR. When not set (the default), \fBSSL_write_ex()\fR or \fBSSL_write()\fR will only +report success once the complete chunk was written. Once \fBSSL_write_ex()\fR or +\&\fBSSL_write()\fR returns successful, \fBr\fR bytes have been written and the next call +to \fBSSL_write_ex()\fR or \fBSSL_write()\fR must only send the n\-r bytes left, imitating +the behaviour of \fBwrite()\fR. +.IP "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 +.IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" +Make it possible to retry \fBSSL_write_ex()\fR or \fBSSL_write()\fR with changed buffer +location (the buffer contents must stay the same). This is not the default to +avoid the misconception that non-blocking \fBSSL_write()\fR behaves like +non-blocking \fBwrite()\fR. +.IP "\s-1SSL_MODE_AUTO_RETRY\s0" 4 +.IX Item "SSL_MODE_AUTO_RETRY" +During normal operations, non-application data records might need to be sent or +received that the application is not aware of. +If a non-application data record was processed, +\&\fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) can return with a failure and indicate the +need to retry with \fB\s-1SSL_ERROR_WANT_READ\s0\fR. +If such a non-application data record was processed, the flag +\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR causes it to try to process the next record instead of +returning. +.Sp +In a non-blocking environment applications must be prepared to handle +incomplete read/write operations. +Setting \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR for a non-blocking \fB\s-1BIO\s0\fR will process +non-application data records until either no more data is available or +an application data record has been processed. +.Sp +In a blocking environment, applications are not always prepared to +deal with the functions returning intermediate reports such as retry +requests, and setting the \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR flag will cause the functions +to only return after successfully processing an application data record or a +failure. +.Sp +Turning off \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR can be useful with blocking \fB\s-1BIO\s0\fRs in case +they are used in combination with something like \fBselect()\fR or \fBpoll()\fR. +Otherwise the call to \fBSSL_read()\fR or \fBSSL_read_ex()\fR might hang when a +non-application record was sent and no application data was sent. +.IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4 +.IX Item "SSL_MODE_RELEASE_BUFFERS" +When we no longer need a read buffer or a write buffer for a given \s-1SSL,\s0 +then release the memory we were using to hold it. +Using this flag can +save around 34k per idle \s-1SSL\s0 connection. +This flag has no effect on \s-1SSL\s0 v2 connections, or on \s-1DTLS\s0 connections. +.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4 +.IX Item "SSL_MODE_SEND_FALLBACK_SCSV" +Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. +To be set only by applications that reconnect with a downgraded protocol +version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details. +.Sp +\&\s-1DO NOT ENABLE THIS\s0 if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft\-ietf\-tls\-downgrade\-scsv\-00. +.IP "\s-1SSL_MODE_ASYNC\s0" 4 +.IX Item "SSL_MODE_ASYNC" +Enable asynchronous processing. \s-1TLS I/O\s0 operations may indicate a retry with +\&\s-1SSL_ERROR_WANT_ASYNC\s0 with this mode set if an asynchronous capable engine is +used to perform cryptographic operations. See \fBSSL_get_error\fR\|(3). +.IP "\s-1SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG\s0" 4 +.IX Item "SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG" +Older versions of OpenSSL had a bug in the computation of the label length +used for computing the endpoint-pair shared secret. The bug was that the +terminating zero was included in the length of the label. Setting this option +enables this behaviour to allow interoperability with such broken +implementations. Please note that setting this option breaks interoperability +with correct implementations. This option only applies to \s-1DTLS\s0 over \s-1SCTP.\s0 +.PP +All modes are off by default except for \s-1SSL_MODE_AUTO_RETRY\s0 which is on by +default since 1.1.1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_mode()\fR and \fBSSL_set_mode()\fR return the new mode bitmask +after adding \fBmode\fR. +.PP +\&\fBSSL_CTX_get_mode()\fR and \fBSSL_get_mode()\fR return the current bitmask. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or +\&\fBSSL_write\fR\|(3), \fBSSL_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1SSL_MODE_ASYNC\s0 was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 new file mode 100644 index 000000000000..1270177030a7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_msg_callback.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_MSG_CALLBACK 3" +.TH SSL_CTX_SET_MSG_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_set_msg_callback_arg \&\- install callback for observing protocol messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, +\& void (*cb)(int write_p, int version, +\& int content_type, const void *buf, +\& size_t len, SSL *ssl, void *arg)); +\& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); +\& +\& void SSL_set_msg_callback(SSL *ssl, +\& void (*cb)(int write_p, int version, +\& int content_type, const void *buf, +\& size_t len, SSL *ssl, void *arg)); +\& void SSL_set_msg_callback_arg(SSL *ssl, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_msg_callback()\fR or \fBSSL_set_msg_callback()\fR can be used to +define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 +protocol messages (such as handshake messages) that are received or +sent, as well as other events that occur during processing. +\&\fBSSL_CTX_set_msg_callback_arg()\fR and \fBSSL_set_msg_callback_arg()\fR +can be used to set argument \fIarg\fR to the callback function, which is +available for arbitrary application use. +.PP +\&\fBSSL_CTX_set_msg_callback()\fR and \fBSSL_CTX_set_msg_callback_arg()\fR specify +default settings that will be copied to new \fB\s-1SSL\s0\fR objects by +\&\fBSSL_new\fR\|(3). \fBSSL_set_msg_callback()\fR and +\&\fBSSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR +object. Using a \fB\s-1NULL\s0\fR pointer for \fIcb\fR disables the message callback. +.PP +When \fIcb\fR is called by the \s-1SSL/TLS\s0 library the function arguments have the +following meaning: +.IP "\fIwrite_p\fR" 4 +.IX Item "write_p" +This flag is \fB0\fR when a protocol message has been received and \fB1\fR +when a protocol message has been sent. +.IP "\fIversion\fR" 4 +.IX Item "version" +The protocol version according to which the protocol message is +interpreted by the library such as \fB\s-1TLS1_3_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR etc. +This is set to 0 for the \s-1SSL3_RT_HEADER\s0 pseudo content type (see \s-1NOTES\s0 below). +.IP "\fIcontent_type\fR" 4 +.IX Item "content_type" +This is one of the content type values defined in the protocol specification +(\fB\s-1SSL3_RT_CHANGE_CIPHER_SPEC\s0\fR, \fB\s-1SSL3_RT_ALERT\s0\fR, \fB\s-1SSL3_RT_HANDSHAKE\s0\fR; but never +\&\fB\s-1SSL3_RT_APPLICATION_DATA\s0\fR because the callback will only be called for protocol +messages). Alternatively it may be a \*(L"pseudo\*(R" content type. These pseudo +content types are used to signal some other event in the processing of data (see +\&\s-1NOTES\s0 below). +.IP "\fIbuf\fR, \fIlen\fR" 4 +.IX Item "buf, len" +\&\fIbuf\fR points to a buffer containing the protocol message or other data (in the +case of pseudo content types), which consists of \fIlen\fR bytes. The buffer is no +longer valid after the callback function has returned. +.IP "\fIssl\fR" 4 +.IX Item "ssl" +The \fB\s-1SSL\s0\fR object that received or sent the message. +.IP "\fIarg\fR" 4 +.IX Item "arg" +The user-defined argument optionally defined by +\&\fBSSL_CTX_set_msg_callback_arg()\fR or \fBSSL_set_msg_callback_arg()\fR. +.SH "NOTES" +.IX Header "NOTES" +Protocol messages are passed to the callback function after decryption +and fragment collection where applicable. (Thus record boundaries are +not visible.) +.PP +If processing a received protocol message results in an error, +the callback function may not be called. For example, the callback +function will never see messages that are considered too large to be +processed. +.PP +Due to automatic protocol version negotiation, \fIversion\fR is not +necessarily the protocol version used by the sender of the message: If +a \s-1TLS 1.0\s0 ClientHello message is received by an \s-1SSL 3\s0.0\-only server, +\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. +.PP +Pseudo content type values may be sent at various points during the processing +of data. The following pseudo content types are currently defined: +.IP "\fB\s-1SSL3_RT_HEADER\s0\fR" 4 +.IX Item "SSL3_RT_HEADER" +Used when a record is sent or received. The \fBbuf\fR contains the record header +bytes only. +.IP "\fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR" 4 +.IX Item "SSL3_RT_INNER_CONTENT_TYPE" +Used when an encrypted TLSv1.3 record is sent or received. In encrypted TLSv1.3 +records the content type in the record header is always +\&\s-1SSL3_RT_APPLICATION_DATA.\s0 The real content type for the record is contained in +an \*(L"inner\*(R" content type. \fBbuf\fR contains the encoded \*(L"inner\*(R" content type byte. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_msg_callback()\fR, \fBSSL_CTX_set_msg_callback_arg()\fR, \fBSSL_set_msg_callback()\fR +and \fBSSL_set_msg_callback_arg()\fR do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The pseudo content type \fB\s-1SSL3_RT_INNER_CONTENT_TYPE\s0\fR was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 new file mode 100644 index 000000000000..153474a35e2c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_num_tickets.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_NUM_TICKETS 3" +.TH SSL_CTX_SET_NUM_TICKETS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_num_tickets, SSL_get_num_tickets, SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets \&\- control the number of TLSv1.3 session tickets that are issued +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_num_tickets(SSL *s, size_t num_tickets); +\& size_t SSL_get_num_tickets(SSL *s); +\& int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +\& size_t SSL_CTX_get_num_tickets(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR can be called for a server +application and set the number of TLSv1.3 session tickets that will be sent to +the client after a full handshake. Set the desired value (which could be 0) in +the \fBnum_tickets\fR argument. Typically these functions should be called before +the start of the handshake. +.PP +The default number of tickets is 2; the default number of tickets sent following +a resumption handshake is 1 but this cannot be changed using these functions. +The number of tickets following a resumption handshake can be reduced to 0 using +custom session ticket callbacks (see \fBSSL_CTX_set_session_ticket_cb\fR\|(3)). +.PP +Tickets are also issued on receipt of a post-handshake certificate from the +client following a request by the server using +\&\fBSSL_verify_client_post_handshake\fR\|(3). These new tickets will be associated +with the updated client identity (i.e. including their certificate and +verification status). The number of tickets issued will normally be the same as +was used for the initial handshake. If the initial handshake was a full +handshake then \fBSSL_set_num_tickets()\fR can be called again prior to calling +\&\fBSSL_verify_client_post_handshake()\fR to update the number of tickets that will be +sent. +.PP +\&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of +tickets set by a previous call to \fBSSL_CTX_set_num_tickets()\fR or +\&\fBSSL_set_num_tickets()\fR, or 2 if no such call has been made. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_num_tickets()\fR and \fBSSL_set_num_tickets()\fR return 1 on success or 0 on +failure. +.PP +\&\fBSSL_CTX_get_num_tickets()\fR and \fBSSL_get_num_tickets()\fR return the number of tickets +that have been previously set. +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 new file mode 100644 index 000000000000..305cad4f518e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_options.3 @@ -0,0 +1,471 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_OPTIONS 3" +.TH SSL_CTX_SET_OPTIONS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support \- manipulate SSL options +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_options(SSL_CTX *ctx, long options); +\& long SSL_set_options(SSL *ssl, long options); +\& +\& long SSL_CTX_clear_options(SSL_CTX *ctx, long options); +\& long SSL_clear_options(SSL *ssl, long options); +\& +\& long SSL_CTX_get_options(SSL_CTX *ctx); +\& long SSL_get_options(SSL *ssl); +\& +\& long SSL_get_secure_renegotiation_support(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. +Options already set before are not cleared! +.PP +\&\fBSSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. +Options already set before are not cleared! +.PP +\&\fBSSL_CTX_clear_options()\fR clears the options set via bitmask in \fBoptions\fR +to \fBctx\fR. +.PP +\&\fBSSL_clear_options()\fR clears the options set via bitmask in \fBoptions\fR to \fBssl\fR. +.PP +\&\fBSSL_CTX_get_options()\fR returns the options set for \fBctx\fR. +.PP +\&\fBSSL_get_options()\fR returns the options set for \fBssl\fR. +.PP +\&\fBSSL_get_secure_renegotiation_support()\fR indicates whether the peer supports +secure renegotiation. +Note, this is implemented via a macro. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of the \s-1SSL\s0 library can be changed by setting several options. +The options are coded as bitmasks and can be combined by a bitwise \fBor\fR +operation (|). +.PP +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR affect the (external) +protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of +the \s-1API\s0 can be changed by using the similar +\&\fBSSL_CTX_set_mode\fR\|(3) and \fBSSL_set_mode()\fR functions. +.PP +During a handshake, the option settings of the \s-1SSL\s0 object are used. When +a new \s-1SSL\s0 object is created from a context using \fBSSL_new()\fR, the current +option setting is copied. Changes to \fBctx\fR do not affect already created +\&\s-1SSL\s0 objects. \fBSSL_clear()\fR does not affect the settings. +.PP +The following \fBbug workaround\fR options are available: +.IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 +.IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" +Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS X. +OS X 10.8..10.8.3\s0 has broken support for ECDHE-ECDSA ciphers. +.IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 +.IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" +Disables a countermeasure against a \s-1SSL 3.0/TLS 1.0\s0 protocol +vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some +broken \s-1SSL\s0 implementations. This option has no effect for connections +using other ciphers. +.IP "\s-1SSL_OP_TLSEXT_PADDING\s0" 4 +.IX Item "SSL_OP_TLSEXT_PADDING" +Adds a padding extension to ensure the ClientHello size is never between +256 and 511 bytes in length. This is needed as a workaround for some +implementations. +.IP "\s-1SSL_OP_ALL\s0" 4 +.IX Item "SSL_OP_ALL" +All of the above bug workarounds plus \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR as +mentioned below. +.PP +It is usually safe to use \fB\s-1SSL_OP_ALL\s0\fR to enable the bug workaround +options if compatibility with somewhat broken implementations is +desired. +.PP +The following \fBmodifying\fR options are available: +.IP "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +.IX Item "SSL_OP_TLS_ROLLBACK_BUG" +Disable version rollback attack detection. +.Sp +During the client key exchange, the client must send the same information +about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.) +.IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 +.IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" +When choosing a cipher, use the server's preferences instead of the client +preferences. When not set, the \s-1SSL\s0 server will always follow the clients +preferences. When set, the \s-1SSL/TLS\s0 server will choose following its +own preferences. +.IP "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" 4 +.IX Item "SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2" +These options turn off the SSLv3, TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 protocol +versions with \s-1TLS\s0 or the DTLSv1, DTLSv1.2 versions with \s-1DTLS,\s0 +respectively. +As of OpenSSL 1.1.0, these options are deprecated, use +\&\fBSSL_CTX_set_min_proto_version\fR\|(3) and +\&\fBSSL_CTX_set_max_proto_version\fR\|(3) instead. +.IP "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" +When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients. +.IP "\s-1SSL_OP_NO_COMPRESSION\s0" 4 +.IX Item "SSL_OP_NO_COMPRESSION" +Do not use compression even if it is supported. +.IP "\s-1SSL_OP_NO_QUERY_MTU\s0" 4 +.IX Item "SSL_OP_NO_QUERY_MTU" +Do not query the \s-1MTU.\s0 Only affects \s-1DTLS\s0 connections. +.IP "\s-1SSL_OP_COOKIE_EXCHANGE\s0" 4 +.IX Item "SSL_OP_COOKIE_EXCHANGE" +Turn on Cookie Exchange as described in \s-1RFC4347\s0 Section 4.2.1. Only affects +\&\s-1DTLS\s0 connections. +.IP "\s-1SSL_OP_NO_TICKET\s0" 4 +.IX Item "SSL_OP_NO_TICKET" +\&\s-1SSL/TLS\s0 supports two mechanisms for resuming sessions: session ids and stateless +session tickets. +.Sp +When using session ids a copy of the session information is +cached on the server and a unique id is sent to the client. When the client +wishes to resume it provides the unique id so that the server can retrieve the +session information from its cache. +.Sp +When using stateless session tickets the server uses a session ticket encryption +key to encrypt the session information. This encrypted data is sent to the +client as a \*(L"ticket\*(R". When the client wishes to resume it sends the encrypted +data back to the server. The server uses its key to decrypt the data and resume +the session. In this way the server can operate statelessly \- no session +information needs to be cached locally. +.Sp +The TLSv1.3 protocol only supports tickets and does not directly support session +ids. However OpenSSL allows two modes of ticket operation in TLSv1.3: stateful +and stateless. Stateless tickets work the same way as in TLSv1.2 and below. +Stateful tickets mimic the session id behaviour available in TLSv1.2 and below. +The session information is cached on the server and the session id is wrapped up +in a ticket and sent back to the client. When the client wishes to resume, it +presents a ticket in the same way as for stateless tickets. The server can then +extract the session id from the ticket and retrieve the session information from +its cache. +.Sp +By default OpenSSL will use stateless tickets. The \s-1SSL_OP_NO_TICKET\s0 option will +cause stateless tickets to not be issued. In TLSv1.2 and below this means no +ticket gets sent to the client at all. In TLSv1.3 a stateful ticket will be +sent. This is a server-side option only. +.Sp +In TLSv1.3 it is possible to suppress all tickets (stateful and stateless) from +being sent by calling \fBSSL_CTX_set_num_tickets\fR\|(3) or +\&\fBSSL_set_num_tickets\fR\|(3). +.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" +Allow legacy insecure renegotiation between OpenSSL and unpatched clients or +servers. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. +.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 +.IX Item "SSL_OP_LEGACY_SERVER_CONNECT" +Allow legacy insecure renegotiation between OpenSSL and unpatched servers +\&\fBonly\fR: this option is currently set by default. See the +\&\fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. +.IP "\s-1SSL_OP_NO_ENCRYPT_THEN_MAC\s0" 4 +.IX Item "SSL_OP_NO_ENCRYPT_THEN_MAC" +Normally clients and servers will transparently attempt to negotiate the +\&\s-1RFC7366\s0 Encrypt-then-MAC option on \s-1TLS\s0 and \s-1DTLS\s0 connection. +.Sp +If this option is set, Encrypt-then-MAC is disabled. Clients will not +propose, and servers will not accept the extension. +.IP "\s-1SSL_OP_NO_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_RENEGOTIATION" +Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest +messages, and ignore renegotiation requests via ClientHello. +.IP "\s-1SSL_OP_ALLOW_NO_DHE_KEX\s0" 4 +.IX Item "SSL_OP_ALLOW_NO_DHE_KEX" +In TLSv1.3 allow a non\-(ec)dhe based key exchange mode on resumption. This means +that there will be no forward secrecy for the resumed session. +.IP "\s-1SSL_OP_PRIORITIZE_CHACHA\s0" 4 +.IX Item "SSL_OP_PRIORITIZE_CHACHA" +When \s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0 is set, temporarily reprioritize +ChaCha20\-Poly1305 ciphers to the top of the server cipher list if a +ChaCha20\-Poly1305 cipher is at the top of the client cipher list. This helps +those clients (e.g. mobile) use ChaCha20\-Poly1305 if that cipher is anywhere +in the server cipher list; but still allows other clients to use \s-1AES\s0 and other +ciphers. Requires \fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR. +.IP "\s-1SSL_OP_ENABLE_MIDDLEBOX_COMPAT\s0" 4 +.IX Item "SSL_OP_ENABLE_MIDDLEBOX_COMPAT" +If set then dummy Change Cipher Spec (\s-1CCS\s0) messages are sent in TLSv1.3. This +has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that +do not understand TLSv1.3 will not drop the connection. Regardless of whether +this option is set or not \s-1CCS\s0 messages received from the peer will always be +ignored in TLSv1.3. This option is set by default. To switch it off use +\&\fBSSL_clear_options()\fR. A future version of OpenSSL may not set this by default. +.IP "\s-1SSL_OP_NO_ANTI_REPLAY\s0" 4 +.IX Item "SSL_OP_NO_ANTI_REPLAY" +By default, when a server is configured for early data (i.e., max_early_data > 0), +OpenSSL will switch on replay protection. See \fBSSL_read_early_data\fR\|(3) for a +description of the replay protection feature. Anti-replay measures are required +to comply with the TLSv1.3 specification. Some applications may be able to +mitigate the replay risks in other ways and in such cases the built in OpenSSL +functionality is not required. Those applications can turn this feature off by +setting this option. This is a server-side opton only. It is ignored by +clients. +.PP +The following options no longer have any effect but their identifiers are +retained for compatibility purposes: +.IP "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" +.PD 0 +.IP "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 +.IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" +.IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 +.IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" +.IP "\s-1SSL_OP_TLS_D5_BUG\s0" 4 +.IX Item "SSL_OP_TLS_D5_BUG" +.IP "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 +.IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" +.IP "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 +.IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" +.IP "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 +.IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" +.IP "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 +.IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" +.IP "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" +.IP "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_1" +.IP "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_2" +.IP "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 +.IX Item "SSL_OP_SINGLE_DH_USE" +.IP "\s-1SSL_OP_SINGLE_ECDH_USE\s0" 4 +.IX Item "SSL_OP_SINGLE_ECDH_USE" +.IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 +.IX Item "SSL_OP_EPHEMERAL_RSA" +.PD +.SH "SECURE RENEGOTIATION" +.IX Header "SECURE RENEGOTIATION" +OpenSSL always attempts to use secure renegotiation as +described in \s-1RFC5746.\s0 This counters the prefix attack described in +\&\s-1CVE\-2009\-3555\s0 and elsewhere. +.PP +This attack has far reaching consequences which application writers should be +aware of. In the description below an implementation supporting secure +renegotiation is referred to as \fIpatched\fR. A server not supporting secure +renegotiation is referred to as \fIunpatched\fR. +.PP +The following sections describe the operations permitted by OpenSSL's secure +renegotiation implementation. +.SS "Patched client and server" +.IX Subsection "Patched client and server" +Connections and renegotiation are always permitted by OpenSSL implementations. +.SS "Unpatched client and patched OpenSSL server" +.IX Subsection "Unpatched client and patched OpenSSL server" +The initial connection succeeds but client renegotiation is denied by the +server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal +\&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0. +.PP +If the patched OpenSSL server attempts to renegotiate a fatal +\&\fBhandshake_failure\fR alert is sent. This is because the server code may be +unaware of the unpatched nature of the client. +.PP +If the option \fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then +renegotiation \fBalways\fR succeeds. +.SS "Patched OpenSSL client and unpatched server." +.IX Subsection "Patched OpenSSL client and unpatched server." +If the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR or +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR is set then initial connections +and renegotiation between patched OpenSSL clients and unpatched servers +succeeds. If neither option is set then initial connections to unpatched +servers will fail. +.PP +The option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR is currently set by default even +though it has security implications: otherwise it would be impossible to +connect to unpatched servers (i.e. all of them initially) and this is clearly +not acceptable. Renegotiation is permitted because this does not add any +additional security issues: during an attack clients do not see any +renegotiations anyway. +.PP +As more servers become patched the option \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR will +\&\fBnot\fR be set by default in a future version of OpenSSL. +.PP +OpenSSL client applications wishing to ensure they can connect to unpatched +servers should always \fBset\fR \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR +.PP +OpenSSL client applications that want to ensure they can \fBnot\fR connect to +unpatched servers (and thus avoid any security issues) should always \fBclear\fR +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR using \fBSSL_CTX_clear_options()\fR or +\&\fBSSL_clear_options()\fR. +.PP +The difference between the \fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR and +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR options is that +\&\fB\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0\fR enables initial connections and secure +renegotiation between OpenSSL clients and unpatched servers \fBonly\fR, while +\&\fB\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0\fR allows initial connections +and renegotiation between OpenSSL and unpatched clients or servers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_options()\fR and \fBSSL_set_options()\fR return the new options bitmask +after adding \fBoptions\fR. +.PP +\&\fBSSL_CTX_clear_options()\fR and \fBSSL_clear_options()\fR return the new options bitmask +after clearing \fBoptions\fR. +.PP +\&\fBSSL_CTX_get_options()\fR and \fBSSL_get_options()\fR return the current bitmask. +.PP +\&\fBSSL_get_secure_renegotiation_support()\fR returns 1 is the peer supports +secure renegotiation and 0 if it does not. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBSSL_CTX_set_min_proto_version\fR\|(3), +\&\fBdhparam\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The attempt to always try to use secure renegotiation was added in +OpenSSL 0.9.8m. +.PP +The \fB\s-1SSL_OP_PRIORITIZE_CHACHA\s0\fR and \fB\s-1SSL_OP_NO_RENEGOTIATION\s0\fR options +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 new file mode 100644 index 000000000000..3caa1bbb92f5 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_psk_client_callback.3 @@ -0,0 +1,292 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_PSK_CLIENT_CALLBACK 3" +.TH SSL_CTX_SET_PSK_CLIENT_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_psk_client_cb_func, SSL_psk_use_session_cb_func, SSL_CTX_set_psk_client_callback, SSL_set_psk_client_callback, SSL_CTX_set_psk_use_session_callback, SSL_set_psk_use_session_callback \&\- set PSK client callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, +\& const unsigned char **id, +\& size_t *idlen, +\& SSL_SESSION **sess); +\& +\& +\& void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx, +\& SSL_psk_use_session_cb_func cb); +\& void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +\& +\& +\& typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl, +\& const char *hint, +\& char *identity, +\& unsigned int max_identity_len, +\& unsigned char *psk, +\& unsigned int max_psk_len); +\& +\& void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb); +\& void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A client application wishing to use TLSv1.3 PSKs should use either +\&\fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR as +appropriate. These functions cannot be used for TLSv1.2 and below PSKs. +.PP +The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR. +.PP +The first time the callback is called for a connection the \fBmd\fR parameter is +\&\s-1NULL.\s0 In some circumstances the callback will be called a second time. In that +case the server will have specified a ciphersuite to use already and the \s-1PSK\s0 +must be compatible with the digest for that ciphersuite. The digest will be +given in \fBmd\fR. The \s-1PSK\s0 returned by the callback is allowed to be different +between the first and second time it is called. +.PP +On successful completion the callback must store a pointer to an identifier for +the \s-1PSK\s0 in \fB*id\fR. The identifier length in bytes should be stored in \fB*idlen\fR. +The memory pointed to by \fB*id\fR remains owned by the application and should +be freed by it as required at any point after the handshake is complete. +.PP +Additionally the callback should store a pointer to an \s-1SSL_SESSION\s0 object in +\&\fB*sess\fR. This is used as the basis for the \s-1PSK,\s0 and should, at a minimum, have +the following fields set: +.IP "The master key" 4 +.IX Item "The master key" +This can be set via a call to \fBSSL_SESSION_set1_master_key\fR\|(3). +.IP "A ciphersuite" 4 +.IX Item "A ciphersuite" +Only the handshake digest associated with the ciphersuite is relevant for the +\&\s-1PSK\s0 (the server may go on to negotiate any ciphersuite which is compatible with +the digest). The application can use any TLSv1.3 ciphersuite. If \fBmd\fR is +not \s-1NULL\s0 the handshake digest for the ciphersuite should be the same. +The ciphersuite can be set via a call to <\fBSSL_SESSION_set_cipher\fR\|(3)>. The +handshake digest of an \s-1SSL_CIPHER\s0 object can be checked using +<\fBSSL_CIPHER_get_handshake_digest\fR\|(3)>. +.IP "The protocol version" 4 +.IX Item "The protocol version" +This can be set via a call to \fBSSL_SESSION_set_protocol_version\fR\|(3) and should +be \s-1TLS1_3_VERSION.\s0 +.PP +Additionally the maximum early data value should be set via a call to +\&\fBSSL_SESSION_set_max_early_data\fR\|(3) if the \s-1PSK\s0 will be used for sending early +data. +.PP +Alternatively an \s-1SSL_SESSION\s0 created from a previous non-PSK handshake may also +be used as the basis for a \s-1PSK.\s0 +.PP +Ownership of the \s-1SSL_SESSION\s0 object is passed to the OpenSSL library and so it +should not be freed by the application. +.PP +It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this +case no \s-1PSK\s0 will be sent to the server but the handshake will continue. To do +this the callback should return successfully and ensure that \fB*sess\fR is +\&\s-1NULL.\s0 The contents of \fB*id\fR and \fB*idlen\fR will be ignored. +.PP +A client application wishing to use \s-1PSK\s0 ciphersuites for TLSv1.2 and below must +provide a different callback function. This function will be called when the +client is sending the ClientKeyExchange message to the server. +.PP +The purpose of the callback function is to select the \s-1PSK\s0 identity and +the pre-shared key to use during the connection setup phase. +.PP +The callback is set using functions \fBSSL_CTX_set_psk_client_callback()\fR +or \fBSSL_set_psk_client_callback()\fR. The callback function is given the +connection in parameter \fBssl\fR, a \fB\s-1NULL\s0\fR\-terminated \s-1PSK\s0 identity hint +sent by the server in parameter \fBhint\fR, a buffer \fBidentity\fR of +length \fBmax_identity_len\fR bytes where the resulting +\&\fB\s-1NUL\s0\fR\-terminated identity is to be stored, and a buffer \fBpsk\fR of +length \fBmax_psk_len\fR bytes where the resulting pre-shared key is to +be stored. +.PP +The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use \fBSSL_CTX_set_psk_use_session_callback()\fR +or \fBSSL_set_psk_use_session_callback()\fR for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via \fBSSL_CTX_set_psk_use_session_callback()\fR or \fBSSL_set_psk_use_session_callback()\fR +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via \fBSSL_CTX_set_psk_client_callback()\fR or +\&\fBSSL_set_psk_client_callback()\fR and use that. In this case the \fBhint\fR value will +always be \s-1NULL\s0 and the handshake digest will default to \s-1SHA\-256\s0 for any returned +\&\s-1PSK.\s0 +.SH "NOTES" +.IX Header "NOTES" +Note that parameter \fBhint\fR given to the callback may be \fB\s-1NULL\s0\fR. +.PP +A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption +has occurred so that \fBSSL_session_reused\fR\|(3) will return true. +.PP +There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or +below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: +.PP +\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +\&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Return values from the \fBSSL_psk_client_cb_func\fR callback are interpreted as +follows: +.PP +On success (callback found a \s-1PSK\s0 identity and a pre-shared key to use) +the length (> 0) of \fBpsk\fR in bytes is returned. +.PP +Otherwise or on errors the callback should return 0. In this case +the connection setup fails. +.PP +The SSL_psk_use_session_cb_func callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_psk_find_session_callback\fR\|(3), +\&\fBSSL_set_psk_find_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_set_psk_use_session_callback()\fR and \fBSSL_set_psk_use_session_callback()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 new file mode 100644 index 000000000000..8fd992798ca3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_quiet_shutdown.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 3" +.TH SSL_CTX_SET_QUIET_SHUTDOWN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +\& int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +\& +\& void SSL_set_quiet_shutdown(SSL *ssl, int mode); +\& int SSL_get_quiet_shutdown(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be +\&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time +\&\fBSSL_new\fR\|(3) is called. \fBmode\fR may be 0 or 1. +.PP +\&\fBSSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. +.PP +\&\fBSSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be +\&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with +\&\fBSSL_free\fR\|(3) or \fBSSL_set_quiet_shutdown()\fR is called again. +It is not changed when \fBSSL_clear\fR\|(3) is called. +\&\fBmode\fR may be 0 or 1. +.PP +\&\fBSSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally when a \s-1SSL\s0 connection is finished, the parties must send out +close_notify alert messages using \fBSSL_shutdown\fR\|(3) +for a clean shutdown. +.PP +When setting the \*(L"quiet shutdown\*(R" flag to 1, \fBSSL_shutdown\fR\|(3) +will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. +(\fBSSL_shutdown\fR\|(3) then behaves like +\&\fBSSL_set_shutdown\fR\|(3) called with +SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) +The session is thus considered to be shutdown, but no close_notify alert +is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. +.PP +The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_quiet_shutdown()\fR and \fBSSL_set_quiet_shutdown()\fR do not return +diagnostic information. +.PP +\&\fBSSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current +setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), +\&\fBSSL_set_shutdown\fR\|(3), \fBSSL_new\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 new file mode 100644 index 000000000000..1607028aa487 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_read_ahead.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_READ_AHEAD 3" +.TH SSL_CTX_SET_READ_AHEAD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_read_ahead, SSL_CTX_get_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead, SSL_CTX_get_default_read_ahead \&\- manage whether to read as many input bytes as possible +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_read_ahead(SSL *s, int yes); +\& int SSL_get_read_ahead(const SSL *s); +\& +\& SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); +\& long SSL_CTX_get_read_ahead(SSL_CTX *ctx); +\& long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_read_ahead()\fR and \fBSSL_set_read_ahead()\fR set whether we should read as +many input bytes as possible (for non-blocking reads) or not. For example if +\&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from +the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes +into its buffer (providing that the buffer is large enough) if reading ahead is +on, or \fBx\fR bytes otherwise. +Setting the parameter \fByes\fR to 0 turns reading ahead is off, other values turn +it on. +\&\fBSSL_CTX_set_default_read_ahead()\fR is identical to \fBSSL_CTX_set_read_ahead()\fR. +.PP +\&\fBSSL_CTX_get_read_ahead()\fR and \fBSSL_get_read_ahead()\fR indicate whether reading +ahead has been set or not. +\&\fBSSL_CTX_get_default_read_ahead()\fR is identical to \fBSSL_CTX_get_read_ahead()\fR. +.SH "NOTES" +.IX Header "NOTES" +These functions have no impact when used with \s-1DTLS.\s0 The return values for +\&\fBSSL_CTX_get_read_head()\fR and \fBSSL_get_read_ahead()\fR are undefined for \s-1DTLS.\s0 Setting +\&\fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR function +(see \fBSSL_pending\fR\|(3)). +.PP +Since \fBSSL_read()\fR can return \fB\s-1SSL_ERROR_WANT_READ\s0\fR for non-application data +records, and \fBSSL_has_pending()\fR can't tell the difference between processed and +unprocessed data, it's recommended that if read ahead is turned on that +\&\fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is not turned off using \fBSSL_CTX_clear_mode()\fR. +That will prevent getting \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is still a complete +record available that hasn't been processed. +.PP +If the application wants to continue to use the underlying transport (e.g. \s-1TCP\s0 +connection) after the \s-1SSL\s0 connection is finished using \fBSSL_shutdown()\fR reading +ahead should be turned off. +Otherwise the \s-1SSL\s0 structure might read data that it shouldn't. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_read_ahead()\fR and \fBSSL_CTX_get_read_ahead()\fR return 0 if reading ahead is off, +and non zero otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_pending\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 new file mode 100644 index 000000000000..35156c891bb6 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_record_padding_callback.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_RECORD_PADDING_CALLBACK 3" +.TH SSL_CTX_SET_RECORD_PADDING_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_record_padding_callback, SSL_set_record_padding_callback, SSL_CTX_set_record_padding_callback_arg, SSL_set_record_padding_callback_arg, SSL_CTX_get_record_padding_callback_arg, SSL_get_record_padding_callback_arg, SSL_CTX_set_block_padding, SSL_set_block_padding \- install callback to specify TLS 1.3 record padding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); +\& void SSL_set_record_padding_callback(SSL *ssl, size_t (*cb)(SSL *s, int type, size_t len, void *arg)); +\& +\& void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg); +\& void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx); +\& +\& void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg); +\& void *SSL_get_record_padding_callback_arg(const SSL *ssl); +\& +\& int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size); +\& int SSL_set_block_padding(SSL *ssl, size_t block_size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_record_padding_callback()\fR or \fBSSL_set_record_padding_callback()\fR +can be used to assign a callback function \fIcb\fR to specify the padding +for \s-1TLS 1.3\s0 records. The value set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. +.PP +\&\fBSSL_CTX_set_record_padding_callback_arg()\fR and \fBSSL_set_record_padding_callback_arg()\fR +assign a value \fBarg\fR that is passed to the callback when it is invoked. The value +set in \fBctx\fR is copied to a new \s-1SSL\s0 by \fBSSL_new()\fR. +.PP +\&\fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR +retrieve the \fBarg\fR value that is passed to the callback. +.PP +\&\fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR pads the record to a multiple +of the \fBblock_size\fR. A \fBblock_size\fR of 0 or 1 disables block padding. The limit of +\&\fBblock_size\fR is \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 +.PP +The callback is invoked for every record before encryption. +The \fBtype\fR parameter is the \s-1TLS\s0 record type that is being processed; may be +one of \s-1SSL3_RT_APPLICATION_DATA, SSL3_RT_HANDSHAKE,\s0 or \s-1SSL3_RT_ALERT.\s0 +The \fBlen\fR parameter is the current plaintext length of the record before encryption. +The \fBarg\fR parameter is the value set via \fBSSL_CTX_set_record_padding_callback_arg()\fR +or \fBSSL_set_record_padding_callback_arg()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBSSL_CTX_get_record_padding_callback_arg()\fR and \fBSSL_get_record_padding_callback_arg()\fR +functions return the \fBarg\fR value assigned in the corresponding set functions. +.PP +The \fBSSL_CTX_set_block_padding()\fR and \fBSSL_set_block_padding()\fR functions return 1 on success +or 0 if \fBblock_size\fR is too large. +.PP +The \fBcb\fR returns the number of padding bytes to add to the record. A return of 0 +indicates no padding will be added. A return value that causes the record to +exceed the maximum record size (\s-1SSL3_RT_MAX_PLAIN_LENGTH\s0) will pad out to the +maximum record size. +.SH "NOTES" +.IX Header "NOTES" +The default behavior is to add no padding to the record. +.PP +A user-supplied padding callback function will override the behavior set by +\&\fBSSL_set_block_padding()\fR or \fBSSL_CTX_set_block_padding()\fR. Setting the user-supplied +callback to \s-1NULL\s0 will restore the configured block padding behavior. +.PP +These functions only apply to \s-1TLS 1.3\s0 records being written. +.PP +Padding bytes are not added in constant-time. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The record padding \s-1API\s0 was added for \s-1TLS 1.3\s0 support in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 new file mode 100644 index 000000000000..63202d7e4d59 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_security_level.3 @@ -0,0 +1,309 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SECURITY_LEVEL 3" +.TH SSL_CTX_SET_SECURITY_LEVEL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, SSL_get_security_level, SSL_CTX_set_security_callback, SSL_set_security_callback, SSL_CTX_get_security_callback, SSL_get_security_callback, SSL_CTX_set0_security_ex_data, SSL_set0_security_ex_data, SSL_CTX_get0_security_ex_data, SSL_get0_security_ex_data \- SSL/TLS security framework +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +\& void SSL_set_security_level(SSL *s, int level); +\& +\& int SSL_CTX_get_security_level(const SSL_CTX *ctx); +\& int SSL_get_security_level(const SSL *s); +\& +\& void SSL_CTX_set_security_callback(SSL_CTX *ctx, +\& int (*cb)(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, +\& void *other, void *ex)); +\& +\& void SSL_set_security_callback(SSL *s, int (*cb)(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, +\& void *other, void *ex)); +\& +\& int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, void *other, +\& void *ex); +\& int (*SSL_get_security_callback(const SSL *s))(SSL *s, SSL_CTX *ctx, int op, +\& int bits, int nid, void *other, +\& void *ex); +\& +\& void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +\& void SSL_set0_security_ex_data(SSL *s, void *ex); +\& +\& void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); +\& void *SSL_get0_security_ex_data(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functions \fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR set +the security level to \fBlevel\fR. If not set the library default security level +is used. +.PP +The functions \fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR +retrieve the current security level. +.PP +\&\fBSSL_CTX_set_security_callback()\fR, \fBSSL_set_security_callback()\fR, +\&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR get or set +the security callback associated with \fBctx\fR or \fBs\fR. If not set a default +security callback is used. The meaning of the parameters and the behaviour +of the default callbacks is described below. +.PP +\&\fBSSL_CTX_set0_security_ex_data()\fR, \fBSSL_set0_security_ex_data()\fR, +\&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR set the +extra data pointer passed to the \fBex\fR parameter of the callback. This +value is passed to the callback verbatim and can be set to any convenient +application specific value. +.SH "DEFAULT CALLBACK BEHAVIOUR" +.IX Header "DEFAULT CALLBACK BEHAVIOUR" +If an application doesn't set its own security callback the default +callback is used. It is intended to provide sane defaults. The meaning +of each level is described below. +.IP "\fBLevel 0\fR" 4 +.IX Item "Level 0" +Everything is permitted. This retains compatibility with previous versions of +OpenSSL. +.IP "\fBLevel 1\fR" 4 +.IX Item "Level 1" +The security level corresponds to a minimum of 80 bits of security. Any +parameters offering below 80 bits of security are excluded. As a result \s-1RSA, +DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits +are prohibited. All export cipher suites are prohibited since they all offer +less than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite +using \s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. +.IP "\fBLevel 2\fR" 4 +.IX Item "Level 2" +Security level set to 112 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 2048 bits and \s-1ECC\s0 keys shorter than 224 bits are prohibited. +In addition to the level 1 exclusions any cipher suite using \s-1RC4\s0 is also +prohibited. \s-1SSL\s0 version 3 is also not allowed. Compression is disabled. +.IP "\fBLevel 3\fR" 4 +.IX Item "Level 3" +Security level set to 128 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 3072 bits and \s-1ECC\s0 keys shorter than 256 bits are prohibited. +In addition to the level 2 exclusions cipher suites not offering forward +secrecy are prohibited. \s-1TLS\s0 versions below 1.1 are not permitted. Session +tickets are disabled. +.IP "\fBLevel 4\fR" 4 +.IX Item "Level 4" +Security level set to 192 bits of security. As a result \s-1RSA, DSA\s0 and +\&\s-1DH\s0 keys shorter than 7680 bits and \s-1ECC\s0 keys shorter than 384 bits are +prohibited. Cipher suites using \s-1SHA1\s0 for the \s-1MAC\s0 are prohibited. \s-1TLS\s0 +versions below 1.2 are not permitted. +.IP "\fBLevel 5\fR" 4 +.IX Item "Level 5" +Security level set to 256 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited. +.SH "APPLICATION DEFINED SECURITY CALLBACKS" +.IX Header "APPLICATION DEFINED SECURITY CALLBACKS" +\&\fIDocumentation to be provided.\fR +.SH "NOTES" +.IX Header "NOTES" +\&\fB\s-1WARNING\s0\fR at this time setting the security level higher than 1 for +general internet use is likely to cause \fBconsiderable\fR interoperability +issues and is not recommended. This is because the \fB\s-1SHA1\s0\fR algorithm +is very widely used in certificates and will be rejected at levels +higher than 1 because it only offers 80 bits of security. +.PP +The default security level can be configured when OpenSSL is compiled by +setting \fB\-DOPENSSL_TLS_SECURITY_LEVEL=level\fR. If not set then 1 is used. +.PP +The security framework disables or reject parameters inconsistent with the +set security level. In the past this was difficult as applications had to set +a number of distinct parameters (supported ciphers, supported curves supported +signature algorithms) to achieve this end and some cases (\s-1DH\s0 parameter size +for example) could not be checked at all. +.PP +By setting an appropriate security level much of this complexity can be +avoided. +.PP +The bits of security limits affect all relevant parameters including +cipher suite encryption algorithms, supported \s-1ECC\s0 curves, supported +signature algorithms, \s-1DH\s0 parameter sizes, certificate key sizes and +signature algorithms. This limit applies no matter what other custom +settings an application has set: so if the cipher suite is set to \fB\s-1ALL\s0\fR +then only cipher suites consistent with the security level are permissible. +.PP +See \s-1SP800\-57\s0 for how the security limits are related to individual +algorithms. +.PP +Some security levels require large key sizes for non-ECC public key +algorithms which can severely degrade performance. For example 256 bits +of security requires the use of \s-1RSA\s0 keys of at least 15360 bits in size. +.PP +Some restrictions can be gracefully handled: for example cipher suites +offering insufficient security are not sent by the client and will not +be selected by the server. Other restrictions such as the peer certificate +key size or the \s-1DH\s0 parameter size will abort the handshake with a fatal +alert. +.PP +Attempts to set certificates or parameters with insufficient security are +also blocked. For example trying to set a certificate using a 512 bit \s-1RSA\s0 +key using \fBSSL_CTX_use_certificate()\fR at level 1. Applications which do not +check the return values for errors will misbehave: for example it might +appear that a certificate is not set at all because it had been rejected. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_security_level()\fR and \fBSSL_set_security_level()\fR do not return values. +.PP +\&\fBSSL_CTX_get_security_level()\fR and \fBSSL_get_security_level()\fR return a integer that +represents the security level with \fB\s-1SSL_CTX\s0\fR or \fB\s-1SSL\s0\fR, respectively. +.PP +\&\fBSSL_CTX_set_security_callback()\fR and \fBSSL_set_security_callback()\fR do not return +values. +.PP +\&\fBSSL_CTX_get_security_callback()\fR and \fBSSL_get_security_callback()\fR return the pointer +to the security callback or \s-1NULL\s0 if the callback is not set. +.PP +\&\fBSSL_CTX_get0_security_ex_data()\fR and \fBSSL_get0_security_ex_data()\fR return the extra +data pointer or \s-1NULL\s0 if the ex data is not set. +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 new file mode 100644 index 000000000000..1b11b9a1859e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_cache_mode.3 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 3" +.TH SSL_CTX_SET_SESSION_CACHE_MODE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); +\& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_session_cache_mode()\fR enables/disables session caching +by setting the operational mode for \fBctx\fR to . +.PP +\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. +.SH "NOTES" +.IX Header "NOTES" +The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. +The sessions can be held in memory for each \fBctx\fR, if more than one +\&\s-1SSL_CTX\s0 object is being maintained, the sessions are unique for each \s-1SSL_CTX\s0 +object. +.PP +In order to reuse a session, a client must send the session's id to the +server. It can only send exactly one id. The server then either +agrees to reuse the session or it starts a full handshake (to create a new +session). +.PP +A server will look up the session in its internal session storage. If the +session is not found in internal storage or lookups for the internal storage +have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try +the external storage if available. +.PP +Since a client may try to reuse a session intended for use in a different +context, the session id context must be set by the server (see +\&\fBSSL_CTX_set_session_id_context\fR\|(3)). +.PP +The following session cache modes and modifiers are available: +.IP "\s-1SSL_SESS_CACHE_OFF\s0" 4 +.IX Item "SSL_SESS_CACHE_OFF" +No session caching for client or server takes place. +.IP "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 +.IX Item "SSL_SESS_CACHE_CLIENT" +Client sessions are added to the session cache. As there is no reliable way +for the OpenSSL library to know whether a session should be reused or which +session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not +have details about the connection), the application must select the session +to be reused by using the \fBSSL_set_session\fR\|(3) +function. This option is not activated by default. +.IP "\s-1SSL_SESS_CACHE_SERVER\s0" 4 +.IX Item "SSL_SESS_CACHE_SERVER" +Server sessions are added to the session cache. When a client proposes a +session to be reused, the server looks for the corresponding session in (first) +the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), +then (second) in the external cache if available. If the session is found, the +server will try to reuse the session. This is the default. +.IP "\s-1SSL_SESS_CACHE_BOTH\s0" 4 +.IX Item "SSL_SESS_CACHE_BOTH" +Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. +.IP "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" +Normally the session cache is checked for expired sessions every +255 connections using the +\&\fBSSL_CTX_flush_sessions\fR\|(3) function. Since +this may lead to a delay which cannot be controlled, the automatic +flushing may be disabled and +\&\fBSSL_CTX_flush_sessions\fR\|(3) can be called +explicitly by the application. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" +By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not +automatically look up sessions in the internal cache, even if sessions are +automatically stored there. If external session caching callbacks are in use, +this flag guarantees that all lookups are directed to the external cache. +As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on +clients. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" +Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER,\s0 +sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. +Normally a new session is added to the internal cache as well as any external +session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will +prevent sessions being stored in the internal cache (though the application can +add them manually using \fBSSL_CTX_add_session\fR\|(3)). Note: +in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful +session lookups in the external cache (ie. for session-resume requests) would +normally be copied into the local cache before processing continues \- this flag +prevents these additions to the internal cache as well. +.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL" +Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and +\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. +.PP +The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. +.PP +\&\fBSSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 new file mode 100644 index 000000000000..aa394e133059 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_id_context.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 3" +.TH SSL_CTX_SET_SESSION_ID_CONTEXT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +\& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. +.PP +\&\fBSSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. +.SH "NOTES" +.IX Header "NOTES" +Sessions are generated within a certain context. When exporting/importing +sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible, +to re-import a session generated from another context (e.g. another +application), which might lead to malfunctions. Therefore each application +must set its own session id context \fBsid_ctx\fR which is used to distinguish +the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be +any kind of binary data with a given length, it is therefore possible +to use e.g. the name of the application and/or the hostname and/or service +name ... +.PP +The session id context becomes part of the session. The session id context +is set by the \s-1SSL/TLS\s0 server. The \fBSSL_CTX_set_session_id_context()\fR and +\&\fBSSL_set_session_id_context()\fR functions are therefore only useful on the +server side. +.PP +OpenSSL clients will check the session id context returned by the server +when reusing a session. +.PP +The maximum length of the \fBsid_ctx\fR is limited to +\&\fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. +.SH "WARNINGS" +.IX Header "WARNINGS" +If the session id context is not set on an \s-1SSL/TLS\s0 server and client +certificates are used, stored sessions +will not be reused but a fatal error will be flagged and the handshake +will fail. +.PP +If a server returns a different session id context to an OpenSSL client +when reusing a session, an error will be flagged and the handshake will +fail. OpenSSL servers will always return the correct session id context, +as an OpenSSL server checks the session id context itself before reusing +a session as described above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_session_id_context()\fR and \fBSSL_set_session_id_context()\fR +return the following values: +.IP "0" 4 +The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded +the maximum allowed length of \fB\s-1SSL_MAX_SID_CTX_LENGTH\s0\fR. The error +is logged to the error stack. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 new file mode 100644 index 000000000000..d71e9c137534 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_session_ticket_cb.3 @@ -0,0 +1,301 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_TICKET_CB 3" +.TH SSL_CTX_SET_SESSION_TICKET_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_session_ticket_cb, SSL_SESSION_get0_ticket_appdata, SSL_SESSION_set1_ticket_appdata, SSL_CTX_generate_session_ticket_fn, SSL_CTX_decrypt_session_ticket_fn \- manage session ticket application data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg); +\& typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss, +\& const unsigned char *keyname, +\& size_t keyname_len, +\& SSL_TICKET_STATUS status, +\& void *arg); +\& int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, +\& SSL_CTX_generate_session_ticket_fn gen_cb, +\& SSL_CTX_decrypt_session_ticket_fn dec_cb, +\& void *arg); +\& int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len); +\& int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_set_session_ticket_cb()\fR sets the application callbacks \fBgen_cb\fR +and \fBdec_cb\fR that are used by a server to set and get application data stored +with a session, and placed into a session ticket. Either callback function may +be set to \s-1NULL.\s0 The value of \fBarg\fR is passed to the callbacks. +.PP +\&\fBgen_cb\fR is the application defined callback invoked when a session ticket is +about to be created. The application can call \fBSSL_SESSION_set1_ticket_appdata()\fR +at this time to add application data to the session ticket. The value of \fBarg\fR +is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The \fBgen_cb\fR +callback is defined as type \fBSSL_CTX_generate_session_ticket_fn\fR. +.PP +\&\fBdec_cb\fR is the application defined callback invoked after session ticket +decryption has been attempted and any session ticket application data is +available. If ticket decryption was successful then the \fBss\fR argument contains +the session data. The \fBkeyname\fR and \fBkeyname_len\fR arguments identify the key +used to decrypt the session ticket. The \fBstatus\fR argument is the result of the +ticket decryption. See the \s-1NOTES\s0 section below for further details. The value +of \fBarg\fR is the same as that given to \fBSSL_CTX_set_session_ticket_cb()\fR. The +\&\fBdec_cb\fR callback is defined as type \fBSSL_CTX_decrypt_session_ticket_fn\fR. +.PP +\&\fBSSL_SESSION_set1_ticket_appdata()\fR sets the application data specified by +\&\fBdata\fR and \fBlen\fR into \fBss\fR which is then placed into any generated session +tickets. It can be called at any time before a session ticket is created to +update the data placed into the session ticket. However, given that sessions +and tickets are created by the handshake, the \fBgen_cb\fR is provided to notify +the application that a session ticket is about to be generated. +.PP +\&\fBSSL_SESSION_get0_ticket_appdata()\fR assigns \fBdata\fR to the session ticket +application data and assigns \fBlen\fR to the length of the session ticket +application data from \fBss\fR. The application data can be set via +\&\fBSSL_SESSION_set1_ticket_appdata()\fR or by a session ticket. \s-1NULL\s0 will be assigned +to \fBdata\fR and 0 will be assigned to \fBlen\fR if there is no session ticket +application data. \fBSSL_SESSION_get0_ticket_appdata()\fR can be called any time +after a session has been created. The \fBdec_cb\fR is provided to notify the +application that a session ticket has just been decrypted. +.SH "NOTES" +.IX Header "NOTES" +When the \fBdec_cb\fR callback is invoked, the \s-1SSL_SESSION\s0 \fBss\fR has not yet been +assigned to the \s-1SSL\s0 \fBs\fR. The \fBstatus\fR indicates the result of the ticket +decryption. The callback must check the \fBstatus\fR value before performing any +action, as it is called even if ticket decryption fails. +.PP +The \fBkeyname\fR and \fBkeyname_len\fR arguments to \fBdec_cb\fR may be used to identify +the key that was used to encrypt the session ticket. +.PP +The \fBstatus\fR argument can be any of these values: +.IP "\s-1SSL_TICKET_EMPTY\s0" 4 +.IX Item "SSL_TICKET_EMPTY" +Empty ticket present. No ticket data will be used and a new ticket should be +sent to the client. This only occurs in TLSv1.2 or below. In TLSv1.3 it is not +valid for a client to send an empty ticket. +.IP "\s-1SSL_TICKET_NO_DECRYPT\s0" 4 +.IX Item "SSL_TICKET_NO_DECRYPT" +The ticket couldn't be decrypted. No ticket data will be used and a new ticket +should be sent to the client. +.IP "\s-1SSL_TICKET_SUCCESS\s0" 4 +.IX Item "SSL_TICKET_SUCCESS" +A ticket was successfully decrypted, any session ticket application data should +be available. A new ticket should not be sent to the client. +.IP "\s-1SSL_TICKET_SUCCESS_RENEW\s0" 4 +.IX Item "SSL_TICKET_SUCCESS_RENEW" +Same as \fB\s-1SSL_TICKET_SUCCESS\s0\fR, but a new ticket should be sent to the client. +.PP +The return value can be any of these values: +.IP "\s-1SSL_TICKET_RETURN_ABORT\s0" 4 +.IX Item "SSL_TICKET_RETURN_ABORT" +The handshake should be aborted, either because of an error or because of some +policy. Note that in TLSv1.3 a client may send more than one ticket in a single +handshake. Therefore just because one ticket is unacceptable it does not mean +that all of them are. For this reason this option should be used with caution. +.IP "\s-1SSL_TICKET_RETURN_IGNORE\s0" 4 +.IX Item "SSL_TICKET_RETURN_IGNORE" +Do not use a ticket (if one was available). Do not send a renewed ticket to the +client. +.IP "\s-1SSL_TICKET_RETURN_IGNORE_RENEW\s0" 4 +.IX Item "SSL_TICKET_RETURN_IGNORE_RENEW" +Do not use a ticket (if one was available). Send a renewed ticket to the client. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_EMPTY\s0\fR or +\&\fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR. +.IP "\s-1SSL_TICKET_RETURN_USE\s0" 4 +.IX Item "SSL_TICKET_RETURN_USE" +Use the ticket. Do not send a renewed ticket to the client. It is an error for +the callback to return this value if \fBstatus\fR has a value other than +\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS\s0\fR. +.IP "\s-1SSL_TICKET_RETURN_USE_RENEW\s0" 4 +.IX Item "SSL_TICKET_RETURN_USE_RENEW" +Use the ticket. Send a renewed ticket to the client. It is an error for the +callback to return this value if \fBstatus\fR has a value other than +\&\fB\s-1SSL_TICKET_SUCCESS\s0\fR or \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.Sp +If the callback does not wish to change the default ticket behaviour then it +should return this value if \fBstatus\fR is \fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR. +.PP +If \fBstatus\fR has the value \fB\s-1SSL_TICKET_EMPTY\s0\fR or \fB\s-1SSL_TICKET_NO_DECRYPT\s0\fR then +no session data will be available and the callback must not use the \fBss\fR +argument. If \fBstatus\fR has the value \fB\s-1SSL_TICKET_SUCCESS\s0\fR or +\&\fB\s-1SSL_TICKET_SUCCESS_RENEW\s0\fR then the application can call +\&\fBSSL_SESSION_get0_ticket_appdata()\fR using the session provided in the \fBss\fR +argument to retrieve the application data. +.PP +When the \fBgen_cb\fR callback is invoked, the \fBSSL_get_session()\fR function can be +used to retrieve the \s-1SSL_SESSION\s0 for \fBSSL_SESSION_set1_ticket_appdata()\fR. +.PP +By default, in TLSv1.2 and below, a new session ticket is not issued on a +successful resumption and therefore \fBgen_cb\fR will not be called. In TLSv1.3 the +default behaviour is to always issue a new ticket on resumption. In both cases +this behaviour can be changed if a ticket key callback is in use (see +\&\fBSSL_CTX_set_tlsext_ticket_key_cb\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSL_SESSION_set1_ticket_appdata()\fR and +\&\fBSSL_SESSION_get0_ticket_appdata()\fR functions return 1 on success and 0 on +failure. +.PP +The \fBgen_cb\fR callback must return 1 to continue the connection. A return of 0 +will terminate the connection with an \s-1INTERNAL_ERROR\s0 alert. +.PP +The \fBdec_cb\fR callback must return a value as described in \s-1NOTES\s0 above. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_get_session\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_set_session_ticket_cb()\fR, \fBSSSL_SESSION_set1_ticket_appdata()\fR +and \fBSSL_SESSION_get_ticket_appdata()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 new file mode 100644 index 000000000000..b44ace46f325 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_split_send_fragment.3 @@ -0,0 +1,303 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3" +.TH SSL_CTX_SET_SPLIT_SEND_FRAGMENT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_max_send_fragment, SSL_set_max_send_fragment, SSL_CTX_set_split_send_fragment, SSL_set_split_send_fragment, SSL_CTX_set_max_pipelines, SSL_set_max_pipelines, SSL_CTX_set_default_read_buffer_len, SSL_set_default_read_buffer_len, SSL_CTX_set_tlsext_max_fragment_length, SSL_set_tlsext_max_fragment_length, SSL_SESSION_get_max_fragment_length \- Control fragment size settings and pipelining operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_max_send_fragment(SSL_CTX *ctx, long); +\& long SSL_set_max_send_fragment(SSL *ssl, long m); +\& +\& long SSL_CTX_set_max_pipelines(SSL_CTX *ctx, long m); +\& long SSL_set_max_pipelines(SSL_CTX *ssl, long m); +\& +\& long SSL_CTX_set_split_send_fragment(SSL_CTX *ctx, long m); +\& long SSL_set_split_send_fragment(SSL *ssl, long m); +\& +\& void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +\& void SSL_set_default_read_buffer_len(SSL *s, size_t len); +\& +\& int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode); +\& int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode); +\& uint8_t SSL_SESSION_get_max_fragment_length(SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Some engines are able to process multiple simultaneous crypto operations. This +capability could be utilised to parallelise the processing of a single +connection. For example a single write can be split into multiple records and +each one encrypted independently and in parallel. Note: this will only work in +\&\s-1TLS1.1+.\s0 There is no support in SSLv3, TLSv1.0 or \s-1DTLS\s0 (any version). This +capability is known as \*(L"pipelining\*(R" within OpenSSL. +.PP +In order to benefit from the pipelining capability. You need to have an engine +that provides ciphers that support this. The OpenSSL \*(L"dasync\*(R" engine provides +\&\s-1AES128\-SHA\s0 based ciphers that have this capability. However these are for +development and test purposes only. +.PP +\&\fBSSL_CTX_set_max_send_fragment()\fR and \fBSSL_set_max_send_fragment()\fR set the +\&\fBmax_send_fragment\fR parameter for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. This +value restricts the amount of plaintext bytes that will be sent in any one +\&\s-1SSL/TLS\s0 record. By default its value is \s-1SSL3_RT_MAX_PLAIN_LENGTH\s0 (16384). These +functions will only accept a value in the range 512 \- \s-1SSL3_RT_MAX_PLAIN_LENGTH.\s0 +.PP +\&\fBSSL_CTX_set_max_pipelines()\fR and \fBSSL_set_max_pipelines()\fR set the maximum number +of pipelines that will be used at any one time. This value applies to both +\&\*(L"read\*(R" pipelining and \*(L"write\*(R" pipelining. By default only one pipeline will be +used (i.e. normal non-parallel operation). The number of pipelines set must be +in the range 1 \- \s-1SSL_MAX_PIPELINES\s0 (32). Setting this to a value > 1 will also +automatically turn on \*(L"read_ahead\*(R" (see \fBSSL_CTX_set_read_ahead\fR\|(3)). This is +explained further below. OpenSSL will only every use more than one pipeline if +a cipher suite is negotiated that uses a pipeline capable cipher provided by an +engine. +.PP +Pipelining operates slightly differently for reading encrypted data compared to +writing encrypted data. \fBSSL_CTX_set_split_send_fragment()\fR and +\&\fBSSL_set_split_send_fragment()\fR define how data is split up into pipelines when +writing encrypted data. The number of pipelines used will be determined by the +amount of data provided to the \fBSSL_write_ex()\fR or \fBSSL_write()\fR call divided by +\&\fBsplit_send_fragment\fR. +.PP +For example if \fBsplit_send_fragment\fR is set to 2000 and \fBmax_pipelines\fR is 4 +then: +.PP +SSL_write/SSL_write_ex called with 0\-2000 bytes == 1 pipeline used +.PP +SSL_write/SSL_write_ex called with 2001\-4000 bytes == 2 pipelines used +.PP +SSL_write/SSL_write_ex called with 4001\-6000 bytes == 3 pipelines used +.PP +SSL_write/SSL_write_ex called with 6001+ bytes == 4 pipelines used +.PP +\&\fBsplit_send_fragment\fR must always be less than or equal to +\&\fBmax_send_fragment\fR. By default it is set to be equal to \fBmax_send_fragment\fR. +This will mean that the same number of records will always be created as would +have been created in the non-parallel case, although the data will be +apportioned differently. In the parallel case data will be spread equally +between the pipelines. +.PP +Read pipelining is controlled in a slightly different way than with write +pipelining. While reading we are constrained by the number of records that the +peer (and the network) can provide to us in one go. The more records we can get +in one go the more opportunity we have to parallelise the processing. As noted +above when setting \fBmax_pipelines\fR to a value greater than one, \fBread_ahead\fR +is automatically set. The \fBread_ahead\fR parameter causes OpenSSL to attempt to +read as much data into the read buffer as the network can provide and will fit +into the buffer. Without this set data is read into the read buffer one record +at a time. The more data that can be read, the more opportunity there is for +parallelising the processing at the cost of increased memory overhead per +connection. Setting \fBread_ahead\fR can impact the behaviour of the \fBSSL_pending()\fR +function (see \fBSSL_pending\fR\|(3)). +.PP +The \fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR +functions control the size of the read buffer that will be used. The \fBlen\fR +parameter sets the size of the buffer. The value will only be used if it is +greater than the default that would have been used anyway. The normal default +value depends on a number of factors but it will be at least +\&\s-1SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_ENCRYPTED_OVERHEAD\s0 (16704) bytes. +.PP +\&\fBSSL_CTX_set_tlsext_max_fragment_length()\fR sets the default maximum fragment +length negotiation mode via value \fBmode\fR to \fBctx\fR. +This setting affects only \s-1SSL\s0 instances created after this function is called. +It affects the client-side as only its side may initiate this extension use. +.PP +\&\fBSSL_set_tlsext_max_fragment_length()\fR sets the maximum fragment length +negotiation mode via value \fBmode\fR to \fBssl\fR. +This setting will be used during a handshake when extensions are exchanged +between client and server. +So it only affects \s-1SSL\s0 sessions created after this function is called. +It affects the client-side as only its side may initiate this extension use. +.PP +\&\fBSSL_SESSION_get_max_fragment_length()\fR gets the maximum fragment length +negotiated in \fBsession\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All non-void functions return 1 on success and 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The Maximum Fragment Length extension support is optional on the server side. +If the server does not support this extension then +\&\fBSSL_SESSION_get_max_fragment_length()\fR will return: +TLSEXT_max_fragment_length_DISABLED. +.PP +The following modes are available: +.IP "TLSEXT_max_fragment_length_DISABLED" 4 +.IX Item "TLSEXT_max_fragment_length_DISABLED" +Disables Maximum Fragment Length Negotiation (default). +.IP "TLSEXT_max_fragment_length_512" 4 +.IX Item "TLSEXT_max_fragment_length_512" +Sets Maximum Fragment Length to 512 bytes. +.IP "TLSEXT_max_fragment_length_1024" 4 +.IX Item "TLSEXT_max_fragment_length_1024" +Sets Maximum Fragment Length to 1024. +.IP "TLSEXT_max_fragment_length_2048" 4 +.IX Item "TLSEXT_max_fragment_length_2048" +Sets Maximum Fragment Length to 2048. +.IP "TLSEXT_max_fragment_length_4096" 4 +.IX Item "TLSEXT_max_fragment_length_4096" +Sets Maximum Fragment Length to 4096. +.PP +With the exception of \fBSSL_CTX_set_default_read_buffer_len()\fR +\&\fBSSL_set_default_read_buffer_len()\fR, \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, +\&\fBSSL_set_tlsext_max_fragment_length()\fR and \fBSSL_SESSION_get_max_fragment_length()\fR +all these functions are implemented using macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_read_ahead\fR\|(3), \fBSSL_pending\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_set_max_pipelines()\fR, \fBSSL_set_max_pipelines()\fR, +\&\fBSSL_CTX_set_split_send_fragment()\fR, \fBSSL_set_split_send_fragment()\fR, +\&\fBSSL_CTX_set_default_read_buffer_len()\fR and \fBSSL_set_default_read_buffer_len()\fR +functions were added in OpenSSL 1.1.0. +.PP +The \fBSSL_CTX_set_tlsext_max_fragment_length()\fR, \fBSSL_set_tlsext_max_fragment_length()\fR +and \fBSSL_SESSION_get_max_fragment_length()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 new file mode 100644 index 000000000000..44b993569654 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_ssl_version.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_SSL_VERSION 3" +.TH SSL_CTX_SET_SSL_VERSION 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method \&\- choose a new TLS/SSL method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *method); +\& int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +\& const SSL_METHOD *SSL_get_ssl_method(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects +newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with +\&\fBSSL_new\fR\|(3) are not affected, except when +\&\fBSSL_clear\fR\|(3) is being called. +.PP +\&\fBSSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR +object. It may be reset, when \fBSSL_clear()\fR is called. +.PP +\&\fBSSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method +set in \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The available \fBmethod\fR choices are described in +\&\fBSSL_CTX_new\fR\|(3). +.PP +When \fBSSL_clear\fR\|(3) is called and no session is connected to +an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently +set in the corresponding \s-1SSL_CTX\s0 object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur for \fBSSL_CTX_set_ssl_version()\fR +and \fBSSL_set_ssl_method()\fR: +.IP "0" 4 +The new choice failed, check the error stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_new\fR\|(3), \fBSSL_new\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBssl\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 new file mode 100644 index 000000000000..24e74e8f4ee5 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3" +.TH SSL_CTX_SET_STATELESS_COOKIE_GENERATE_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_stateless_cookie_generate_cb, SSL_CTX_set_stateless_cookie_verify_cb \&\- Callback functions for stateless TLS1.3 cookies +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_stateless_cookie_generate_cb( +\& SSL_CTX *ctx, +\& int (*gen_stateless_cookie_cb) (SSL *ssl, +\& unsigned char *cookie, +\& size_t *cookie_len)); +\& void SSL_CTX_set_stateless_cookie_verify_cb( +\& SSL_CTX *ctx, +\& int (*verify_stateless_cookie_cb) (SSL *ssl, +\& const unsigned char *cookie, +\& size_t cookie_len)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_cookie_generate_cb()\fR sets the callback used by \fBSSL_stateless\fR\|(3) +to generate the application-controlled portion of the cookie provided to clients +in the HelloRetryRequest transmitted as a response to a ClientHello with a +missing or invalid cookie. \fBgen_stateless_cookie_cb()\fR must write at most +\&\s-1SSL_COOKIE_LENGTH\s0 bytes into \fBcookie\fR, and must write the number of bytes +written to \fBcookie_len\fR. If a cookie cannot be generated, a zero return value +can be used to abort the handshake. +.PP +\&\fBSSL_CTX_set_cookie_verify_cb()\fR sets the callback used by \fBSSL_stateless\fR\|(3) to +determine whether the application-controlled portion of a ClientHello cookie is +valid. A nonzero return value from \fBapp_verify_cookie_cb()\fR communicates that the +cookie is valid. The integrity of the entire cookie, including the +application-controlled portion, is automatically verified by \s-1HMAC\s0 before +\&\fBverify_stateless_cookie_cb()\fR is called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Neither function returns a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_stateless\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 new file mode 100644 index 000000000000..d570a55d44ef --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_timeout.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TIMEOUT 3" +.TH SSL_CTX_SET_TIMEOUT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +\& long SSL_CTX_get_timeout(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for +\&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. +.PP +\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is created, it is assigned a maximum lifetime. This +lifetime is specified by storing the creation time of the session and the +timeout value valid at this time. If the actual time is later than creation +time plus timeout, the session is not reused. +.PP +Due to this realization, all sessions behave according to the timeout value +valid at the time of the session negotiation. Changes of the timeout value +do not affect already established sessions. +.PP +The expiration time of a single session can be modified using the +\&\fBSSL_SESSION_get_time\fR\|(3) family of functions. +.PP +Expired sessions are removed from the internal session cache, whenever +\&\fBSSL_CTX_flush_sessions\fR\|(3) is called, either +directly by the application or automatically (see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3)) +.PP +The default value for session timeout is decided on a per protocol +basis, see \fBSSL_get_default_timeout\fR\|(3). +All currently supported protocols have the same default timeout value +of 300 seconds. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_timeout()\fR returns the previously set timeout value. +.PP +\&\fBSSL_CTX_get_timeout()\fR returns the currently set timeout value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 new file mode 100644 index 000000000000..cd619b0f5a97 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_servername_callback.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3" +.TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_get_servername_type, SSL_get_servername, SSL_set_tlsext_host_name \- handle server name indication (SNI) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, +\& int (*cb)(SSL *, int *, void *)); +\& long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); +\& +\& const char *SSL_get_servername(const SSL *s, const int type); +\& int SSL_get_servername_type(const SSL *s); +\& +\& int SSL_set_tlsext_host_name(const SSL *s, const char *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The functionality provided by the servername callback is superseded by the +ClientHello callback, which can be set using \fBSSL_CTX_set_client_hello_cb()\fR. +The servername callback is retained for historical compatibility. +.PP +\&\fBSSL_CTX_set_tlsext_servername_callback()\fR sets the application callback \fBcb\fR +used by a server to perform any actions or configuration required based on +the servername extension received in the incoming connection. When \fBcb\fR +is \s-1NULL, SNI\s0 is not used. The \fBarg\fR value is a pointer which is passed to +the application callback. +.PP +\&\fBSSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be +passed into the callback for this \fB\s-1SSL_CTX\s0\fR. +.PP +\&\fBSSL_get_servername()\fR returns a servername extension value of the specified +type if provided in the Client Hello or \s-1NULL.\s0 +.PP +\&\fBSSL_get_servername_type()\fR returns the servername type or \-1 if no servername +is present. Currently the only supported type (defined in \s-1RFC3546\s0) is +\&\fBTLSEXT_NAMETYPE_host_name\fR. +.PP +\&\fBSSL_set_tlsext_host_name()\fR sets the server name indication ClientHello extension +to contain the value \fBname\fR. The type of server name indication extension is set +to \fBTLSEXT_NAMETYPE_host_name\fR (defined in \s-1RFC3546\s0). +.SH "NOTES" +.IX Header "NOTES" +Several callbacks are executed during ClientHello processing, including +the ClientHello, \s-1ALPN,\s0 and servername callbacks. The ClientHello callback is +executed first, then the servername callback, followed by the \s-1ALPN\s0 callback. +.PP +The \fBSSL_set_tlsext_host_name()\fR function should only be called on \s-1SSL\s0 objects +that will act as clients; otherwise the configured \fBname\fR will be ignored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_tlsext_servername_callback()\fR and +\&\fBSSL_CTX_set_tlsext_servername_arg()\fR both always return 1 indicating success. +\&\fBSSL_set_tlsext_host_name()\fR returns 1 on success, 0 in case of error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_alpn_select_cb\fR\|(3), +\&\fBSSL_get0_alpn_selected\fR\|(3), \fBSSL_CTX_set_client_hello_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 new file mode 100644 index 000000000000..25053e2f88fe --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_status_cb.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_STATUS_CB 3" +.TH SSL_CTX_SET_TLSEXT_STATUS_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_status_cb, SSL_CTX_get_tlsext_status_cb, SSL_CTX_set_tlsext_status_arg, SSL_CTX_get_tlsext_status_arg, SSL_CTX_set_tlsext_status_type, SSL_CTX_get_tlsext_status_type, SSL_set_tlsext_status_type, SSL_get_tlsext_status_type, SSL_get_tlsext_status_ocsp_resp, SSL_set_tlsext_status_ocsp_resp \&\- OCSP Certificate Status Request functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx, int (*callback)(SSL *, void *)); +\& long SSL_CTX_get_tlsext_status_cb(SSL_CTX *ctx, int (**callback)(SSL *, void *)); +\& +\& long SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg); +\& long SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg); +\& +\& long SSL_CTX_set_tlsext_status_type(SSL_CTX *ctx, int type); +\& long SSL_CTX_get_tlsext_status_type(SSL_CTX *ctx); +\& +\& long SSL_set_tlsext_status_type(SSL *s, int type); +\& long SSL_get_tlsext_status_type(SSL *s); +\& +\& long SSL_get_tlsext_status_ocsp_resp(ssl, unsigned char **resp); +\& long SSL_set_tlsext_status_ocsp_resp(ssl, unsigned char *resp, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A client application may request that a server send back an \s-1OCSP\s0 status response +(also known as \s-1OCSP\s0 stapling). To do so the client should call the +\&\fBSSL_CTX_set_tlsext_status_type()\fR function prior to the creation of any \s-1SSL\s0 +objects. Alternatively an application can call the \fBSSL_set_tlsext_status_type()\fR +function on an individual \s-1SSL\s0 object prior to the start of the handshake. +Currently the only supported type is \fBTLSEXT_STATUSTYPE_ocsp\fR. This value +should be passed in the \fBtype\fR argument. Calling +\&\fBSSL_CTX_get_tlsext_status_type()\fR will return the type \fBTLSEXT_STATUSTYPE_ocsp\fR +previously set via \fBSSL_CTX_set_tlsext_status_type()\fR or \-1 if not set. +.PP +The client should additionally provide a callback function to decide what to do +with the returned \s-1OCSP\s0 response by calling \fBSSL_CTX_set_tlsext_status_cb()\fR. The +callback function should determine whether the returned \s-1OCSP\s0 response is +acceptable or not. The callback will be passed as an argument the value +previously set via a call to \fBSSL_CTX_set_tlsext_status_arg()\fR. Note that the +callback will not be called in the event of a handshake where session resumption +occurs (because there are no Certificates exchanged in such a handshake). +The callback previously set via \fBSSL_CTX_set_tlsext_status_cb()\fR can be retrieved +by calling \fBSSL_CTX_get_tlsext_status_cb()\fR, and the argument by calling +\&\fBSSL_CTX_get_tlsext_status_arg()\fR. +.PP +On the client side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether +the client has previously called \fBSSL_set_tlsext_status_type()\fR. It will return +\&\fBTLSEXT_STATUSTYPE_ocsp\fR if it has been called or \-1 otherwise. On the server +side \fBSSL_get_tlsext_status_type()\fR can be used to determine whether the client +requested \s-1OCSP\s0 stapling. If the client requested it then this function will +return \fBTLSEXT_STATUSTYPE_ocsp\fR, or \-1 otherwise. +.PP +The response returned by the server can be obtained via a call to +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR. The value \fB*resp\fR will be updated to point +to the \s-1OCSP\s0 response data and the return value will be the length of that data. +Typically a callback would obtain an \s-1OCSP_RESPONSE\s0 object from this data via a +call to the \fBd2i_OCSP_RESPONSE()\fR function. If the server has not provided any +response data then \fB*resp\fR will be \s-1NULL\s0 and the return value from +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR will be \-1. +.PP +A server application must also call the \fBSSL_CTX_set_tlsext_status_cb()\fR function +if it wants to be able to provide clients with \s-1OCSP\s0 Certificate Status +responses. Typically the server callback would obtain the server certificate +that is being sent back to the client via a call to \fBSSL_get_certificate()\fR; +obtain the \s-1OCSP\s0 response to be sent back; and then set that response data by +calling \fBSSL_set_tlsext_status_ocsp_resp()\fR. A pointer to the response data should +be provided in the \fBresp\fR argument, and the length of that data should be in +the \fBlen\fR argument. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The callback when used on the client side should return a negative value on +error; 0 if the response is not acceptable (in which case the handshake will +fail) or a positive value if it is acceptable. +.PP +The callback when used on the server side should return with either +\&\s-1SSL_TLSEXT_ERR_OK\s0 (meaning that the \s-1OCSP\s0 response that has been set should be +returned), \s-1SSL_TLSEXT_ERR_NOACK\s0 (meaning that an \s-1OCSP\s0 response should not be +returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 (meaning that a fatal error has +occurred). +.PP +\&\fBSSL_CTX_set_tlsext_status_cb()\fR, \fBSSL_CTX_set_tlsext_status_arg()\fR, +\&\fBSSL_CTX_set_tlsext_status_type()\fR, \fBSSL_set_tlsext_status_type()\fR and +\&\fBSSL_set_tlsext_status_ocsp_resp()\fR return 0 on error or 1 on success. +.PP +\&\fBSSL_CTX_get_tlsext_status_type()\fR returns the value previously set by +\&\fBSSL_CTX_set_tlsext_status_type()\fR, or \-1 if not set. +.PP +\&\fBSSL_get_tlsext_status_ocsp_resp()\fR returns the length of the \s-1OCSP\s0 response data +or \-1 if there is no \s-1OCSP\s0 response data. +.PP +\&\fBSSL_get_tlsext_status_type()\fR returns \fBTLSEXT_STATUSTYPE_ocsp\fR on the client +side if \fBSSL_set_tlsext_status_type()\fR was previously called, or on the server +side if the client requested \s-1OCSP\s0 stapling. Otherwise \-1 is returned. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_get_tlsext_status_type()\fR, \fBSSL_CTX_get_tlsext_status_type()\fR +and \fBSSL_CTX_set_tlsext_status_type()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 new file mode 100644 index 000000000000..d86500b0e4d7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -0,0 +1,323 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3" +.TH SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, +\& int (*cb)(SSL *s, unsigned char key_name[16], +\& unsigned char iv[EVP_MAX_IV_LENGTH], +\& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback function \fIcb\fR for handling +session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in +\&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server +implementation is not required to maintain per session state. It only applies +to \s-1TLS\s0 and there is no SSLv3 implementation. +.PP +The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0 +session when session ticket extension is presented in the \s-1TLS\s0 hello +message. It is the responsibility of this function to create or retrieve the +cryptographic parameters and to maintain their state. +.PP +The OpenSSL library uses your callback function to help implement a common \s-1TLS\s0 +ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session +state is unnecessary and a small set of cryptographic variables needs to be +maintained by the callback function implementation. +.PP +In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket +extension to the server. The client can only send exactly one session ticket. +The server, through the callback function, either agrees to reuse the session +ticket information or it starts a full \s-1TLS\s0 handshake to create a new session +ticket. +.PP +Before the callback function is started \fIctx\fR and \fIhctx\fR have been +initialised with \fBEVP_CIPHER_CTX_reset\fR\|(3) and \fBHMAC_CTX_reset\fR\|(3) respectively. +.PP +For new sessions tickets, when the client doesn't present a session ticket, or +an attempted retrieval of the ticket failed, or a renew option was indicated, +the callback function will be called with \fIenc\fR equal to 1. The OpenSSL +library expects that the function will set an arbitrary \fIname\fR, initialize +\&\fIiv\fR, and set the cipher context \fIctx\fR and the hash context \fIhctx\fR. +.PP +The \fIname\fR is 16 characters long and is used as a key identifier. +.PP +The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The +maximum \s-1IV\s0 length is \fB\s-1EVP_MAX_IV_LENGTH\s0\fR bytes defined in \fBevp.h\fR. +.PP +The initialization vector \fIiv\fR should be a random value. The cipher context +\&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be +set using \fBEVP_EncryptInit_ex\fR\|(3). The hmac context can be set using +\&\fBHMAC_Init_ex\fR\|(3). +.PP +When the client presents a session ticket, the callback function with be called +with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retrieve a set +of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out of +the session ticket. The OpenSSL library expects that the \fIname\fR will be used +to retrieve a cryptographic parameters and that the cryptographic context +\&\fIctx\fR will be set with the retrieved parameters and the initialization vector +\&\fIiv\fR. using a function like \fBEVP_DecryptInit_ex\fR\|(3). The \fIhctx\fR needs to be +set using \fBHMAC_Init_ex\fR\|(3). +.PP +If the \fIname\fR is still valid but a renewal of the ticket is required the +callback function should return 2. The library will call the callback again +with an argument of enc equal to 1 to set the new ticket. +.PP +The return value of the \fIcb\fR function is used by OpenSSL to determine what +further processing will occur. The following return values have meaning: +.IP "2" 4 +.IX Item "2" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. Additionally it indicates that the session +ticket is in a renewal period and should be replaced. The OpenSSL library will +call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077 +3.3\s0 paragraph 2). +.IP "1" 4 +.IX Item "1" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. +.IP "0" 4 +This indicates that it was not possible to set/retrieve a session ticket and +the \s-1SSL/TLS\s0 session will continue by negotiating a set of cryptographic +parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids. +.Sp +If called with enc equal to 0 the library will call the \fIcb\fR again to get +a new set of parameters. +.IP "less than 0" 4 +.IX Item "less than 0" +This indicates an error. +.SH "NOTES" +.IX Header "NOTES" +Session resumption shortcuts the \s-1TLS\s0 so that the client certificate +negotiation don't occur. It makes up for this by storing client certificate +an all other negotiated state information encrypted within the ticket. In a +resumed session the applications will have all this state information available +exactly as if a full negotiation had occurred. +.PP +If an attacker can obtain the key used to encrypt a session ticket, they can +obtain the master secret for any ticket using that key and decrypt any traffic +using that session: even if the cipher suite supports forward secrecy. As +a result applications may wish to use multiple keys and avoid using long term +keys stored in files. +.PP +Applications can use longer keys to maintain a consistent level of security. +For example if a cipher suite uses 256 bit ciphers but only a 128 bit ticket key +the overall security is only 128 bits because breaking the ticket key will +enable an attacker to obtain the session keys. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +returns 0 to indicate the callback function was set. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Reference Implementation: +.PP +.Vb 2 +\& SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb); +\& ... +\& +\& static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], +\& unsigned char *iv, EVP_CIPHER_CTX *ctx, +\& HMAC_CTX *hctx, int enc) +\& { +\& if (enc) { /* create new session */ +\& if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) <= 0) +\& return \-1; /* insufficient random */ +\& +\& key = currentkey(); /* something that you need to implement */ +\& if (key == NULL) { +\& /* current key doesn\*(Aqt exist or isn\*(Aqt valid */ +\& key = createkey(); /* +\& * Something that you need to implement. +\& * createkey needs to initialise a name, +\& * an aes_key, a hmac_key and optionally +\& * an expire time. +\& */ +\& if (key == NULL) /* key couldn\*(Aqt be created */ +\& return 0; +\& } +\& memcpy(key_name, key\->name, 16); +\& +\& EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); +\& +\& return 1; +\& +\& } else { /* retrieve session */ +\& key = findkey(name); +\& +\& if (key == NULL || key\->expire < now()) +\& return 0; +\& +\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); +\& EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& +\& if (key\->expire < now() \- RENEW_TIME) { +\& /* +\& * return 2 \- This session will get a new ticket even though the +\& * current one is still valid. +\& */ +\& return 2; +\& } +\& return 1; +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 new file mode 100644 index 000000000000..a7c747c01289 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tlsext_use_srtp.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TLSEXT_USE_SRTP 3" +.TH SSL_CTX_SET_TLSEXT_USE_SRTP 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_use_srtp, SSL_set_tlsext_use_srtp, SSL_get_srtp_profiles, SSL_get_selected_srtp_profile \&\- Configure and query SRTP support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +\& int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles); +\& +\& STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +\& SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SRTP\s0 is the Secure Real-Time Transport Protocol. OpenSSL implements support for +the \*(L"use_srtp\*(R" \s-1DTLS\s0 extension defined in \s-1RFC5764.\s0 This provides a mechanism for +establishing \s-1SRTP\s0 keying material, algorithms and parameters using \s-1DTLS.\s0 This +capability may be used as part of an implementation that conforms to \s-1RFC5763.\s0 +OpenSSL does not implement \s-1SRTP\s0 itself or \s-1RFC5763.\s0 Note that OpenSSL does not +support the use of \s-1SRTP\s0 Master Key Identifiers (MKIs). Also note that this +extension is only supported in \s-1DTLS.\s0 Any \s-1SRTP\s0 configuration will be ignored if a +\&\s-1TLS\s0 connection is attempted. +.PP +An OpenSSL client wishing to send the \*(L"use_srtp\*(R" extension should call +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR to set its use for all \s-1SSL\s0 objects subsequently +created from an \s-1SSL_CTX.\s0 Alternatively a client may call +\&\fBSSL_set_tlsext_use_srtp()\fR to set its use for an individual \s-1SSL\s0 object. The +\&\fBprofiles\fR parameters should point to a NUL-terminated, colon delimited list of +\&\s-1SRTP\s0 protection profile names. +.PP +The currently supported protection profile names are: +.IP "\s-1SRTP_AES128_CM_SHA1_80\s0" 4 +.IX Item "SRTP_AES128_CM_SHA1_80" +This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_80\s0 defined in \s-1RFC5764.\s0 +.IP "\s-1SRTP_AES128_CM_SHA1_32\s0" 4 +.IX Item "SRTP_AES128_CM_SHA1_32" +This corresponds to \s-1SRTP_AES128_CM_HMAC_SHA1_32\s0 defined in \s-1RFC5764.\s0 +.IP "\s-1SRTP_AEAD_AES_128_GCM\s0" 4 +.IX Item "SRTP_AEAD_AES_128_GCM" +This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 +.IP "\s-1SRTP_AEAD_AES_256_GCM\s0" 4 +.IX Item "SRTP_AEAD_AES_256_GCM" +This corresponds to the profile of the same name defined in \s-1RFC7714.\s0 +.PP +Supplying an unrecognised protection profile name will result in an error. +.PP +An OpenSSL server wishing to support the \*(L"use_srtp\*(R" extension should also call +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR or \fBSSL_set_tlsext_use_srtp()\fR to indicate the +protection profiles that it is willing to negotiate. +.PP +The currently configured list of protection profiles for either a client or a +server can be obtained by calling \fBSSL_get_srtp_profiles()\fR. This returns a stack +of \s-1SRTP_PROTECTION_PROFILE\s0 objects. The memory pointed to in the return value of +this function should not be freed by the caller. +.PP +After a handshake has been completed the negotiated \s-1SRTP\s0 protection profile (if +any) can be obtained (on the client or the server) by calling +\&\fBSSL_get_selected_srtp_profile()\fR. This function will return \s-1NULL\s0 if no \s-1SRTP\s0 +protection profile was negotiated. The memory returned from this function should +not be freed by the caller. +.PP +If an \s-1SRTP\s0 protection profile has been successfully negotiated then the \s-1SRTP\s0 +keying material (on both the client and server) should be obtained via a call to +\&\fBSSL_export_keying_material\fR\|(3). This call should provide a label value of +\&\*(L"EXTRACTOR\-dtls_srtp\*(R" and a \s-1NULL\s0 context value (use_context is 0). The total +length of keying material obtained should be equal to two times the sum of the +master key length and the salt length as defined for the protection profile in +use. This provides the client write master key, the server write master key, the +client write master salt and the server write master salt in that order. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_tlsext_use_srtp()\fR and \fBSSL_set_tlsext_use_srtp()\fR return 0 on success +or 1 on error. +.PP +\&\fBSSL_get_srtp_profiles()\fR returns a stack of \s-1SRTP_PROTECTION_PROFILE\s0 objects on +success or \s-1NULL\s0 on error or if no protection profiles have been configured. +.PP +\&\fBSSL_get_selected_srtp_profile()\fR returns a pointer to an \s-1SRTP_PROTECTION_PROFILE\s0 +object if one has been negotiated or \s-1NULL\s0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_export_keying_material\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 new file mode 100644 index 000000000000..ef6c569a920f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_tmp_dh_callback.3 @@ -0,0 +1,269 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 3" +.TH SSL_CTX_SET_TMP_DH_CALLBACK 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle DH keys for ephemeral key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, +\& int keylength)); +\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); +\& +\& void SSL_set_tmp_dh_callback(SSL *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, +\& int keylength)); +\& long SSL_set_tmp_dh(SSL *ssl, DH *dh) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be +used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. +The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fBSSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. +The key is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fBSSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. +.PP +\&\fBSSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. +.PP +These functions apply to \s-1SSL/TLS\s0 servers only. +.SH "NOTES" +.IX Header "NOTES" +When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange +can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well. +In these cases, the session data are negotiated using the +ephemeral/temporary \s-1DH\s0 key and the key supplied and certified +by the certificate chain is only used for signing. +Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys. +.PP +Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection +can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary +\&\s-1DH\s0 key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) key, as this key was +only used for signing. +.PP +In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group +(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate +a new \s-1DH\s0 key during the negotiation. +.PP +As generating \s-1DH\s0 parameters is extremely time consuming, an application +should not generate the parameters on the fly but supply the parameters. +\&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during +the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker +may specialize on a very often used \s-1DH\s0 group. Applications should therefore +generate their own \s-1DH\s0 parameters during the installation process using the +openssl \fBdhparam\fR\|(1) application. This application +guarantees that \*(L"strong\*(R" primes are used. +.PP +Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current +version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, +which use safe primes and were generated verifiably pseudo-randomly. +These files can be converted into C code using the \fB\-C\fR option of the +\&\fBdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. File dh1024.pem +contains old parameters that must not be used by applications. +.PP +An application may either directly specify the \s-1DH\s0 parameters or +can supply the \s-1DH\s0 parameters via a callback function. +.PP +Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export cipher suites +are advised to either use \fBSSL_CTX_set_tmp_dh()\fR or alternatively, use +the callback but ignore \fBkeylength\fR and \fBis_export\fR and simply +supply at least 2048\-bit parameters in the callback. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_set_tmp_dh_callback()\fR and \fBSSL_set_tmp_dh_callback()\fR do not return +diagnostic output. +.PP +\&\fBSSL_CTX_set_tmp_dh()\fR and \fBSSL_set_tmp_dh()\fR do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Setup \s-1DH\s0 parameters with a key length of 2048 bits. (Error handling +partly left out.) +.PP +Command-line parameter generation: +.PP +.Vb 1 +\& $ openssl dhparam \-out dh_param_2048.pem 2048 +.Ve +.PP +Code for setting up parameters during server initialization: +.PP +.Vb 1 +\& SSL_CTX ctx = SSL_CTX_new(); +\& +\& DH *dh_2048 = NULL; +\& FILE *paramfile = fopen("dh_param_2048.pem", "r"); +\& +\& if (paramfile) { +\& dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); +\& fclose(paramfile); +\& } else { +\& /* Error. */ +\& } +\& if (dh_2048 == NULL) +\& /* Error. */ +\& if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) +\& /* Error. */ +\& ... +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBciphers\fR\|(1), \fBdhparam\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 new file mode 100644 index 000000000000..30a09f774873 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_set_verify.3 @@ -0,0 +1,472 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_SET_VERIFY 3" +.TH SSL_CTX_SET_VERIFY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_ex_data_X509_STORE_CTX_idx, SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth, SSL_verify_cb, SSL_verify_client_post_handshake, SSL_set_post_handshake_auth, SSL_CTX_set_post_handshake_auth \&\- set peer certificate verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); +\& +\& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb verify_callback); +\& void SSL_set_verify(SSL *ssl, int mode, SSL_verify_cb verify_callback); +\& SSL_get_ex_data_X509_STORE_CTX_idx(void); +\& +\& void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +\& void SSL_set_verify_depth(SSL *ssl, int depth); +\& +\& int SSL_verify_client_post_handshake(SSL *ssl); +\& void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +\& void SSL_set_post_handshake_auth(SSL *ssl, int val); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. +.PP +\&\fBSSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In +this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If +no special \fBcallback\fR was set before, the default callback for the underlying +\&\fBctx\fR is used, that was valid at the time \fBssl\fR was created with +\&\fBSSL_new\fR\|(3). Within the callback function, +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR can be called to get the data index +of the current \s-1SSL\s0 object that is doing the verification. +.PP +\&\fBSSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBctx\fR. +.PP +\&\fBSSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBssl\fR. +.PP +\&\fBSSL_CTX_set_post_handshake_auth()\fR and \fBSSL_set_post_handshake_auth()\fR enable the +Post-Handshake Authentication extension to be added to the ClientHello such that +post-handshake authentication can be requested by the server. If \fBval\fR is 0 +then the extension is not sent, otherwise it is. By default the extension is not +sent. A certificate callback will need to be set via +\&\fBSSL_CTX_set_client_cert_cb()\fR if no certificate is provided at initialization. +.PP +\&\fBSSL_verify_client_post_handshake()\fR causes a CertificateRequest message to be +sent by a server on the given \fBssl\fR connection. The \s-1SSL_VERIFY_PEER\s0 flag must +be set; the \s-1SSL_VERIFY_POST_HANDSHAKE\s0 flag is optional. +.SH "NOTES" +.IX Header "NOTES" +The verification of certificates can be controlled by a set of logically +or'ed \fBmode\fR flags: +.IP "\s-1SSL_VERIFY_NONE\s0" 4 +.IX Item "SSL_VERIFY_NONE" +\&\fBServer mode:\fR the server will not send a client certificate request to the +client, so the client will not send a certificate. +.Sp +\&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the +server will send a certificate which will be checked. The result of the +certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake +using the \fBSSL_get_verify_result\fR\|(3) function. +The handshake will be continued regardless of the verification result. +.IP "\s-1SSL_VERIFY_PEER\s0" 4 +.IX Item "SSL_VERIFY_PEER" +\&\fBServer mode:\fR the server sends a client certificate request to the client. +The certificate returned (if any) is checked. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. +The behaviour can be controlled by the additional +\&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_CLIENT_ONCE\s0 and +\&\s-1SSL_VERIFY_POST_HANDSHAKE\s0 flags. +.Sp +\&\fBClient mode:\fR the server certificate is verified. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. If no server certificate is sent, because an +anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. +.IP "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 +.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" +\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 +handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. +This flag must be used together with \s-1SSL_VERIFY_PEER.\s0 +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 +.IX Item "SSL_VERIFY_CLIENT_ONCE" +\&\fBServer mode:\fR only request a client certificate once during the +connection. Do not ask for a client certificate again during +renegotiation or post-authentication if a certificate was requested +during the initial handshake. This flag must be used together with +\&\s-1SSL_VERIFY_PEER.\s0 +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.IP "\s-1SSL_VERIFY_POST_HANDSHAKE\s0" 4 +.IX Item "SSL_VERIFY_POST_HANDSHAKE" +\&\fBServer mode:\fR the server will not send a client certificate request +during the initial handshake, but will send the request via +\&\fBSSL_verify_client_post_handshake()\fR. This allows the \s-1SSL_CTX\s0 or \s-1SSL\s0 +to be configured for post-handshake peer verification before the +handshake occurs. This flag must be used together with +\&\s-1SSL_VERIFY_PEER.\s0 TLSv1.3 only; no effect on pre\-TLSv1.3 connections. +.Sp +\&\fBClient mode:\fR ignored (see \s-1BUGS\s0) +.PP +If the \fBmode\fR is \s-1SSL_VERIFY_NONE\s0 none of the other flags may be set. +.PP +The actual verification procedure is performed either using the built-in +verification procedure or using another application provided verification +function set with +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3). +The following descriptions apply in the case of the built-in procedure. An +application provided procedure also has access to the verify depth information +and the \fBverify_callback()\fR function, but the way this information is used +may be different. +.PP +\&\fBSSL_CTX_set_verify_depth()\fR and \fBSSL_set_verify_depth()\fR set a limit on the +number of certificates between the end-entity and trust-anchor certificates. +Neither the +end-entity nor the trust-anchor certificates count against \fBdepth\fR. If the +certificate chain needed to reach a trusted issuer is longer than \fBdepth+2\fR, +X509_V_ERR_CERT_CHAIN_TOO_LONG will be issued. +The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", +\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum +depth to 2 allows the levels 0, 1, 2 and 3 (0 being the end-entity and 3 the +trust-anchor). +The default depth limit is 100, +allowing for the peer certificate, at most 100 intermediate \s-1CA\s0 certificates and +a final trust anchor certificate. +.PP +The \fBverify_callback\fR function is used to control the behaviour when the +\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and +receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of +the certificate in question was passed (preverify_ok=1) or not +(preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used +for the certificate chain verification. +.PP +The certificate chain is checked starting with the deepest nesting level +(the root \s-1CA\s0 certificate) and worked upward to the peer's certificate. +At each level signatures and issuer attributes are checked. Whenever +a verification error is found, the error number is stored in \fBx509_ctx\fR +and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying +X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate +in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is +found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1 +before advancing to the next level. +.PP +The return value of \fBverify_callback\fR controls the strategy of the further +verification process. If \fBverify_callback\fR returns 0, the verification +process is immediately stopped with \*(L"verification failed\*(R" state. If +\&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and +the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, +the verification process is continued. If \fBverify_callback\fR always returns +1, the \s-1TLS/SSL\s0 handshake will not be terminated with respect to verification +failures and the connection will be established. The calling process can +however retrieve the error code of the last verification error using +\&\fBSSL_get_verify_result\fR\|(3) or by maintaining its +own error storage managed by \fBverify_callback\fR. +.PP +If no \fBverify_callback\fR is specified, the default callback will be used. +Its return value is identical to \fBpreverify_ok\fR, so that any verification +failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an +alert message, if \s-1SSL_VERIFY_PEER\s0 is set. +.PP +After calling \fBSSL_set_post_handshake_auth()\fR, the client will need to add a +certificate or certificate callback to its configuration before it can +successfully authenticate. This must be called before \fBSSL_connect()\fR. +.PP +\&\fBSSL_verify_client_post_handshake()\fR requires that verify flags have been +previously set, and that a client sent the post-handshake authentication +extension. When the client returns a certificate the verify callback will be +invoked. A write operation must take place for the Certificate Request to be +sent to the client, this can be done with \fBSSL_do_handshake()\fR or \fBSSL_write_ex()\fR. +Only one certificate request may be outstanding at any time. +.PP +When post-handshake authentication occurs, a refreshed NewSessionTicket +message is sent to the client. +.SH "BUGS" +.IX Header "BUGS" +In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag +is set, but whether any flags other than \s-1SSL_VERIFY_NONE\s0 are set. This can +lead to unexpected behaviour if \s-1SSL_VERIFY_PEER\s0 and other flags are not used as +required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The SSL*_set_verify*() functions do not provide diagnostic information. +.PP +The \fBSSL_verify_client_post_handshake()\fR function returns 1 if the request +succeeded, and 0 if the request failed. The error stack can be examined +to determine the failure reason. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code sequence realizes an example \fBverify_callback\fR function +that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification +failure, if wished. The callback realizes a verification depth limit with +more informational output. +.PP +All verification errors are printed; information about the certificate chain +is printed on request. +The example is realized for a server that does allow but not require client +certificates. +.PP +The example makes use of the ex_data technique to store application data +into/retrieve application data from the \s-1SSL\s0 structure +(see \fBCRYPTO_get_ex_new_index\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3)). +.PP +.Vb 7 +\& ... +\& typedef struct { +\& int verbose_mode; +\& int verify_depth; +\& int always_continue; +\& } mydata_t; +\& int mydata_index; +\& +\& ... +\& static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) +\& { +\& char buf[256]; +\& X509 *err_cert; +\& int err, depth; +\& SSL *ssl; +\& mydata_t *mydata; +\& +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +\& +\& /* +\& * Retrieve the pointer to the SSL of the connection currently treated +\& * and the application specific data stored into the SSL object. +\& */ +\& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); +\& mydata = SSL_get_ex_data(ssl, mydata_index); +\& +\& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); +\& +\& /* +\& * Catch a too long certificate chain. The depth limit set using +\& * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so +\& * that whenever the "depth>verify_depth" condition is met, we +\& * have violated the limit and want to log this error condition. +\& * We must do it here, because the CHAIN_TOO_LONG error would not +\& * be found explicitly; only errors introduced by cutting off the +\& * additional certificates would be logged. +\& */ +\& if (depth > mydata\->verify_depth) { +\& preverify_ok = 0; +\& err = X509_V_ERR_CERT_CHAIN_TOO_LONG; +\& X509_STORE_CTX_set_error(ctx, err); +\& } +\& if (!preverify_ok) { +\& printf("verify error:num=%d:%s:depth=%d:%s\en", err, +\& X509_verify_cert_error_string(err), depth, buf); +\& } else if (mydata\->verbose_mode) { +\& printf("depth=%d:%s\en", depth, buf); +\& } +\& +\& /* +\& * At this point, err contains the last verification error. We can use +\& * it for something special +\& */ +\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { +\& X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, 256); +\& printf("issuer= %s\en", buf); +\& } +\& +\& if (mydata\->always_continue) +\& return 1; +\& else +\& return preverify_ok; +\& } +\& ... +\& +\& mydata_t mydata; +\& +\& ... +\& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); +\& +\& ... +\& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, +\& verify_callback); +\& +\& /* +\& * Let the verify_callback catch the verify_depth error so that we get +\& * an appropriate error in the logfile. +\& */ +\& SSL_CTX_set_verify_depth(verify_depth + 1); +\& +\& /* +\& * Set up the SSL specific data into "mydata" and store it into th SSL +\& * structure. +\& */ +\& mydata.verify_depth = verify_depth; ... +\& SSL_set_ex_data(ssl, mydata_index, &mydata); +\& +\& ... +\& SSL_accept(ssl); /* check of success left out for clarity */ +\& if (peer = SSL_get_peer_certificate(ssl)) { +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& /* The client sent a certificate which verified OK */ +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), +\&\fBSSL_CTX_get_verify_mode\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBCRYPTO_get_ex_new_index\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL_VERIFY_POST_HANDSHAKE\s0 option, and the \fBSSL_verify_client_post_handshake()\fR +and \fBSSL_set_post_handshake_auth()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 new file mode 100644 index 000000000000..2adc7071de39 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_use_certificate.3 @@ -0,0 +1,324 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_CERTIFICATE 3" +.TH SSL_CTX_USE_CERTIFICATE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key, SSL_CTX_use_cert_and_key, SSL_use_cert_and_key \&\- load certificate and key data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +\& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); +\& int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_certificate(SSL *ssl, X509 *x); +\& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); +\& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +\& +\& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +\& int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +\& +\& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +\& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, +\& long len); +\& int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +\& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); +\& int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +\& int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, unsigned char *d, long len); +\& int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +\& int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +\& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +\& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +\& +\& int SSL_CTX_check_private_key(const SSL_CTX *ctx); +\& int SSL_check_private_key(const SSL *ssl); +\& +\& int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); +\& int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load the certificates and private keys into the \s-1SSL_CTX\s0 +or \s-1SSL\s0 object, respectively. +.PP +The SSL_CTX_* class of functions loads the certificates and keys into the +\&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR +created from \fBctx\fR with \fBSSL_new\fR\|(3) by copying, so that +changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. +.PP +The SSL_* class of functions only loads certificates and keys into a +specific \s-1SSL\s0 object. The specific information is kept, when +\&\fBSSL_clear\fR\|(3) is called for this \s-1SSL\s0 object. +.PP +\&\fBSSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, +\&\fBSSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the +certificates needed to form the complete certificate chain can be +specified using the +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +function. +.PP +\&\fBSSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from +the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, +\&\fBSSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. +.PP +\&\fBSSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR +into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified +from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 +\&\fBSSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. +See the \s-1NOTES\s0 section on why \fBSSL_CTX_use_certificate_chain_file()\fR +should be preferred. +.PP +\&\fBSSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from +\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must +be sorted starting with the subject's certificate (actual client or server +certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and +ending at the highest level (root) \s-1CA.\s0 \fBSSL_use_certificate_chain_file()\fR is +similar except it loads the certificate chain into \fBssl\fR. +.PP +\&\fBSSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. +\&\fBSSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 +to \fBctx\fR. \fBSSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; +\&\fBSSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. +If a certificate has already been set and the private does not belong +to the certificate an error is returned. To change a certificate, private +key pair the new certificate needs to be set with \fBSSL_use_certificate()\fR +or \fBSSL_CTX_use_certificate()\fR before setting the private key with +\&\fBSSL_CTX_use_PrivateKey()\fR or \fBSSL_use_PrivateKey()\fR. +.PP +\&\fBSSL_CTX_use_cert_and_key()\fR and \fBSSL_use_cert_and_key()\fR assign the X.509 +certificate \fBx\fR, private key \fBkey\fR, and certificate \fBchain\fR onto the +corresponding \fBssl\fR or \fBctx\fR. The \fBpkey\fR argument must be the private +key of the X.509 certificate \fBx\fR. If the \fBoverride\fR argument is 0, then +\&\fBx\fR, \fBpkey\fR and \fBchain\fR are set only if all were not previously set. +If \fBoverride\fR is non\-0, then the certificate, private key and chain certs +are always set. If \fBpkey\fR is \s-1NULL,\s0 then the public key of \fBx\fR is used as +the private key. This is intended to be used with hardware (via the \s-1ENGINE\s0 +interface) that stores the private key securely, such that it cannot be +accessed by OpenSSL. The reference count of the public key is incremented +(twice if there is no private key); it is not copied nor duplicated. This +allows all private key validations checks to succeed without an actual +private key being assigned via \fBSSL_CTX_use_PrivateKey()\fR, etc. +.PP +\&\fBSSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fBSSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fBSSL_use_PrivateKey_ASN1()\fR and \fBSSL_use_RSAPrivateKey_ASN1()\fR add the private +key to \fBssl\fR. +.PP +\&\fBSSL_CTX_use_PrivateKey_file()\fR adds the first private key found in +\&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the private key must be specified +from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 +\&\fBSSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in +\&\fBfile\fR to \fBctx\fR. \fBSSL_use_PrivateKey_file()\fR adds the first private key found +in \fBfile\fR to \fBssl\fR; \fBSSL_use_RSAPrivateKey_file()\fR adds the first private +\&\s-1RSA\s0 key found to \fBssl\fR. +.PP +\&\fBSSL_CTX_check_private_key()\fR checks the consistency of a private key with +the corresponding certificate loaded into \fBctx\fR. If more than one +key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will +be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 +key/certificate pair will be checked. \fBSSL_check_private_key()\fR performs +the same check for \fBssl\fR. If no key/certificate was explicitly added for +this \fBssl\fR, the last item added into \fBctx\fR will be checked. +.SH "NOTES" +.IX Header "NOTES" +The internal certificate store of OpenSSL can hold several private +key/certificate pairs at a time. The certificate used depends on the +cipher selected, see also \fBSSL_CTX_set_cipher_list\fR\|(3). +.PP +When reading certificates and private keys from file, files of type +\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain +one certificate or private key, consequently +\&\fBSSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. +Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. +.PP +\&\fBSSL_CTX_use_certificate_chain_file()\fR adds the first certificate found +in the file to the certificate store. The other certificates are added +to the store of chain certificates using \fBSSL_CTX_add1_chain_cert\fR\|(3). Note: versions of OpenSSL before 1.0.2 only had a single +certificate chain store for all certificate types, OpenSSL 1.0.2 and later +have a separate chain store for each type. \fBSSL_CTX_use_certificate_chain_file()\fR +should be used instead of the \fBSSL_CTX_use_certificate_file()\fR function in order +to allow the use of complete certificate chains even when no trusted \s-1CA\s0 +storage is used or when the \s-1CA\s0 issuing the certificate shall not be added to +the trusted \s-1CA\s0 storage. +.PP +If additional certificates are needed to complete the chain during the +\&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the +locations of trusted \s-1CA\s0 certificates, see +\&\fBSSL_CTX_load_verify_locations\fR\|(3). +.PP +The private keys loaded from file can be encrypted. In order to successfully +load encrypted keys, a function returning the passphrase must have been +supplied, see +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3). +(Certificate files might be encrypted as well from the technical point +of view, it however does not make sense as the data in the certificate +is considered public anyway.) +.PP +All of the functions to set a new certificate will replace any existing +certificate of the same type that has already been set. Similarly all of the +functions to set a new private key will replace any private key that has already +been set. Applications should call \fBSSL_CTX_check_private_key\fR\|(3) or +\&\fBSSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and +private key to confirm that the certificate and key match. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +Otherwise check out the error stack to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 new file mode 100644 index 000000000000..eecfefa5774f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_use_psk_identity_hint.3 @@ -0,0 +1,269 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_PSK_IDENTITY_HINT 3" +.TH SSL_CTX_USE_PSK_IDENTITY_HINT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_psk_server_cb_func, SSL_psk_find_session_cb_func, SSL_CTX_use_psk_identity_hint, SSL_use_psk_identity_hint, SSL_CTX_set_psk_server_callback, SSL_set_psk_server_callback, SSL_CTX_set_psk_find_session_callback, SSL_set_psk_find_session_callback \&\- set PSK identity hint to use +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl, +\& const unsigned char *identity, +\& size_t identity_len, +\& SSL_SESSION **sess); +\& +\& +\& void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx, +\& SSL_psk_find_session_cb_func cb); +\& void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb); +\& +\& typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl, +\& const char *identity, +\& unsigned char *psk, +\& unsigned int max_psk_len); +\& +\& int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); +\& int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); +\& +\& void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb); +\& void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A client application wishing to use TLSv1.3 PSKs should set a callback +using either \fBSSL_CTX_set_psk_use_session_callback()\fR or +\&\fBSSL_set_psk_use_session_callback()\fR as appropriate. +.PP +The callback function is given a pointer to the \s-1SSL\s0 connection in \fBssl\fR and +an identity in \fBidentity\fR of length \fBidentity_len\fR. The callback function +should identify an \s-1SSL_SESSION\s0 object that provides the \s-1PSK\s0 details and store it +in \fB*sess\fR. The \s-1SSL_SESSION\s0 object should, as a minimum, set the master key, +the ciphersuite and the protocol version. See +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) for details. +.PP +It is also possible for the callback to succeed but not supply a \s-1PSK.\s0 In this +case no \s-1PSK\s0 will be used but the handshake will continue. To do this the +callback should return successfully and ensure that \fB*sess\fR is +\&\s-1NULL.\s0 +.PP +Identity hints are not relevant for TLSv1.3. A server application wishing to use +\&\s-1PSK\s0 ciphersuites for TLSv1.2 and below may call \fBSSL_CTX_use_psk_identity_hint()\fR +to set the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 identity hint \fBhint\fR for \s-1SSL\s0 context +object \fBctx\fR. \fBSSL_use_psk_identity_hint()\fR sets the given \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +identity hint \fBhint\fR for the \s-1SSL\s0 connection object \fBssl\fR. If \fBhint\fR is +\&\fB\s-1NULL\s0\fR the current hint from \fBctx\fR or \fBssl\fR is deleted. +.PP +In the case where \s-1PSK\s0 identity hint is \fB\s-1NULL\s0\fR, the server does not send the +ServerKeyExchange message to the client. +.PP +A server application wishing to use PSKs for TLSv1.2 and below must provide a +callback function which is called when the server receives the +ClientKeyExchange message from the client. The purpose of the callback function +is to validate the received \s-1PSK\s0 identity and to fetch the pre-shared key used +during the connection setup phase. The callback is set using the functions +\&\fBSSL_CTX_set_psk_server_callback()\fR or \fBSSL_set_psk_server_callback()\fR. The callback +function is given the connection in parameter \fBssl\fR, \fB\s-1NUL\s0\fR\-terminated \s-1PSK\s0 +identity sent by the client in parameter \fBidentity\fR, and a buffer \fBpsk\fR of +length \fBmax_psk_len\fR bytes where the pre-shared key is to be stored. +.PP +The callback for use in TLSv1.2 will also work in TLSv1.3 although it is +recommended to use \fBSSL_CTX_set_psk_find_session_callback()\fR +or \fBSSL_set_psk_find_session_callback()\fR for this purpose instead. If TLSv1.3 has +been negotiated then OpenSSL will first check to see if a callback has been set +via \fBSSL_CTX_set_psk_find_session_callback()\fR or \fBSSL_set_psk_find_session_callback()\fR +and it will use that in preference. If no such callback is present then it will +check to see if a callback has been set via \fBSSL_CTX_set_psk_server_callback()\fR or +\&\fBSSL_set_psk_server_callback()\fR and use that. In this case the handshake digest +will default to \s-1SHA\-256\s0 for any returned \s-1PSK.\s0 +.SH "NOTES" +.IX Header "NOTES" +A connection established via a TLSv1.3 \s-1PSK\s0 will appear as if session resumption +has occurred so that \fBSSL_session_reused\fR\|(3) will return true. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fB\fBSSL_CTX_use_psk_identity_hint()\fB\fR and \fB\fBSSL_use_psk_identity_hint()\fB\fR return +1 on success, 0 otherwise. +.PP +Return values from the TLSv1.2 and below server callback are interpreted as +follows: +.IP "0" 4 +\&\s-1PSK\s0 identity was not found. An \*(L"unknown_psk_identity\*(R" alert message +will be sent and the connection setup fails. +.IP ">0" 4 +.IX Item ">0" +\&\s-1PSK\s0 identity was found and the server callback has provided the \s-1PSK\s0 +successfully in parameter \fBpsk\fR. Return value is the length of +\&\fBpsk\fR in bytes. It is an error to return a value greater than +\&\fBmax_psk_len\fR. +.Sp +If the \s-1PSK\s0 identity was not found but the callback instructs the +protocol to continue anyway, the callback must provide some random +data to \fBpsk\fR and return the length of the random data, so the +connection will fail with decryption_error before it will be finished +completely. +.PP +The \fBSSL_psk_find_session_cb_func\fR callback should return 1 on success or 0 on +failure. In the event of failure the connection setup fails. +.SH "NOTES" +.IX Header "NOTES" +There are no known security issues with sharing the same \s-1PSK\s0 between TLSv1.2 (or +below) and TLSv1.3. However the \s-1RFC\s0 has this note of caution: +.PP +\&\*(L"While there is no known way in which the same \s-1PSK\s0 might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +\&\s-1TLS 1.3\s0 and \s-1TLS 1.2.\*(R"\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fBSSL_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_CTX_set_psk_find_session_callback()\fR and \fBSSL_set_psk_find_session_callback()\fR +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 b/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 new file mode 100644 index 000000000000..6493233ed82f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_CTX_use_serverinfo.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_USE_SERVERINFO 3" +.TH SSL_CTX_USE_SERVERINFO 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_use_serverinfo_ex, SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file \&\- use serverinfo extension +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, +\& const unsigned char *serverinfo, +\& size_t serverinfo_length); +\& +\& int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, +\& size_t serverinfo_length); +\& +\& int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 extensions into the \s-1SSL_CTX. A\s0 +\&\*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello +Extension. +.PP +\&\fBSSL_CTX_use_serverinfo_ex()\fR loads one or more serverinfo extensions from +a byte array into \fBctx\fR. The \fBversion\fR parameter specifies the format of the +byte array provided in \fB*serverinfo\fR which is of length \fBserverinfo_length\fR. +.PP +If \fBversion\fR is \fB\s-1SSL_SERVERINFOV2\s0\fR then the extensions in the array must +consist of a 4\-byte context, a 2\-byte Extension Type, a 2\-byte length, and then +length bytes of extension_data. The context and type values have the same +meaning as for \fBSSL_CTX_add_custom_ext\fR\|(3). If serverinfo is being loaded for +extensions to be added to a Certificate message, then the extension will only +be added for the first certificate in the message (which is always the +end-entity certificate). +.PP +If \fBversion\fR is \fB\s-1SSL_SERVERINFOV1\s0\fR then the extensions in the array must +consist of a 2\-byte Extension Type, a 2\-byte length, and then length bytes of +extension_data. The type value has the same meaning as for +\&\fBSSL_CTX_add_custom_ext\fR\|(3). The following default context value will be used +in this case: +.PP +.Vb 2 +\& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO +\& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION +.Ve +.PP +\&\fBSSL_CTX_use_serverinfo()\fR does the same thing as \fBSSL_CTX_use_serverinfo_ex()\fR +except that there is no \fBversion\fR parameter so a default version of +\&\s-1SSL_SERVERINFOV1\s0 is used instead. +.PP +\&\fBSSL_CTX_use_serverinfo_file()\fR loads one or more serverinfo extensions from +\&\fBfile\fR into \fBctx\fR. The extensions must be in \s-1PEM\s0 format. Each extension +must be in a format as described above for \fBSSL_CTX_use_serverinfo_ex()\fR. Each +\&\s-1PEM\s0 extension name must begin with the phrase \*(L"\s-1BEGIN SERVERINFOV2 FOR \*(R"\s0 for +\&\s-1SSL_SERVERINFOV2\s0 data or \*(L"\s-1BEGIN SERVERINFO FOR \*(R"\s0 for \s-1SSL_SERVERINFOV1\s0 data. +.PP +If more than one certificate (\s-1RSA/DSA\s0) is installed using +\&\fBSSL_CTX_use_certificate()\fR, the serverinfo extension will be loaded into the +last certificate installed. If e.g. the last item was a \s-1RSA\s0 certificate, the +loaded serverinfo extension data will be loaded for that certificate. To +use the serverinfo extension for multiple certificates, +\&\fBSSL_CTX_use_serverinfo()\fR needs to be called multiple times, once \fBafter\fR +each time a certificate is loaded via a call to \fBSSL_CTX_use_certificate()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +On failure, the functions return 0. Check out the error stack to find out +the reason. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2013\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 new file mode 100644 index 000000000000..212ba5c9e78e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_free.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_FREE 3" +.TH SSL_SESSION_FREE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_new, SSL_SESSION_dup, SSL_SESSION_up_ref, SSL_SESSION_free \- create, free and manage SSL_SESSION structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *SSL_SESSION_new(void); +\& SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src); +\& int SSL_SESSION_up_ref(SSL_SESSION *ses); +\& void SSL_SESSION_free(SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_new()\fR creates a new \s-1SSL_SESSION\s0 structure and returns a pointer to +it. +.PP +\&\fBSSL_SESSION_dup()\fR copies the contents of the \s-1SSL_SESSION\s0 structure in \fBsrc\fR +and returns a pointer to it. +.PP +\&\fBSSL_SESSION_up_ref()\fR increments the reference count on the given \s-1SSL_SESSION\s0 +structure. +.PP +\&\fBSSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes +the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated +memory, if the reference count has reached 0. +If \fBsession\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation +is successfully completed. Depending on the settings, see +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and +linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; +as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 +object at the same time. It is therefore crucial to keep the reference +count (usage information) correct and not delete a \s-1SSL_SESSION\s0 object +that is still used, as this may lead to program failures due to +dangling pointers. These failures may also appear delayed, e.g. +when an \s-1SSL_SESSION\s0 object was completely freed as the reference count +incorrectly became 0, but it is still referenced in the internal +session cache and the cache list is processed during a +\&\fBSSL_CTX_flush_sessions\fR\|(3) operation. +.PP +\&\fBSSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for +which the reference count was explicitly incremented (e.g. +by calling \fBSSL_get1_session()\fR, see \fBSSL_get_session\fR\|(3)) +or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake +operation, e.g. by using \fBd2i_SSL_SESSION\fR\|(3). +It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause +incorrect reference counts and therefore program failures. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +SSL_SESSION_new returns a pointer to the newly allocated \s-1SSL_SESSION\s0 structure +or \s-1NULL\s0 on error. +.PP +SSL_SESSION_up_ref returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBd2i_SSL_SESSION\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_dup()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 new file mode 100644 index 000000000000..021eb8a99f04 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_cipher.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_CIPHER 3" +.TH SSL_SESSION_GET0_CIPHER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_cipher, SSL_SESSION_set_cipher \&\- set and retrieve the SSL cipher associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +\& int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get0_cipher()\fR retrieves the cipher that was used by the +connection when the session was created, or \s-1NULL\s0 if it cannot be determined. +.PP +The value returned is a pointer to an object maintained within \fBs\fR and +should not be released. +.PP +\&\fBSSL_SESSION_set_cipher()\fR can be used to set the ciphersuite associated with the +\&\s-1SSL_SESSION\s0 \fBs\fR to \fBcipher\fR. For example, this could be used to set up a +session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get0_cipher()\fR returns the \s-1SSL_CIPHER\s0 associated with the \s-1SSL_SESSION\s0 +or \s-1NULL\s0 if it cannot be determined. +.PP +\&\fBSSL_SESSION_set_cipher()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_SESSION_get0_hostname\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_get0_cipher()\fR function was added in OpenSSL 1.1.0. +The \fBSSL_SESSION_set_cipher()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 new file mode 100644 index 000000000000..81f3cf9f0adf --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_hostname.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_HOSTNAME 3" +.TH SSL_SESSION_GET0_HOSTNAME 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_hostname, SSL_SESSION_set1_hostname, SSL_SESSION_get0_alpn_selected, SSL_SESSION_set1_alpn_selected \&\- get and set SNI and ALPN data associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +\& int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname); +\& +\& void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s, +\& const unsigned char **alpn, +\& size_t *len); +\& int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn, +\& size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get0_hostname()\fR retrieves the \s-1SNI\s0 value that was sent by the +client when the session was created, or \s-1NULL\s0 if no value was sent. +.PP +The value returned is a pointer to memory maintained within \fBs\fR and +should not be free'd. +.PP +\&\fBSSL_SESSION_set1_hostname()\fR sets the \s-1SNI\s0 value for the hostname to a copy of +the string provided in hostname. +.PP +\&\fBSSL_SESSION_get0_alpn_selected()\fR retrieves the selected \s-1ALPN\s0 protocol for this +session and its associated length in bytes. The returned value of \fB*alpn\fR is a +pointer to memory maintained within \fBs\fR and should not be free'd. +.PP +\&\fBSSL_SESSION_set1_alpn_selected()\fR sets the \s-1ALPN\s0 protocol for this session to the +value in \fBalpn\fR which should be of length \fBlen\fR bytes. A copy of the input +value is made, and the caller retains ownership of the memory pointed to by +\&\fBalpn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get0_hostname()\fR returns either a string or \s-1NULL\s0 based on if there +is the \s-1SNI\s0 value sent by client. +.PP +\&\fBSSL_SESSION_set1_hostname()\fR returns 1 on success or 0 on error. +.PP +\&\fBSSL_SESSION_set1_alpn_selected()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_set1_hostname()\fR, \fBSSL_SESSION_get0_alpn_selected()\fR and +\&\fBSSL_SESSION_set1_alpn_selected()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 new file mode 100644 index 000000000000..08e6b1e1a9a6 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_id_context.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_ID_CONTEXT 3" +.TH SSL_SESSION_GET0_ID_CONTEXT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_id_context, SSL_SESSION_set1_id_context \&\- get and set the SSL ID context associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, +\& unsigned int *len) +\& int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +See \fBSSL_CTX_set_session_id_context\fR\|(3) for further details on session \s-1ID\s0 +contexts. +.PP +\&\fBSSL_SESSION_get0_id_context()\fR returns the \s-1ID\s0 context associated with +the \s-1SSL/TLS\s0 session \fBs\fR. The length of the \s-1ID\s0 context is written to +\&\fB*len\fR if \fBlen\fR is not \s-1NULL.\s0 +.PP +The value returned is a pointer to an object maintained within \fBs\fR and +should not be released. +.PP +\&\fBSSL_SESSION_set1_id_context()\fR takes a copy of the provided \s-1ID\s0 context given in +\&\fBsid_ctx\fR and associates it with the session \fBs\fR. The length of the \s-1ID\s0 context +is given by \fBsid_ctx_len\fR which must not exceed \s-1SSL_MAX_SID_CTX_LENGTH\s0 bytes. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_set1_id_context()\fR returns 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_set_session_id_context\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_get0_id_context()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 new file mode 100644 index 000000000000..10492f60d8ef --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get0_peer.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET0_PEER 3" +.TH SSL_SESSION_GET0_PEER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_peer \&\- get details about peer's certificate for a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get0_peer()\fR returns the peer certificate associated with the session +\&\fBs\fR or \s-1NULL\s0 if no peer certificate is available. The caller should not free the +returned value (unless \fBX509_up_ref\fR\|(3) has also been called). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get0_peer()\fR returns a pointer to the peer certificate or \s-1NULL\s0 if +no peer certificate is available. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 new file mode 100644 index 000000000000..7cfcd71fa3e0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_compress_id.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_COMPRESS_ID 3" +.TH SSL_SESSION_GET_COMPRESS_ID 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_compress_id \&\- get details about the compression associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +If compression has been negotiated for an ssl session then +\&\fBSSL_SESSION_get_compress_id()\fR will return the id for the compression method or +0 otherwise. The only built-in supported compression method is zlib which has an +id of 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get_compress_id()\fR returns the id of the compression method or 0 if +none. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 new file mode 100644 index 000000000000..b38fe75ba97e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_ex_data.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_EX_DATA 3" +.TH SSL_SESSION_GET_EX_DATA 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \&\- get and set application specific data on a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +\& void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_set_ex_data()\fR enables an application to store arbitrary application +specific data \fBdata\fR in an \s-1SSL_SESSION\s0 structure \fBss\fR. The index \fBidx\fR should +be a value previously returned from a call to \fBCRYPTO_get_ex_new_index\fR\|(3). +.PP +\&\fBSSL_SESSION_get_ex_data()\fR retrieves application specific data previously stored +in an \s-1SSL_SESSION\s0 structure \fBs\fR. The \fBidx\fR value should be the same as that +used when originally storing the data. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_set_ex_data()\fR returns 1 for success or 0 for failure. +.PP +\&\fBSSL_SESSION_get_ex_data()\fR returns the previously stored value or \s-1NULL\s0 on +failure. \s-1NULL\s0 may also be a valid value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBCRYPTO_get_ex_new_index\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 new file mode 100644 index 000000000000..d4affa087015 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_protocol_version.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_PROTOCOL_VERSION 3" +.TH SSL_SESSION_GET_PROTOCOL_VERSION 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_protocol_version, SSL_SESSION_set_protocol_version \&\- get and set the session protocol version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +\& int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get_protocol_version()\fR returns the protocol version number used +by session \fBs\fR. +.PP +\&\fBSSL_SESSION_set_protocol_version()\fR sets the protocol version associated with the +\&\s-1SSL_SESSION\s0 object \fBs\fR to the value \fBversion\fR. This value should be a version +constant such as \fB\s-1TLS1_3_VERSION\s0\fR etc. For example, this could be used to set +up a session based \s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get_protocol_version()\fR returns a number indicating the protocol +version used for the session; this number matches the constants \fIe.g.\fR +\&\fB\s-1TLS1_VERSION\s0\fR, \fB\s-1TLS1_2_VERSION\s0\fR or \fB\s-1TLS1_3_VERSION\s0\fR. +.PP +Note that the \fBSSL_SESSION_get_protocol_version()\fR function +does \fBnot\fR perform a null check on the provided session \fBs\fR pointer. +.PP +\&\fBSSL_SESSION_set_protocol_version()\fR returns 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_get_protocol_version()\fR function was added in OpenSSL 1.1.0. +The \fBSSL_SESSION_set_protocol_version()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 new file mode 100644 index 000000000000..52234cc258f7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_get_time.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_GET_TIME 3" +.TH SSL_SESSION_GET_TIME 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout, SSL_get_time, SSL_set_time, SSL_get_timeout, SSL_set_timeout \&\- retrieve and manipulate session time and timeout settings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_SESSION_get_time(const SSL_SESSION *s); +\& long SSL_SESSION_set_time(SSL_SESSION *s, long tm); +\& long SSL_SESSION_get_timeout(const SSL_SESSION *s); +\& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); +\& +\& long SSL_get_time(const SSL_SESSION *s); +\& long SSL_set_time(SSL_SESSION *s, long tm); +\& long SSL_get_timeout(const SSL_SESSION *s); +\& long SSL_set_timeout(SSL_SESSION *s, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was +established. The time is given in seconds since the Epoch and therefore +compatible to the time delivered by the \fBtime()\fR call. +.PP +\&\fBSSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with +the chosen value \fBtm\fR. +.PP +\&\fBSSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR +in seconds. +.PP +\&\fBSSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds +to \fBtm\fR. +.PP +The \fBSSL_get_time()\fR, \fBSSL_set_time()\fR, \fBSSL_get_timeout()\fR, and \fBSSL_set_timeout()\fR +functions are synonyms for the SSL_SESSION_*() counterparts. +.SH "NOTES" +.IX Header "NOTES" +Sessions are expired by examining the creation time and the timeout value. +Both are set at creation time of the session to the actual time and the +default timeout value at creation, respectively, as set by +\&\fBSSL_CTX_set_timeout\fR\|(3). +Using these functions it is possible to extend or shorten the lifetime +of the session. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get_time()\fR and \fBSSL_SESSION_get_timeout()\fR return the currently +valid values. +.PP +\&\fBSSL_SESSION_set_time()\fR and \fBSSL_SESSION_set_timeout()\fR return 1 on success. +.PP +If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, +0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 new file mode 100644 index 000000000000..383cd2cdc568 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_has_ticket.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_HAS_TICKET 3" +.TH SSL_SESSION_HAS_TICKET 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get0_ticket, SSL_SESSION_has_ticket, SSL_SESSION_get_ticket_lifetime_hint \&\- get details about the ticket associated with a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_has_ticket(const SSL_SESSION *s); +\& unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +\& void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, +\& size_t *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_has_ticket()\fR returns 1 if there is a Session Ticket associated with +this session, and 0 otherwise. +.PP +SSL_SESSION_get_ticket_lifetime_hint returns the lifetime hint in seconds +associated with the session ticket. +.PP +SSL_SESSION_get0_ticket obtains a pointer to the ticket associated with a +session. The length of the ticket is written to \fB*len\fR. If \fBtick\fR is non +\&\s-1NULL\s0 then a pointer to the ticket is written to \fB*tick\fR. The pointer is only +valid while the connection is in use. The session (and hence the ticket pointer) +may also become invalid as a result of a call to \fBSSL_CTX_flush_sessions()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_has_ticket()\fR returns 1 if session ticket exists or 0 otherwise. +.PP +\&\fBSSL_SESSION_get_ticket_lifetime_hint()\fR returns the number of seconds. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_has_ticket()\fR, \fBSSL_SESSION_get_ticket_lifetime_hint()\fR +and \fBSSL_SESSION_get0_ticket()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 new file mode 100644 index 000000000000..59bcb792ce23 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_is_resumable.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_IS_RESUMABLE 3" +.TH SSL_SESSION_IS_RESUMABLE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_is_resumable \&\- determine whether an SSL_SESSION object can be used for resumption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_is_resumable(const SSL_SESSION *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_is_resumable()\fR determines whether an \s-1SSL_SESSION\s0 object can be used +to resume a session or not. Returns 1 if it can or 0 if not. Note that +attempting to resume with a non-resumable session will result in a full +handshake. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_is_resumable()\fR returns 1 if the session is resumable or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_is_resumable()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 new file mode 100644 index 000000000000..ce1dc38f3083 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_print.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_PRINT 3" +.TH SSL_SESSION_PRINT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_print, SSL_SESSION_print_fp, SSL_SESSION_print_keylog \&\- printf information about a session +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +\& int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +\& int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_print()\fR prints summary information about the session provided in +\&\fBses\fR to the \s-1BIO\s0 \fBfp\fR. +.PP +\&\fBSSL_SESSION_print_fp()\fR does the same as \fBSSL_SESSION_print()\fR except it prints it +to the \s-1FILE\s0 \fBfp\fR. +.PP +\&\fBSSL_SESSION_print_keylog()\fR prints session information to the provided \s-1BIO\s0 +in \s-1NSS\s0 keylog format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_print()\fR, \fBSSL_SESSION_print_fp()\fR and SSL_SESSION_print_keylog return +1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 b/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 new file mode 100644 index 000000000000..dd1f1f758e74 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_SESSION_set1_id.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_SET1_ID 3" +.TH SSL_SESSION_SET1_ID 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_SESSION_get_id, SSL_SESSION_set1_id \&\- get and set the SSL session ID +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, +\& unsigned int *len) +\& int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, +\& unsigned int sid_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_SESSION_get_id()\fR returns a pointer to the internal session id value for the +session \fBs\fR. The length of the id in bytes is stored in \fB*len\fR. The length may +be 0. The caller should not free the returned pointer directly. +.PP +\&\fBSSL_SESSION_set1_id()\fR sets the session \s-1ID\s0 for the \fBssl\fR \s-1SSL/TLS\s0 session +to \fBsid\fR of length \fBsid_len\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_get_id()\fR returns a pointer to the session id value. +\&\fBSSL_SESSION_set1_id()\fR returns 1 for success and 0 for failure, for example +if the supplied session \s-1ID\s0 length exceeds \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_SESSION_set1_id()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_accept.3 b/secure/lib/libcrypto/man/man3/SSL_accept.3 new file mode 100644 index 000000000000..bd49f996741b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_accept.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ACCEPT 3" +.TH SSL_ACCEPT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_accept(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. +The communication channel must already have been set and assigned to the +\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBSSL_accept()\fR depends on the underlying \s-1BIO.\s0 +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_accept()\fR will only return once the +handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_accept()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_accept()\fR +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_accept()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 b/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 new file mode 100644 index 000000000000..cfb15a0b84ed --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_alert_type_string.3 @@ -0,0 +1,369 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ALERT_TYPE_STRING 3" +.TH SSL_ALERT_TYPE_STRING 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_alert_type_string(int value); +\& const char *SSL_alert_type_string_long(int value); +\& +\& const char *SSL_alert_desc_string(int value); +\& const char *SSL_alert_desc_string_long(int value); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_alert_type_string()\fR returns a one letter string indicating the +type of the alert specified by \fBvalue\fR. +.PP +\&\fBSSL_alert_type_string_long()\fR returns a string indicating the type of the alert +specified by \fBvalue\fR. +.PP +\&\fBSSL_alert_desc_string()\fR returns a two letter string as a short form +describing the reason of the alert specified by \fBvalue\fR. +.PP +\&\fBSSL_alert_desc_string_long()\fR returns a string describing the reason +of the alert specified by \fBvalue\fR. +.SH "NOTES" +.IX Header "NOTES" +When one side of an \s-1SSL/TLS\s0 communication wants to inform the peer about +a special situation, it sends an alert. The alert is sent as a special message +and does not influence the normal data stream (unless its contents results +in the communication being canceled). +.PP +A warning alert is sent, when a non-fatal error condition occurs. The +\&\*(L"close notify\*(R" alert is sent as a warning alert. Other examples for +non-fatal errors are certificate errors (\*(L"certificate expired\*(R", +\&\*(L"unsupported certificate\*(R"), for which a warning alert may be sent. +(The sending party may however decide to send a fatal error.) The +receiving side may cancel the connection on reception of a warning +alert on it discretion. +.PP +Several alert messages must be sent as fatal alert messages as specified +by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following strings can occur for \fBSSL_alert_type_string()\fR or +\&\fBSSL_alert_type_string_long()\fR: +.ie n .IP """W""/""warning""" 4 +.el .IP "``W''/``warning''" 4 +.IX Item "W/warning" +.PD 0 +.ie n .IP """F""/""fatal""" 4 +.el .IP "``F''/``fatal''" 4 +.IX Item "F/fatal" +.ie n .IP """U""/""unknown""" 4 +.el .IP "``U''/``unknown''" 4 +.IX Item "U/unknown" +.PD +This indicates that no support is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.PP +The following strings can occur for \fBSSL_alert_desc_string()\fR or +\&\fBSSL_alert_desc_string_long()\fR: +.ie n .IP """\s-1CN""/\s0""close notify""" 4 +.el .IP "``\s-1CN''/\s0``close notify''" 4 +.IX Item "CN/close notify" +The connection shall be closed. This is a warning alert. +.ie n .IP """\s-1UM""/\s0""unexpected message""" 4 +.el .IP "``\s-1UM''/\s0``unexpected message''" 4 +.IX Item "UM/unexpected message" +An inappropriate message was received. This alert is always fatal +and should never be observed in communication between proper +implementations. +.ie n .IP """\s-1BM""/\s0""bad record mac""" 4 +.el .IP "``\s-1BM''/\s0``bad record mac''" 4 +.IX Item "BM/bad record mac" +This alert is returned if a record is received with an incorrect +\&\s-1MAC.\s0 This message is always fatal. +.ie n .IP """\s-1DF""/\s0""decompression failure""" 4 +.el .IP "``\s-1DF''/\s0``decompression failure''" 4 +.IX Item "DF/decompression failure" +The decompression function received improper input (e.g. data +that would expand to excessive length). This message is always +fatal. +.ie n .IP """\s-1HF""/\s0""handshake failure""" 4 +.el .IP "``\s-1HF''/\s0``handshake failure''" 4 +.IX Item "HF/handshake failure" +Reception of a handshake_failure alert message indicates that the +sender was unable to negotiate an acceptable set of security +parameters given the options available. This is a fatal error. +.ie n .IP """\s-1NC""/\s0""no certificate""" 4 +.el .IP "``\s-1NC''/\s0``no certificate''" 4 +.IX Item "NC/no certificate" +A client, that was asked to send a certificate, does not send a certificate +(SSLv3 only). +.ie n .IP """\s-1BC""/\s0""bad certificate""" 4 +.el .IP "``\s-1BC''/\s0``bad certificate''" 4 +.IX Item "BC/bad certificate" +A certificate was corrupt, contained signatures that did not +verify correctly, etc +.ie n .IP """\s-1UC""/\s0""unsupported certificate""" 4 +.el .IP "``\s-1UC''/\s0``unsupported certificate''" 4 +.IX Item "UC/unsupported certificate" +A certificate was of an unsupported type. +.ie n .IP """\s-1CR""/\s0""certificate revoked""" 4 +.el .IP "``\s-1CR''/\s0``certificate revoked''" 4 +.IX Item "CR/certificate revoked" +A certificate was revoked by its signer. +.ie n .IP """\s-1CE""/\s0""certificate expired""" 4 +.el .IP "``\s-1CE''/\s0``certificate expired''" 4 +.IX Item "CE/certificate expired" +A certificate has expired or is not currently valid. +.ie n .IP """\s-1CU""/\s0""certificate unknown""" 4 +.el .IP "``\s-1CU''/\s0``certificate unknown''" 4 +.IX Item "CU/certificate unknown" +Some other (unspecified) issue arose in processing the +certificate, rendering it unacceptable. +.ie n .IP """\s-1IP""/\s0""illegal parameter""" 4 +.el .IP "``\s-1IP''/\s0``illegal parameter''" 4 +.IX Item "IP/illegal parameter" +A field in the handshake was out of range or inconsistent with +other fields. This is always fatal. +.ie n .IP """\s-1DC""/\s0""decryption failed""" 4 +.el .IP "``\s-1DC''/\s0``decryption failed''" 4 +.IX Item "DC/decryption failed" +A TLSCiphertext decrypted in an invalid way: either it wasn't an +even multiple of the block length or its padding values, when +checked, weren't correct. This message is always fatal. +.ie n .IP """\s-1RO""/\s0""record overflow""" 4 +.el .IP "``\s-1RO''/\s0``record overflow''" 4 +.IX Item "RO/record overflow" +A TLSCiphertext record was received which had a length more than +2^14+2048 bytes, or a record decrypted to a TLSCompressed record +with more than 2^14+1024 bytes. This message is always fatal. +.ie n .IP """\s-1CA""/\s0""unknown \s-1CA""\s0" 4 +.el .IP "``\s-1CA''/\s0``unknown \s-1CA''\s0" 4 +.IX Item "CA/unknown CA" +A valid certificate chain or partial chain was received, but the +certificate was not accepted because the \s-1CA\s0 certificate could not +be located or couldn't be matched with a known, trusted \s-1CA.\s0 This +message is always fatal. +.ie n .IP """\s-1AD""/\s0""access denied""" 4 +.el .IP "``\s-1AD''/\s0``access denied''" 4 +.IX Item "AD/access denied" +A valid certificate was received, but when access control was +applied, the sender decided not to proceed with negotiation. +This message is always fatal. +.ie n .IP """\s-1DE""/\s0""decode error""" 4 +.el .IP "``\s-1DE''/\s0``decode error''" 4 +.IX Item "DE/decode error" +A message could not be decoded because some field was out of the +specified range or the length of the message was incorrect. This +message is always fatal. +.ie n .IP """\s-1CY""/\s0""decrypt error""" 4 +.el .IP "``\s-1CY''/\s0``decrypt error''" 4 +.IX Item "CY/decrypt error" +A handshake cryptographic operation failed, including being +unable to correctly verify a signature, decrypt a key exchange, +or validate a finished message. +.ie n .IP """\s-1ER""/\s0""export restriction""" 4 +.el .IP "``\s-1ER''/\s0``export restriction''" 4 +.IX Item "ER/export restriction" +A negotiation not in compliance with export restrictions was +detected; for example, attempting to transfer a 1024 bit +ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This +message is always fatal. +.ie n .IP """\s-1PV""/\s0""protocol version""" 4 +.el .IP "``\s-1PV''/\s0``protocol version''" 4 +.IX Item "PV/protocol version" +The protocol version the client has attempted to negotiate is +recognized, but not supported. (For example, old protocol +versions might be avoided for security reasons). This message is +always fatal. +.ie n .IP """\s-1IS""/\s0""insufficient security""" 4 +.el .IP "``\s-1IS''/\s0``insufficient security''" 4 +.IX Item "IS/insufficient security" +Returned instead of handshake_failure when a negotiation has +failed specifically because the server requires ciphers more +secure than those supported by the client. This message is always +fatal. +.ie n .IP """\s-1IE""/\s0""internal error""" 4 +.el .IP "``\s-1IE''/\s0``internal error''" 4 +.IX Item "IE/internal error" +An internal error unrelated to the peer or the correctness of the +protocol makes it impossible to continue (such as a memory +allocation failure). This message is always fatal. +.ie n .IP """\s-1US""/\s0""user canceled""" 4 +.el .IP "``\s-1US''/\s0``user canceled''" 4 +.IX Item "US/user canceled" +This handshake is being canceled for some reason unrelated to a +protocol failure. If the user cancels an operation after the +handshake is complete, just closing the connection by sending a +close_notify is more appropriate. This alert should be followed +by a close_notify. This message is generally a warning. +.ie n .IP """\s-1NR""/\s0""no renegotiation""" 4 +.el .IP "``\s-1NR''/\s0``no renegotiation''" 4 +.IX Item "NR/no renegotiation" +Sent by the client in response to a hello request or by the +server in response to a client hello after initial handshaking. +Either of these would normally lead to renegotiation; when that +is not appropriate, the recipient should respond with this alert; +at that point, the original requester can decide whether to +proceed with the connection. One case where this would be +appropriate would be where a server has spawned a process to +satisfy a request; the process might receive security parameters +(key length, authentication, etc.) at startup and it might be +difficult to communicate changes to these parameters after that +point. This message is always a warning. +.ie n .IP """\s-1UP""/\s0""unknown \s-1PSK\s0 identity""" 4 +.el .IP "``\s-1UP''/\s0``unknown \s-1PSK\s0 identity''" 4 +.IX Item "UP/unknown PSK identity" +Sent by the server to indicate that it does not recognize a \s-1PSK\s0 +identity or an \s-1SRP\s0 identity. +.ie n .IP """\s-1UK""/\s0""unknown""" 4 +.el .IP "``\s-1UK''/\s0``unknown''" 4 +.IX Item "UK/unknown" +This indicates that no description is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 b/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 new file mode 100644 index 000000000000..7846926ec896 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_alloc_buffers.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_ALLOC_BUFFERS 3" +.TH SSL_ALLOC_BUFFERS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_free_buffers, SSL_alloc_buffers \- manage SSL structure buffers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_free_buffers(SSL *ssl); +\& int SSL_alloc_buffers(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_free_buffers()\fR frees the read and write buffers of the given \fBssl\fR. +\&\fBSSL_alloc_buffers()\fR allocates the read and write buffers of the given \fBssl\fR. +.PP +The \fB\s-1SSL_MODE_RELEASE_BUFFERS\s0\fR mode releases read or write buffers whenever +the buffers have been drained. These functions allow applications to manually +control when buffers are freed and allocated. +.PP +After freeing the buffers, the buffers are automatically reallocated upon a +new read or write. The \fBSSL_alloc_buffers()\fR does not need to be called, but +can be used to make sure the buffers are pre-allocated. This can be used to +avoid allocation during data processing or with \fBCRYPTO_set_mem_functions()\fR +to control where and how buffers are allocated. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0 (Failure)" 4 +.IX Item "0 (Failure)" +The \fBSSL_free_buffers()\fR function returns 0 when there is pending data to be +read or written. The \fBSSL_alloc_buffers()\fR function returns 0 when there is +an allocation failure. +.IP "1 (Success)" 4 +.IX Item "1 (Success)" +The \fBSSL_free_buffers()\fR function returns 1 if the buffers have been freed. This +value is also returned if the buffers had been freed before calling +\&\fBSSL_free_buffers()\fR. +The \fBSSL_alloc_buffers()\fR function returns 1 if the buffers have been allocated. +This value is also returned if the buffers had been allocated before calling +\&\fBSSL_alloc_buffers()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_new\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3), +CRYPTO_set_mem_functions +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_check_chain.3 b/secure/lib/libcrypto/man/man3/SSL_check_chain.3 new file mode 100644 index 000000000000..96fa735735d4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_check_chain.3 @@ -0,0 +1,225 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CHECK_CHAIN 3" +.TH SSL_CHECK_CHAIN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_check_chain \- check certificate chain suitability +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_check_chain()\fR checks whether certificate \fBx\fR, private key \fBpk\fR and +certificate chain \fBchain\fR is suitable for use with the current session +\&\fBs\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_check_chain()\fR returns a bitmap of flags indicating the validity of the +chain. +.PP +\&\fB\s-1CERT_PKEY_VALID\s0\fR: the chain can be used with the current session. +If this flag is \fBnot\fR set then the certificate will never be used even +if the application tries to set it because it is inconsistent with the +peer preferences. +.PP +\&\fB\s-1CERT_PKEY_SIGN\s0\fR: the \s-1EE\s0 key can be used for signing. +.PP +\&\fB\s-1CERT_PKEY_EE_SIGNATURE\s0\fR: the signature algorithm of the \s-1EE\s0 certificate is +acceptable. +.PP +\&\fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR: the signature algorithms of all \s-1CA\s0 certificates +are acceptable. +.PP +\&\fB\s-1CERT_PKEY_EE_PARAM\s0\fR: the parameters of the end entity certificate are +acceptable (e.g. it is a supported curve). +.PP +\&\fB\s-1CERT_PKEY_CA_PARAM\s0\fR: the parameters of all \s-1CA\s0 certificates are acceptable. +.PP +\&\fB\s-1CERT_PKEY_EXPLICIT_SIGN\s0\fR: the end entity certificate algorithm +can be used explicitly for signing (i.e. it is mentioned in the signature +algorithms extension). +.PP +\&\fB\s-1CERT_PKEY_ISSUER_NAME\s0\fR: the issuer name is acceptable. This is only +meaningful for client authentication. +.PP +\&\fB\s-1CERT_PKEY_CERT_TYPE\s0\fR: the certificate type is acceptable. Only meaningful +for client authentication. +.PP +\&\fB\s-1CERT_PKEY_SUITEB\s0\fR: chain is suitable for Suite B use. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_check_chain()\fR must be called in servers after a client hello message or in +clients after a certificate request message. It will typically be called +in the certificate callback. +.PP +An application wishing to support multiple certificate chains may call this +function on each chain in turn: starting with the one it considers the +most secure. It could then use the chain of the first set which returns +suitable flags. +.PP +As a minimum the flag \fB\s-1CERT_PKEY_VALID\s0\fR must be set for a chain to be +usable. An application supporting multiple chains with different \s-1CA\s0 signature +algorithms may also wish to check \fB\s-1CERT_PKEY_CA_SIGNATURE\s0\fR too. If no +chain is suitable a server should fall back to the most secure chain which +sets \fB\s-1CERT_PKEY_VALID\s0\fR. +.PP +The validity of a chain is determined by checking if it matches a supported +signature algorithm, supported curves and in the case of client authentication +certificate types and issuer names. +.PP +Since the supported signature algorithms extension is only used in \s-1TLS 1.2, +TLS 1.3\s0 and \s-1DTLS 1.2\s0 the results for earlier versions of \s-1TLS\s0 and \s-1DTLS\s0 may not +be very useful. Applications may wish to specify a different \*(L"legacy\*(R" chain +for earlier versions of \s-1TLS\s0 or \s-1DTLS.\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_cert_cb\fR\|(3), +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_clear.3 b/secure/lib/libcrypto/man/man3/SSL_clear.3 new file mode 100644 index 000000000000..50dd9bf0b090 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_clear.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CLEAR 3" +.TH SSL_CLEAR 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_clear \- reset SSL object to allow another connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_clear(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Reset \fBssl\fR to allow another connection. All settings (method, ciphers, +BIOs) are kept. +.SH "NOTES" +.IX Header "NOTES" +SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all +settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. +If a session is still \fBopen\fR, it is considered bad and will be removed +from the session cache, as required by \s-1RFC2246. A\s0 session is considered open, +if \fBSSL_shutdown\fR\|(3) was not called for the connection +or at least \fBSSL_set_shutdown\fR\|(3) was used to +set the \s-1SSL_SENT_SHUTDOWN\s0 state. +.PP +If a session was closed cleanly, the session object will be kept and all +settings corresponding. This explicitly means, that e.g. the special method +used during the session will be kept for the next handshake. So if the +session was a TLSv1 session, a \s-1SSL\s0 client object will use a TLSv1 client +method for the next handshake and a \s-1SSL\s0 server object will use a TLSv1 +server method, even if TLS_*_methods were chosen on startup. This +will might lead to connection failures (see \fBSSL_new\fR\|(3)) +for a description of the method's properties. +.SH "WARNINGS" +.IX Header "WARNINGS" +\&\fBSSL_clear()\fR resets the \s-1SSL\s0 object to allow for another connection. The +reset operation however keeps several settings of the last sessions +(some of these settings were made automatically during the last +handshake). It only makes sense for a new connection with the exact +same peer that shares these settings, and may fail if that peer +changes its settings between connections. Use the sequence +\&\fBSSL_get_session\fR\|(3); +\&\fBSSL_new\fR\|(3); +\&\fBSSL_set_session\fR\|(3); +\&\fBSSL_free\fR\|(3) +instead to avoid such failures +(or simply \fBSSL_free\fR\|(3); \fBSSL_new\fR\|(3) +if session reuse is not desired). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \fBSSL_clear()\fR operation could not be performed. Check the error stack to +find out the reason. +.IP "1" 4 +.IX Item "1" +The \fBSSL_clear()\fR operation was successful. +.PP +\&\fBSSL_new\fR\|(3), \fBSSL_free\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), \fBssl\fR\|(7), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_connect.3 b/secure/lib/libcrypto/man/man3/SSL_connect.3 new file mode 100644 index 000000000000..3cf6cb35c962 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_connect.3 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CONNECT 3" +.TH SSL_CONNECT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_connect(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication +channel must already have been set and assigned to the \fBssl\fR by setting an +underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBSSL_connect()\fR depends on the underlying \s-1BIO.\s0 +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_connect()\fR will only return once the +handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_connect()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_connect()\fR +to continue the handshake, indicating the problem by the return value \-1. +In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_connect()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +Many systems implement Nagle's algorithm by default which means that it will +buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent for which no +corresponding \s-1ACK\s0 has been received yet from the peer. This can have performance +impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below) +resumption handshake, because the last peer to communicate in the handshake is +the client. If the client is also the first to send application data (as is +typical for many protocols) then this data could be buffered until an \s-1ACK\s0 has +been received for the final handshake message. +.PP +The \fB\s-1TCP_NODELAY\s0\fR socket option is often available to disable Nagle's +algorithm. If an application opts to disable Nagle's algorithm consideration +should be given to turning it back on again later if appropriate. The helper +function \fBBIO_set_tcp_ndelay()\fR can be used to turn on or off the \fB\s-1TCP_NODELAY\s0\fR +option. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 b/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 new file mode 100644 index 000000000000..7b1bc59ab3dd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_do_handshake.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_DO_HANDSHAKE 3" +.TH SSL_DO_HANDSHAKE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_do_handshake \- perform a TLS/SSL handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_do_handshake(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_do_handshake()\fR will wait for a \s-1SSL/TLS\s0 handshake to take place. If the +connection is in client mode, the handshake will be started. The handshake +routines may have to be explicitly set in advance using either +\&\fBSSL_set_connect_state\fR\|(3) or +\&\fBSSL_set_accept_state\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBSSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_do_handshake()\fR will only return +once the handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_do_handshake()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_do_handshake()\fR +to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_do_handshake()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fBSSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.IP "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.IP "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fBSSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7), +\&\fBSSL_set_connect_state\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 b/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 new file mode 100644 index 000000000000..fa4cdfdb179e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_export_keying_material.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_EXPORT_KEYING_MATERIAL 3" +.TH SSL_EXPORT_KEYING_MATERIAL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_export_keying_material, SSL_export_keying_material_early \&\- obtain keying material for application use +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, +\& const char *label, size_t llen, +\& const unsigned char *context, +\& size_t contextlen, int use_context); +\& +\& int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, +\& const char *label, size_t llen, +\& const unsigned char *context, +\& size_t contextlen); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +During the creation of a \s-1TLS\s0 or \s-1DTLS\s0 connection shared keying material is +established between the two endpoints. The functions +\&\fBSSL_export_keying_material()\fR and \fBSSL_export_keying_material_early()\fR enable an +application to use some of this keying material for its own purposes in +accordance with \s-1RFC5705\s0 (for TLSv1.2 and below) or \s-1RFC8446\s0 (for TLSv1.3). +.PP +\&\fBSSL_export_keying_material()\fR derives keying material using +the \fIexporter_master_secret\fR established in the handshake. +.PP +\&\fBSSL_export_keying_material_early()\fR is only usable with TLSv1.3, and derives +keying material using the \fIearly_exporter_master_secret\fR (as defined in the +\&\s-1TLS 1.3 RFC\s0). For the client, the \fIearly_exporter_master_secret\fR is only +available when the client attempts to send 0\-RTT data. For the server, it is +only available when the server accepts 0\-RTT data. +.PP +An application may need to securely establish the context within which this +keying material will be used. For example this may include identifiers for the +application session, application algorithms or parameters, or the lifetime of +the context. The context value is left to the application but must be the same +on both sides of the communication. +.PP +For a given \s-1SSL\s0 connection \fBs\fR, \fBolen\fR bytes of data will be written to +\&\fBout\fR. The application specific context should be supplied in the location +pointed to by \fBcontext\fR and should be \fBcontextlen\fR bytes long. Provision of +a context is optional. If the context should be omitted entirely then +\&\fBuse_context\fR should be set to 0. Otherwise it should be any other value. If +\&\fBuse_context\fR is 0 then the values of \fBcontext\fR and \fBcontextlen\fR are ignored. +Note that in TLSv1.2 and below a zero length context is treated differently from +no context at all, and will result in different keying material being returned. +In TLSv1.3 a zero length context is that same as no context at all and will +result in the same keying material being returned. +.PP +An application specific label should be provided in the location pointed to by +\&\fBlabel\fR and should be \fBllen\fR bytes long. Typically this will be a value from +the \s-1IANA\s0 Exporter Label Registry +(). +Alternatively labels beginning with \*(L"\s-1EXPERIMENTAL\*(R"\s0 are permitted by the standard +to be used without registration. TLSv1.3 imposes a maximum label length of +249 bytes. +.PP +Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and +above. Attempting to use it in SSLv3 will result in an error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_export_keying_material()\fR returns 0 or \-1 on failure or 1 on success. +.PP +\&\fBSSL_export_keying_material_early()\fR returns 0 on failure or 1 on success. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_export_keying_material_early()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 b/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 new file mode 100644 index 000000000000..34691c5a330a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_extension_supported.3 @@ -0,0 +1,399 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_EXTENSION_SUPPORTED 3" +.TH SSL_EXTENSION_SUPPORTED 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_extension_supported, SSL_CTX_add_custom_ext, SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext, custom_ext_add_cb, custom_ext_free_cb, custom_ext_parse_cb \&\- custom TLS extension handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*SSL_custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char **out, +\& size_t *outlen, X509 *x, +\& size_t chainidx, int *al, +\& void *add_arg); +\& +\& typedef void (*SSL_custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char *out, +\& void *add_arg); +\& +\& typedef int (*SSL_custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type, +\& unsigned int context, +\& const unsigned char *in, +\& size_t inlen, X509 *x, +\& size_t chainidx, int *al, +\& void *parse_arg); +\& +\& int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& unsigned int context, +\& SSL_custom_ext_add_cb_ex add_cb, +\& SSL_custom_ext_free_cb_ex free_cb, +\& void *add_arg, +\& SSL_custom_ext_parse_cb_ex parse_cb, +\& void *parse_arg); +\& +\& typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char **out, +\& size_t *outlen, int *al, +\& void *add_arg); +\& +\& typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char *out, +\& void *add_arg); +\& +\& typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, +\& const unsigned char *in, +\& size_t inlen, int *al, +\& void *parse_arg); +\& +\& int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& custom_ext_add_cb add_cb, +\& custom_ext_free_cb free_cb, void *add_arg, +\& custom_ext_parse_cb parse_cb, +\& void *parse_arg); +\& +\& int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, +\& custom_ext_add_cb add_cb, +\& custom_ext_free_cb free_cb, void *add_arg, +\& custom_ext_parse_cb parse_cb, +\& void *parse_arg); +\& +\& int SSL_extension_supported(unsigned int ext_type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_CTX_add_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client or server +for all supported protocol versions with extension type \fBext_type\fR and +callbacks \fBadd_cb\fR, \fBfree_cb\fR and \fBparse_cb\fR (see the +\&\*(L"\s-1EXTENSION CALLBACKS\*(R"\s0 section below). The \fBcontext\fR value determines +which messages and under what conditions the extension will be added/parsed (see +the \*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 section below). +.PP +\&\fBSSL_CTX_add_client_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 client +with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and +\&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it only +applies to clients, uses the older style of callbacks, and implicitly sets the +\&\fBcontext\fR value to: +.PP +.Vb 2 +\& SSL_EXT_TLS1_2_AND_BELOW_ONLY | SSL_EXT_CLIENT_HELLO +\& | SSL_EXT_TLS1_2_SERVER_HELLO | SSL_EXT_IGNORE_ON_RESUMPTION +.Ve +.PP +\&\fBSSL_CTX_add_server_custom_ext()\fR adds a custom extension for a \s-1TLS/DTLS\s0 server +with extension type \fBext_type\fR and callbacks \fBadd_cb\fR, \fBfree_cb\fR and +\&\fBparse_cb\fR. This function is similar to \fBSSL_CTX_add_custom_ext()\fR except it +only applies to servers, uses the older style of callbacks, and implicitly sets +the \fBcontext\fR value to the same as for \fBSSL_CTX_add_client_custom_ext()\fR above. +.PP +The \fBext_type\fR parameter corresponds to the \fBextension_type\fR field of +\&\s-1RFC5246\s0 et al. It is \fBnot\fR a \s-1NID.\s0 In all cases the extension type must not be +handled by OpenSSL internally or an error occurs. +.PP +\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +internally by OpenSSL and 0 otherwise. +.SH "EXTENSION CALLBACKS" +.IX Header "EXTENSION CALLBACKS" +The callback \fBadd_cb\fR is called to send custom extension data to be +included in various \s-1TLS\s0 messages. The \fBext_type\fR parameter is set to the +extension type which will be added and \fBadd_arg\fR to the value set when the +extension handler was added. When using the new style callbacks the \fBcontext\fR +parameter will indicate which message is currently being constructed e.g. for +the ClientHello it will be set to \fB\s-1SSL_EXT_CLIENT_HELLO\s0\fR. +.PP +If the application wishes to include the extension \fBext_type\fR it should +set \fB*out\fR to the extension data, set \fB*outlen\fR to the length of the +extension data and return 1. +.PP +If the \fBadd_cb\fR does not wish to include the extension it must return 0. +.PP +If \fBadd_cb\fR returns \-1 a fatal handshake error occurs using the \s-1TLS\s0 +alert value specified in \fB*al\fR. +.PP +When constructing the ClientHello, if \fBadd_cb\fR is set to \s-1NULL\s0 a zero length +extension is added for \fBext_type\fR. For all other messages if \fBadd_cb\fR is set +to \s-1NULL\s0 then no extension is added. +.PP +When constructing a Certificate message the callback will be called for each +certificate in the message. The \fBx\fR parameter will indicate the +current certificate and the \fBchainidx\fR parameter will indicate the position +of the certificate in the message. The first certificate is always the end +entity certificate and has a \fBchainidx\fR value of 0. The certificates are in the +order that they were received in the Certificate message. +.PP +For all messages except the ServerHello and EncryptedExtensions every +registered \fBadd_cb\fR is always called to see if the application wishes to add an +extension (as long as all requirements of the specified \fBcontext\fR are met). +.PP +For the ServerHello and EncryptedExtension messages every registered \fBadd_cb\fR +is called once if and only if the requirements of the specified \fBcontext\fR are +met and the corresponding extension was received in the ClientHello. That is, if +no corresponding extension was received in the ClientHello then \fBadd_cb\fR will +not be called. +.PP +If an extension is added (that is \fBadd_cb\fR returns 1) \fBfree_cb\fR is called +(if it is set) with the value of \fBout\fR set by the add callback. It can be +used to free up any dynamic extension data set by \fBadd_cb\fR. Since \fBout\fR is +constant (to permit use of constant data in \fBadd_cb\fR) applications may need to +cast away const to free the data. +.PP +The callback \fBparse_cb\fR receives data for \s-1TLS\s0 extensions. The callback is only +called if the extension is present and relevant for the context (see +\&\*(L"\s-1EXTENSION CONTEXTS\*(R"\s0 below). +.PP +The extension data consists of \fBinlen\fR bytes in the buffer \fBin\fR for the +extension \fBext_type\fR. +.PP +If the message being parsed is a TLSv1.3 compatible Certificate message then +\&\fBparse_cb\fR will be called for each certificate contained within the message. +The \fBx\fR parameter will indicate the current certificate and the \fBchainidx\fR +parameter will indicate the position of the certificate in the message. The +first certificate is always the end entity certificate and has a \fBchainidx\fR +value of 0. +.PP +If the \fBparse_cb\fR considers the extension data acceptable it must return +1. If it returns 0 or a negative value a fatal handshake error occurs +using the \s-1TLS\s0 alert value specified in \fB*al\fR. +.PP +The buffer \fBin\fR is a temporary internal buffer which will not be valid after +the callback returns. +.SH "EXTENSION CONTEXTS" +.IX Header "EXTENSION CONTEXTS" +An extension context defines which messages and under which conditions an +extension should be added or expected. The context is built up by performing +a bitwise \s-1OR\s0 of multiple pre-defined values together. The valid context values +are: +.IP "\s-1SSL_EXT_TLS_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS_ONLY" +The extension is only allowed in \s-1TLS\s0 +.IP "\s-1SSL_EXT_DTLS_ONLY\s0" 4 +.IX Item "SSL_EXT_DTLS_ONLY" +The extension is only allowed in \s-1DTLS\s0 +.IP "\s-1SSL_EXT_TLS_IMPLEMENTATION_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS_IMPLEMENTATION_ONLY" +The extension is allowed in \s-1DTLS,\s0 but there is only a \s-1TLS\s0 implementation +available (so it is ignored in \s-1DTLS\s0). +.IP "\s-1SSL_EXT_SSL3_ALLOWED\s0" 4 +.IX Item "SSL_EXT_SSL3_ALLOWED" +Extensions are not typically defined for SSLv3. Setting this value will allow +the extension in SSLv3. Applications will not typically need to use this. +.IP "\s-1SSL_EXT_TLS1_2_AND_BELOW_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS1_2_AND_BELOW_ONLY" +The extension is only defined for TLSv1.2/DTLSv1.2 and below. Servers will +ignore this extension if it is present in the ClientHello and TLSv1.3 is +negotiated. +.IP "\s-1SSL_EXT_TLS1_3_ONLY\s0" 4 +.IX Item "SSL_EXT_TLS1_3_ONLY" +The extension is only defined for \s-1TLS1.3\s0 and above. Servers will ignore this +extension if it is present in the ClientHello and TLSv1.2 or below is +negotiated. +.IP "\s-1SSL_EXT_IGNORE_ON_RESUMPTION\s0" 4 +.IX Item "SSL_EXT_IGNORE_ON_RESUMPTION" +The extension will be ignored during parsing if a previous session is being +successfully resumed. +.IP "\s-1SSL_EXT_CLIENT_HELLO\s0" 4 +.IX Item "SSL_EXT_CLIENT_HELLO" +The extension may be present in the ClientHello message. +.IP "\s-1SSL_EXT_TLS1_2_SERVER_HELLO\s0" 4 +.IX Item "SSL_EXT_TLS1_2_SERVER_HELLO" +The extension may be present in a TLSv1.2 or below compatible ServerHello +message. +.IP "\s-1SSL_EXT_TLS1_3_SERVER_HELLO\s0" 4 +.IX Item "SSL_EXT_TLS1_3_SERVER_HELLO" +The extension may be present in a TLSv1.3 compatible ServerHello message. +.IP "\s-1SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS\s0" 4 +.IX Item "SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS" +The extension may be present in an EncryptedExtensions message. +.IP "\s-1SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST\s0" 4 +.IX Item "SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST" +The extension may be present in a HelloRetryRequest message. +.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE\s0" 4 +.IX Item "SSL_EXT_TLS1_3_CERTIFICATE" +The extension may be present in a TLSv1.3 compatible Certificate message. +.IP "\s-1SSL_EXT_TLS1_3_NEW_SESSION_TICKET\s0" 4 +.IX Item "SSL_EXT_TLS1_3_NEW_SESSION_TICKET" +The extension may be present in a TLSv1.3 compatible NewSessionTicket message. +.IP "\s-1SSL_EXT_TLS1_3_CERTIFICATE_REQUEST\s0" 4 +.IX Item "SSL_EXT_TLS1_3_CERTIFICATE_REQUEST" +The extension may be present in a TLSv1.3 compatible CertificateRequest message. +.PP +The context must include at least one message value (otherwise the extension +will never be used). +.SH "NOTES" +.IX Header "NOTES" +The \fBadd_arg\fR and \fBparse_arg\fR parameters can be set to arbitrary values +which will be passed to the corresponding callbacks. They can, for example, +be used to store the extension data received in a convenient structure or +pass the extension data to be added or freed when adding extensions. +.PP +If the same custom extension type is received multiple times a fatal +\&\fBdecode_error\fR alert is sent and the handshake aborts. If a custom extension +is received in a ServerHello/EncryptedExtensions message which was not sent in +the ClientHello a fatal \fBunsupported_extension\fR alert is sent and the +handshake is aborted. The ServerHello/EncryptedExtensions \fBadd_cb\fR callback is +only called if the corresponding extension was received in the ClientHello. This +is compliant with the \s-1TLS\s0 specifications. This behaviour ensures that each +callback is called at most once and that an application can never send +unsolicited extensions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_CTX_add_custom_ext()\fR, \fBSSL_CTX_add_client_custom_ext()\fR and +\&\fBSSL_CTX_add_server_custom_ext()\fR return 1 for success and 0 for failure. A +failure can occur if an attempt is made to add the same \fBext_type\fR more than +once, if an attempt is made to use an extension type handled internally by +OpenSSL or if an internal error occurs (for example a memory allocation +failure). +.PP +\&\fBSSL_extension_supported()\fR returns 1 if the extension \fBext_type\fR is handled +internally by OpenSSL and 0 otherwise. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_CTX_add_custom_ext()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2014\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_free.3 b/secure/lib/libcrypto/man/man3/SSL_free.3 new file mode 100644 index 000000000000..ed1596765f98 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_free.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_FREE 3" +.TH SSL_FREE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_free \- free an allocated SSL structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_free(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 +structure pointed to by \fBssl\fR and frees up the allocated memory if the +reference count has reached 0. +If \fBssl\fR is \s-1NULL\s0 nothing is done. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_free()\fR also calls the \fBfree()\fRing procedures for indirectly affected items, if +applicable: the buffering \s-1BIO,\s0 the read and write BIOs, +cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. +Do not explicitly free these indirectly freed up items before or after +calling \fBSSL_free()\fR, as trying to free things twice may lead to program +failure. +.PP +The ssl session has reference counts from two users: the \s-1SSL\s0 object, for +which the reference count is removed by \fBSSL_free()\fR and the internal +session cache. If the session is considered bad, because +\&\fBSSL_shutdown\fR\|(3) was not called for the connection +and \fBSSL_set_shutdown\fR\|(3) was not used to set the +\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed +from the session cache as required by \s-1RFC2246.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_free()\fR does not provide diagnostic information. +.PP +\&\fBSSL_new\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 b/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 new file mode 100644 index 000000000000..8797c4e1168b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get0_peer_scts.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET0_PEER_SCTS 3" +.TH SSL_GET0_PEER_SCTS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get0_peer_scts \- get SCTs received +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get0_peer_scts()\fR returns the signed certificate timestamps (SCTs) that have +been received. If this is the first time that this function has been called for +a given \fB\s-1SSL\s0\fR instance, it will examine the \s-1TLS\s0 extensions, \s-1OCSP\s0 response and +the peer's certificate for SCTs. Future calls will return the same SCTs. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +If no Certificate Transparency validation callback has been set (using +\&\fBSSL_CTX_set_ct_validation_callback\fR or \fBSSL_set_ct_validation_callback\fR), +this function is not guaranteed to return all of the SCTs that the peer is +capable of sending. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get0_peer_scts()\fR returns a list of SCTs found, or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 b/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 new file mode 100644 index 000000000000..3da243622bb9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_SSL_CTX.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SSL_CTX 3" +.TH SSL_GET_SSL_CTX 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_SSL_CTX \- get the SSL_CTX from which an SSL is created +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which +\&\fBssl\fR was created with \fBSSL_new\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The pointer to the \s-1SSL_CTX\s0 object is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 b/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 new file mode 100644 index 000000000000..29f672ad1d1f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_all_async_fds.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_ALL_ASYNC_FDS 3" +.TH SSL_GET_ALL_ASYNC_FDS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_waiting_for_async, SSL_get_all_async_fds, SSL_get_changed_async_fds \&\- manage asynchronous operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include +\& #include +\& +\& int SSL_waiting_for_async(SSL *s); +\& int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fd, size_t *numfds); +\& int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds, +\& OSSL_ASYNC_FD *delfd, size_t *numdelfds); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_waiting_for_async()\fR determines whether an \s-1SSL\s0 connection is currently +waiting for asynchronous operations to complete (see the \s-1SSL_MODE_ASYNC\s0 mode in +\&\fBSSL_CTX_set_mode\fR\|(3)). +.PP +\&\fBSSL_get_all_async_fds()\fR returns a list of file descriptor which can be used in a +call to \fBselect()\fR or \fBpoll()\fR to determine whether the current asynchronous +operation has completed or not. A completed operation will result in data +appearing as \*(L"read ready\*(R" on the file descriptor (no actual data should be read +from the file descriptor). This function should only be called if the \s-1SSL\s0 object +is currently waiting for asynchronous work to complete (i.e. +\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received \- see \fBSSL_get_error\fR\|(3)). Typically the +list will only contain one file descriptor. However if multiple asynchronous +capable engines are in use then more than one is possible. The number of file +descriptors returned is stored in \fB*numfds\fR and the file descriptors themselves +are in \fB*fds\fR. The \fBfds\fR parameter may be \s-1NULL\s0 in which case no file +descriptors are returned but \fB*numfds\fR is still populated. It is the callers +responsibility to ensure sufficient memory is allocated at \fB*fds\fR so typically +this function is called twice (once with a \s-1NULL\s0 \fBfds\fR parameter and once +without). +.PP +\&\fBSSL_get_changed_async_fds()\fR returns a list of the asynchronous file descriptors +that have been added and a list that have been deleted since the last +\&\s-1SSL_ERROR_WANT_ASYNC\s0 was received (or since the \s-1SSL\s0 object was created if no +\&\s-1SSL_ERROR_WANT_ASYNC\s0 has been received). Similar to \fBSSL_get_all_async_fds()\fR it +is the callers responsibility to ensure that \fB*addfd\fR and \fB*delfd\fR have +sufficient memory allocated, although they may be \s-1NULL.\s0 The number of added fds +and the number of deleted fds are stored in \fB*numaddfds\fR and \fB*numdelfds\fR +respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_waiting_for_async()\fR will return 1 if the current \s-1SSL\s0 operation is waiting +for an async operation to complete and 0 otherwise. +.PP +\&\fBSSL_get_all_async_fds()\fR and \fBSSL_get_changed_async_fds()\fR return 1 on success or +0 on error. +.SH "NOTES" +.IX Header "NOTES" +On Windows platforms the openssl/async.h header is dependent on some +of the types customarily made available by including windows.h. The +application developer is likely to require control over when the latter +is included, commonly as one of the first included headers. Therefore +it is defined as an application developer's responsibility to include +windows.h prior to async.h. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_CTX_set_mode\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_waiting_for_async()\fR, \fBSSL_get_all_async_fds()\fR +and \fBSSL_get_changed_async_fds()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 b/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 new file mode 100644 index 000000000000..3975bcf0b93b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_ciphers.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CIPHERS 3" +.TH SSL_GET_CIPHERS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get1_supported_ciphers, SSL_get_client_ciphers, SSL_get_ciphers, SSL_CTX_get_ciphers, SSL_bytes_to_cipher_list, SSL_get_cipher_list, SSL_get_shared_ciphers \&\- get list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); +\& STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +\& STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); +\& STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); +\& int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len, +\& int isv2format, STACK_OF(SSL_CIPHER) **sk, +\& STACK_OF(SSL_CIPHER) **scsvs); +\& const char *SSL_get_cipher_list(const SSL *ssl, int priority); +\& char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, +sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 +is returned. +.PP +\&\fBSSL_CTX_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBctx\fR. +.PP +\&\fBSSL_get1_supported_ciphers()\fR returns the stack of enabled SSL_CIPHERs for +\&\fBssl\fR as would be sent in a ClientHello (that is, sorted by preference). +The list depends on settings like the cipher list, the supported protocol +versions, the security level, and the enabled signature algorithms. +\&\s-1SRP\s0 and \s-1PSK\s0 ciphers are only enabled if the appropriate callbacks or settings +have been applied. +The list of ciphers that would be sent in a ClientHello can differ from +the list of ciphers that would be acceptable when acting as a server. +For example, additional ciphers may be usable by a server if there is +a gap in the list of supported protocols, and some ciphers may not be +usable by a server if there is not a suitable certificate configured. +If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 is returned. +.PP +\&\fBSSL_get_client_ciphers()\fR returns the stack of available SSL_CIPHERs matching the +list received from the client on \fBssl\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are +available, or \fBssl\fR is not operating in server mode, \s-1NULL\s0 is returned. +.PP +\&\fBSSL_bytes_to_cipher_list()\fR treats the supplied \fBlen\fR octets in \fBbytes\fR +as a wire-protocol cipher suite specification (in the three-octet-per-cipher +SSLv2 wire format if \fBisv2format\fR is nonzero; otherwise the two-octet +SSLv3/TLS wire format), and parses the cipher suites supported by the library +into the returned stacks of \s-1SSL_CIPHER\s0 objects sk and Signalling Cipher-Suite +Values scsvs. Unsupported cipher suites are ignored. Returns 1 on success +and 0 on failure. +.PP +\&\fBSSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 +listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are +available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 +is returned. +.PP +\&\fBSSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of +\&\s-1SSL_CIPHER\s0 names that are available in both the client and the server. \fBbuf\fR is +the buffer that should be populated with the list of names and \fBsize\fR is the +size of that buffer. A pointer to \fBbuf\fR is returned on success or \s-1NULL\s0 on +error. If the supplied buffer is not large enough to contain the complete list +of names then a truncated list of names will be returned. Note that just because +a ciphersuite is available (i.e. it is configured in the cipher list) and shared +by both the client and the server it does not mean that it is enabled (see the +description of \fBSSL_get1_supported_ciphers()\fR above). This function will return +available shared ciphersuites whether or not they are enabled. This is a server +side function only and must only be called after the completion of the initial +handshake. +.SH "NOTES" +.IX Header "NOTES" +The details of the ciphers obtained by \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR +\&\fBSSL_get1_supported_ciphers()\fR and \fBSSL_get_client_ciphers()\fR can be obtained using +the \fBSSL_CIPHER_get_name\fR\|(3) family of functions. +.PP +Call \fBSSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the +sorted list of available ciphers, until \s-1NULL\s0 is returned. +.PP +Note: \fBSSL_get_ciphers()\fR, \fBSSL_CTX_get_ciphers()\fR and \fBSSL_get_client_ciphers()\fR +return a pointer to an internal cipher stack, which will be freed later on when +the \s-1SSL\s0 or \s-1SSL_SESSION\s0 object is freed. Therefore, the calling code \fB\s-1MUST NOT\s0\fR +free the return value itself. +.PP +The stack returned by \fBSSL_get1_supported_ciphers()\fR should be freed using +\&\fBsk_SSL_CIPHER_free()\fR. +.PP +The stacks returned by \fBSSL_bytes_to_cipher_list()\fR should be freed using +\&\fBsk_SSL_CIPHER_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CIPHER_get_name\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 b/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 new file mode 100644 index 000000000000..87717bcc0dfa --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_client_random.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CLIENT_RANDOM 3" +.TH SSL_GET_CLIENT_RANDOM 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key, SSL_SESSION_set1_master_key \&\- get internal TLS/SSL random values and get/set master key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); +\& size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); +\& size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, +\& unsigned char *out, size_t outlen); +\& int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in, +\& size_t len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_client_random()\fR extracts the random value sent from the client +to the server during the initial \s-1SSL/TLS\s0 handshake. It copies as many +bytes as it can of this value into the buffer provided in \fBout\fR, +which must have at least \fBoutlen\fR bytes available. It returns the +total number of bytes that were actually copied. If \fBoutlen\fR is +zero, \fBSSL_get_client_random()\fR copies nothing, and returns the +total size of the client_random value. +.PP +\&\fBSSL_get_server_random()\fR behaves the same, but extracts the random value +sent from the server to the client during the initial \s-1SSL/TLS\s0 handshake. +.PP +\&\fBSSL_SESSION_get_master_key()\fR behaves the same, but extracts the master +secret used to guarantee the security of the \s-1SSL/TLS\s0 session. This one +can be dangerous if misused; see \s-1NOTES\s0 below. +.PP +\&\fBSSL_SESSION_set1_master_key()\fR sets the master key value associated with the +\&\s-1SSL_SESSION\s0 \fBsess\fR. For example, this could be used to set up a session based +\&\s-1PSK\s0 (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). The master key of length +\&\fBlen\fR should be provided at \fBin\fR. The supplied master key is copied by the +function, so the caller is responsible for freeing and cleaning any memory +associated with \fBin\fR. The caller must ensure that the length of the key is +suitable for the ciphersuite associated with the \s-1SSL_SESSION.\s0 +.SH "NOTES" +.IX Header "NOTES" +You probably shouldn't use these functions. +.PP +These functions expose internal values from the \s-1TLS\s0 handshake, for +use in low-level protocols. You probably should not use them, unless +you are implementing something that needs access to the internal protocol +details. +.PP +Despite the names of \fBSSL_get_client_random()\fR and \fBSSL_get_server_random()\fR, they +\&\s-1ARE NOT\s0 random number generators. Instead, they return the mostly-random values that +were already generated and used in the \s-1TLS\s0 protocol. Using them +in place of \fBRAND_bytes()\fR would be grossly foolish. +.PP +The security of your \s-1TLS\s0 session depends on keeping the master key secret: +do not expose it, or any information about it, to anybody. +If you need to calculate another secret value that depends on the master +secret, you should probably use \fBSSL_export_keying_material()\fR instead, and +forget that you ever saw these functions. +.PP +In current versions of the \s-1TLS\s0 protocols, the length of client_random +(and also server_random) is always \s-1SSL3_RANDOM_SIZE\s0 bytes. Support for +other outlen arguments to the SSL_get_*\fB_random()\fR functions is provided +in case of the unlikely event that a future version or variant of \s-1TLS\s0 +uses some other length there. +.PP +Finally, though the \*(L"client_random\*(R" and \*(L"server_random\*(R" values are called +\&\*(L"random\*(R", many \s-1TLS\s0 implementations will generate four bytes of those +values based on their view of the current time. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_SESSION_set1_master_key()\fR returns 1 on success or 0 on failure. +.PP +For the other functions, if \fBoutlen\fR is greater than 0 then these functions +return the number of bytes actually copied, which will be less than or equal to +\&\fBoutlen\fR. If \fBoutlen\fR is 0 then these functions return the maximum number +of bytes they would copy \*(-- that is, the length of the underlying field. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBRAND_bytes\fR\|(3), +\&\fBSSL_export_keying_material\fR\|(3), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 b/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 new file mode 100644 index 000000000000..c91ba56a04c5 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_current_cipher.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_CURRENT_CIPHER 3" +.TH SSL_GET_CURRENT_CIPHER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_current_cipher, SSL_get_cipher_name, SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, SSL_get_pending_cipher \- get SSL_CIPHER of a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); +\& SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); +\& +\& const char *SSL_get_cipher_name(const SSL *s); +\& const char *SSL_get_cipher(const SSL *s); +\& int SSL_get_cipher_bits(const SSL *s, int *np); +\& const char *SSL_get_cipher_version(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +the description of the actually used cipher of a connection established with +the \fBssl\fR object. +See \fBSSL_CIPHER_get_name\fR\|(3) for more details. +.PP +\&\fBSSL_get_cipher_name()\fR obtains the +name of the currently used cipher. +\&\fBSSL_get_cipher()\fR is identical to \fBSSL_get_cipher_name()\fR. +\&\fBSSL_get_cipher_bits()\fR is a +macro to obtain the number of secret/algorithm bits used and +\&\fBSSL_get_cipher_version()\fR returns the protocol name. +.PP +\&\fBSSL_get_pending_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +the description of the cipher (if any) that has been negotiated for future use +on the connection established with the \fBssl\fR object, but is not yet in use. +This may be the case during handshake processing, when control flow can be +returned to the application via any of several callback methods. The internal +sequencing of handshake processing and callback invocation is not guaranteed +to be stable from release to release, and at present only the callback set +by \fBSSL_CTX_set_alpn_select_cb()\fR is guaranteed to have a non-NULL return value. +Other callbacks may be added to this list over time. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_current_cipher()\fR returns the cipher actually used, or \s-1NULL\s0 if +no session has been established. +.PP +\&\fBSSL_get_pending_cipher()\fR returns the cipher to be used at the next change +of cipher suite, or \s-1NULL\s0 if no such cipher is known. +.SH "NOTES" +.IX Header "NOTES" +SSL_get_cipher, SSL_get_cipher_bits, SSL_get_cipher_version, and +SSL_get_cipher_name are implemented as macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CIPHER_get_name\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 b/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 new file mode 100644 index 000000000000..1949f4f60289 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_default_timeout.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_DEFAULT_TIMEOUT 3" +.TH SSL_GET_DEFAULT_TIMEOUT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_default_timeout \- get default session timeout value +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_default_timeout(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_default_timeout()\fR returns the default timeout value assigned to +\&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is negotiated, it is assigned a timeout value, +after which it will not be accepted for session reuse. If the timeout +value was not explicitly set using +\&\fBSSL_CTX_set_timeout\fR\|(3), the hardcoded default +timeout for the protocol will be used. +.PP +\&\fBSSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds +for all currently supported protocols. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See description. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_error.3 b/secure/lib/libcrypto/man/man3/SSL_get_error.3 new file mode 100644 index 000000000000..981e5a55d23a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_error.3 @@ -0,0 +1,293 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_ERROR 3" +.TH SSL_GET_ERROR 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_error \- obtain result code for TLS/SSL I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_error(const SSL *ssl, int ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" +statement) for a preceding call to \fBSSL_connect()\fR, \fBSSL_accept()\fR, \fBSSL_do_handshake()\fR, +\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, \fBSSL_peek()\fR, \fBSSL_shutdown()\fR, +\&\fBSSL_write_ex()\fR or \fBSSL_write()\fR on \fBssl\fR. The value returned by that \s-1TLS/SSL I/O\s0 +function must be passed to \fBSSL_get_error()\fR in parameter \fBret\fR. +.PP +In addition to \fBssl\fR and \fBret\fR, \fBSSL_get_error()\fR inspects the +current thread's OpenSSL error queue. Thus, \fBSSL_get_error()\fR must be +used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no +other OpenSSL function calls should appear in between. The current +thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is +attempted, or \fBSSL_get_error()\fR will not work reliably. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.IP "\s-1SSL_ERROR_NONE\s0" 4 +.IX Item "SSL_ERROR_NONE" +The \s-1TLS/SSL I/O\s0 operation completed. This result code is returned +if and only if \fBret > 0\fR. +.IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 +.IX Item "SSL_ERROR_ZERO_RETURN" +The \s-1TLS/SSL\s0 peer has closed the connection for writing by sending the +close_notify alert. +No more data can be read. +Note that \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR does not necessarily +indicate that the underlying transport has been closed. +.IP "\s-1SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE\s0" 4 +.IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" +The operation did not complete and can be retried later. +.Sp +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR is returned when the last operation was a read +operation from a non-blocking \fB\s-1BIO\s0\fR. +It means that not enough data was available at this time to complete the +operation. +If at a later time the underlying \fB\s-1BIO\s0\fR has data available for reading the same +function can be called again. +.Sp +\&\fBSSL_read()\fR and \fBSSL_read_ex()\fR can also set \fB\s-1SSL_ERROR_WANT_READ\s0\fR when there is +still unprocessed data available at either the \fB\s-1SSL\s0\fR or the \fB\s-1BIO\s0\fR layer, even +for a blocking \fB\s-1BIO\s0\fR. +See \fBSSL_read\fR\|(3) for more information. +.Sp +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR is returned when the last operation was a write +to a non-blocking \fB\s-1BIO\s0\fR and it was unable to sent all data to the \fB\s-1BIO\s0\fR. +When the \fB\s-1BIO\s0\fR is writeable again, the same function can be called again. +.Sp +Note that the retry may again lead to an \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition. +There is no fixed upper limit for the number of iterations that +may be necessary until progress becomes visible at application +protocol level. +.Sp +It is safe to call \fBSSL_read()\fR or \fBSSL_read_ex()\fR when more data is available +even when the call that set this error was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR. +However if the call was an \fBSSL_write()\fR or \fBSSL_write_ex()\fR, it should be called +again to continue sending the application data. +.Sp +For socket \fB\s-1BIO\s0\fRs (e.g. when \fBSSL_set_fd()\fR was used), \fBselect()\fR or +\&\fBpoll()\fR on the underlying socket can be used to find out when the +\&\s-1TLS/SSL I/O\s0 function should be retried. +.Sp +Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. +In particular, +\&\fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, or \fBSSL_peek()\fR may want to write data +and \fBSSL_write()\fR or \fBSSL_write_ex()\fR may want to read data. +This is mainly because +\&\s-1TLS/SSL\s0 handshakes may occur at any time during the protocol (initiated by +either the client or the server); \fBSSL_read_ex()\fR, \fBSSL_read()\fR, \fBSSL_peek_ex()\fR, +\&\fBSSL_peek()\fR, \fBSSL_write_ex()\fR, and \fBSSL_write()\fR will handle any pending handshakes. +.IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4 +.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" +The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be +called again later. The underlying \s-1BIO\s0 was not connected yet to the peer +and the call would block in \fBconnect()\fR/\fBaccept()\fR. The \s-1SSL\s0 function should be +called again when the connection is established. These messages can only +appear with a \fBBIO_s_connect()\fR or \fBBIO_s_accept()\fR \s-1BIO,\s0 respectively. +In order to find out, when the connection has been successfully established, +on many platforms \fBselect()\fR or \fBpoll()\fR for writing on the socket file descriptor +can be used. +.IP "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 +.IX Item "SSL_ERROR_WANT_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. +The \s-1TLS/SSL I/O\s0 function should be called again later. +Details depend on the application. +.IP "\s-1SSL_ERROR_WANT_ASYNC\s0" 4 +.IX Item "SSL_ERROR_WANT_ASYNC" +The operation did not complete because an asynchronous engine is still +processing data. This will only occur if the mode has been set to \s-1SSL_MODE_ASYNC\s0 +using \fBSSL_CTX_set_mode\fR\|(3) or \fBSSL_set_mode\fR\|(3) and an asynchronous capable +engine is being used. An application can determine whether the engine has +completed its processing using \fBselect()\fR or \fBpoll()\fR on the asynchronous wait file +descriptor. This file descriptor is available by calling +\&\fBSSL_get_all_async_fds\fR\|(3) or \fBSSL_get_changed_async_fds\fR\|(3). The \s-1TLS/SSL I/O\s0 +function should be called again later. The function \fBmust\fR be called from the +same thread that the original call was made from. +.IP "\s-1SSL_ERROR_WANT_ASYNC_JOB\s0" 4 +.IX Item "SSL_ERROR_WANT_ASYNC_JOB" +The asynchronous job could not be started because there were no async jobs +available in the pool (see \fBASYNC_init_thread\fR\|(3)). This will only occur if the +mode has been set to \s-1SSL_MODE_ASYNC\s0 using \fBSSL_CTX_set_mode\fR\|(3) or +\&\fBSSL_set_mode\fR\|(3) and a maximum limit has been set on the async job pool +through a call to \fBASYNC_init_thread\fR\|(3). The application should retry the +operation after a currently executing asynchronous operation for the current +thread has completed. +.IP "\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0" 4 +.IX Item "SSL_ERROR_WANT_CLIENT_HELLO_CB" +The operation did not complete because an application callback set by +\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. +The \s-1TLS/SSL I/O\s0 function should be called again later. +Details depend on the application. +.IP "\s-1SSL_ERROR_SYSCALL\s0" 4 +.IX Item "SSL_ERROR_SYSCALL" +Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +\&\fBerrno\fR for details. If this error occurs then no further I/O operations should +be performed on the connection and \fBSSL_shutdown()\fR must not be called. +.Sp +This value can also be returned for other errors, check the error queue for +details. +.IP "\s-1SSL_ERROR_SSL\s0" 4 +.IX Item "SSL_ERROR_SSL" +A non-recoverable, fatal error in the \s-1SSL\s0 library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and \fBSSL_shutdown()\fR must not be called. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1SSL_ERROR_WANT_ASYNC\s0 error code was added in OpenSSL 1.1.0. +The \s-1SSL_ERROR_WANT_CLIENT_HELLO_CB\s0 error code was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 b/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 new file mode 100644 index 000000000000..e35972e489cf --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_extms_support.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_EXTMS_SUPPORT 3" +.TH SSL_GET_EXTMS_SUPPORT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_extms_support \- extended master secret support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_extms_support(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_extms_support()\fR indicates whether the current session used extended +master secret. +.PP +This function is implemented as a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_extms_support()\fR returns 1 if the current session used extended +master secret, 0 if it did not and \-1 if a handshake is currently in +progress i.e. it is not possible to determine if extended master secret +was used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_fd.3 b/secure/lib/libcrypto/man/man3/SSL_get_fd.3 new file mode 100644 index 000000000000..1dcd5bab8d2d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_fd.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_FD 3" +.TH SSL_GET_FD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_fd, SSL_get_rfd, SSL_get_wfd \- get file descriptor linked to an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_fd(const SSL *ssl); +\& int SSL_get_rfd(const SSL *ssl); +\& int SSL_get_wfd(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. +\&\fBSSL_get_rfd()\fR and \fBSSL_get_wfd()\fR return the file descriptors for the +read or the write channel, which can be different. If the read and the +write channel are different, \fBSSL_get_fd()\fR will return the file descriptor +of the read channel. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\-1" 4 +.IX Item "-1" +The operation failed, because the underlying \s-1BIO\s0 is not of the correct type +(suitable for file descriptors). +.IP ">=0" 4 +.IX Item ">=0" +The file descriptor linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_set_fd\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 b/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 new file mode 100644 index 000000000000..4f8fe4632a94 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_peer_cert_chain.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_CERT_CHAIN 3" +.TH SSL_GET_PEER_CERT_CHAIN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_cert_chain, SSL_get0_verified_chain \- get the X509 certificate chain of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *ssl); +\& STACK_OF(X509) *SSL_get0_verified_chain(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_peer_cert_chain()\fR returns a pointer to \s-1STACK_OF\s0(X509) certificates +forming the certificate chain sent by the peer. If called on the client side, +the stack also contains the peer's certificate; if called on the server +side, the peer's certificate must be obtained separately using +\&\fBSSL_get_peer_certificate\fR\|(3). +If the peer did not present a certificate, \s-1NULL\s0 is returned. +.PP +\&\s-1NB:\s0 \fBSSL_get_peer_cert_chain()\fR returns the peer chain as sent by the peer: it +only consists of certificates the peer has sent (in the order the peer +has sent them) it is \fBnot\fR a verified chain. +.PP +\&\fBSSL_get0_verified_chain()\fR returns the \fBverified\fR certificate chain +of the peer including the peer's end entity certificate. It must be called +after a session has been successfully established. If peer verification was +not successful (as indicated by \fBSSL_get_verify_result()\fR not returning +X509_V_OK) the chain may be incomplete or invalid. +.SH "NOTES" +.IX Header "NOTES" +If the session is resumed peers do not send certificates so a \s-1NULL\s0 pointer +is returned by these functions. Applications can call \fBSSL_session_reused()\fR +to determine whether a session is resumed. +.PP +The reference count of each certificate in the returned \s-1STACK_OF\s0(X509) object +is not incremented and the returned stack may be invalidated by renegotiation. +If applications wish to use any certificates in the returned chain +indefinitely they must increase the reference counts using \fBX509_up_ref()\fR or +obtain a copy of the whole chain with \fBX509_chain_up_ref()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established +or the certificate chain is no longer available when a session is reused. +.IP "Pointer to a \s-1STACK_OF\s0(X509)" 4 +.IX Item "Pointer to a STACK_OF(X509)" +The return value points to the certificate chain presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), \fBX509_up_ref\fR\|(3), +\&\fBX509_chain_up_ref\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 b/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 new file mode 100644 index 000000000000..01eae91d8f67 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_peer_certificate.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_CERTIFICATE 3" +.TH SSL_GET_PEER_CERTIFICATE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_certificate \- get the X509 certificate of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *SSL_get_peer_certificate(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the +peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. +.SH "NOTES" +.IX Header "NOTES" +Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a +certificate, if present. A client will only send a certificate when +explicitly requested to do so by the server (see +\&\fBSSL_CTX_set_verify\fR\|(3)). If an anonymous cipher +is used, no certificates are sent. +.PP +That a certificate is returned does not indicate information about the +verification state, use \fBSSL_get_verify_result\fR\|(3) +to check the verification state. +.PP +The reference count of the X509 object is incremented by one, so that it +will not be destroyed when the session containing the peer certificate is +freed. The X509 object must be explicitly freed using \fBX509_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established. +.IP "Pointer to an X509 certificate" 4 +.IX Item "Pointer to an X509 certificate" +The return value points to the certificate presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 b/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 new file mode 100644 index 000000000000..a9c1cde0a6af --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_peer_signature_nid.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_SIGNATURE_NID 3" +.TH SSL_GET_PEER_SIGNATURE_NID 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_signature_nid, SSL_get_peer_signature_type_nid, SSL_get_signature_nid, SSL_get_signature_type_nid \- get TLS message signing types +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_peer_signature_nid(SSL *ssl, int *psig_nid); +\& int SSL_get_peer_signature_type_nid(const SSL *ssl, int *psigtype_nid); +\& int SSL_get_signature_nid(SSL *ssl, int *psig_nid); +\& int SSL_get_signature_type_nid(const SSL *ssl, int *psigtype_nid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_peer_signature_nid()\fR sets \fB*psig_nid\fR to the \s-1NID\s0 of the digest used +by the peer to sign \s-1TLS\s0 messages. It is implemented as a macro. +.PP +\&\fBSSL_get_peer_signature_type_nid()\fR sets \fB*psigtype_nid\fR to the signature +type used by the peer to sign \s-1TLS\s0 messages. Currently the signature type +is the \s-1NID\s0 of the public key type used for signing except for \s-1PSS\s0 signing +where it is \fB\s-1EVP_PKEY_RSA_PSS\s0\fR. To differentiate between +\&\fBrsa_pss_rsae_*\fR and \fBrsa_pss_pss_*\fR signatures, it's necessary to check +the type of public key in the peer's certificate. +.PP +\&\fBSSL_get_signature_nid()\fR and \fBSSL_get_signature_type_nid()\fR return the equivalent +information for the local end of the connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 for success and 0 for failure. There are several +possible reasons for failure: the cipher suite has no signature (e.g. it +uses \s-1RSA\s0 key exchange or is anonymous), the \s-1TLS\s0 version is below 1.2 or +the functions were called too early, e.g. before the peer signed a message. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_peer_certificate\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 b/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 new file mode 100644 index 000000000000..fc37dd06cf84 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_peer_tmp_key.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PEER_TMP_KEY 3" +.TH SSL_GET_PEER_TMP_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_peer_tmp_key, SSL_get_server_tmp_key, SSL_get_tmp_key \- get information about temporary keys used during a handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_peer_tmp_key(SSL *ssl, EVP_PKEY **key); +\& long SSL_get_server_tmp_key(SSL *ssl, EVP_PKEY **key); +\& long SSL_get_tmp_key(SSL *ssl, EVP_PKEY **key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_peer_tmp_key()\fR returns the temporary key provided by the peer and +used during key exchange. For example, if \s-1ECDHE\s0 is in use, then this represents +the peer's public \s-1ECDHE\s0 key. On success a pointer to the key is stored in +\&\fB*key\fR. It is the caller's responsibility to free this key after use using +\&\fBEVP_PKEY_free\fR\|(3). +.PP +\&\fBSSL_get_server_tmp_key()\fR is a backwards compatibility alias for +\&\fBSSL_get_peer_tmp_key()\fR. +Under that name it worked just on the client side of the connection, its +behaviour on the server end is release-dependent. +.PP +\&\fBSSL_get_tmp_key()\fR returns the equivalent information for the local +end of the connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return 1 on success and 0 otherwise. +.SH "NOTES" +.IX Header "NOTES" +This function is implemented as a macro. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBEVP_PKEY_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 b/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 new file mode 100644 index 000000000000..3b61985d2d00 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_psk_identity.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_PSK_IDENTITY 3" +.TH SSL_GET_PSK_IDENTITY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_psk_identity, SSL_get_psk_identity_hint \- get PSK client identity and hint +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_get_psk_identity_hint(const SSL *ssl); +\& const char *SSL_get_psk_identity(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_psk_identity_hint()\fR is used to retrieve the \s-1PSK\s0 identity hint +used during the connection setup related to \s-1SSL\s0 object +\&\fBssl\fR. Similarly, \fBSSL_get_psk_identity()\fR is used to retrieve the \s-1PSK\s0 +identity used during the connection setup. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If non\-\fB\s-1NULL\s0\fR, \fBSSL_get_psk_identity_hint()\fR returns the \s-1PSK\s0 identity +hint and \fBSSL_get_psk_identity()\fR returns the \s-1PSK\s0 identity. Both are +\&\fB\s-1NULL\s0\fR\-terminated. \fBSSL_get_psk_identity_hint()\fR may return \fB\s-1NULL\s0\fR if +no \s-1PSK\s0 identity hint was used during the connection setup. +.PP +Note that the return value is valid only during the lifetime of the +\&\s-1SSL\s0 object \fBssl\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2006\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 b/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 new file mode 100644 index 000000000000..034785846653 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_rbio.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_RBIO 3" +.TH SSL_GET_RBIO 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_rbio, SSL_get_wbio \- get BIO linked to an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& BIO *SSL_get_rbio(SSL *ssl); +\& BIO *SSL_get_wbio(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_rbio()\fR and \fBSSL_get_wbio()\fR return pointers to the BIOs for the +read or the write channel, which can be different. The reference count +of the \s-1BIO\s0 is not incremented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +No \s-1BIO\s0 was connected to the \s-1SSL\s0 object +.IP "Any other pointer" 4 +.IX Item "Any other pointer" +The \s-1BIO\s0 linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_set_bio\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_session.3 b/secure/lib/libcrypto/man/man3/SSL_get_session.3 new file mode 100644 index 000000000000..edf036fc0ab0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_session.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SESSION 3" +.TH SSL_GET_SESSION 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_session, SSL_get0_session, SSL_get1_session \- retrieve TLS/SSL session data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *SSL_get_session(const SSL *ssl); +\& SSL_SESSION *SSL_get0_session(const SSL *ssl); +\& SSL_SESSION *SSL_get1_session(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in +\&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so +that the pointer can become invalid by other operations. +.PP +\&\fBSSL_get0_session()\fR is the same as \fBSSL_get_session()\fR. +.PP +\&\fBSSL_get1_session()\fR is the same as \fBSSL_get_session()\fR, but the reference +count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. +.SH "NOTES" +.IX Header "NOTES" +The ssl session contains all information required to re-establish the +connection without a full handshake for \s-1SSL\s0 versions up to and including +TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the +main handshake has occurred. The server will send the session information to the +client at a time of its choosing, which may be some while after the initial +connection is established (or never). Calling these functions on the client side +in TLSv1.3 before the session has been established will still return an +\&\s-1SSL_SESSION\s0 object but that object cannot be used for resuming the session. See +\&\fBSSL_SESSION_is_resumable\fR\|(3) for information on how to determine whether an +\&\s-1SSL_SESSION\s0 object can be used for resumption or not. +.PP +Additionally, in TLSv1.3, a server can send multiple messages that establish a +session for a single connection. In that case the above functions will only +return information on the last session that was received. +.PP +The preferred way for applications to obtain a resumable \s-1SSL_SESSION\s0 object is +to use a new session callback as described in \fBSSL_CTX_sess_set_new_cb\fR\|(3). +The new session callback is only invoked when a session is actually established, +so this avoids the problem described above where an application obtains an +\&\s-1SSL_SESSION\s0 object that cannot be used for resumption in TLSv1.3. It also +enables applications to obtain information about all sessions sent by the +server. +.PP +A session will be automatically removed from the session cache and marked as +non-resumable if the connection is not closed down cleanly, e.g. if a fatal +error occurs on the connection or \fBSSL_shutdown\fR\|(3) is not called prior to +\&\fBSSL_free\fR\|(3). +.PP +In TLSv1.3 it is recommended that each \s-1SSL_SESSION\s0 object is only used for +resumption once. +.PP +\&\fBSSL_get0_session()\fR returns a pointer to the actual session. As the +reference counter is not incremented, the pointer is only valid while +the connection is in use. If \fBSSL_clear\fR\|(3) or +\&\fBSSL_free\fR\|(3) is called, the session may be removed completely +(if considered bad), and the pointer obtained will become invalid. Even +if the session is valid, it can be removed at any time due to timeout +during \fBSSL_CTX_flush_sessions\fR\|(3). +.PP +If the data is to be kept, \fBSSL_get1_session()\fR will increment the reference +count, so that the session will not be implicitly removed by other operations +but stays in memory. In order to remove the session +\&\fBSSL_SESSION_free\fR\|(3) must be explicitly called once +to decrement the reference count again. +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +There is no session available in \fBssl\fR. +.IP "Pointer to an \s-1SSL_SESSION\s0" 4 +.IX Item "Pointer to an SSL_SESSION" +The return value points to the data of an \s-1SSL\s0 session. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_free\fR\|(3), +\&\fBSSL_clear\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 b/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 new file mode 100644 index 000000000000..c4084ee1c21b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_shared_sigalgs.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_SHARED_SIGALGS 3" +.TH SSL_GET_SHARED_SIGALGS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_shared_sigalgs, SSL_get_sigalgs \- get supported signature algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_get_shared_sigalgs(SSL *s, int idx, +\& int *psign, int *phash, int *psignhash, +\& unsigned char *rsig, unsigned char *rhash); +\& +\& int SSL_get_sigalgs(SSL *s, int idx, +\& int *psign, int *phash, int *psignhash, +\& unsigned char *rsig, unsigned char *rhash); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_shared_sigalgs()\fR returns information about the shared signature +algorithms supported by peer \fBs\fR. The parameter \fBidx\fR indicates the index +of the shared signature algorithm to return starting from zero. The signature +algorithm \s-1NID\s0 is written to \fB*psign\fR, the hash \s-1NID\s0 to \fB*phash\fR and the +sign and hash \s-1NID\s0 to \fB*psignhash\fR. The raw signature and hash values +are written to \fB*rsig\fR and \fB*rhash\fR. +.PP +\&\fBSSL_get_sigalgs()\fR is similar to \fBSSL_get_shared_sigalgs()\fR except it returns +information about all signature algorithms supported by \fBs\fR in the order +they were sent by the peer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_shared_sigalgs()\fR and \fBSSL_get_sigalgs()\fR return the number of +signature algorithms or \fB0\fR if the \fBidx\fR parameter is out of range. +.SH "NOTES" +.IX Header "NOTES" +These functions are typically called for debugging purposes (to report +the peer's preferences) or where an application wants finer control over +certificate selection. Most applications will rely on internal handling +and will not need to call them. +.PP +If an application is only interested in the highest preference shared +signature algorithm it can just set \fBidx\fR to zero. +.PP +Any or all of the parameters \fBpsign\fR, \fBphash\fR, \fBpsignhash\fR, \fBrsig\fR or +\&\fBrhash\fR can be set to \fB\s-1NULL\s0\fR if the value is not required. By setting +them all to \fB\s-1NULL\s0\fR and setting \fBidx\fR to zero the total number of +signature algorithms can be determined: which can be zero. +.PP +These functions must be called after the peer has sent a list of supported +signature algorithms: after a client hello (for servers) or a certificate +request (for clients). They can (for example) be called in the certificate +callback. +.PP +Only \s-1TLS 1.2, TLS 1.3\s0 and \s-1DTLS 1.2\s0 currently support signature algorithms. +If these +functions are called on an earlier version of \s-1TLS\s0 or \s-1DTLS\s0 zero is returned. +.PP +The shared signature algorithms returned by \fBSSL_get_shared_sigalgs()\fR are +ordered according to configuration and peer preferences. +.PP +The raw values correspond to the on the wire form as defined by \s-1RFC5246\s0 et al. +The NIDs are OpenSSL equivalents. For example if the peer sent \fBsha256\fR\|(4) and +\&\fBrsa\fR\|(1) then \fB*rhash\fR would be 4, \fB*rsign\fR 1, \fB*phash\fR NID_sha256, \fB*psig\fR +NID_rsaEncryption and \fB*psighash\fR NID_sha256WithRSAEncryption. +.PP +If a signature algorithm is not recognised the corresponding NIDs +will be set to \fBNID_undef\fR. This may be because the value is not supported, +is not an appropriate combination (for example \s-1MD5\s0 and \s-1DSA\s0) or the +signature algorithm does not use a hash (for example Ed25519). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_CTX_set_cert_cb\fR\|(3), +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 b/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 new file mode 100644 index 000000000000..3231f4f9380c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_verify_result.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_VERIFY_RESULT 3" +.TH SSL_GET_VERIFY_RESULT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_get_verify_result \- get result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long SSL_get_verify_result(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_get_verify_result()\fR returns the result of the verification of the +X509 certificate presented by the peer, if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_get_verify_result()\fR can only return one error code while the verification +of a certificate can fail because of many reasons at the same time. Only +the last verification error that occurred during the processing is available +from \fBSSL_get_verify_result()\fR. +.PP +The verification result is part of the established session and is restored +when a session is reused. +.SH "BUGS" +.IX Header "BUGS" +If no peer certificate was presented, the returned result code is +X509_V_OK. This is because no verification error occurred, it does however +not indicate success. \fBSSL_get_verify_result()\fR is only useful in connection +with \fBSSL_get_peer_certificate\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.IP "X509_V_OK" 4 +.IX Item "X509_V_OK" +The verification succeeded or no peer certificate was presented. +.IP "Any other value" 4 +.IX Item "Any other value" +Documented in \fBverify\fR\|(1). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_verify_result\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBverify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_get_version.3 b/secure/lib/libcrypto/man/man3/SSL_get_version.3 new file mode 100644 index 000000000000..00c4800b61cb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_get_version.3 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_GET_VERSION 3" +.TH SSL_GET_VERSION 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_client_version, SSL_get_version, SSL_is_dtls, SSL_version \- get the protocol information of a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_client_version(const SSL *s); +\& +\& const char *SSL_get_version(const SSL *ssl); +\& +\& int SSL_is_dtls(const SSL *ssl); +\& +\& int SSL_version(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_client_version()\fR returns the numeric protocol version advertised by the +client in the legacy_version field of the ClientHello when initiating the +connection. Note that, for \s-1TLS,\s0 this value will never indicate a version greater +than TLSv1.2 even if TLSv1.3 is subsequently negotiated. \fBSSL_get_version()\fR +returns the name of the protocol used for the connection. \fBSSL_version()\fR returns +the numeric protocol version used for the connection. They should only be called +after the initial handshake has been completed. Prior to that the results +returned from these functions may be unreliable. +.PP +\&\fBSSL_is_dtls()\fR returns one if the connection is using \s-1DTLS,\s0 zero if not. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_get_version()\fR returns one of the following strings: +.IP "SSLv3" 4 +.IX Item "SSLv3" +The connection uses the SSLv3 protocol. +.IP "TLSv1" 4 +.IX Item "TLSv1" +The connection uses the TLSv1.0 protocol. +.IP "TLSv1.1" 4 +.IX Item "TLSv1.1" +The connection uses the TLSv1.1 protocol. +.IP "TLSv1.2" 4 +.IX Item "TLSv1.2" +The connection uses the TLSv1.2 protocol. +.IP "TLSv1.3" 4 +.IX Item "TLSv1.3" +The connection uses the TLSv1.3 protocol. +.IP "unknown" 4 +.IX Item "unknown" +This indicates an unknown protocol version. +.PP +\&\fBSSL_version()\fR and \fBSSL_client_version()\fR return an integer which could include any +of the following: +.IP "\s-1SSL3_VERSION\s0" 4 +.IX Item "SSL3_VERSION" +The connection uses the SSLv3 protocol. +.IP "\s-1TLS1_VERSION\s0" 4 +.IX Item "TLS1_VERSION" +The connection uses the TLSv1.0 protocol. +.IP "\s-1TLS1_1_VERSION\s0" 4 +.IX Item "TLS1_1_VERSION" +The connection uses the TLSv1.1 protocol. +.IP "\s-1TLS1_2_VERSION\s0" 4 +.IX Item "TLS1_2_VERSION" +The connection uses the TLSv1.2 protocol. +.IP "\s-1TLS1_3_VERSION\s0" 4 +.IX Item "TLS1_3_VERSION" +The connection uses the TLSv1.3 protocol (never returned for +\&\fBSSL_client_version()\fR). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_is_dtls()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_in_init.3 b/secure/lib/libcrypto/man/man3/SSL_in_init.3 new file mode 100644 index 000000000000..5c22629c168f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_in_init.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_IN_INIT 3" +.TH SSL_IN_INIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_in_before, SSL_in_init, SSL_is_init_finished, SSL_in_connect_init, SSL_in_accept_init, SSL_get_state \&\- retrieve information about the handshake state machine +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_in_init(const SSL *s); +\& int SSL_in_before(const SSL *s); +\& int SSL_is_init_finished(const SSL *s); +\& +\& int SSL_in_connect_init(SSL *s); +\& int SSL_in_accept_init(SSL *s); +\& +\& OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_in_init()\fR returns 1 if the \s-1SSL/TLS\s0 state machine is currently processing or +awaiting handshake messages, or 0 otherwise. +.PP +\&\fBSSL_in_before()\fR returns 1 if no \s-1SSL/TLS\s0 handshake has yet been initiated, or 0 +otherwise. +.PP +\&\fBSSL_is_init_finished()\fR returns 1 if the \s-1SSL/TLS\s0 connection is in a state where +fully protected application data can be transferred or 0 otherwise. +.PP +Note that in some circumstances (such as when early data is being transferred) +\&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR and \fBSSL_is_init_finished()\fR can all return 0. +.PP +\&\fBSSL_in_connect_init()\fR returns 1 if \fBs\fR is acting as a client and \fBSSL_in_init()\fR +would return 1, or 0 otherwise. +.PP +\&\fBSSL_in_accept_init()\fR returns 1 if \fBs\fR is acting as a server and \fBSSL_in_init()\fR +would return 1, or 0 otherwise. +.PP +\&\fBSSL_in_connect_init()\fR and \fBSSL_in_accept_init()\fR are implemented as macros. +.PP +\&\fBSSL_get_state()\fR returns a value indicating the current state of the handshake +state machine. \s-1OSSL_HANDSHAKE_STATE\s0 is an enumerated type where each value +indicates a discrete state machine state. Note that future versions of OpenSSL +may define more states so applications should expect to receive unrecognised +state values. The naming format is made up of a number of elements as follows: +.PP +\&\fBprotocol\fR_ST_\fBrole\fR_\fBmessage\fR +.PP +\&\fBprotocol\fR is one of \s-1TLS\s0 or \s-1DTLS. DTLS\s0 is used where a state is specific to the +\&\s-1DTLS\s0 protocol. Otherwise \s-1TLS\s0 is used. +.PP +\&\fBrole\fR is one of \s-1CR, CW, SR\s0 or \s-1SW\s0 to indicate \*(L"client reading\*(R", +\&\*(L"client writing\*(R", \*(L"server reading\*(R" or \*(L"server writing\*(R" respectively. +.PP +\&\fBmessage\fR is the name of a handshake message that is being or has been sent, or +is being or has been processed. +.PP +Additionally there are some special states that do not conform to the above +format. These are: +.IP "\s-1TLS_ST_BEFORE\s0" 4 +.IX Item "TLS_ST_BEFORE" +No handshake messages have yet been been sent or received. +.IP "\s-1TLS_ST_OK\s0" 4 +.IX Item "TLS_ST_OK" +Handshake message sending/processing has completed. +.IP "\s-1TLS_ST_EARLY_DATA\s0" 4 +.IX Item "TLS_ST_EARLY_DATA" +Early data is being processed +.IP "\s-1TLS_ST_PENDING_EARLY_DATA_END\s0" 4 +.IX Item "TLS_ST_PENDING_EARLY_DATA_END" +Awaiting the end of early data processing +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_in_init()\fR, \fBSSL_in_before()\fR, \fBSSL_is_init_finished()\fR, \fBSSL_in_connect_init()\fR +and \fBSSL_in_accept_init()\fR return values as indicated above. +.PP +\&\fBSSL_get_state()\fR returns the current handshake state. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_read_early_data\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_key_update.3 b/secure/lib/libcrypto/man/man3/SSL_key_update.3 new file mode 100644 index 000000000000..b69af2cdad35 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_key_update.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_KEY_UPDATE 3" +.TH SSL_KEY_UPDATE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_key_update, SSL_get_key_update_type, SSL_renegotiate, SSL_renegotiate_abbreviated, SSL_renegotiate_pending \&\- initiate and obtain information about updating connection keys +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_key_update(SSL *s, int updatetype); +\& int SSL_get_key_update_type(const SSL *s); +\& +\& int SSL_renegotiate(SSL *s); +\& int SSL_renegotiate_abbreviated(SSL *s); +\& int SSL_renegotiate_pending(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_key_update()\fR schedules an update of the keys for the current \s-1TLS\s0 connection. +If the \fBupdatetype\fR parameter is set to \fB\s-1SSL_KEY_UPDATE_NOT_REQUESTED\s0\fR then +the sending keys for this connection will be updated and the peer will be +informed of the change. If the \fBupdatetype\fR parameter is set to +\&\fB\s-1SSL_KEY_UPDATE_REQUESTED\s0\fR then the sending keys for this connection will be +updated and the peer will be informed of the change along with a request for the +peer to additionally update its sending keys. It is an error if \fBupdatetype\fR is +set to \fB\s-1SSL_KEY_UPDATE_NONE\s0\fR. +.PP +\&\fBSSL_key_update()\fR must only be called after the initial handshake has been +completed and TLSv1.3 has been negotiated. The key update will not take place +until the next time an \s-1IO\s0 operation such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR +takes place on the connection. Alternatively \fBSSL_do_handshake()\fR can be called to +force the update to take place immediately. +.PP +\&\fBSSL_get_key_update_type()\fR can be used to determine whether a key update +operation has been scheduled but not yet performed. The type of the pending key +update operation will be returned if there is one, or \s-1SSL_KEY_UPDATE_NONE\s0 +otherwise. +.PP +\&\fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR should only be called for +connections that have negotiated TLSv1.2 or less. Calling them on any other +connection will result in an error. +.PP +When called from the client side, \fBSSL_renegotiate()\fR schedules a completely new +handshake over an existing \s-1SSL/TLS\s0 connection. The next time an \s-1IO\s0 operation +such as \fBSSL_read_ex()\fR or \fBSSL_write_ex()\fR takes place on the connection a check +will be performed to confirm that it is a suitable time to start a +renegotiation. If so, then it will be initiated immediately. OpenSSL will not +attempt to resume any session associated with the connection in the new +handshake. +.PP +When called from the client side, \fBSSL_renegotiate_abbreviated()\fR works in the +same was as \fBSSL_renegotiate()\fR except that OpenSSL will attempt to resume the +session associated with the current connection in the new handshake. +.PP +When called from the server side, \fBSSL_renegotiate()\fR and +\&\fBSSL_renegotiate_abbreviated()\fR behave identically. They both schedule a request +for a new handshake to be sent to the client. The next time an \s-1IO\s0 operation is +performed then the same checks as on the client side are performed and then, if +appropriate, the request is sent. The client may or may not respond with a new +handshake and it may or may not attempt to resume an existing session. If +a new handshake is started then this will be handled transparently by calling +any OpenSSL \s-1IO\s0 function. +.PP +If an OpenSSL client receives a renegotiation request from a server then again +this will be handled transparently through calling any OpenSSL \s-1IO\s0 function. For +a \s-1TLS\s0 connection the client will attempt to resume the current session in the +new handshake. For historical reasons, \s-1DTLS\s0 clients will not attempt to resume +the session in the new handshake. +.PP +The \fBSSL_renegotiate_pending()\fR function returns 1 if a renegotiation or +renegotiation request has been scheduled but not yet acted on, or 0 otherwise. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_key_update()\fR, \fBSSL_renegotiate()\fR and \fBSSL_renegotiate_abbreviated()\fR return 1 +on success or 0 on error. +.PP +\&\fBSSL_get_key_update_type()\fR returns the update type of the pending key update +operation or \s-1SSL_KEY_UPDATE_NONE\s0 if there is none. +.PP +\&\fBSSL_renegotiate_pending()\fR returns 1 if a renegotiation or renegotiation request +has been scheduled but not yet acted on, or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_read_ex\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_key_update()\fR and \fBSSL_get_key_update_type()\fR functions were added in +OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_library_init.3 b/secure/lib/libcrypto/man/man3/SSL_library_init.3 new file mode 100644 index 000000000000..fc2c884623a9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_library_init.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_LIBRARY_INIT 3" +.TH SSL_LIBRARY_INIT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_library_init, OpenSSL_add_ssl_algorithms \&\- initialize SSL library by registering algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_library_init(void); +\& +\& int OpenSSL_add_ssl_algorithms(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_library_init()\fR registers the available \s-1SSL/TLS\s0 ciphers and digests. +.PP +\&\fBOpenSSL_add_ssl_algorithms()\fR is a synonym for \fBSSL_library_init()\fR and is +implemented as a macro. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_library_init()\fR must be called before any other action takes place. +\&\fBSSL_library_init()\fR is not reentrant. +.SH "WARNINGS" +.IX Header "WARNINGS" +\&\fBSSL_library_init()\fR adds ciphers and digests used directly and indirectly by +\&\s-1SSL/TLS.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return +value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBRAND_add\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_library_init()\fR and \fBOpenSSL_add_ssl_algorithms()\fR functions were +deprecated in OpenSSL 1.1.0 by \fBOPENSSL_init_ssl()\fR. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 b/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 new file mode 100644 index 000000000000..3d39648af7fc --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_load_client_CA_file.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_LOAD_CLIENT_CA_FILE 3" +.TH SSL_LOAD_CLIENT_CA_FILE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_load_client_CA_file \- load certificate names from file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns +a \s-1STACK_OF\s0(X509_NAME) with the subject names found. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and +extracts the X509_NAMES of the certificates found. While the name suggests +the specific usage as support function for +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +it is not limited to \s-1CA\s0 certificates. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The operation failed, check out the error stack for the reason. +.IP "Pointer to \s-1STACK_OF\s0(X509_NAME)" 4 +.IX Item "Pointer to STACK_OF(X509_NAME)" +Pointer to the subject names of the successfully read certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Load names of CAs from file and use it as a client \s-1CA\s0 list: +.PP +.Vb 2 +\& SSL_CTX *ctx; +\& STACK_OF(X509_NAME) *cert_names; +\& +\& ... +\& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); +\& if (cert_names != NULL) +\& SSL_CTX_set_client_CA_list(ctx, cert_names); +\& else +\& /* error */ +\& ... +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_new.3 b/secure/lib/libcrypto/man/man3/SSL_new.3 new file mode 100644 index 000000000000..4595a101f121 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_new.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_NEW 3" +.TH SSL_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_dup, SSL_new, SSL_up_ref \- create an SSL structure for a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL *SSL_dup(SSL *s); +\& SSL *SSL_new(SSL_CTX *ctx); +\& int SSL_up_ref(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the +data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings +of the underlying context \fBctx\fR: connection method, +options, verification settings, timeout settings. An \fB\s-1SSL\s0\fR structure is +reference counted. Creating an \fB\s-1SSL\s0\fR structure for the first time increments +the reference count. Freeing it (using SSL_free) decrements it. When the +reference count drops to zero, any memory or resources allocated to the \fB\s-1SSL\s0\fR +structure are freed. +.PP +\&\fBSSL_up_ref()\fR increments the reference count for an +existing \fB\s-1SSL\s0\fR structure. +.PP +\&\fBSSL_dup()\fR duplicates an existing \fB\s-1SSL\s0\fR structure into a new allocated one. All +settings are inherited from the original \fB\s-1SSL\s0\fR structure. Dynamic data (i.e. +existing connection details) are not copied, the new \fB\s-1SSL\s0\fR is set into an +initial accept (server) or connect (client) state. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL\s0 structure failed. Check the error stack to +find out the reason. +.IP "Pointer to an \s-1SSL\s0 structure" 4 +.IX Item "Pointer to an SSL structure" +The return value points to an allocated \s-1SSL\s0 structure. +.Sp +\&\fBSSL_up_ref()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_free\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBSSL_get_SSL_CTX\fR\|(3), +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_pending.3 b/secure/lib/libcrypto/man/man3/SSL_pending.3 new file mode 100644 index 000000000000..7ef93680808e --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_pending.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_PENDING 3" +.TH SSL_PENDING 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_pending, SSL_has_pending \- check for readable bytes buffered in an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_pending(const SSL *ssl); +\& int SSL_has_pending(const SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Data is received in whole blocks known as records from the peer. A whole record +is processed (e.g. decrypted) in one go and is buffered by OpenSSL until it is +read by the application via a call to \fBSSL_read_ex\fR\|(3) or \fBSSL_read\fR\|(3). +.PP +\&\fBSSL_pending()\fR returns the number of bytes which have been processed, buffered +and are available inside \fBssl\fR for immediate read. +.PP +If the \fB\s-1SSL\s0\fR object's \fIread_ahead\fR flag is set (see +\&\fBSSL_CTX_set_read_ahead\fR\|(3)), additional protocol bytes (beyond the current +record) may have been read containing more \s-1TLS/SSL\s0 records. This also applies to +\&\s-1DTLS\s0 and pipelining (see \fBSSL_CTX_set_split_send_fragment\fR\|(3)). These +additional bytes will be buffered by OpenSSL but will remain unprocessed until +they are needed. As these bytes are still in an unprocessed state \fBSSL_pending()\fR +will ignore them. Therefore it is possible for no more bytes to be readable from +the underlying \s-1BIO\s0 (because OpenSSL has already read them) and for \fBSSL_pending()\fR +to return 0, even though readable application data bytes are available (because +the data is in unprocessed buffered records). +.PP +\&\fBSSL_has_pending()\fR returns 1 if \fBs\fR has buffered data (whether processed or +unprocessed) and 0 otherwise. Note that it is possible for \fBSSL_has_pending()\fR to +return 1, and then a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR to return no +data because the unprocessed buffered data when processed yielded no application +data (for example this can happen during renegotiation). It is also possible in +this scenario for \fBSSL_has_pending()\fR to continue to return 1 even after an +\&\fBSSL_read_ex()\fR or \fBSSL_read()\fR call because the buffered and unprocessed data is +not yet processable (e.g. because OpenSSL has only received a partial record so +far). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_pending()\fR returns the number of buffered and processed application data +bytes that are pending and are available for immediate read. \fBSSL_has_pending()\fR +returns 1 if there is buffered record data in the \s-1SSL\s0 object and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_CTX_set_read_ahead\fR\|(3), +\&\fBSSL_CTX_set_split_send_fragment\fR\|(3), \fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_has_pending()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_read.3 b/secure/lib/libcrypto/man/man3/SSL_read.3 new file mode 100644 index 000000000000..0acfe6574ccb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_read.3 @@ -0,0 +1,275 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_READ 3" +.TH SSL_READ 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_read_ex, SSL_read, SSL_peek_ex, SSL_peek \&\- read bytes from a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +\& int SSL_read(SSL *ssl, void *buf, int num); +\& +\& int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes); +\& int SSL_peek(SSL *ssl, void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_read_ex()\fR and \fBSSL_read()\fR try to read \fBnum\fR bytes from the specified \fBssl\fR +into the buffer \fBbuf\fR. On success \fBSSL_read_ex()\fR will store the number of bytes +actually read in \fB*readbytes\fR. +.PP +\&\fBSSL_peek_ex()\fR and \fBSSL_peek()\fR are identical to \fBSSL_read_ex()\fR and \fBSSL_read()\fR +respectively except no bytes are actually removed from the underlying \s-1BIO\s0 during +the read, so that a subsequent call to \fBSSL_read_ex()\fR or \fBSSL_read()\fR will yield +at least the same bytes. +.SH "NOTES" +.IX Header "NOTES" +In the paragraphs below a \*(L"read function\*(R" is defined as one of \fBSSL_read_ex()\fR, +\&\fBSSL_read()\fR, \fBSSL_peek_ex()\fR or \fBSSL_peek()\fR. +.PP +If necessary, a read function will negotiate a \s-1TLS/SSL\s0 session, if not already +explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the +peer requests a re-negotiation, it will be performed transparently during +the read function operation. The behaviour of the read functions depends on the +underlying \s-1BIO.\s0 +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR before the first +invocation of a read function. +.PP +The read functions work based on the \s-1SSL/TLS\s0 records. The data are received in +records (with a maximum record size of 16kB). Only when a record has been +completely received, can it be processed (decryption and check of integrity). +Therefore data that was not retrieved at the last read call can still be +buffered inside the \s-1SSL\s0 layer and will be retrieved on the next read +call. If \fBnum\fR is higher than the number of bytes buffered then the read +functions will return with the bytes buffered. If no more bytes are in the +buffer, the read functions will trigger the processing of the next record. +Only when the record has been received and processed completely will the read +functions return reporting success. At most the contents of one record will +be returned. As the size of an \s-1SSL/TLS\s0 record may exceed the maximum packet size +of the underlying transport (e.g. \s-1TCP\s0), it may be necessary to read several +packets from the transport layer before the record is complete and the read call +can succeed. +.PP +If \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR has been switched off and a non-application data +record has been processed, the read function can return and set the error to +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR. +In this case there might still be unprocessed data available in the \fB\s-1BIO\s0\fR. +If read ahead was set using \fBSSL_CTX_set_read_ahead\fR\|(3), there might also still +be unprocessed data available in the \fB\s-1SSL\s0\fR. +This behaviour can be controlled using the \fBSSL_CTX_set_mode\fR\|(3) call. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, a read function will only return once the +read operation has been finished or an error occurred, except when a +non-application data record has been processed and \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is +not set. +Note that if \fB\s-1SSL_MODE_AUTO_RETRY\s0\fR is set and only non-application data is +available the call will hang. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, a read function will also return when +the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue the +operation. +In this case a call to \fBSSL_get_error\fR\|(3) with the +return value of the read function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. +As at any time it's possible that non-application data needs to be sent, +a read function can also cause write operations. +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of the read function. +The action depends on the underlying \s-1BIO.\s0 +When using a non-blocking socket, nothing is to be done, but \fBselect()\fR can be +used to check for the required condition. +When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written into or +retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +\&\fBSSL_pending\fR\|(3) can be used to find out whether there +are buffered bytes available for immediate retrieval. +In this case the read function can be called without blocking or actually +receiving new data from the underlying socket. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR will return 1 for success or 0 for failure. +Success means that 1 or more application data bytes have been read from the \s-1SSL\s0 +connection. +Failure means that no bytes could be read from the \s-1SSL\s0 connection. +Failures can be retryable (e.g. we are waiting for more bytes to +be delivered by the network) or non-retryable (e.g. a fatal network error). +In the event of a failure call \fBSSL_get_error\fR\|(3) to find out the reason which +indicates whether the call is retryable or not. +.PP +For \fBSSL_read()\fR and \fBSSL_peek()\fR the following return values can occur: +.IP "> 0" 4 +.IX Item "> 0" +The read operation was successful. +The return value is the number of bytes actually read from the \s-1TLS/SSL\s0 +connection. +.IP "<= 0" 4 +.IX Item "<= 0" +The read operation was not successful, because either the connection was closed, +an error occurred or action must be taken by the calling process. +Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +.Sp +Old documentation indicated a difference between 0 and \-1, and that \-1 was +retryable. +You should instead call \fBSSL_get_error()\fR to find out if it's retryable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_write_ex\fR\|(3), +\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_pending\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_read_ex()\fR and \fBSSL_peek_ex()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 b/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 new file mode 100644 index 000000000000..d2c487130cb1 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_read_early_data.3 @@ -0,0 +1,480 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_READ_EARLY_DATA 3" +.TH SSL_READ_EARLY_DATA 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_max_early_data, SSL_CTX_set_max_early_data, SSL_get_max_early_data, SSL_CTX_get_max_early_data, SSL_set_recv_max_early_data, SSL_CTX_set_recv_max_early_data, SSL_get_recv_max_early_data, SSL_CTX_get_recv_max_early_data, SSL_SESSION_get_max_early_data, SSL_SESSION_set_max_early_data, SSL_write_early_data, SSL_read_early_data, SSL_get_early_data_status, SSL_allow_early_data_cb_fn, SSL_CTX_set_allow_early_data_cb, SSL_set_allow_early_data_cb \&\- functions for sending and receiving early data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); +\& uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +\& int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); +\& uint32_t SSL_get_max_early_data(const SSL *s); +\& +\& int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +\& uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +\& int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +\& uint32_t SSL_get_recv_max_early_data(const SSL *s); +\& +\& uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); +\& int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data); +\& +\& int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written); +\& +\& int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes); +\& +\& int SSL_get_early_data_status(const SSL *s); +\& +\& +\& typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +\& +\& void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, +\& SSL_allow_early_data_cb_fn cb, +\& void *arg); +\& void SSL_set_allow_early_data_cb(SSL *s, +\& SSL_allow_early_data_cb_fn cb, +\& void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to send and receive early data where TLSv1.3 has been +negotiated. Early data can be sent by the client immediately after its initial +ClientHello without having to wait for the server to complete the handshake. +Early data can only be sent if a session has previously been established with +the server, and the server is known to support it. Additionally these functions +can be used to send data from the server to the client when the client has not +yet completed the authentication stage of the handshake. +.PP +Early data has weaker security properties than other data sent over an \s-1SSL/TLS\s0 +connection. In particular the data does not have forward secrecy. There are also +additional considerations around replay attacks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 +below). For these reasons extreme care should be exercised when using early +data. For specific details, consult the \s-1TLS 1.3\s0 specification. +.PP +When a server receives early data it may opt to immediately respond by sending +application data back to the client. Data sent by the server at this stage is +done before the full handshake has been completed. Specifically the client's +authentication messages have not yet been received, i.e. the client is +unauthenticated at this point and care should be taken when using this +capability. +.PP +A server or client can determine whether the full handshake has been completed +or not by calling \fBSSL_is_init_finished\fR\|(3). +.PP +On the client side, the function \fBSSL_SESSION_get_max_early_data()\fR can be used to +determine if a session established with a server can be used to send early data. +If the session cannot be used then this function will return 0. Otherwise it +will return the maximum number of early data bytes that can be sent. +.PP +The function \fBSSL_SESSION_set_max_early_data()\fR sets the maximum number of early +data bytes that can be sent for a session. This would typically be used when +creating a \s-1PSK\s0 session file (see \fBSSL_CTX_set_psk_use_session_callback\fR\|(3)). If +using a ticket based \s-1PSK\s0 then this is set automatically to the value provided by +the server. +.PP +A client uses the function \fBSSL_write_early_data()\fR to send early data. This +function is similar to the \fBSSL_write_ex\fR\|(3) function, but with the following +differences. See \fBSSL_write_ex\fR\|(3) for information on how to write bytes to +the underlying connection, and how to handle any errors that may arise. This +page describes the differences between \fBSSL_write_early_data()\fR and +\&\fBSSL_write_ex\fR\|(3). +.PP +When called by a client, \fBSSL_write_early_data()\fR must be the first \s-1IO\s0 function +called on a new connection, i.e. it must occur before any calls to +\&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_connect\fR\|(3), \fBSSL_do_handshake\fR\|(3) +or other similar functions. It may be called multiple times to stream data to +the server, but the total number of bytes written must not exceed the value +returned from \fBSSL_SESSION_get_max_early_data()\fR. Once the initial +\&\fBSSL_write_early_data()\fR call has completed successfully the client may interleave +calls to \fBSSL_read_ex\fR\|(3) and \fBSSL_read\fR\|(3) with calls to +\&\fBSSL_write_early_data()\fR as required. +.PP +If \fBSSL_write_early_data()\fR fails you should call \fBSSL_get_error\fR\|(3) to determine +the correct course of action, as for \fBSSL_write_ex\fR\|(3). +.PP +When the client no longer wishes to send any more early data then it should +complete the handshake by calling a function such as \fBSSL_connect\fR\|(3) or +\&\fBSSL_do_handshake\fR\|(3). Alternatively you can call a standard write function +such as \fBSSL_write_ex\fR\|(3), which will transparently complete the connection and +write the requested data. +.PP +A server may choose to ignore early data that has been sent to it. Once the +connection has been completed you can determine whether the server accepted or +rejected the early data by calling \fBSSL_get_early_data_status()\fR. This will return +\&\s-1SSL_EARLY_DATA_ACCEPTED\s0 if the data was accepted, \s-1SSL_EARLY_DATA_REJECTED\s0 if it +was rejected or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. This function +may be called by either the client or the server. +.PP +A server uses the \fBSSL_read_early_data()\fR function to receive early data on a +connection for which early data has been enabled using +\&\fBSSL_CTX_set_max_early_data()\fR or \fBSSL_set_max_early_data()\fR. As for +\&\fBSSL_write_early_data()\fR, this must be the first \s-1IO\s0 function +called on a connection, i.e. it must occur before any calls to +\&\fBSSL_write_ex\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_accept\fR\|(3), \fBSSL_do_handshake\fR\|(3), +or other similar functions. +.PP +\&\fBSSL_read_early_data()\fR is similar to \fBSSL_read_ex\fR\|(3) with the following +differences. Refer to \fBSSL_read_ex\fR\|(3) for full details. +.PP +\&\fBSSL_read_early_data()\fR may return 3 possible values: +.IP "\s-1SSL_READ_EARLY_DATA_ERROR\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_ERROR" +This indicates an \s-1IO\s0 or some other error occurred. This should be treated in the +same way as a 0 return value from \fBSSL_read_ex\fR\|(3). +.IP "\s-1SSL_READ_EARLY_DATA_SUCCESS\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_SUCCESS" +This indicates that early data was successfully read. This should be treated in +the same way as a 1 return value from \fBSSL_read_ex\fR\|(3). You should continue to +call \fBSSL_read_early_data()\fR to read more data. +.IP "\s-1SSL_READ_EARLY_DATA_FINISH\s0" 4 +.IX Item "SSL_READ_EARLY_DATA_FINISH" +This indicates that no more early data can be read. It may be returned on the +first call to \fBSSL_read_early_data()\fR if the client has not sent any early data, +or if the early data was rejected. +.PP +Once the initial \fBSSL_read_early_data()\fR call has completed successfully (i.e. it +has returned \s-1SSL_READ_EARLY_DATA_SUCCESS\s0 or \s-1SSL_READ_EARLY_DATA_FINISH\s0) then the +server may choose to write data immediately to the unauthenticated client using +\&\fBSSL_write_early_data()\fR. If \fBSSL_read_early_data()\fR returned +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 then in some situations (e.g. if the client only +supports TLSv1.2) the handshake may have already been completed and calls +to \fBSSL_write_early_data()\fR are not allowed. Call \fBSSL_is_init_finished\fR\|(3) to +determine whether the handshake has completed or not. If the handshake is still +in progress then the server may interleave calls to \fBSSL_write_early_data()\fR with +calls to \fBSSL_read_early_data()\fR as required. +.PP +Servers must not call \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) or +\&\fBSSL_write\fR\|(3) until \fBSSL_read_early_data()\fR has returned with +\&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 Once it has done so the connection to the client +still needs to be completed. Complete the connection by calling a function such +as \fBSSL_accept\fR\|(3) or \fBSSL_do_handshake\fR\|(3). Alternatively you can call a +standard read function such as \fBSSL_read_ex\fR\|(3), which will transparently +complete the connection and read the requested data. Note that it is an error to +attempt to complete the connection before \fBSSL_read_early_data()\fR has returned +\&\s-1SSL_READ_EARLY_DATA_FINISH.\s0 +.PP +Only servers may call \fBSSL_read_early_data()\fR. +.PP +Calls to \fBSSL_read_early_data()\fR may, in certain circumstances, complete the +connection immediately without further need to call a function such as +\&\fBSSL_accept\fR\|(3). This can happen if the client is using a protocol version less +than TLSv1.3. Applications can test for this by calling +\&\fBSSL_is_init_finished\fR\|(3). Alternatively, applications may choose to call +\&\fBSSL_accept\fR\|(3) anyway. Such a call will successfully return immediately with no +further action taken. +.PP +When a session is created between a server and a client the server will specify +the maximum amount of any early data that it will accept on any future +connection attempt. By default the server does not accept early data; a +server may indicate support for early data by calling +\&\fBSSL_CTX_set_max_early_data()\fR or +\&\fBSSL_set_max_early_data()\fR to set it for the whole \s-1SSL_CTX\s0 or an individual \s-1SSL\s0 +object respectively. The \fBmax_early_data\fR parameter specifies the maximum +amount of early data in bytes that is permitted to be sent on a single +connection. Similarly the \fBSSL_CTX_get_max_early_data()\fR and +\&\fBSSL_get_max_early_data()\fR functions can be used to obtain the current maximum +early data settings for the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects respectively. Generally a +server application will either use both of \fBSSL_read_early_data()\fR and +\&\fBSSL_CTX_set_max_early_data()\fR (or \fBSSL_set_max_early_data()\fR), or neither of them, +since there is no practical benefit from using only one of them. If the maximum +early data setting for a server is non-zero then replay protection is +automatically enabled (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 below). +.PP +If the server rejects the early data sent by a client then it will skip over +the data that is sent. The maximum amount of received early data that is skipped +is controlled by the recv_max_early_data setting. If a client sends more than +this then the connection will abort. This value can be set by calling +\&\fBSSL_CTX_set_recv_max_early_data()\fR or \fBSSL_set_recv_max_early_data()\fR. The current +value for this setting can be obtained by calling +\&\fBSSL_CTX_get_recv_max_early_data()\fR or \fBSSL_get_recv_max_early_data()\fR. The default +value for this setting is 16,384 bytes. +.PP +The recv_max_early_data value also has an impact on early data that is accepted. +The amount of data that is accepted will always be the lower of the +max_early_data for the session and the recv_max_early_data setting for the +server. If a client sends more data than this then the connection will abort. +.PP +The configured value for max_early_data on a server may change over time as +required. However clients may have tickets containing the previously configured +max_early_data value. The recv_max_early_data should always be equal to or +higher than any recently configured max_early_data value in order to avoid +aborted connections. The recv_max_early_data should never be set to less than +the current configured max_early_data value. +.PP +Some server applications may wish to have more control over whether early data +is accepted or not, for example to mitigate replay risks (see \*(L"\s-1REPLAY PROTECTION\*(R"\s0 +below) or to decline early_data when the server is heavily loaded. The functions +\&\fBSSL_CTX_set_allow_early_data_cb()\fR and \fBSSL_set_allow_early_data_cb()\fR set a +callback which is called at a point in the handshake immediately before a +decision is made to accept or reject early data. The callback is provided with a +pointer to the user data argument that was provided when the callback was first +set. Returning 1 from the callback will allow early data and returning 0 will +reject it. Note that the OpenSSL library may reject early data for other reasons +in which case this callback will not get called. Notably, the built-in replay +protection feature will still be used even if a callback is present unless it +has been explicitly disabled using the \s-1SSL_OP_NO_ANTI_REPLAY\s0 option. See +\&\*(L"\s-1REPLAY PROTECTION\*(R"\s0 below. +.SH "NOTES" +.IX Header "NOTES" +The whole purpose of early data is to enable a client to start sending data to +the server before a full round trip of network traffic has occurred. Application +developers should ensure they consider optimisation of the underlying \s-1TCP\s0 socket +to obtain a performant solution. For example Nagle's algorithm is commonly used +by operating systems in an attempt to avoid lots of small \s-1TCP\s0 packets. In many +scenarios this is beneficial for performance, but it does not work well with the +early data solution as implemented in OpenSSL. In Nagle's algorithm the \s-1OS\s0 will +buffer outgoing \s-1TCP\s0 data if a \s-1TCP\s0 packet has already been sent which we have not +yet received an \s-1ACK\s0 for from the peer. The buffered data will only be +transmitted if enough data to fill an entire \s-1TCP\s0 packet is accumulated, or if +the \s-1ACK\s0 is received from the peer. The initial ClientHello will be sent in the +first \s-1TCP\s0 packet along with any data from the first call to +\&\fBSSL_write_early_data()\fR. If the amount of data written will exceed the size of a +single \s-1TCP\s0 packet, or if there are more calls to \fBSSL_write_early_data()\fR then +that additional data will be sent in subsequent \s-1TCP\s0 packets which will be +buffered by the \s-1OS\s0 and not sent until an \s-1ACK\s0 is received for the first packet +containing the ClientHello. This means the early data is not actually +sent until a complete round trip with the server has occurred which defeats the +objective of early data. +.PP +In many operating systems the \s-1TCP_NODELAY\s0 socket option is available to disable +Nagle's algorithm. If an application opts to disable Nagle's algorithm +consideration should be given to turning it back on again after the handshake is +complete if appropriate. +.PP +In rare circumstances, it may be possible for a client to have a session that +reports a max early data value greater than 0, but where the server does not +support this. For example, this can occur if a server has had its configuration +changed to accept a lower max early data value such as by calling +\&\fBSSL_CTX_set_recv_max_early_data()\fR. Another example is if a server used to +support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such +a server will cause the connection to abort. Clients that encounter an aborted +connection while sending early data may want to retry the connection without +sending early data as this does not happen automatically. A client will have to +establish a new transport layer connection to the server and attempt the \s-1SSL/TLS\s0 +connection again but without sending early data. Note that it is inadvisable to +retry with a lower maximum protocol version. +.SH "REPLAY PROTECTION" +.IX Header "REPLAY PROTECTION" +When early data is in use the \s-1TLS\s0 protocol provides no security guarantees that +the same early data was not replayed across multiple connections. As a +mitigation for this issue OpenSSL automatically enables replay protection if the +server is configured with a non-zero max early data value. With replay +protection enabled sessions are forced to be single use only. If a client +attempts to reuse a session ticket more than once, then the second and +subsequent attempts will fall back to a full handshake (and any early data that +was submitted will be ignored). Note that single use tickets are enforced even +if a client does not send any early data. +.PP +The replay protection mechanism relies on the internal OpenSSL server session +cache (see \fBSSL_CTX_set_session_cache_mode\fR\|(3)). When replay protection is +being used the server will operate as if the \s-1SSL_OP_NO_TICKET\s0 option had been +selected (see \fBSSL_CTX_set_options\fR\|(3)). Sessions will be added to the cache +whenever a session ticket is issued. When a client attempts to resume the +session, OpenSSL will check for its presence in the internal cache. If it exists +then the resumption is allowed and the session is removed from the cache. If it +does not exist then the resumption is not allowed and a full handshake will +occur. +.PP +Note that some applications may maintain an external cache of sessions (see +\&\fBSSL_CTX_sess_set_new_cb\fR\|(3) and similar functions). It is the application's +responsibility to ensure that any sessions in the external cache are also +populated in the internal cache and that once removed from the internal cache +they are similarly removed from the external cache. Failing to do this could +result in an application becoming vulnerable to replay attacks. Note that +OpenSSL will lock the internal cache while a session is removed but that lock is +not held when the remove session callback (see \fBSSL_CTX_sess_set_remove_cb\fR\|(3)) +is called. This could result in a small amount of time where the session has +been removed from the internal cache but is still available in the external +cache. Applications should be designed with this in mind in order to minimise +the possibility of replay attacks. +.PP +The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) +(e.g. see \fBSSL_CTX_set_psk_find_session_callback\fR\|(3)). Therefore extreme caution +should be applied when combining external PSKs with early data. +.PP +Some applications may mitigate the replay risks in other ways. For those +applications it is possible to turn off the built-in replay protection feature +using the \fB\s-1SSL_OP_NO_ANTI_REPLAY\s0\fR option. See \fBSSL_CTX_set_options\fR\|(3) for +details. Applications can also set a callback to make decisions about accepting +early data or not. See \fBSSL_CTX_set_allow_early_data_cb()\fR above for details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_write_early_data()\fR returns 1 for success or 0 for failure. In the event of a +failure call \fBSSL_get_error\fR\|(3) to determine the correct course of action. +.PP +\&\fBSSL_read_early_data()\fR returns \s-1SSL_READ_EARLY_DATA_ERROR\s0 for failure, +\&\s-1SSL_READ_EARLY_DATA_SUCCESS\s0 for success with more data to read and +\&\s-1SSL_READ_EARLY_DATA_FINISH\s0 for success with no more to data be read. In the +event of a failure call \fBSSL_get_error\fR\|(3) to determine the correct course of +action. +.PP +\&\fBSSL_get_max_early_data()\fR, \fBSSL_CTX_get_max_early_data()\fR and +\&\fBSSL_SESSION_get_max_early_data()\fR return the maximum number of early data bytes +that may be sent. +.PP +\&\fBSSL_set_max_early_data()\fR, \fBSSL_CTX_set_max_early_data()\fR and +\&\fBSSL_SESSION_set_max_early_data()\fR return 1 for success or 0 for failure. +.PP +\&\fBSSL_get_early_data_status()\fR returns \s-1SSL_EARLY_DATA_ACCEPTED\s0 if early data was +accepted by the server, \s-1SSL_EARLY_DATA_REJECTED\s0 if early data was rejected by +the server, or \s-1SSL_EARLY_DATA_NOT_SENT\s0 if no early data was sent. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), +\&\fBSSL_read_ex\fR\|(3), +\&\fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_set_psk_use_session_callback\fR\|(3), +\&\fBssl\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +All of the functions described above were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 b/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 new file mode 100644 index 000000000000..3696f4f4e353 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_rstate_string.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_RSTATE_STRING 3" +.TH SSL_RSTATE_STRING 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an SSL object during read operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_rstate_string(SSL *ssl); +\& const char *SSL_rstate_string_long(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_rstate_string()\fR returns a 2 letter string indicating the current read state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fBSSL_rstate_string_long()\fR returns a string indicating the current read state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, +consisting of header and body. When working in a blocking environment, +SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read done\*(R". +.PP +This function should only seldom be needed in applications. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_rstate_string()\fR and \fBSSL_rstate_string_long()\fR can return the following +values: +.ie n .IP """\s-1RH""/\s0""read header""" 4 +.el .IP "``\s-1RH''/\s0``read header''" 4 +.IX Item "RH/read header" +The header of the record is being evaluated. +.ie n .IP """\s-1RB""/\s0""read body""" 4 +.el .IP "``\s-1RB''/\s0``read body''" 4 +.IX Item "RB/read body" +The body of the record is being evaluated. +.ie n .IP """\s-1RD""/\s0""read done""" 4 +.el .IP "``\s-1RD''/\s0``read done''" 4 +.IX Item "RD/read done" +The record has been completely processed. +.ie n .IP """unknown""/""unknown""" 4 +.el .IP "``unknown''/``unknown''" 4 +.IX Item "unknown/unknown" +The read state is unknown. This should never happen. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_session_reused.3 b/secure/lib/libcrypto/man/man3/SSL_session_reused.3 new file mode 100644 index 000000000000..9a7bb5f6bac6 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_session_reused.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SESSION_REUSED 3" +.TH SSL_SESSION_REUSED 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_session_reused \- query whether a reused session was negotiated during handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_session_reused(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Query, whether a reused session was negotiated during the handshake. +.SH "NOTES" +.IX Header "NOTES" +During the negotiation, a client can propose to reuse a session. The server +then looks up the session in its cache. If both client and server agree +on the session, it will be reused and a flag is being set that can be +queried by the application. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +A new session was negotiated. +.IP "1" 4 +.IX Item "1" +A session was reused. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_set_session\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_set1_host.3 b/secure/lib/libcrypto/man/man3/SSL_set1_host.3 new file mode 100644 index 000000000000..01621f4679c0 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_set1_host.3 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET1_HOST 3" +.TH SSL_SET1_HOST 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set1_host, SSL_add1_host, SSL_set_hostflags, SSL_get0_peername \- SSL server verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set1_host(SSL *s, const char *hostname); +\& int SSL_add1_host(SSL *s, const char *hostname); +\& void SSL_set_hostflags(SSL *s, unsigned int flags); +\& const char *SSL_get0_peername(SSL *s); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions configure server hostname checks in the \s-1SSL\s0 client. +.PP +\&\fBSSL_set1_host()\fR sets the expected \s-1DNS\s0 hostname to \fBname\fR clearing +any previously specified host name or names. If \fBname\fR is \s-1NULL,\s0 +or the empty string the list of hostnames is cleared, and name +checks are not performed on the peer certificate. When a non-empty +\&\fBname\fR is specified, certificate verification automatically checks +the peer hostname via \fBX509_check_host\fR\|(3) with \fBflags\fR as specified +via \fBSSL_set_hostflags()\fR. Clients that enable \s-1DANE TLSA\s0 authentication +via \fBSSL_dane_enable\fR\|(3) should leave it to that function to set +the primary reference identifier of the peer, and should not call +\&\fBSSL_set1_host()\fR. +.PP +\&\fBSSL_add1_host()\fR adds \fBname\fR as an additional reference identifier +that can match the peer's certificate. Any previous names set via +\&\fBSSL_set1_host()\fR or \fBSSL_add1_host()\fR are retained, no change is made +if \fBname\fR is \s-1NULL\s0 or empty. When multiple names are configured, +the peer is considered verified when any name matches. This function +is required for \s-1DANE TLSA\s0 in the presence of service name indirection +via \s-1CNAME, MX\s0 or \s-1SRV\s0 records as specified in \s-1RFC7671, RFC7672\s0 or +\&\s-1RFC7673.\s0 +.PP +\&\fBSSL_set_hostflags()\fR sets the \fBflags\fR that will be passed to +\&\fBX509_check_host\fR\|(3) when name checks are applicable, by default +the \fBflags\fR value is 0. See \fBX509_check_host\fR\|(3) for the list +of available flags and their meaning. +.PP +\&\fBSSL_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject CommonName +from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, the name +matched in the peer certificate may be a wildcard name. When one +of the reference identifiers configured via \fBSSL_set1_host()\fR or +\&\fBSSL_add1_host()\fR starts with \*(L".\*(R", which indicates a parent domain prefix +rather than a fixed name, the matched peer name may be a sub-domain +of the reference identifier. The returned string is allocated by +the library and is no longer valid once the associated \fBssl\fR handle +is cleared or freed, or a renegotiation takes place. Applications +must not free the return value. +.PP +\&\s-1SSL\s0 clients are advised to use these functions in preference to +explicitly calling \fBX509_check_host\fR\|(3). Hostname checks may be out +of scope with the \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3) certificate usage, and the +internal check will be suppressed as appropriate when \s-1DANE\s0 is +enabled. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set1_host()\fR and \fBSSL_add1_host()\fR return 1 for success and 0 for +failure. +.PP +\&\fBSSL_get0_peername()\fR returns \s-1NULL\s0 if peername verification is not +applicable (as with \s-1RFC7671 \fBDANE\-EE\s0\fR\|(3)), or no trusted peername was +matched. Otherwise, it returns the matched peername. To determine +whether verification succeeded call \fBSSL_get_verify_result\fR\|(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Suppose \*(L"smtp.example.com\*(R" is the \s-1MX\s0 host of the domain \*(L"example.com\*(R". +The calls below will arrange to match either the \s-1MX\s0 hostname or the +destination domain name in the \s-1SMTP\s0 server certificate. Wildcards +are supported, but must match the entire label. The actual name +matched in the certificate (which might be a wildcard) is retrieved, +and must be copied by the application if it is to be retained beyond +the lifetime of the \s-1SSL\s0 connection. +.PP +.Vb 5 +\& SSL_set_hostflags(ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +\& if (!SSL_set1_host(ssl, "smtp.example.com")) +\& /* error */ +\& if (!SSL_add1_host(ssl, "example.com")) +\& /* error */ +\& +\& /* XXX: Perform SSL_connect() handshake and handle errors here */ +\& +\& if (SSL_get_verify_result(ssl) == X509_V_OK) { +\& const char *peername = SSL_get0_peername(ssl); +\& +\& if (peername != NULL) +\& /* Name checks were in scope and matched the peername */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_check_host\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3). +\&\fBSSL_dane_enable\fR\|(3). +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_bio.3 b/secure/lib/libcrypto/man/man3/SSL_set_bio.3 new file mode 100644 index 000000000000..df9bba45a871 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_set_bio.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_BIO 3" +.TH SSL_SET_BIO 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_bio, SSL_set0_rbio, SSL_set0_wbio \- connect the SSL object with a BIO +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); +\& void SSL_set0_rbio(SSL *s, BIO *rbio); +\& void SSL_set0_wbio(SSL *s, BIO *wbio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set0_rbio()\fR connects the \s-1BIO\s0 \fBrbio\fR for the read operations of the \fBssl\fR +object. The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR. If the \s-1BIO\s0 is +non-blocking then the \fBssl\fR object will also have non-blocking behaviour. This +function transfers ownership of \fBrbio\fR to \fBssl\fR. It will be automatically +freed using \fBBIO_free_all\fR\|(3) when the \fBssl\fR is freed. On calling this +function, any existing \fBrbio\fR that was previously set will also be freed via a +call to \fBBIO_free_all\fR\|(3) (this includes the case where the \fBrbio\fR is set to +the same value as previously). +.PP +\&\fBSSL_set0_wbio()\fR works in the same as \fBSSL_set0_rbio()\fR except that it connects +the \s-1BIO\s0 \fBwbio\fR for the write operations of the \fBssl\fR object. Note that if the +rbio and wbio are the same then \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR each take +ownership of one reference. Therefore it may be necessary to increment the +number of references available using \fBBIO_up_ref\fR\|(3) before calling the set0 +functions. +.PP +\&\fBSSL_set_bio()\fR is similar to \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR except +that it connects both the \fBrbio\fR and the \fBwbio\fR at the same time, and +transfers the ownership of \fBrbio\fR and \fBwbio\fR to \fBssl\fR according to +the following set of rules: +.IP "\(bu" 2 +If neither the \fBrbio\fR or \fBwbio\fR have changed from their previous values +then nothing is done. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and both are different +to their +previously set values then one reference is consumed for the rbio and one +reference is consumed for the wbio. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is not +the same as the previously set value then one reference is consumed. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are the same and the \fBrbio\fR is the +same as the previously set value, then no additional references are consumed. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBrbio\fR is the +same as the +previously set value then one reference is consumed for the \fBwbio\fR and no +references are consumed for the \fBrbio\fR. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR is the +same as the previously set value and the old \fBrbio\fR and \fBwbio\fR values +were the same as each other then one reference is consumed for the \fBrbio\fR +and no references are consumed for the \fBwbio\fR. +.IP "\(bu" 2 +If the \fBrbio\fR and \fBwbio\fR parameters are different and the \fBwbio\fR +is the same as the +previously set value and the old \fBrbio\fR and \fBwbio\fR values were different +to each +other then one reference is consumed for the \fBrbio\fR and one reference +is consumed +for the \fBwbio\fR. +.PP +Because of this complexity, this function should be avoided; +use \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_bio()\fR, \fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR cannot fail. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_rbio\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSL_set0_rbio()\fR and \fBSSL_set0_wbio()\fR were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 b/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 new file mode 100644 index 000000000000..850c360e2632 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_set_connect_state.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_CONNECT_STATE 3" +.TH SSL_SET_CONNECT_STATE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_connect_state, SSL_set_accept_state, SSL_is_server \&\- functions for manipulating and examining the client or server mode of an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_connect_state(SSL *ssl); +\& +\& void SSL_set_accept_state(SSL *ssl); +\& +\& int SSL_is_server(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. +.PP +\&\fBSSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. +.PP +\&\fBSSL_is_server()\fR checks if \fBssl\fR is working in server mode. +.SH "NOTES" +.IX Header "NOTES" +When the \s-1SSL_CTX\s0 object was created with \fBSSL_CTX_new\fR\|(3), +it was either assigned a dedicated client method, a dedicated server +method, or a generic method, that can be used for both client and +server connections. (The method might have been changed with +\&\fBSSL_CTX_set_ssl_version\fR\|(3) or +\&\fBSSL_set_ssl_method\fR\|(3).) +.PP +When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must +call the connect (client) or accept (server) routines. Even though it may +be clear from the method chosen, whether client or server mode was +requested, the handshake routines must be explicitly set. +.PP +When using the \fBSSL_connect\fR\|(3) or +\&\fBSSL_accept\fR\|(3) routines, the correct handshake +routines are automatically set. When performing a transparent negotiation +using \fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), or \fBSSL_read\fR\|(3), +the handshake routines must be explicitly set in advance using either +\&\fBSSL_set_connect_state()\fR or \fBSSL_set_accept_state()\fR. +.PP +If \fBSSL_is_server()\fR is called before \fBSSL_set_connect_state()\fR or +\&\fBSSL_set_accept_state()\fR is called (either automatically or explicitly), +the result depends on what method was used when \s-1SSL_CTX\s0 was created with +\&\fBSSL_CTX_new\fR\|(3). If a generic method or a dedicated server method was +passed to \fBSSL_CTX_new\fR\|(3), \fBSSL_is_server()\fR returns 1; otherwise, it returns 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_connect_state()\fR and \fBSSL_set_accept_state()\fR do not return diagnostic +information. +.PP +\&\fBSSL_is_server()\fR returns 1 if \fBssl\fR is working in server mode or 0 for client mode. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_new\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), \fBSSL_write\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_CTX_set_ssl_version\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_fd.3 b/secure/lib/libcrypto/man/man3/SSL_set_fd.3 new file mode 100644 index 000000000000..bbab70ce8a9f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_set_fd.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_FD 3" +.TH SSL_SET_FD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_fd, SSL_set_rfd, SSL_set_wfd \- connect the SSL object with a file descriptor +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_fd(SSL *ssl, int fd); +\& int SSL_set_rfd(SSL *ssl, int fd); +\& int SSL_set_wfd(SSL *ssl, int fd); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility +for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the +socket file descriptor of a network connection. +.PP +When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to +interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine +inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will +also have non-blocking behaviour. +.PP +If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fBBIO_free()\fR will be called +(for both the reading and writing side, if different). +.PP +\&\fBSSL_set_rfd()\fR and \fBSSL_set_wfd()\fR perform the respective action, but only +for the read channel or the write channel, which can be set independently. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The operation failed. Check the error stack to find out why. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_fd\fR\|(3), \fBSSL_set_bio\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), \fBssl\fR\|(7) , \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_session.3 b/secure/lib/libcrypto/man/man3/SSL_set_session.3 new file mode 100644 index 000000000000..0d0533c866ee --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_set_session.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_SESSION 3" +.TH SSL_SET_SESSION 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_session \- set a TLS/SSL session to be used during TLS/SSL connect +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_set_session(SSL *ssl, SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection +is to be established. \fBSSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. +When the session is set, the reference count of \fBsession\fR is incremented +by 1. If the session is not reused, the reference count is decremented +again during \fBSSL_connect()\fR. Whether the session was reused can be queried +with the \fBSSL_session_reused\fR\|(3) call. +.PP +If there is already a session set inside \fBssl\fR (because it was set with +\&\fBSSL_set_session()\fR before or because the same \fBssl\fR was already used for +a connection), \fBSSL_SESSION_free()\fR will be called for that session. If that old +session is still \fBopen\fR, it is considered bad and will be removed from the +session cache (if used). A session is considered open, if \fBSSL_shutdown\fR\|(3) was +not called for the connection (or at least \fBSSL_set_shutdown\fR\|(3) was used to +set the \s-1SSL_SENT_SHUTDOWN\s0 state). +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The operation failed; check the error stack to find out the reason. +.IP "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 b/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 new file mode 100644 index 000000000000..e76e2b68bdab --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_set_shutdown.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_SHUTDOWN 3" +.TH SSL_SET_SHUTDOWN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_shutdown(SSL *ssl, int mode); +\& +\& int SSL_get_shutdown(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. +.PP +\&\fBSSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The shutdown state of an ssl connection is a bitmask of: +.IP "0" 4 +No shutdown setting, yet. +.IP "\s-1SSL_SENT_SHUTDOWN\s0" 4 +.IX Item "SSL_SENT_SHUTDOWN" +A close_notify shutdown alert was sent to the peer, the connection is being +considered closed and the session is closed and correct. +.IP "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 +.IX Item "SSL_RECEIVED_SHUTDOWN" +A shutdown alert was received form the peer, either a normal close_notify +or a fatal error. +.PP +\&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time. +.PP +The shutdown state of the connection is used to determine the state of +the ssl session. If the session is still open, when +\&\fBSSL_clear\fR\|(3) or \fBSSL_free\fR\|(3) is called, +it is considered bad and removed according to \s-1RFC2246.\s0 +The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 +(according to the \s-1TLS RFC,\s0 it is acceptable to only send the close_notify +alert but to not wait for the peer's answer, when the underlying connection +is closed). +\&\fBSSL_set_shutdown()\fR can be used to set this state without sending a +close alert to the peer (see \fBSSL_shutdown\fR\|(3)). +.PP +If a close_notify was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, +for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call +\&\fBSSL_shutdown\fR\|(3) or \fBSSL_set_shutdown()\fR itself. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_shutdown()\fR does not return diagnostic information. +.PP +\&\fBSSL_get_shutdown()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_shutdown\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 b/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 new file mode 100644 index 000000000000..09552f2f8db6 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_set_verify_result.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SET_VERIFY_RESULT 3" +.TH SSL_SET_VERIFY_RESULT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_set_verify_result \- override result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void SSL_set_verify_result(SSL *ssl, long verify_result); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the +result of the verification of the X509 certificate presented by the peer, +if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_set_verify_result()\fR overrides the verification result. It only changes +the verification result of the \fBssl\fR object. It does not become part of the +established session, so if the session is to be reused later, the original +value will reappear. +.PP +The valid codes for \fBverify_result\fR are documented in \fBverify\fR\|(1). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_set_verify_result()\fR does not provide a return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_get_peer_certificate\fR\|(3), +\&\fBverify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_shutdown.3 b/secure/lib/libcrypto/man/man3/SSL_shutdown.3 new file mode 100644 index 000000000000..f74ea8d095b8 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_shutdown.3 @@ -0,0 +1,287 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_SHUTDOWN 3" +.TH SSL_SHUTDOWN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_shutdown \- shut down a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_shutdown(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the +close_notify shutdown alert to the peer. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_shutdown()\fR tries to send the close_notify shutdown alert to the peer. +Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and +a currently open session is considered closed and good and will be kept in the +session cache for further reuse. +.PP +Note that \fBSSL_shutdown()\fR must not be called if a previous fatal error has +occurred on a connection i.e. if \fBSSL_get_error()\fR has returned \s-1SSL_ERROR_SYSCALL\s0 +or \s-1SSL_ERROR_SSL.\s0 +.PP +The shutdown procedure consists of two steps: sending of the close_notify +shutdown alert, and reception of the peer's close_notify shutdown alert. +The order of those two steps depends on the application. +.PP +It is acceptable for an application to only send its shutdown alert and +then close the underlying connection without waiting for the peer's response. +This way resources can be saved, as the process can already terminate or +serve another connection. +This should only be done when it is known that the other side will not send more +data, otherwise there is a risk of a truncation attack. +.PP +When a client only writes and never reads from the connection, and the server +has sent a session ticket to establish a session, the client might not be able +to resume the session because it did not received and process the session ticket +from the server. +In case the application wants to be able to resume the session, it is recommended to +do a complete shutdown procedure (bidirectional close_notify alerts). +.PP +When the underlying connection shall be used for more communications, the +complete shutdown procedure must be performed, so that the peers stay +synchronized. +.PP +\&\fBSSL_shutdown()\fR only closes the write direction. +It is not possible to call \fBSSL_write()\fR after calling \fBSSL_shutdown()\fR. +The read direction is closed by the peer. +.SS "First to close the connection" +.IX Subsection "First to close the connection" +When the application is the first party to send the close_notify +alert, \fBSSL_shutdown()\fR will only send the alert and then set the +\&\s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will +be kept in the cache). +If successful, \fBSSL_shutdown()\fR will return 0. +.PP +If a unidirectional shutdown is enough (the underlying connection shall be +closed anyway), this first successful call to \fBSSL_shutdown()\fR is sufficient. +.PP +In order to complete the bidirectional shutdown handshake, the peer needs +to send back a close_notify alert. +The \s-1SSL_RECEIVED_SHUTDOWN\s0 flag will be set after receiving and processing +it. +.PP +The peer is still allowed to send data after receiving the close_notify +event. +When it is done sending data, it will send the close_notify alert. +\&\fBSSL_read()\fR should be called until all data is received. +\&\fBSSL_read()\fR will indicate the end of the peer data by returning <= 0 +and \fBSSL_get_error()\fR returning \s-1SSL_ERROR_ZERO_RETURN.\s0 +.SS "Peer closes the connection" +.IX Subsection "Peer closes the connection" +If the peer already sent the close_notify alert \fBand\fR it was +already processed implicitly inside another function +(\fBSSL_read\fR\|(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. +\&\fBSSL_read()\fR will return <= 0 in that case, and \fBSSL_get_error()\fR will return +\&\s-1SSL_ERROR_ZERO_RETURN.\s0 +\&\fBSSL_shutdown()\fR will send the close_notify alert, set the \s-1SSL_SENT_SHUTDOWN\s0 +flag. +If successful, \fBSSL_shutdown()\fR will return 1. +.PP +Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the +\&\fBSSL_get_shutdown()\fR (see also \fBSSL_set_shutdown\fR\|(3) call. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fBSSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0 +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fBSSL_shutdown()\fR will only return once the +handshake step has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fBSSL_shutdown()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fBSSL_shutdown()\fR +to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the +return value of \fBSSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fBSSL_shutdown()\fR. +The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, +nothing is to be done, but \fBselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +After \fBSSL_shutdown()\fR returned 0, it is possible to call \fBSSL_shutdown()\fR again +to wait for the peer's close_notify alert. +\&\fBSSL_shutdown()\fR will return 1 in that case. +However, it is recommended to wait for it using \fBSSL_read()\fR instead. +.PP +\&\fBSSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" +state but not actually send the close_notify alert messages, +see \fBSSL_CTX_set_quiet_shutdown\fR\|(3). +When \*(L"quiet shutdown\*(R" is enabled, \fBSSL_shutdown()\fR will always succeed +and return 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.IP "0" 4 +The shutdown is not yet finished: the close_notify was sent but the peer +did not send it back yet. +Call \fBSSL_read()\fR to do a bidirectional shutdown. +The output of \fBSSL_get_error\fR\|(3) may be misleading, as an +erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. +.IP "1" 4 +.IX Item "1" +The shutdown was successfully completed. The close_notify alert was sent +and the peer's close_notify alert was received. +.IP "<0" 4 +.IX Item "<0" +The shutdown was not successful. +Call \fBSSL_get_error\fR\|(3) with the return value \fBret\fR to find out the reason. +It can occur if an action is needed to continue the operation for non-blocking +BIOs. +.Sp +It can also occur when not all data was read using \fBSSL_read()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_connect\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_clear\fR\|(3), \fBSSL_free\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_state_string.3 b/secure/lib/libcrypto/man/man3/SSL_state_string.3 new file mode 100644 index 000000000000..a331aa544346 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_state_string.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_STATE_STRING 3" +.TH SSL_STATE_STRING 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_state_string, SSL_state_string_long \- get textual description of state of an SSL object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const char *SSL_state_string(const SSL *ssl); +\& const char *SSL_state_string_long(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_state_string()\fR returns a 6 letter string indicating the current state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fBSSL_state_string_long()\fR returns a string indicating the current state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During its use, an \s-1SSL\s0 objects passes several states. The state is internally +maintained. Querying the state information is not very informative before +or when a connection has been established. It however can be of significant +interest during the handshake. +.PP +When using non-blocking sockets, the function call performing the handshake +may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition, +so that SSL_state_string[_long]() may be called. +.PP +For both blocking or non-blocking sockets, the details state information +can be used within the info_callback function set with the +\&\fBSSL_set_info_callback()\fR call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Detailed description of possible states to be included later. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_CTX_set_info_callback\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_want.3 b/secure/lib/libcrypto/man/man3/SSL_want.3 new file mode 100644 index 000000000000..6a801319b958 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_want.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_WANT 3" +.TH SSL_WANT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup, SSL_want_async, SSL_want_async_job, SSL_want_client_hello_cb \- obtain state information TLS/SSL I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_want(const SSL *ssl); +\& int SSL_want_nothing(const SSL *ssl); +\& int SSL_want_read(const SSL *ssl); +\& int SSL_want_write(const SSL *ssl); +\& int SSL_want_x509_lookup(const SSL *ssl); +\& int SSL_want_async(const SSL *ssl); +\& int SSL_want_async_job(const SSL *ssl); +\& int SSL_want_client_hello_cb(const SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. +.PP +The other SSL_want_*() calls are shortcuts for the possible states returned +by \fBSSL_want()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBSSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its +return values are similar to that of \fBSSL_get_error\fR\|(3). +Unlike \fBSSL_get_error\fR\|(3), which also evaluates the +error queue, the results are obtained by examining an internal state flag +only. The information must therefore only be used for normal operation under +non-blocking I/O. Error conditions are not handled and must be treated +using \fBSSL_get_error\fR\|(3). +.PP +The result returned by \fBSSL_want()\fR should always be consistent with +the result of \fBSSL_get_error\fR\|(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur for \fBSSL_want()\fR: +.IP "\s-1SSL_NOTHING\s0" 4 +.IX Item "SSL_NOTHING" +There is no data to be written or to be read. +.IP "\s-1SSL_WRITING\s0" 4 +.IX Item "SSL_WRITING" +There are data in the \s-1SSL\s0 buffer that must be written to the underlying +\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. +A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_WRITE.\s0 +.IP "\s-1SSL_READING\s0" 4 +.IX Item "SSL_READING" +More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to +complete the actual SSL_*() operation. +A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_READ.\s0 +.IP "\s-1SSL_X509_LOOKUP\s0" 4 +.IX Item "SSL_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fBSSL_CTX_set_client_cert_cb()\fR has asked to be called again. +A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0 +.IP "\s-1SSL_ASYNC_PAUSED\s0" 4 +.IX Item "SSL_ASYNC_PAUSED" +An asynchronous operation partially completed and was then paused. See +\&\fBSSL_get_all_async_fds\fR\|(3). A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_ASYNC.\s0 +.IP "\s-1SSL_ASYNC_NO_JOBS\s0" 4 +.IX Item "SSL_ASYNC_NO_JOBS" +The asynchronous job could not be started because there were no async jobs +available in the pool (see \fBASYNC_init_thread\fR\|(3)). A call to \fBSSL_get_error\fR\|(3) +should return \s-1SSL_ERROR_WANT_ASYNC_JOB.\s0 +.IP "\s-1SSL_CLIENT_HELLO_CB\s0" 4 +.IX Item "SSL_CLIENT_HELLO_CB" +The operation did not complete because an application callback set by +\&\fBSSL_CTX_set_client_hello_cb()\fR has asked to be called again. +A call to \fBSSL_get_error\fR\|(3) should return +\&\s-1SSL_ERROR_WANT_CLIENT_HELLO_CB.\s0 +.PP +\&\fBSSL_want_nothing()\fR, \fBSSL_want_read()\fR, \fBSSL_want_write()\fR, \fBSSL_want_x509_lookup()\fR, +\&\fBSSL_want_async()\fR, \fBSSL_want_async_job()\fR, and \fBSSL_want_client_hello_cb()\fR return +1, when the corresponding condition is true or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_get_error\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_want_client_hello_cb()\fR function and the \s-1SSL_CLIENT_HELLO_CB\s0 return value +were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/SSL_write.3 b/secure/lib/libcrypto/man/man3/SSL_write.3 new file mode 100644 index 000000000000..763769e63827 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/SSL_write.3 @@ -0,0 +1,251 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_WRITE 3" +.TH SSL_WRITE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_write_ex, SSL_write \- write bytes to a TLS/SSL connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written); +\& int SSL_write(SSL *ssl, const void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBSSL_write_ex()\fR and \fBSSL_write()\fR write \fBnum\fR bytes from the buffer \fBbuf\fR into +the specified \fBssl\fR connection. On success \fBSSL_write_ex()\fR will store the number +of bytes written in \fB*written\fR. +.SH "NOTES" +.IX Header "NOTES" +In the paragraphs below a \*(L"write function\*(R" is defined as one of either +\&\fBSSL_write_ex()\fR, or \fBSSL_write()\fR. +.PP +If necessary, a write function will negotiate a \s-1TLS/SSL\s0 session, if not already +explicitly performed by \fBSSL_connect\fR\|(3) or \fBSSL_accept\fR\|(3). If the peer +requests a re-negotiation, it will be performed transparently during +the write function operation. The behaviour of the write functions depends on the +underlying \s-1BIO.\s0 +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +\&\fBSSL_set_connect_state\fR\|(3) or \fBSSL_set_accept_state()\fR +before the first call to a write function. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, the write functions will only return, once +the write operation has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR the write functions will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of the function to continue +the operation. In this case a call to \fBSSL_get_error\fR\|(3) with the +return value of the write function will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR +or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a +call to a write function can also cause read operations! The calling process +then must repeat the call after taking appropriate action to satisfy the needs +of the write function. The action depends on the underlying \s-1BIO.\s0 When using a +non-blocking socket, nothing is to be done, but \fBselect()\fR can be used to check +for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data +must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +The write functions will only return with success when the complete contents of +\&\fBbuf\fR of length \fBnum\fR has been written. This default behaviour can be changed +with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of \fBSSL_CTX_set_mode\fR\|(3). When +this flag is set the write functions will also return with success when a +partial write has been successfully completed. In this case the write function +operation is considered completed. The bytes are sent and a new write call with +a new buffer (with the already sent bytes removed) must be started. A partial +write is performed with the size of a message block, which is 16kB. +.SH "WARNINGS" +.IX Header "WARNINGS" +When a write function call has to be repeated because \fBSSL_get_error\fR\|(3) +returned \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated +with the same arguments. +The data that was passed might have been partially processed. +When \fB\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0\fR was set using \fBSSL_CTX_set_mode\fR\|(3) +the pointer can be different, but the data and length should still be the same. +.PP +You should not call \fBSSL_write()\fR with num=0, it will return an error. +\&\fBSSL_write_ex()\fR can be called with num=0, but will not send application data to +the peer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBSSL_write_ex()\fR will return 1 for success or 0 for failure. Success means that +all requested application data bytes have been written to the \s-1SSL\s0 connection or, +if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use, at least 1 application data byte has +been written to the \s-1SSL\s0 connection. Failure means that not all the requested +bytes have been written yet (if \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is not in use) or +no bytes could be written to the \s-1SSL\s0 connection (if +\&\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 is in use). Failures can be retryable (e.g. the +network write buffer has temporarily filled up) or non-retryable (e.g. a fatal +network error). In the event of a failure call \fBSSL_get_error\fR\|(3) to find out +the reason which indicates whether the call is retryable or not. +.PP +For \fBSSL_write()\fR the following return values can occur: +.IP "> 0" 4 +.IX Item "> 0" +The write operation was successful, the return value is the number of +bytes actually written to the \s-1TLS/SSL\s0 connection. +.IP "<= 0" 4 +.IX Item "<= 0" +The write operation was not successful, because either the connection was +closed, an error occurred or action must be taken by the calling process. +Call \fBSSL_get_error()\fR with the return value \fBret\fR to find out the reason. +.Sp +Old documentation indicated a difference between 0 and \-1, and that \-1 was +retryable. +You should instead call \fBSSL_get_error()\fR to find out if it's retryable. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_error\fR\|(3), \fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3) +\&\fBSSL_CTX_set_mode\fR\|(3), \fBSSL_CTX_new\fR\|(3), +\&\fBSSL_connect\fR\|(3), \fBSSL_accept\fR\|(3) +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBssl\fR\|(7), \fBbio\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBSSL_write_ex()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/UI_STRING.3 b/secure/lib/libcrypto/man/man3/UI_STRING.3 new file mode 100644 index 000000000000..61109cec98bb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/UI_STRING.3 @@ -0,0 +1,274 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_STRING 3" +.TH UI_STRING 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_STRING, UI_string_types, UI_get_string_type, UI_get_input_flags, UI_get0_output_string, UI_get0_action_string, UI_get0_result_string, UI_get_result_string_length, UI_get0_test_string, UI_get_result_minsize, UI_get_result_maxsize, UI_set_result, UI_set_result_ex \&\- User interface string parsing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_string_st UI_STRING; +\& +\& enum UI_string_types { +\& UIT_NONE = 0, +\& UIT_PROMPT, /* Prompt for a string */ +\& UIT_VERIFY, /* Prompt for a string and verify */ +\& UIT_BOOLEAN, /* Prompt for a yes/no response */ +\& UIT_INFO, /* Send info to the user */ +\& UIT_ERROR /* Send an error message to the user */ +\& }; +\& +\& enum UI_string_types UI_get_string_type(UI_STRING *uis); +\& int UI_get_input_flags(UI_STRING *uis); +\& const char *UI_get0_output_string(UI_STRING *uis); +\& const char *UI_get0_action_string(UI_STRING *uis); +\& const char *UI_get0_result_string(UI_STRING *uis); +\& int UI_get_result_string_length(UI_STRING *uis); +\& const char *UI_get0_test_string(UI_STRING *uis); +\& int UI_get_result_minsize(UI_STRING *uis); +\& int UI_get_result_maxsize(UI_STRING *uis); +\& int UI_set_result(UI *ui, UI_STRING *uis, const char *result); +\& int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1UI_STRING\s0\fR gets created internally and added to a \fB\s-1UI\s0\fR whenever +one of the functions \fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, +\&\fBUI_add_verify_string()\fR, \fBUI_dup_verify_string()\fR, +\&\fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, \fBUI_add_info_string()\fR, +\&\fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR or \fBUI_dup_error_string()\fR +is called. +For a \fB\s-1UI_METHOD\s0\fR user, there's no need to know more. +For a \fB\s-1UI_METHOD\s0\fR creator, it is of interest to fetch text from these +\&\fB\s-1UI_STRING\s0\fR objects as well as adding results to some of them. +.PP +\&\fBUI_get_string_type()\fR is used to retrieve the type of the given +\&\fB\s-1UI_STRING\s0\fR. +.PP +\&\fBUI_get_input_flags()\fR is used to retrieve the flags associated with the +given \fB\s-1UI_STRING\s0\fR. +.PP +\&\fBUI_get0_output_string()\fR is used to retrieve the actual string to +output (prompt, info, error, ...). +.PP +\&\fBUI_get0_action_string()\fR is used to retrieve the action description +associated with a \fB\s-1UIT_BOOLEAN\s0\fR type \fB\s-1UI_STRING\s0\fR. +For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. +See \fBUI_add_input_boolean\fR\|(3). +.PP +\&\fBUI_get0_result_string()\fR and \fBUI_get_result_string_length()\fR are used to +retrieve the result of a prompt and its length. +This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \fBUI_get0_result_string()\fR returns \s-1NULL\s0 +and \fBUI_get_result_string_length()\fR returns \-1. +.PP +\&\fBUI_get0_test_string()\fR is used to retrieve the string to compare the +prompt result with. +This is only useful for \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \s-1NULL\s0 is returned. +.PP +\&\fBUI_get_result_minsize()\fR and \fBUI_get_result_maxsize()\fR are used to +retrieve the minimum and maximum required size of the result. +This is only useful for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings. +For all other \fB\s-1UI_STRING\s0\fR types, \-1 is returned. +.PP +\&\fBUI_set_result_ex()\fR is used to set the result value of a prompt and its length. +For \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, this sets the +result retrievable with \fBUI_get0_result_string()\fR by copying the +contents of \fBresult\fR if its length fits the minimum and maximum size +requirements. +For \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, this sets the first character of +the result retrievable with \fBUI_get0_result_string()\fR to the first +\&\fBok_char\fR given with \fBUI_add_input_boolean()\fR or \fBUI_dup_input_boolean()\fR +if the \fBresult\fR matched any of them, or the first of the +\&\fBcancel_chars\fR if the \fBresult\fR matched any of them, otherwise it's +set to the \s-1NUL\s0 char \f(CW\*(C`\e0\*(C'\fR. +See \fBUI_add_input_boolean\fR\|(3) for more information on \fBok_chars\fR and +\&\fBcancel_chars\fR. +.PP +\&\fBUI_set_result()\fR does the same thing as \fBUI_set_result_ex()\fR, but calculates +its length internally. +It expects the string to be terminated with a \s-1NUL\s0 byte, and is therefore +only useful with normal C strings. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBUI_get_string_type()\fR returns the \s-1UI\s0 string type. +.PP +\&\fBUI_get_input_flags()\fR returns the \s-1UI\s0 string flags. +.PP +\&\fBUI_get0_output_string()\fR returns the \s-1UI\s0 string output string. +.PP +\&\fBUI_get0_action_string()\fR returns the \s-1UI\s0 string action description +string for \fB\s-1UIT_BOOLEAN\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. +.PP +\&\fBUI_get0_result_string()\fR returns the \s-1UI\s0 string result buffer for +\&\fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other +type. +.PP +\&\fBUI_get_result_string_length()\fR returns the \s-1UI\s0 string result buffer's +content length for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, +\&\-1 for any other type. +.PP +\&\fBUI_get0_test_string()\fR returns the \s-1UI\s0 string action description +string for \fB\s-1UIT_VERIFY\s0\fR type \s-1UI\s0 strings, \s-1NULL\s0 for any other type. +.PP +\&\fBUI_get_result_minsize()\fR returns the minimum allowed result size for +the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, +\&\-1 for any other type. +.PP +\&\fBUI_get_result_maxsize()\fR returns the minimum allowed result size for +the \s-1UI\s0 string for \fB\s-1UIT_PROMPT\s0\fR and \fB\s-1UIT_VERIFY\s0\fR type strings, +\&\-1 for any other type. +.PP +\&\fBUI_set_result()\fR returns 0 on success or when the \s-1UI\s0 string is of any +type other than \fB\s-1UIT_PROMPT\s0\fR, \fB\s-1UIT_VERIFY\s0\fR or \fB\s-1UIT_BOOLEAN\s0\fR, \-1 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBUI\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 b/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 new file mode 100644 index 000000000000..40591abccc8c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/UI_UTIL_read_pw.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_UTIL_READ_PW 3" +.TH UI_UTIL_READ_PW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_UTIL_read_pw_string, UI_UTIL_read_pw, UI_UTIL_wrap_read_pem_callback \- user interface utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, +\& int verify); +\& int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, +\& int verify); +\& UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBUI_UTIL_read_pw_string()\fR asks for a passphrase, using \fBprompt\fR as a +prompt, and stores it in \fBbuf\fR. +The maximum allowed size is given with \fBlength\fR, including the +terminating \s-1NUL\s0 byte. +If \fBverify\fR is non-zero, the password will be verified as well. +.PP +\&\fBUI_UTIL_read_pw()\fR does the same as \fBUI_UTIL_read_pw_string()\fR, the +difference is that you can give it an external buffer \fBbuff\fR for the +verification passphrase. +.PP +\&\fBUI_UTIL_wrap_read_pem_callback()\fR can be used to create a temporary +\&\fB\s-1UI_METHOD\s0\fR that wraps a given \s-1PEM\s0 password callback \fBcb\fR. +\&\fBrwflag\fR is used to specify if this method will be used for +passphrase entry without (0) or with (1) verification. +When not used any more, the returned method should be freed with +\&\fBUI_destroy_method()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR use default +\&\fB\s-1UI_METHOD\s0\fR. +See \fBUI_get_default_method\fR\|(3) and friends for more information. +.PP +The result from the \fB\s-1UI_METHOD\s0\fR created by +\&\fBUI_UTIL_wrap_read_pem_callback()\fR will generate password strings in the +encoding that the given password callback generates. +The default password prompting functions (apart from +\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR, there is +\&\fBPEM_def_callback()\fR, \fBEVP_read_pw_string()\fR and \fBEVP_read_pw_string_min()\fR) +all use the default \fB\s-1UI_METHOD\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBUI_UTIL_read_pw_string()\fR and \fBUI_UTIL_read_pw()\fR return 0 on success or a negative +value on error. +.PP +\&\fBUI_UTIL_wrap_read_pem_callback()\fR returns a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBUI_get_default_method\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/UI_create_method.3 b/secure/lib/libcrypto/man/man3/UI_create_method.3 new file mode 100644 index 000000000000..0595e3261023 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/UI_create_method.3 @@ -0,0 +1,319 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_CREATE_METHOD 3" +.TH UI_CREATE_METHOD 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI_METHOD, UI_create_method, UI_destroy_method, UI_method_set_opener, UI_method_set_writer, UI_method_set_flusher, UI_method_set_reader, UI_method_set_closer, UI_method_set_data_duplicator, UI_method_set_prompt_constructor, UI_method_set_ex_data, UI_method_get_opener, UI_method_get_writer, UI_method_get_flusher, UI_method_get_reader, UI_method_get_closer, UI_method_get_data_duplicator, UI_method_get_data_destructor, UI_method_get_prompt_constructor, UI_method_get_ex_data \- user interface method creation and destruction +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_method_st UI_METHOD; +\& +\& UI_METHOD *UI_create_method(const char *name); +\& void UI_destroy_method(UI_METHOD *ui_method); +\& int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); +\& int UI_method_set_writer(UI_METHOD *method, +\& int (*writer) (UI *ui, UI_STRING *uis)); +\& int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)); +\& int UI_method_set_reader(UI_METHOD *method, +\& int (*reader) (UI *ui, UI_STRING *uis)); +\& int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)); +\& int UI_method_set_data_duplicator(UI_METHOD *method, +\& void *(*duplicator) (UI *ui, void *ui_data), +\& void (*destructor)(UI *ui, void *ui_data)); +\& int UI_method_set_prompt_constructor(UI_METHOD *method, +\& char *(*prompt_constructor) (UI *ui, +\& const char +\& *object_desc, +\& const char +\& *object_name)); +\& int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data); +\& int (*UI_method_get_opener(const UI_METHOD *method)) (UI *); +\& int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *); +\& int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *); +\& int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *); +\& int (*UI_method_get_closer(const UI_METHOD *method)) (UI *); +\& char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) +\& (UI *, const char *, const char *); +\& void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *); +\& void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *); +\& const void *UI_method_get_ex_data(const UI_METHOD *method, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A method contains a few functions that implement the low level of the +User Interface. +These functions are: +.IP "an opener" 4 +.IX Item "an opener" +This function takes a reference to a \s-1UI\s0 and starts a session, for +example by opening a channel to a tty, or by creating a dialog box. +.IP "a writer" 4 +.IX Item "a writer" +This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 String, and writes +the string where appropriate, maybe to the tty, maybe added as a field +label in a dialog box. +Note that this gets fed all strings associated with a \s-1UI,\s0 one after +the other, so care must be taken which ones it actually uses. +.IP "a flusher" 4 +.IX Item "a flusher" +This function takes a reference to a \s-1UI,\s0 and flushes everything that +has been output so far. +For example, if the method builds up a dialog box, this can be used to +actually display it and accepting input ended with a pressed button. +.IP "a reader" 4 +.IX Item "a reader" +This function takes a reference to a \s-1UI\s0 and a \s-1UI\s0 string and reads off +the given prompt, maybe from the tty, maybe from a field in a dialog +box. +Note that this gets fed all strings associated with a \s-1UI,\s0 one after +the other, so care must be taken which ones it actually uses. +.IP "a closer" 4 +.IX Item "a closer" +This function takes a reference to a \s-1UI,\s0 and closes the session, maybe +by closing the channel to the tty, maybe by destroying a dialog box. +.PP +All of these functions are expected to return 0 on error, 1 on +success, or \-1 on out-off-band events, for example if some prompting +has been cancelled (by pressing Ctrl-C, for example). +Only the flusher or the reader are expected to return \-1. +If returned by another of the functions, it's treated as if 0 was +returned. +.PP +Regarding the writer and the reader, don't assume the former should +only write and don't assume the latter should only read. +This depends on the needs of the method. +.PP +For example, a typical tty reader wouldn't write the prompts in the +write, but would rather do so in the reader, because of the sequential +nature of prompting on a tty. +This is how the \fBUI_OpenSSL()\fR method does it. +.PP +In contrast, a method that builds up a dialog box would add all prompt +text in the writer, have all input read in the flusher and store the +results in some temporary buffer, and finally have the reader just +fetch those results. +.PP +The central function that uses these method functions is \fBUI_process()\fR, +and it does it in five steps: +.IP "1." 4 +Open the session using the opener function if that one's defined. +If an error occurs, jump to 5. +.IP "2." 4 +For every \s-1UI\s0 String associated with the \s-1UI,\s0 call the writer function +if that one's defined. +If an error occurs, jump to 5. +.IP "3." 4 +Flush everything using the flusher function if that one's defined. +If an error occurs, jump to 5. +.IP "4." 4 +For every \s-1UI\s0 String associated with the \s-1UI,\s0 call the reader function +if that one's defined. +If an error occurs, jump to 5. +.IP "5." 4 +Close the session using the closer function if that one's defined. +.PP +\&\fBUI_create_method()\fR creates a new \s-1UI\s0 method with a given \fBname\fR. +.PP +\&\fBUI_destroy_method()\fR destroys the given \s-1UI\s0 method \fBui_method\fR. +.PP +\&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, +\&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR and +\&\fBUI_method_set_closer()\fR set the five main method function to the given +function pointer. +.PP +\&\fBUI_method_set_data_duplicator()\fR sets the user data duplicator and destructor. +See \fBUI_dup_user_data\fR\|(3). +.PP +\&\fBUI_method_set_prompt_constructor()\fR sets the prompt constructor. +See \fBUI_construct_prompt\fR\|(3). +.PP +\&\fBUI_method_set_ex_data()\fR sets application specific data with a given +\&\s-1EX_DATA\s0 index. +See \fBCRYPTO_get_ex_new_index\fR\|(3) for general information on how to +get that index. +.PP +\&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR, +\&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, +\&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, +\&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR +return the different method functions. +.PP +\&\fBUI_method_get_ex_data()\fR returns the application data previously stored +with \fBUI_method_set_ex_data()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBUI_create_method()\fR returns a \s-1UI_METHOD\s0 pointer on success, \s-1NULL\s0 on +error. +.PP +\&\fBUI_method_set_opener()\fR, \fBUI_method_set_writer()\fR, +\&\fBUI_method_set_flusher()\fR, \fBUI_method_set_reader()\fR, +\&\fBUI_method_set_closer()\fR, \fBUI_method_set_data_duplicator()\fR and +\&\fBUI_method_set_prompt_constructor()\fR +return 0 on success, \-1 if the given \fBmethod\fR is \s-1NULL.\s0 +.PP +\&\fBUI_method_set_ex_data()\fR returns 1 on success and 0 on error (because +\&\fBCRYPTO_set_ex_data()\fR does so). +.PP +\&\fBUI_method_get_opener()\fR, \fBUI_method_get_writer()\fR, +\&\fBUI_method_get_flusher()\fR, \fBUI_method_get_reader()\fR, +\&\fBUI_method_get_closer()\fR, \fBUI_method_get_data_duplicator()\fR, +\&\fBUI_method_get_data_destructor()\fR and \fBUI_method_get_prompt_constructor()\fR +return the requested function pointer if it's set in the method, +otherwise \s-1NULL.\s0 +.PP +\&\fBUI_method_get_ex_data()\fR returns a pointer to the application specific +data associated with the method. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBUI\s0\fR\|(3), \fBCRYPTO_get_ex_data\fR\|(3), \s-1\fBUI_STRING\s0\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBUI_method_set_data_duplicator()\fR, \fBUI_method_get_data_duplicator()\fR +and \fBUI_method_get_data_destructor()\fR functions were added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/UI_new.3 b/secure/lib/libcrypto/man/man3/UI_new.3 new file mode 100644 index 000000000000..957dc5243ada --- /dev/null +++ b/secure/lib/libcrypto/man/man3/UI_new.3 @@ -0,0 +1,376 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "UI_NEW 3" +.TH UI_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +UI, UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, UI_add_error_string, UI_dup_error_string, UI_construct_prompt, UI_add_user_data, UI_dup_user_data, UI_get0_user_data, UI_get0_result, UI_get_result_length, UI_process, UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, UI_set_method, UI_OpenSSL, UI_null \- user interface +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef struct ui_st UI; +\& +\& UI *UI_new(void); +\& UI *UI_new_method(const UI_METHOD *method); +\& void UI_free(UI *ui); +\& +\& int UI_add_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_dup_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_add_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, +\& const char *test_buf); +\& int UI_dup_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, +\& const char *test_buf); +\& int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_add_info_string(UI *ui, const char *text); +\& int UI_dup_info_string(UI *ui, const char *text); +\& int UI_add_error_string(UI *ui, const char *text); +\& int UI_dup_error_string(UI *ui, const char *text); +\& +\& char *UI_construct_prompt(UI *ui_method, +\& const char *object_desc, const char *object_name); +\& +\& void *UI_add_user_data(UI *ui, void *user_data); +\& int UI_dup_user_data(UI *ui, void *user_data); +\& void *UI_get0_user_data(UI *ui); +\& +\& const char *UI_get0_result(UI *ui, int i); +\& int UI_get_result_length(UI *ui, int i); +\& +\& int UI_process(UI *ui); +\& +\& int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); +\& +\& void UI_set_default_method(const UI_METHOD *meth); +\& const UI_METHOD *UI_get_default_method(void); +\& const UI_METHOD *UI_get_method(UI *ui); +\& const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); +\& +\& UI_METHOD *UI_OpenSSL(void); +\& const UI_METHOD *UI_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to +prompt the user for text-based information. Through user-written methods +(see \fBUI_create_method\fR\|(3)), prompting can be done in any way +imaginable, be it plain text prompting, through dialog boxes or from a +cell phone. +.PP +All the functions work through a context of the type \s-1UI.\s0 This context +contains all the information needed to prompt correctly as well as a +reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that +carry out the actual prompting. +.PP +The first thing to do is to create a \s-1UI\s0 with \fBUI_new()\fR or \fBUI_new_method()\fR, +then add information to it with the UI_add or UI_dup functions. Also, +user-defined random data can be passed down to the underlying method +through calls to \fBUI_add_user_data()\fR or \fBUI_dup_user_data()\fR. The default +\&\s-1UI\s0 method doesn't care about these data, but other methods might. Finally, +use \fBUI_process()\fR to actually perform the prompting and \fBUI_get0_result()\fR +and \fBUI_get_result_length()\fR to find the result to the prompt and its length. +.PP +A \s-1UI\s0 can contain more than one prompt, which are performed in the given +sequence. Each prompt gets an index number which is returned by the +UI_add and UI_dup functions, and has to be used to get the corresponding +result with \fBUI_get0_result()\fR and \fBUI_get_result_length()\fR. +.PP +\&\fBUI_process()\fR can be called more than once on the same \s-1UI,\s0 thereby allowing +a \s-1UI\s0 to have a long lifetime, but can just as well have a short lifetime. +.PP +The functions are as follows: +.PP +\&\fBUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with +this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. +.PP +\&\fBUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with +this \s-1UI,\s0 it should be freed using \fBUI_free()\fR. +.PP +\&\fBUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not necessarily the +default one, since the default can be changed. See further on). This +method is the most machine/OS dependent part of OpenSSL and normally +generates the most problems when porting. +.PP +\&\fBUI_null()\fR returns a \s-1UI\s0 method that does nothing. Its use is to avoid +getting internal defaults for passed \s-1UI_METHOD\s0 pointers. +.PP +\&\fBUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory +that's connected to it, like duplicated input strings, results and others. +If \fBui\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBUI_add_input_string()\fR and \fBUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0 +as well as flags and a result buffer and the desired minimum and maximum +sizes of the result, not counting the final \s-1NUL\s0 character. The given +information is used to prompt for information, for example a password, +and to verify a password (i.e. having the user enter it twice and check +that the same string was entered twice). \fBUI_add_verify_string()\fR takes +and extra argument that should be a pointer to the result buffer of the +input string that it's supposed to verify, or verification will fail. +.PP +\&\fBUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered +in a boolean way, with a single character for yes and a different character +for no. A set of characters that can be used to cancel the prompt is given +as well. The prompt itself is divided in two, one part being the +descriptive text (given through the \fIprompt\fR argument) and one describing +the possible answers (given through the \fIaction_desc\fR argument). +.PP +\&\fBUI_add_info_string()\fR and \fBUI_add_error_string()\fR add strings that are shown at +the same time as the prompt for extra information or to show an error string. +The difference between the two is only conceptual. With the builtin method, +there's no technical difference between them. Other methods may make a +difference between them, however. +.PP +The flags currently supported are \fB\s-1UI_INPUT_FLAG_ECHO\s0\fR, which is relevant for +\&\fBUI_add_input_string()\fR and will have the users response be echoed (when +prompting for a password, this flag should obviously not be used, and +\&\fB\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0\fR, which means that a default password of some +sort will be used (completely depending on the application and the \s-1UI\s0 +method). +.PP +\&\fBUI_dup_input_string()\fR, \fBUI_dup_verify_string()\fR, \fBUI_dup_input_boolean()\fR, +\&\fBUI_dup_info_string()\fR and \fBUI_dup_error_string()\fR are basically the same +as their UI_add counterparts, except that they make their own copies +of all strings. +.PP +\&\fBUI_construct_prompt()\fR is a helper function that can be used to create +a prompt from two pieces of information: an description and a name. +The default constructor (if there is none provided by the method used) +creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the +description \*(R"pass phrase\*(L" and the file name \*(R"foo.key\*(L", that becomes +\&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever +string and may include encodings that will be processed by the other +method functions. +.PP +\&\fBUI_add_user_data()\fR adds a user data pointer for the method to use at any +time. The builtin \s-1UI\s0 method doesn't care about this info. Note that several +calls to this function doesn't add data, it replaces the previous blob +with the one given as argument. +.PP +\&\fBUI_dup_user_data()\fR duplicates the user data and works as an alternative +to \fBUI_add_user_data()\fR when the user data needs to be preserved for a longer +duration, perhaps even the lifetime of the application. The \s-1UI\s0 object takes +ownership of this duplicate and will free it whenever it gets replaced or +the \s-1UI\s0 is destroyed. \fBUI_dup_user_data()\fR returns 0 on success, or \-1 on memory +allocation failure or if the method doesn't have a duplicator function. +.PP +\&\fBUI_get0_user_data()\fR retrieves the data that has last been given to the +\&\s-1UI\s0 with \fBUI_add_user_data()\fR or UI_dup_user_data. +.PP +\&\fBUI_get0_result()\fR returns a pointer to the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fBUI_get_result_length()\fR returns the length of the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fBUI_process()\fR goes through the information given so far, does all the printing +and prompting and returns the final status, which is \-2 on out-of-band events +(Interrupt, Cancel, ...), \-1 on error and 0 on success. +.PP +\&\fBUI_ctrl()\fR adds extra control for the application author. For now, it +understands two commands: \fB\s-1UI_CTRL_PRINT_ERRORS\s0\fR, which makes \fBUI_process()\fR +print the OpenSSL error stack as part of processing the \s-1UI,\s0 and +\&\fB\s-1UI_CTRL_IS_REDOABLE\s0\fR, which returns a flag saying if the used \s-1UI\s0 can +be used again or not. +.PP +\&\fBUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. +.PP +\&\fBUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. +.PP +\&\fBUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0 +.PP +\&\fBUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0 +.SH "NOTES" +.IX Header "NOTES" +The resulting strings that the built in method \fBUI_OpenSSL()\fR generate +are assumed to be encoded according to the current locale or (for +Windows) code page. +For applications having different demands, these strings need to be +converted appropriately by the caller. +For Windows, if the \s-1OPENSSL_WIN32_UTF8\s0 environment variable is set, +the built-in method \fBUI_OpenSSL()\fR will produce \s-1UTF\-8\s0 encoded strings +instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBUI_new()\fR and \fBUI_new_method()\fR return a valid \fB\s-1UI\s0\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBUI_add_input_string()\fR, \fBUI_dup_input_string()\fR, \fBUI_add_verify_string()\fR, +\&\fBUI_dup_verify_string()\fR, \fBUI_add_input_boolean()\fR, \fBUI_dup_input_boolean()\fR, +\&\fBUI_add_info_string()\fR, \fBUI_dup_info_string()\fR, \fBUI_add_error_string()\fR +and \fBUI_dup_error_string()\fR return a positive number on success or a value which +is less than or equal to 0 otherwise. +.PP +\&\fBUI_construct_prompt()\fR returns a string or \s-1NULL\s0 if an error occurred. +.PP +\&\fBUI_dup_user_data()\fR returns 0 on success or \-1 on error. +.PP +\&\fBUI_get0_result()\fR returns a string or \s-1NULL\s0 on error. +.PP +\&\fBUI_get_result_length()\fR returns a positive integer or 0 on success; otherwise it +returns \-1 on error. +.PP +\&\fBUI_process()\fR returns 0 on success or a negative value on error. +.PP +\&\fBUI_ctrl()\fR returns a mask on success or \-1 on error. +.PP +\&\fBUI_get_default_method()\fR, \fBUI_get_method()\fR, \fBUI_OpenSSL()\fR, \fBUI_null()\fR and +\&\fBUI_set_method()\fR return either a valid \fB\s-1UI_METHOD\s0\fR structure or \s-1NULL\s0 +respectively. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBUI_dup_user_data()\fR function was added in OpenSSL 1.1.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 b/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 new file mode 100644 index 000000000000..cb8e597984e2 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509V3_get_d2i.3 @@ -0,0 +1,375 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_GET_D2I 3" +.TH X509V3_GET_D2I 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions, X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, X509_get_ext_d2i, X509_add1_ext_i2d, X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d \- X509 extension decode and encode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, +\& int *idx); +\& int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, +\& int crit, unsigned long flags); +\& +\& void *X509V3_EXT_d2i(X509_EXTENSION *ext); +\& X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext); +\& +\& void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +\& int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx); +\& int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *r, int nid, int *crit, int *idx); +\& int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit, +\& unsigned long flags); +\& +\& const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +\& const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +\& const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509V3_get_ext_d2i()\fR looks for an extension with \s-1OID\s0 \fBnid\fR in the extensions +\&\fBx\fR and, if found, decodes it. If \fBidx\fR is \fB\s-1NULL\s0\fR then only one +occurrence of an extension is permissible otherwise the first extension after +index \fB*idx\fR is returned and \fB*idx\fR updated to the location of the extension. +If \fBcrit\fR is not \fB\s-1NULL\s0\fR then \fB*crit\fR is set to a status value: \-2 if the +extension occurs multiple times (this is only returned if \fBidx\fR is \fB\s-1NULL\s0\fR), +\&\-1 if the extension could not be found, 0 if the extension is found and is +not critical and 1 if critical. A pointer to an extension specific structure +or \fB\s-1NULL\s0\fR is returned. +.PP +\&\fBX509V3_add1_i2d()\fR adds extension \fBvalue\fR to \s-1STACK\s0 \fB*x\fR (allocating a new +\&\s-1STACK\s0 if necessary) using \s-1OID\s0 \fBnid\fR and criticality \fBcrit\fR according +to \fBflags\fR. +.PP +\&\fBX509V3_EXT_d2i()\fR attempts to decode the \s-1ASN.1\s0 data contained in extension +\&\fBext\fR and returns a pointer to an extension specific structure or \fB\s-1NULL\s0\fR +if the extension could not be decoded (invalid syntax or not supported). +.PP +\&\fBX509V3_EXT_i2d()\fR encodes the extension specific structure \fBext\fR +with \s-1OID\s0 \fBext_nid\fR and criticality \fBcrit\fR. +.PP +\&\fBX509_get_ext_d2i()\fR and \fBX509_add1_ext_i2d()\fR operate on the extensions of +certificate \fBx\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and +\&\fBX509V3_add_i2d()\fR. +.PP +\&\fBX509_CRL_get_ext_d2i()\fR and \fBX509_CRL_add1_ext_i2d()\fR operate on the extensions +of \s-1CRL\s0 \fBcrl\fR, they are otherwise identical to \fBX509V3_get_d2i()\fR and +\&\fBX509V3_add_i2d()\fR. +.PP +\&\fBX509_REVOKED_get_ext_d2i()\fR and \fBX509_REVOKED_add1_ext_i2d()\fR operate on the +extensions of \fBX509_REVOKED\fR structure \fBr\fR (i.e for \s-1CRL\s0 entry extensions), +they are otherwise identical to \fBX509V3_get_d2i()\fR and \fBX509V3_add_i2d()\fR. +.PP +\&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and +\&\fBX509_REVOKED_get0_extensions()\fR return a stack of all the extensions +of a certificate a \s-1CRL\s0 or a \s-1CRL\s0 entry respectively. +.SH "NOTES" +.IX Header "NOTES" +In almost all cases an extension can occur at most once and multiple +occurrences is an error. Therefore the \fBidx\fR parameter is usually \fB\s-1NULL\s0\fR. +.PP +The \fBflags\fR parameter may be one of the following values. +.PP +\&\fBX509V3_ADD_DEFAULT\fR appends a new extension only if the extension does +not already exist. An error is returned if the extension does already +exist. +.PP +\&\fBX509V3_ADD_APPEND\fR appends a new extension, ignoring whether the extension +already exists. +.PP +\&\fBX509V3_ADD_REPLACE\fR replaces an extension if it exists otherwise appends +a new extension. +.PP +\&\fBX509V3_ADD_REPLACE_EXISTING\fR replaces an existing extension if it exists +otherwise returns an error. +.PP +\&\fBX509V3_ADD_KEEP_EXISTING\fR appends a new extension only if the extension does +not already exist. An error \fBis not\fR returned if the extension does already +exist. +.PP +\&\fBX509V3_ADD_DELETE\fR extension \fBnid\fR is deleted: no new extension is added. +.PP +If \fBX509V3_ADD_SILENT\fR is ored with \fBflags\fR: any error returned will not +be added to the error queue. +.PP +The function \fBX509V3_get_d2i()\fR will return \fB\s-1NULL\s0\fR if the extension is not +found, occurs multiple times or cannot be decoded. It is possible to +determine the precise reason by checking the value of \fB*crit\fR. +.SH "SUPPORTED EXTENSIONS" +.IX Header "SUPPORTED EXTENSIONS" +The following sections contain a list of all supported extensions +including their name and \s-1NID.\s0 +.SS "\s-1PKIX\s0 Certificate Extensions" +.IX Subsection "PKIX Certificate Extensions" +The following certificate extensions are defined in \s-1PKIX\s0 standards such as +\&\s-1RFC5280.\s0 +.PP +.Vb 3 +\& Basic Constraints NID_basic_constraints +\& Key Usage NID_key_usage +\& Extended Key Usage NID_ext_key_usage +\& +\& Subject Key Identifier NID_subject_key_identifier +\& Authority Key Identifier NID_authority_key_identifier +\& +\& Private Key Usage Period NID_private_key_usage_period +\& +\& Subject Alternative Name NID_subject_alt_name +\& Issuer Alternative Name NID_issuer_alt_name +\& +\& Authority Information Access NID_info_access +\& Subject Information Access NID_sinfo_access +\& +\& Name Constraints NID_name_constraints +\& +\& Certificate Policies NID_certificate_policies +\& Policy Mappings NID_policy_mappings +\& Policy Constraints NID_policy_constraints +\& Inhibit Any Policy NID_inhibit_any_policy +\& +\& TLS Feature NID_tlsfeature +.Ve +.SS "Netscape Certificate Extensions" +.IX Subsection "Netscape Certificate Extensions" +The following are (largely obsolete) Netscape certificate extensions. +.PP +.Vb 8 +\& Netscape Cert Type NID_netscape_cert_type +\& Netscape Base Url NID_netscape_base_url +\& Netscape Revocation Url NID_netscape_revocation_url +\& Netscape CA Revocation Url NID_netscape_ca_revocation_url +\& Netscape Renewal Url NID_netscape_renewal_url +\& Netscape CA Policy Url NID_netscape_ca_policy_url +\& Netscape SSL Server Name NID_netscape_ssl_server_name +\& Netscape Comment NID_netscape_comment +.Ve +.SS "Miscellaneous Certificate Extensions" +.IX Subsection "Miscellaneous Certificate Extensions" +.Vb 2 +\& Strong Extranet ID NID_sxnet +\& Proxy Certificate Information NID_proxyCertInfo +.Ve +.SS "\s-1PKIX CRL\s0 Extensions" +.IX Subsection "PKIX CRL Extensions" +The following are \s-1CRL\s0 extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0 +.PP +.Vb 6 +\& CRL Number NID_crl_number +\& CRL Distribution Points NID_crl_distribution_points +\& Delta CRL Indicator NID_delta_crl +\& Freshest CRL NID_freshest_crl +\& Invalidity Date NID_invalidity_date +\& Issuing Distribution Point NID_issuing_distribution_point +.Ve +.PP +The following are \s-1CRL\s0 entry extensions from \s-1PKIX\s0 standards such as \s-1RFC5280.\s0 +.PP +.Vb 2 +\& CRL Reason Code NID_crl_reason +\& Certificate Issuer NID_certificate_issuer +.Ve +.SS "\s-1OCSP\s0 Extensions" +.IX Subsection "OCSP Extensions" +.Vb 7 +\& OCSP Nonce NID_id_pkix_OCSP_Nonce +\& OCSP CRL ID NID_id_pkix_OCSP_CrlID +\& Acceptable OCSP Responses NID_id_pkix_OCSP_acceptableResponses +\& OCSP No Check NID_id_pkix_OCSP_noCheck +\& OCSP Archive Cutoff NID_id_pkix_OCSP_archiveCutoff +\& OCSP Service Locator NID_id_pkix_OCSP_serviceLocator +\& Hold Instruction Code NID_hold_instruction_code +.Ve +.SS "Certificate Transparency Extensions" +.IX Subsection "Certificate Transparency Extensions" +The following extensions are used by certificate transparency, \s-1RFC6962\s0 +.PP +.Vb 2 +\& CT Precertificate SCTs NID_ct_precert_scts +\& CT Certificate SCTs NID_ct_cert_scts +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509V3_EXT_d2i()\fR and *\fBX509V3_get_d2i()\fR return a pointer to an extension +specific structure of \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509V3_EXT_i2d()\fR returns a pointer to an \fBX509_EXTENSION\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509V3_add1_i2d()\fR returns 1 if the operation is successful and 0 if it +fails due to a non-fatal error (extension not found, already exists, +cannot be encoded) or \-1 due to a fatal error such as a memory allocation +failure. +.PP +\&\fBX509_get0_extensions()\fR, \fBX509_CRL_get0_extensions()\fR and +\&\fBX509_REVOKED_get0_extensions()\fR return a stack of extensions. They return +\&\s-1NULL\s0 if no extensions are present. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 b/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 new file mode 100644 index 000000000000..3342bff2ea5f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_ALGOR_dup.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_ALGOR_DUP 3" +.TH X509_ALGOR_DUP 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp \- AlgorithmIdentifier functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg); +\& int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); +\& void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, +\& const void **ppval, const X509_ALGOR *alg); +\& void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +\& int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_ALGOR_dup()\fR returns a copy of \fBalg\fR. +.PP +\&\fBX509_ALGOR_set0()\fR sets the algorithm \s-1OID\s0 of \fBalg\fR to \fBaobj\fR and the +associated parameter type to \fBptype\fR with value \fBpval\fR. If \fBptype\fR is +\&\fBV_ASN1_UNDEF\fR the parameter is omitted, otherwise \fBptype\fR and \fBpval\fR have +the same meaning as the \fBtype\fR and \fBvalue\fR parameters to \fBASN1_TYPE_set()\fR. +All the supplied parameters are used internally so must \fB\s-1NOT\s0\fR be freed after +this call. +.PP +\&\fBX509_ALGOR_get0()\fR is the inverse of \fBX509_ALGOR_set0()\fR: it returns the +algorithm \s-1OID\s0 in \fB*paobj\fR and the associated parameter in \fB*pptype\fR +and \fB*ppval\fR from the \fBAlgorithmIdentifier\fR \fBalg\fR. +.PP +\&\fBX509_ALGOR_set_md()\fR sets the \fBAlgorithmIdentifier\fR \fBalg\fR to appropriate +values for the message digest \fBmd\fR. +.PP +\&\fBX509_ALGOR_cmp()\fR compares \fBa\fR and \fBb\fR and returns 0 if they have identical +encodings and non-zero otherwise. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_ALGOR_dup()\fR returns a valid \fBX509_ALGOR\fR structure or \s-1NULL\s0 if an error +occurred. +.PP +\&\fBX509_ALGOR_set0()\fR returns 1 on success or 0 on error. +.PP +\&\fBX509_ALGOR_get0()\fR and \fBX509_ALGOR_set_md()\fR return no values. +.PP +\&\fBX509_ALGOR_cmp()\fR returns 0 if the two parameters have identical encodings and +non-zero otherwise. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 b/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 new file mode 100644 index 000000000000..511585c2568a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_CRL_get0_by_serial.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CRL_GET0_BY_SERIAL 3" +.TH X509_CRL_GET0_BY_SERIAL 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_CRL_get0_by_serial, X509_CRL_get0_by_cert, X509_CRL_get_REVOKED, X509_REVOKED_get0_serialNumber, X509_REVOKED_get0_revocationDate, X509_REVOKED_set_serialNumber, X509_REVOKED_set_revocationDate, X509_CRL_add0_revoked, X509_CRL_sort \- CRL revoked entry utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_CRL_get0_by_serial(X509_CRL *crl, +\& X509_REVOKED **ret, ASN1_INTEGER *serial); +\& int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); +\& +\& STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +\& +\& const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *r); +\& const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *r); +\& +\& int X509_REVOKED_set_serialNumber(X509_REVOKED *r, ASN1_INTEGER *serial); +\& int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +\& +\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +\& +\& int X509_CRL_sort(X509_CRL *crl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_CRL_get0_by_serial()\fR attempts to find a revoked entry in \fBcrl\fR for +serial number \fBserial\fR. If it is successful it sets \fB*ret\fR to the internal +pointer of the matching entry, as a result \fB*ret\fR must not be freed up +after the call. +.PP +\&\fBX509_CRL_get0_by_cert()\fR is similar to \fBX509_get0_by_serial()\fR except it +looks for a revoked entry using the serial number of certificate \fBx\fR. +.PP +\&\fBX509_CRL_get_REVOKED()\fR returns an internal pointer to a stack of all +revoked entries for \fBcrl\fR. +.PP +\&\fBX509_REVOKED_get0_serialNumber()\fR returns an internal pointer to the +serial number of \fBr\fR. +.PP +\&\fBX509_REVOKED_get0_revocationDate()\fR returns an internal pointer to the +revocation date of \fBr\fR. +.PP +\&\fBX509_REVOKED_set_serialNumber()\fR sets the serial number of \fBr\fR to \fBserial\fR. +The supplied \fBserial\fR pointer is not used internally so it should be +freed up after use. +.PP +\&\fBX509_REVOKED_set_revocationDate()\fR sets the revocation date of \fBr\fR to +\&\fBtm\fR. The supplied \fBtm\fR pointer is not used internally so it should be +freed up after use. +.PP +\&\fBX509_CRL_add0_revoked()\fR appends revoked entry \fBrev\fR to \s-1CRL\s0 \fBcrl\fR. The +pointer \fBrev\fR is used internally so it must not be freed up after the call: +it is freed when the parent \s-1CRL\s0 is freed. +.PP +\&\fBX509_CRL_sort()\fR sorts the revoked entries of \fBcrl\fR into ascending serial +number order. +.SH "NOTES" +.IX Header "NOTES" +Applications can determine the number of revoked entries returned by +\&\fBX509_CRL_get_revoked()\fR using \fBsk_X509_REVOKED_num()\fR and examine each one +in turn using \fBsk_X509_REVOKED_value()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_CRL_get0_by_serial()\fR and \fBX509_CRL_get0_by_cert()\fR return 0 for failure, +1 on success except if the revoked entry has the reason \f(CW\*(C`removeFromCRL\*(C'\fR (8), +in which case 2 is returned. +.PP +\&\fBX509_REVOKED_set_serialNumber()\fR, \fBX509_REVOKED_set_revocationDate()\fR, +\&\fBX509_CRL_add0_revoked()\fR and \fBX509_CRL_sort()\fR return 1 for success and 0 for +failure. +.PP +\&\fBX509_REVOKED_get0_serialNumber()\fR returns an \fB\s-1ASN1_INTEGER\s0\fR pointer. +.PP +\&\fBX509_REVOKED_get0_revocationDate()\fR returns an \fB\s-1ASN1_TIME\s0\fR value. +.PP +\&\fBX509_CRL_get_REVOKED()\fR returns a \s-1STACK\s0 of revoked entries. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 b/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 new file mode 100644 index 000000000000..3c612c6840e7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_EXTENSION_set_object.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_EXTENSION_SET_OBJECT 3" +.TH X509_EXTENSION_SET_OBJECT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_EXTENSION_set_object, X509_EXTENSION_set_critical, X509_EXTENSION_set_data, X509_EXTENSION_create_by_NID, X509_EXTENSION_create_by_OBJ, X509_EXTENSION_get_object, X509_EXTENSION_get_critical, X509_EXTENSION_get_data \- extension utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); +\& int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +\& int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); +\& +\& X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, +\& int nid, int crit, +\& ASN1_OCTET_STRING *data); +\& X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, +\& const ASN1_OBJECT *obj, int crit, +\& ASN1_OCTET_STRING *data); +\& +\& ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); +\& int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); +\& ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_EXTENSION_set_object()\fR sets the extension type of \fBex\fR to \fBobj\fR. The +\&\fBobj\fR pointer is duplicated internally so \fBobj\fR should be freed up after use. +.PP +\&\fBX509_EXTENSION_set_critical()\fR sets the criticality of \fBex\fR to \fBcrit\fR. If +\&\fBcrit\fR is zero the extension in non-critical otherwise it is critical. +.PP +\&\fBX509_EXTENSION_set_data()\fR sets the data in extension \fBex\fR to \fBdata\fR. The +\&\fBdata\fR pointer is duplicated internally. +.PP +\&\fBX509_EXTENSION_create_by_NID()\fR creates an extension of type \fBnid\fR, +criticality \fBcrit\fR using data \fBdata\fR. The created extension is returned and +written to \fB*ex\fR reusing or allocating a new extension if necessary so \fB*ex\fR +should either be \fB\s-1NULL\s0\fR or a valid \fBX509_EXTENSION\fR structure it must +\&\fBnot\fR be an uninitialised pointer. +.PP +\&\fBX509_EXTENSION_create_by_OBJ()\fR is identical to \fBX509_EXTENSION_create_by_NID()\fR +except it creates and extension using \fBobj\fR instead of a \s-1NID.\s0 +.PP +\&\fBX509_EXTENSION_get_object()\fR returns the extension type of \fBex\fR as an +\&\fB\s-1ASN1_OBJECT\s0\fR pointer. The returned pointer is an internal value which must +not be freed up. +.PP +\&\fBX509_EXTENSION_get_critical()\fR returns the criticality of extension \fBex\fR it +returns \fB1\fR for critical and \fB0\fR for non-critical. +.PP +\&\fBX509_EXTENSION_get_data()\fR returns the data of extension \fBex\fR. The returned +pointer is an internal value which must not be freed up. +.SH "NOTES" +.IX Header "NOTES" +These functions manipulate the contents of an extension directly. Most +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +\&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. +.PP +The \fBdata\fR associated with an extension is the extension encoding in an +\&\fB\s-1ASN1_OCTET_STRING\s0\fR structure. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_EXTENSION_set_object()\fR \fBX509_EXTENSION_set_critical()\fR and +\&\fBX509_EXTENSION_set_data()\fR return \fB1\fR for success and \fB0\fR for failure. +.PP +\&\fBX509_EXTENSION_create_by_NID()\fR and \fBX509_EXTENSION_create_by_OBJ()\fR return +an \fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509_EXTENSION_get_object()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR pointer. +.PP +\&\fBX509_EXTENSION_get_critical()\fR returns \fB0\fR for non-critical and \fB1\fR for +critical. +.PP +\&\fBX509_EXTENSION_get_data()\fR returns an \fB\s-1ASN1_OCTET_STRING\s0\fR pointer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509V3_get_d2i\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 b/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 new file mode 100644 index 000000000000..d3f4d8ed599b --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 @@ -0,0 +1,264 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP_HASH_DIR 3" +.TH X509_LOOKUP_HASH_DIR 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file, X509_load_cert_crl_file \- Default OpenSSL certificate lookup methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +\& X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +\& +\& int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +\& int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +\& int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_LOOKUP_hash_dir\fR and \fBX509_LOOKUP_file\fR are two certificate +lookup methods to use with \fBX509_STORE\fR, provided by OpenSSL library. +.PP +Users of the library typically do not need to create instances of these +methods manually, they would be created automatically by +\&\fBX509_STORE_load_locations\fR\|(3) or +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +functions. +.PP +Internally loading of certificates and CRLs is implemented via functions +\&\fBX509_load_cert_crl_file\fR, \fBX509_load_cert_file\fR and +\&\fBX509_load_crl_file\fR. These functions support parameter \fItype\fR, which +can be one of constants \fB\s-1FILETYPE_PEM\s0\fR, \fB\s-1FILETYPE_ASN1\s0\fR and +\&\fB\s-1FILETYPE_DEFAULT\s0\fR. They load certificates and/or CRLs from specified +file into memory cache of \fBX509_STORE\fR objects which given \fBctx\fR +parameter is associated with. +.PP +Functions \fBX509_load_cert_file\fR and +\&\fBX509_load_crl_file\fR can load both \s-1PEM\s0 and \s-1DER\s0 formats depending of +type value. Because \s-1DER\s0 format cannot contain more than one certificate +or \s-1CRL\s0 object (while \s-1PEM\s0 can contain several concatenated \s-1PEM\s0 objects) +\&\fBX509_load_cert_crl_file\fR with \fB\s-1FILETYPE_ASN1\s0\fR is equivalent to +\&\fBX509_load_cert_file\fR. +.PP +Constant \fB\s-1FILETYPE_DEFAULT\s0\fR with \s-1NULL\s0 filename causes these functions +to load default certificate store file (see +\&\fBX509_STORE_set_default_paths\fR\|(3). +.PP +Functions return number of objects loaded from file or 0 in case of +error. +.PP +Both methods support adding several certificate locations into one +\&\fBX509_STORE\fR. +.PP +This page documents certificate store formats used by these methods and +caching policy. +.SS "File Method" +.IX Subsection "File Method" +The \fBX509_LOOKUP_file\fR method loads all the certificates or CRLs +present in a file into memory at the time the file is added as a +lookup source. +.PP +File format is \s-1ASCII\s0 text which contains concatenated \s-1PEM\s0 certificates +and CRLs. +.PP +This method should be used by applications which work with a small +set of CAs. +.SS "Hashed Directory Method" +.IX Subsection "Hashed Directory Method" +\&\fBX509_LOOKUP_hash_dir\fR is a more advanced method, which loads +certificates and CRLs on demand, and caches them in memory once +they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs +upon each lookup, so that newer CRLs are as soon as they appear in +the directory. +.PP +The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format, +with a file name of the form \fIhash\fR.\fIN\fR for a certificate, or +\&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL.\s0 +The \fIhash\fR is the value returned by the \fBX509_NAME_hash\fR\|(3) function applied +to the subject name for certificates or issuer name for CRLs. +The hash can also be obtained via the \fB\-hash\fR option of the \fBx509\fR\|(1) or +\&\fBcrl\fR\|(1) commands. +.PP +The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is +incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR +value. +Gaps in the sequence numbers are not supported, it is assumed that there are no +more objects with the same hash beyond the first missing number in the +sequence. +.PP +Sequence numbers make it possible for the directory to contain multiple +certificates with same subject name hash value. +For example, it is possible to have in the store several certificates with same +subject or several CRLs with same issuer (and, for example, different validity +period). +.PP +When checking for new CRLs once one \s-1CRL\s0 for given hash value is +loaded, hash_dir lookup method checks only for certificates with +sequence number greater than that of the already cached \s-1CRL.\s0 +.PP +Note that the hash algorithm used for subject name hashing changed in OpenSSL +1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL +0.9.8 to 1.0.0. +.PP +OpenSSL includes a \fBrehash\fR\|(1) utility which creates symlinks with correct +hashed names for all files with .pem suffix in a given directory. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_LOOKUP_hash_dir()\fR and \fBX509_LOOKUP_file()\fR always return a valid +\&\fBX509_LOOKUP_METHOD\fR structure. +.PP +\&\fBX509_load_cert_file()\fR, \fBX509_load_crl_file()\fR and \fBX509_load_cert_crl_file()\fR return +the number of loaded objects or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_read_PrivateKey\fR\|(3), +\&\fBX509_STORE_load_locations\fR\|(3), +\&\fBX509_store_add_lookup\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3), +\&\fBX509_LOOKUP_meth_new\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 b/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 new file mode 100644 index 000000000000..98105df74981 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_LOOKUP_meth_new.3 @@ -0,0 +1,313 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_LOOKUP_METH_NEW 3" +.TH X509_LOOKUP_METH_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item, X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free, X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init, X509_LOOKUP_meth_get_init, X509_LOOKUP_meth_set_shutdown, X509_LOOKUP_meth_get_shutdown, X509_LOOKUP_ctrl_fn, X509_LOOKUP_meth_set_ctrl, X509_LOOKUP_meth_get_ctrl, X509_LOOKUP_get_by_subject_fn, X509_LOOKUP_meth_set_get_by_subject, X509_LOOKUP_meth_get_get_by_subject, X509_LOOKUP_get_by_issuer_serial_fn, X509_LOOKUP_meth_set_get_by_issuer_serial, X509_LOOKUP_meth_get_get_by_issuer_serial, X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint, X509_LOOKUP_meth_get_get_by_fingerprint, X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias, X509_LOOKUP_meth_get_get_by_alias, X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data, X509_LOOKUP_get_store, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL \&\- Routines to build up X509_LOOKUP methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name); +\& void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method); +\& +\& int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, +\& int (*new_item) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method, +\& void (*free) (X509_LOOKUP *ctx)); +\& void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, +\& int (*init) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method, +\& int (*shutdown) (X509_LOOKUP *ctx)); +\& int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) +\& (X509_LOOKUP *ctx); +\& +\& typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc, +\& long argl, char **ret); +\& int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_ctrl_fn ctrl_fn); +\& X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& X509_NAME *name, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_subject_fn fn); +\& X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& X509_NAME *name, +\& ASN1_INTEGER *serial, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_issuer_serial( +\& X509_LOOKUP_METHOD *method, X509_LOOKUP_get_by_issuer_serial_fn fn); +\& X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& const unsigned char* bytes, +\& int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_fingerprint_fn fn); +\& X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( +\& const X509_LOOKUP_METHOD *method); +\& +\& typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx, +\& X509_LOOKUP_TYPE type, +\& const char *str, +\& int len, +\& X509_OBJECT *ret); +\& int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, +\& X509_LOOKUP_get_by_alias_fn fn); +\& X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( +\& const X509_LOOKUP_METHOD *method); +\& +\& int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data); +\& void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx); +\& +\& X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx); +\& +\& int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj); +\& int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_LOOKUP_METHOD\fR type is a structure used for the implementation of new +X509_LOOKUP types. It provides a set of functions used by OpenSSL for the +implementation of various X509 and X509_CRL lookup capabilities. One instance +of an X509_LOOKUP_METHOD can be associated to many instantiations of an +\&\fBX509_LOOKUP\fR structure. +.PP +\&\fBX509_LOOKUP_meth_new()\fR creates a new \fBX509_LOOKUP_METHOD\fR structure. It should +be given a human-readable string containing a brief description of the lookup +method. +.PP +\&\fBX509_LOOKUP_meth_free()\fR destroys a \fBX509_LOOKUP_METHOD\fR structure. +.PP +\&\fBX509_LOOKUP_get_new_item()\fR and \fBX509_LOOKUP_set_new_item()\fR get and set the +function that is called when an \fBX509_LOOKUP\fR object is created with +\&\fBX509_LOOKUP_new()\fR. If an X509_LOOKUP_METHOD requires any per\-X509_LOOKUP +specific data, the supplied new_item function should allocate this data and +invoke \fBX509_LOOKUP_set_method_data()\fR. +.PP +\&\fBX509_LOOKUP_get_free()\fR and \fBX509_LOOKUP_set_free()\fR get and set the function +that is used to free any method data that was allocated and set from within +new_item function. +.PP +\&\fBX509_LOOKUP_meth_get_init()\fR and \fBX509_LOOKUP_meth_set_init()\fR get and set the +function that is used to initialize the method data that was set with +\&\fBX509_LOOKUP_set_method_data()\fR as part of the new_item routine. +.PP +\&\fBX509_LOOKUP_meth_get_shutdown()\fR and \fBX509_LOOKUP_meth_set_shutdown()\fR get and set +the function that is used to shut down the method data whose state was +previously initialized in the init function. +.PP +\&\fBX509_LOOKUP_meth_get_ctrl()\fR and \fBX509_LOOKUP_meth_set_ctrl()\fR get and set a +function to be used to handle arbitrary control commands issued by +\&\fBX509_LOOKUP_ctrl()\fR. The control function is given the X509_LOOKUP +\&\fBctx\fR, along with the arguments passed by X509_LOOKUP_ctrl. \fBcmd\fR is +an arbitrary integer that defines some operation. \fBargc\fR is a pointer +to an array of characters. \fBargl\fR is an integer. \fBret\fR, if set, +points to a location where any return data should be written to. How +\&\fBargc\fR and \fBargl\fR are used depends entirely on the control function. +.PP +\&\fBX509_LOOKUP_set_get_by_subject()\fR, \fBX509_LOOKUP_set_get_by_issuer_serial()\fR, +\&\fBX509_LOOKUP_set_get_by_fingerprint()\fR, \fBX509_LOOKUP_set_get_by_alias()\fR set +the functions used to retrieve an X509 or X509_CRL object by the object's +subject, issuer, fingerprint, and alias respectively. These functions are given +the X509_LOOKUP context, the type of the X509_OBJECT being requested, parameters +related to the lookup, and an X509_OBJECT that will receive the requested +object. +.PP +Implementations must add objects they find to the \fBX509_STORE\fR object +using \fBX509_STORE_add_cert()\fR or \fBX509_STORE_add_crl()\fR. This increments +its reference count. However, the \fBX509_STORE_CTX_get_by_subject()\fR +function also increases the reference count which leads to one too +many references being held. Therefore applications should +additionally call \fBX509_free()\fR or \fBX509_CRL_free()\fR to decrement the +reference count again. +.PP +Implementations should also use either \fBX509_OBJECT_set1_X509()\fR or +\&\fBX509_OBJECT_set1_X509_CRL()\fR to set the result. Note that this also +increments the result's reference count. +.PP +Any method data that was created as a result of the new_item function +set by \fBX509_LOOKUP_meth_set_new_item()\fR can be accessed with +\&\fBX509_LOOKUP_get_method_data()\fR. The \fBX509_STORE\fR object that owns the +X509_LOOKUP may be accessed with \fBX509_LOOKUP_get_store()\fR. Successful lookups +should return 1, and unsuccessful lookups should return 0. +.PP +\&\fBX509_LOOKUP_get_get_by_subject()\fR, \fBX509_LOOKUP_get_get_by_issuer_serial()\fR, +\&\fBX509_LOOKUP_get_get_by_fingerprint()\fR, \fBX509_LOOKUP_get_get_by_alias()\fR retrieve +the function set by the corresponding setter. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBX509_LOOKUP_meth_set\fR functions return 1 on success or 0 on error. +.PP +The \fBX509_LOOKUP_meth_get\fR functions return the corresponding function +pointers. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_new\fR\|(3), \fBSSL_CTX_set_cert_store\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions described here were added in OpenSSL 1.1.0i. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 new file mode 100644 index 000000000000..9f9720d81da6 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_NAME_ENTRY_get_object.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_ENTRY_GET_OBJECT 3" +.TH X509_NAME_ENTRY_GET_OBJECT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +\& ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +\& +\& int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); +\& int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, +\& const unsigned char *bytes, int len); +\& +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, +\& int type, const unsigned char *bytes, +\& int len); +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, +\& int type, const unsigned char *bytes, +\& int len); +\& X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, +\& const ASN1_OBJECT *obj, int type, +\& const unsigned char *bytes, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in +and \fB\s-1ASN1_OBJECT\s0\fR structure. +.PP +\&\fBX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in +and \fB\s-1ASN1_STRING\s0\fR structure. +.PP +\&\fBX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. +.PP +\&\fBX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type +\&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR. +.PP +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR +and \fBX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +\&\fBX509_NAME_ENTRY\fR structure. +.SH "NOTES" +.IX Header "NOTES" +\&\fBX509_NAME_ENTRY_get_object()\fR and \fBX509_NAME_ENTRY_get_data()\fR can be +used to examine an \fBX509_NAME_ENTRY\fR function as returned by +\&\fBX509_NAME_get_entry()\fR for example. +.PP +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_OBJ()\fR, +\&\fBX509_NAME_ENTRY_create_by_NID()\fR and \fBX509_NAME_ENTRY_set_data()\fR +are seldom used in practice because \fBX509_NAME_ENTRY\fR structures +are almost always part of \fBX509_NAME\fR structures and the +corresponding \fBX509_NAME\fR functions are typically used to +create and add new entries in a single operation. +.PP +The arguments of these functions support similar options to the similarly +named ones of the corresponding \fBX509_NAME\fR functions such as +\&\fBX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to +\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fBX509_set_data()\fR the field name must be +set first so the relevant field information can be looked up internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_NAME_ENTRY_get_object()\fR returns a valid \fB\s-1ASN1_OBJECT\s0\fR structure if it is +set or \s-1NULL\s0 if an error occurred. +.PP +\&\fBX509_NAME_ENTRY_get_data()\fR returns a valid \fB\s-1ASN1_STRING\s0\fR structure if it is set +or \s-1NULL\s0 if an error occurred. +.PP +\&\fBX509_NAME_ENTRY_set_object()\fR and \fBX509_NAME_ENTRY_set_data()\fR return 1 on success +or 0 on error. +.PP +\&\fBX509_NAME_ENTRY_create_by_txt()\fR, \fBX509_NAME_ENTRY_create_by_NID()\fR and +\&\fBX509_NAME_ENTRY_create_by_OBJ()\fR return a valid \fBX509_NAME_ENTRY\fR on success or +\&\s-1NULL\s0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3), +\&\fBOBJ_nid2obj\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 new file mode 100644 index 000000000000..0e8f8f88ca31 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_NAME_add_entry_by_txt.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_ADD_ENTRY_BY_TXT 3" +.TH X509_NAME_ADD_ENTRY_BY_TXT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, +\& const unsigned char *bytes, int len, int loc, int set); +\& +\& int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set); +\& +\& X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR and +\&\fBX509_NAME_add_entry_by_NID()\fR add a field whose name is defined +by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. +The field value to be added is in \fBbytes\fR of length \fBlen\fR. If +\&\fBlen\fR is \-1 then the field length is calculated internally using +strlen(bytes). +.PP +The type of field is determined by \fBtype\fR which can either be a +definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a +standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is +added to a position determined by \fBloc\fR and \fBset\fR. +.PP +\&\fBX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR +to \fBname\fR. The new entry is added to a position determined by \fBloc\fR +and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after +the call. +.PP +\&\fBX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position +\&\fBloc\fR. The deleted entry is returned and must be freed up. +.SH "NOTES" +.IX Header "NOTES" +The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR +is strongly recommended for the \fBtype\fR parameter. This allows the +internal code to correctly determine the type of the field and to +apply length checks according to the relevant standards. This is +done using \fBASN1_STRING_set_by_NID()\fR. +.PP +If instead an \s-1ASN1\s0 type is used no checks are performed and the +supplied data in \fBbytes\fR is used directly. +.PP +In \fBX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents +the field name using OBJ_txt2obj(field, 0). +.PP +The \fBloc\fR and \fBset\fR parameters determine where a new entry should +be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR +to 0. This adds a new entry to the end of \fBname\fR as a single valued +RelativeDistinguishedName (\s-1RDN\s0). +.PP +\&\fBloc\fR actually determines the index where the new entry is inserted: +if it is \-1 it is appended. +.PP +\&\fBset\fR determines how the new type is added. If it is zero a +new \s-1RDN\s0 is created. +.PP +If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0 +structure respectively. This will then be a multivalued \s-1RDN:\s0 +since multivalues RDNs are very seldom used \fBset\fR is almost +always set to zero. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_NAME_add_entry_by_txt()\fR, \fBX509_NAME_add_entry_by_OBJ()\fR, +\&\fBX509_NAME_add_entry_by_NID()\fR and \fBX509_NAME_add_entry()\fR return 1 for +success of 0 if an error occurred. +.PP +\&\fBX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR +structure of \fB\s-1NULL\s0\fR if an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fBX509_NAME\fR structure: +.PP +\&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R" +.PP +.Vb 1 +\& X509_NAME *nm; +\& +\& nm = X509_NAME_new(); +\& if (nm == NULL) +\& /* Some error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC, +\& "UK", \-1, \-1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC, +\& "Disorganized Organization", \-1, \-1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, +\& "Joe Bloggs", \-1, \-1, 0)) +\& /* Error */ +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a +different algorithm to determine field types. Since this form does +not understand multicharacter types, performs no length checks and +can result in invalid field types its use is strongly discouraged. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 b/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 new file mode 100644 index 000000000000..4e0f4e1aa8e3 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_NAME_get0_der.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_GET0_DER 3" +.TH X509_NAME_GET0_DER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_get0_der \- get X509_NAME DER encoding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, +\& size_t *pderlen) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The function \fBX509_NAME_get0_der()\fR returns an internal pointer to the +encoding of an \fBX509_NAME\fR structure in \fB*pder\fR and consisting of +\&\fB*pderlen\fR bytes. It is useful for applications that wish to examine +the encoding of an \fBX509_NAME\fR structure without copying it. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The function \fBX509_NAME_get0_der()\fR returns 1 for success and 0 if an error +occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 new file mode 100644 index 000000000000..4bdf4f791297 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_NAME_get_index_by_NID.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_GET_INDEX_BY_NID 3" +.TH X509_NAME_GET_INDEX_BY_NID 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- X509_NAME lookup and enumeration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +\& int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos); +\& +\& int X509_NAME_entry_count(const X509_NAME *name); +\& X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +\& +\& int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +\& int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fBX509_NAME\fR structure to be examined. The +\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in +\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject +and issuer names. +.PP +\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR retrieve +the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR +should initially be set to \-1. If there are no more entries \-1 is returned. +If \fBnid\fR is invalid (doesn't correspond to a valid \s-1OID\s0) then \-2 is returned. +.PP +\&\fBX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. +.PP +\&\fBX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR +corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from +0 to (X509_NAME_entry_count(name) \- 1). The value returned is an +internal pointer which must not be freed. +.PP +\&\fBX509_NAME_get_text_by_NID()\fR, \fBX509_NAME_get_text_by_OBJ()\fR retrieve +the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or +\&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes +will be written and the text written to \fBbuf\fR will be null +terminated. The length of the output string written is returned +excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount +of space needed in \fBbuf\fR (excluding the final null) is returned. +.SH "NOTES" +.IX Header "NOTES" +\&\fBX509_NAME_get_text_by_NID()\fR and \fBX509_NAME_get_text_by_OBJ()\fR should be +considered deprecated because they +have various limitations which make them +of minimal use in practice. They can only find the first matching +entry and will copy the contents of the field verbatim: this can +be highly confusing if the target is a multicharacter string type +like a BMPString or a UTF8String. +.PP +For a more general solution \fBX509_NAME_get_index_by_NID()\fR or +\&\fBX509_NAME_get_index_by_OBJ()\fR should be used followed by +\&\fBX509_NAME_get_entry()\fR on any matching indices and then the +various \fBX509_NAME_ENTRY\fR utility functions on the result. +.PP +The list of all relevant \fBNID_*\fR and \fBOBJ_* codes\fR can be found in +the source code header files and/or +. +.PP +Applications which could pass invalid NIDs to \fBX509_NAME_get_index_by_NID()\fR +should check for the return value of \-2. Alternatively the \s-1NID\s0 validity +can be determined first by checking OBJ_nid2obj(nid) is not \s-1NULL.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_NAME_get_index_by_NID()\fR and \fBX509_NAME_get_index_by_OBJ()\fR +return the index of the next matching entry or \-1 if not found. +\&\fBX509_NAME_get_index_by_NID()\fR can also return \-2 if the supplied +\&\s-1NID\s0 is invalid. +.PP +\&\fBX509_NAME_entry_count()\fR returns the total number of entries. +.PP +\&\fBX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the +requested entry or \fB\s-1NULL\s0\fR if the index is invalid. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Process all entries: +.PP +.Vb 2 +\& int i; +\& X509_NAME_ENTRY *e; +\& +\& for (i = 0; i < X509_NAME_entry_count(nm); i++) { +\& e = X509_NAME_get_entry(nm, i); +\& /* Do something with e */ +\& } +.Ve +.PP +Process all commonName entries: +.PP +.Vb 2 +\& int lastpos = \-1; +\& X509_NAME_ENTRY *e; +\& +\& for (;;) { +\& lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); +\& if (lastpos == \-1) +\& break; +\& e = X509_NAME_get_entry(nm, lastpos); +\& /* Do something with e */ +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBd2i_X509_NAME\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 new file mode 100644 index 000000000000..105de0571f67 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_NAME_print_ex.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NAME_PRINT_EX 3" +.TH X509_NAME_PRINT_EX 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, X509_NAME_oneline \- X509_NAME printing routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, unsigned long flags); +\& int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, unsigned long flags); +\& char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); +\& int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each +line (for multiline formats) is indented by \fBindent\fR spaces. The output format +can be extensively customised by use of the \fBflags\fR parameter. +.PP +\&\fBX509_NAME_print_ex_fp()\fR is identical to \fBX509_NAME_print_ex()\fR except the output is +written to \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fBX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. +If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated and returned, and +\&\fBsize\fR is ignored. +Otherwise, at most \fBsize\fR bytes will be written, including the ending '\e0', +and \fBbuf\fR is returned. +.PP +\&\fBX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR +characters. Multiple lines are used if the output (including indent) exceeds +80 characters. +.SH "NOTES" +.IX Header "NOTES" +The functions \fBX509_NAME_oneline()\fR and \fBX509_NAME_print()\fR +produce a non standard output form, they don't handle multi character fields and +have various quirks and inconsistencies. +Their use is strongly discouraged in new applications and they could +be deprecated in a future release. +.PP +Although there are a large number of possible flags for most purposes +\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. +As noted on the \fBASN1_STRING_print_ex\fR\|(3) manual page +for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example +\&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used. +.PP +The complete set of the flags supported by \fBX509_NAME_print_ex()\fR is listed below. +.PP +Several options can be ored together. +.PP +The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators +to use. Two distinct separators are used between distinct RelativeDistinguishedName +components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN.\s0 Multi-valued +RDNs are currently very rare so the second separator will hardly ever be used. +.PP +\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR +uses comma and plus with spaces: this is more readable that plain comma and plus. +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses +spaced newline and plus respectively. +.PP +If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order. +.PP +The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR, +\&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will +use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always +use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not +recognised) and no field name respectively. +.PP +If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character +separating field names and values. +.PP +If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is +printed instead of the values. +.PP +If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this +is only of use for multiline format. +.PP +Additionally all the options supported by \fBASN1_STRING_print_ex()\fR can be used to +control how each field value is displayed. +.PP +In addition a number options can be set for commonly used formats. +.PP +\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it +is equivalent to: + \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1XN_FLAG_SEP_COMMA_PLUS\s0 | \s-1XN_FLAG_DN_REV\s0 | \s-1XN_FLAG_FN_SN\s0 | \s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR +.PP +\&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format which is the same as: + \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1ASN1_STRFLGS_ESC_QUOTE\s0 | \s-1XN_FLAG_SEP_CPLUS_SPC\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_SN\s0\fR +.PP +\&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format which is the same as: + \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR +.PP +\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fBX509_NAME_print()\fR: in fact it calls \fBX509_NAME_print()\fR internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_NAME_oneline()\fR returns a valid string on success or \s-1NULL\s0 on error. +.PP +\&\fBX509_NAME_print()\fR returns 1 on success or 0 on error. +.PP +\&\fBX509_NAME_print_ex()\fR and \fBX509_NAME_print_ex_fp()\fR return 1 on success or 0 on error +if the \fB\s-1XN_FLAG_COMPAT\s0\fR is set, which is the same as \fBX509_NAME_print()\fR. Otherwise, +it returns \-1 on error or other values on success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBASN1_STRING_print_ex\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 b/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 new file mode 100644 index 000000000000..0e4ca164ac88 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_PUBKEY_new.3 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_PUBKEY_NEW 3" +.TH X509_PUBKEY_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_PUBKEY_new, X509_PUBKEY_free, X509_PUBKEY_set, X509_PUBKEY_get0, X509_PUBKEY_get, d2i_PUBKEY, i2d_PUBKEY, d2i_PUBKEY_bio, d2i_PUBKEY_fp, i2d_PUBKEY_fp, i2d_PUBKEY_bio, X509_PUBKEY_set0_param, X509_PUBKEY_get0_param \- SubjectPublicKeyInfo public key functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_PUBKEY *X509_PUBKEY_new(void); +\& void X509_PUBKEY_free(X509_PUBKEY *a); +\& +\& int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +\& EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); +\& EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); +\& +\& EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); +\& int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); +\& +\& EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); +\& EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); +\& +\& int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); +\& int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +\& +\& int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, +\& int ptype, void *pval, +\& unsigned char *penc, int penclen); +\& int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, +\& const unsigned char **pk, int *ppklen, +\& X509_ALGOR **pa, X509_PUBKEY *pub); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_PUBKEY\fR structure represents the \s-1ASN.1\s0 \fBSubjectPublicKeyInfo\fR +structure defined in \s-1RFC5280\s0 and used in certificates and certificate requests. +.PP +\&\fBX509_PUBKEY_new()\fR allocates and initializes an \fBX509_PUBKEY\fR structure. +.PP +\&\fBX509_PUBKEY_free()\fR frees up \fBX509_PUBKEY\fR structure \fBa\fR. If \fBa\fR is \s-1NULL\s0 +nothing is done. +.PP +\&\fBX509_PUBKEY_set()\fR sets the public key in \fB*x\fR to the public key contained +in the \fB\s-1EVP_PKEY\s0\fR structure \fBpkey\fR. If \fB*x\fR is not \s-1NULL\s0 any existing +public key structure will be freed. +.PP +\&\fBX509_PUBKEY_get0()\fR returns the public key contained in \fBkey\fR. The returned +value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed after use. +.PP +\&\fBX509_PUBKEY_get()\fR is similar to \fBX509_PUBKEY_get0()\fR except the reference +count on the returned key is incremented so it \fB\s-1MUST\s0\fR be freed using +\&\fBEVP_PKEY_free()\fR after use. +.PP +\&\fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR decode and encode an \fB\s-1EVP_PKEY\s0\fR structure +using \fBSubjectPublicKeyInfo\fR format. They otherwise follow the conventions of +other \s-1ASN.1\s0 functions such as \fBd2i_X509()\fR. +.PP +\&\fBd2i_PUBKEY_bio()\fR, \fBd2i_PUBKEY_fp()\fR, \fBi2d_PUBKEY_bio()\fR and \fBi2d_PUBKEY_fp()\fR are +similar to \fBd2i_PUBKEY()\fR and \fBi2d_PUBKEY()\fR except they decode or encode using a +\&\fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR pointer. +.PP +\&\fBX509_PUBKEY_set0_param()\fR sets the public key parameters of \fBpub\fR. The +\&\s-1OID\s0 associated with the algorithm is set to \fBaobj\fR. The type of the +algorithm parameters is set to \fBtype\fR using the structure \fBpval\fR. +The encoding of the public key itself is set to the \fBpenclen\fR +bytes contained in buffer \fBpenc\fR. On success ownership of all the supplied +parameters is passed to \fBpub\fR so they must not be freed after the +call. +.PP +\&\fBX509_PUBKEY_get0_param()\fR retrieves the public key parameters from \fBpub\fR, +\&\fB*ppkalg\fR is set to the associated \s-1OID\s0 and the encoding consists of +\&\fB*ppklen\fR bytes at \fB*pk\fR, \fB*pa\fR is set to the associated +AlgorithmIdentifier for the public key. If the value of any of these +parameters is not required it can be set to \fB\s-1NULL\s0\fR. All of the +retrieved pointers are internal and must not be freed after the +call. +.SH "NOTES" +.IX Header "NOTES" +The \fBX509_PUBKEY\fR functions can be used to encode and decode public keys +in a standard format. +.PP +In many cases applications will not call the \fBX509_PUBKEY\fR functions +directly: they will instead call wrapper functions such as \fBX509_get0_pubkey()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBX509_PUBKEY_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). +.PP +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fBX509_PUBKEY_free()\fR does not return a value. +.PP +\&\fBX509_PUBKEY_get0()\fR and \fBX509_PUBKEY_get()\fR return a pointer to an \fB\s-1EVP_PKEY\s0\fR +structure or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509_PUBKEY_set()\fR, \fBX509_PUBKEY_set0_param()\fR and \fBX509_PUBKEY_get0_param()\fR +return 1 for success and 0 if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 b/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 new file mode 100644 index 000000000000..08e5529eb61d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_SIG_get0.3 @@ -0,0 +1,172 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_SIG_GET0 3" +.TH X509_SIG_GET0 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_SIG_get0, X509_SIG_getm \- DigestInfo functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, +\& const ASN1_OCTET_STRING **pdigest); +\& void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, +\& ASN1_OCTET_STRING **pdigest, +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_SIG_get0()\fR returns pointers to the algorithm identifier and digest +value in \fBsig\fR. \fBX509_SIG_getm()\fR is identical to \fBX509_SIG_get0()\fR +except the pointers returned are not constant and can be modified: +for example to initialise them. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_SIG_get0()\fR and \fBX509_SIG_getm()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 new file mode 100644 index 000000000000..152e9d9a8294 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_get_error.3 @@ -0,0 +1,416 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_GET_ERROR 3" +.TH X509_STORE_CTX_GET_ERROR 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, X509_verify_cert_error_string \- get or set certificate verification status information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); +\& int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +\& X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +\& X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +\& +\& STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +\& +\& const char *X509_verify_cert_error_string(long n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are typically called after \fBX509_verify_cert()\fR has indicated +an error or in a verification callback to determine the nature of an error. +.PP +\&\fBX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see +the \fB\s-1ERROR CODES\s0\fR section for a full description of all error codes. +.PP +\&\fBX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example +it might be used in a verification callback to set an error based on additional +checks. +.PP +\&\fBX509_STORE_CTX_get_error_depth()\fR returns the \fBdepth\fR of the error. This is a +non-negative integer representing where in the certificate chain the error +occurred. If it is zero it occurred in the end entity certificate, one if +it is the certificate which signed the end entity certificate and so on. +.PP +\&\fBX509_STORE_CTX_set_error_depth()\fR sets the error \fBdepth\fR. +This can be used in combination with \fBX509_STORE_CTX_set_error()\fR to set the +depth at which an error condition was detected. +.PP +\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate in \fBctx\fR which +caused the error or \fB\s-1NULL\s0\fR if no certificate is relevant. +.PP +\&\fBX509_STORE_CTX_set_current_cert()\fR sets the certificate \fBx\fR in \fBctx\fR which +caused the error. +This value is not intended to remain valid for very long, and remains owned by +the caller. +It may be examined by a verification callback invoked to handle each error +encountered during chain verification and is no longer required after such a +callback. +If a callback wishes the save the certificate for use after it returns, it +needs to increment its reference count via \fBX509_up_ref\fR\|(3). +Once such a \fIsaved\fR certificate is no longer needed it can be freed with +\&\fBX509_free\fR\|(3). +.PP +\&\fBX509_STORE_CTX_get0_cert()\fR retrieves an internal pointer to the +certificate being verified by the \fBctx\fR. +.PP +\&\fBX509_STORE_CTX_get1_chain()\fR returns a complete validate chain if a previous +call to \fBX509_verify_cert()\fR is successful. If the call to \fBX509_verify_cert()\fR +is \fBnot\fR successful the returned chain may be incomplete or invalid. The +returned chain persists after the \fBctx\fR structure is freed, when it is +no longer needed it should be free up using: +.PP +.Vb 1 +\& sk_X509_pop_free(chain, X509_free); +.Ve +.PP +\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for +verification error \fBn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_CTX_get_error()\fR returns \fBX509_V_OK\fR or an error code. +.PP +\&\fBX509_STORE_CTX_get_error_depth()\fR returns a non-negative error depth. +.PP +\&\fBX509_STORE_CTX_get_current_cert()\fR returns the certificate which caused the +error or \fB\s-1NULL\s0\fR if no certificate is relevant to the error. +.PP +\&\fBX509_verify_cert_error_string()\fR returns a human readable error string for +verification error \fBn\fR. +.SH "ERROR CODES" +.IX Header "ERROR CODES" +A list of error codes and messages is shown below. Some of the +error codes are defined but currently never returned: these are described as +\&\*(L"unused\*(R". +.IP "\fBX509_V_OK: ok\fR" 4 +.IX Item "X509_V_OK: ok" +the operation was successful. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" +the issuer certificate of a locally looked up certificate could not be found. +This normally means the list of trusted certificates is not complete. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" +the \s-1CRL\s0 of a certificate could not be found. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" +the certificate signature could not be decrypted. This means that the actual +signature value could not be determined rather than it not matching the +expected value, this is only meaningful for \s-1RSA\s0 keys. +.IP "\fBX509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" +the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature +value could not be determined rather than it not matching the expected value. +Unused. +.IP "\fBX509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key" +the public key in the certificate SubjectPublicKeyInfo could not be read. +.IP "\fBX509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 +.IX Item "X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" +the signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 +.IX Item "X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" +the signature of the certificate is invalid. +.IP "\fBX509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 +.IX Item "X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" +the certificate is not yet valid: the notBefore date is after the current time. +.IP "\fBX509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4 +.IX Item "X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" +the certificate has expired: that is the notAfter date is before the current time. +.IP "\fBX509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 +.IX Item "X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" +the \s-1CRL\s0 is not yet valid. +.IP "\fBX509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 +.IX Item "X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" +the \s-1CRL\s0 has expired. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" +the certificate notBefore field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" +the certificate notAfter field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" +the \s-1CRL\s0 lastUpdate field contains an invalid time. +.IP "\fBX509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 +.IX Item "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" +the \s-1CRL\s0 nextUpdate field contains an invalid time. +.IP "\fBX509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 +.IX Item "X509_V_ERR_OUT_OF_MEM: out of memory" +an error occurred trying to allocate memory. This should never happen. +.IP "\fBX509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4 +.IX Item "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate" +the passed certificate is self signed and the same certificate cannot be found +in the list of trusted certificates. +.IP "\fBX509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4 +.IX Item "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain" +the certificate chain could be built up using the untrusted certificates but +the root could not be found locally. +.IP "\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" +the issuer certificate could not be found: this occurs if the issuer certificate +of an untrusted certificate cannot be found. +.IP "\fBX509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 +.IX Item "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" +no signatures could be verified because the chain contains only one certificate +and it is not self signed. +.IP "\fBX509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 +.IX Item "X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" +the certificate chain length is greater than the supplied maximum depth. Unused. +.IP "\fBX509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 +.IX Item "X509_V_ERR_CERT_REVOKED: certificate revoked" +the certificate has been revoked. +.IP "\fBX509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 +.IX Item "X509_V_ERR_INVALID_CA: invalid CA certificate" +a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not +consistent with the supplied purpose. +.IP "\fBX509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 +.IX Item "X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" +the basicConstraints path-length parameter has been exceeded. +.IP "\fBX509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4 +.IX Item "X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose" +the supplied certificate cannot be used for the specified purpose. +.IP "\fBX509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 +.IX Item "X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" +the root \s-1CA\s0 is not marked as trusted for the specified purpose. +.IP "\fBX509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 +.IX Item "X509_V_ERR_CERT_REJECTED: certificate rejected" +the root \s-1CA\s0 is marked to reject the specified purpose. +.IP "\fBX509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 +.IX Item "X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" +the current candidate issuer certificate was rejected because its subject name +did not match the issuer name of the current certificate. This is only set +if issuer check debugging is enabled it is used for status notification and +is \fBnot\fR in itself an error. +.IP "\fBX509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4 +.IX Item "X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch" +the current candidate issuer certificate was rejected because its subject key +identifier was present and did not match the authority key identifier current +certificate. This is only set if issuer check debugging is enabled it is used +for status notification and is \fBnot\fR in itself an error. +.IP "\fBX509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4 +.IX Item "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch" +the current candidate issuer certificate was rejected because its issuer name +and serial number was present and did not match the authority key identifier of +the current certificate. This is only set if issuer check debugging is enabled +it is used for status notification and is \fBnot\fR in itself an error. +.IP "\fBX509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4 +.IX Item "X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing" +the current candidate issuer certificate was rejected because its keyUsage +extension does not permit certificate signing. This is only set if issuer check +debugging is enabled it is used for status notification and is \fBnot\fR in itself +an error. +.IP "\fBX509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension\fR" 4 +.IX Item "X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension" +A certificate extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. +.IP "\fBX509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension\fR" 4 +.IX Item "X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension" +A certificate policies extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. This error only +occurs if policy processing is enabled. +.IP "\fBX509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy\fR" 4 +.IX Item "X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy" +The verification flags were set to require and explicit policy but none was +present. +.IP "\fBX509_V_ERR_DIFFERENT_CRL_SCOPE: Different \s-1CRL\s0 scope\fR" 4 +.IX Item "X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope" +The only CRLs that could be found did not match the scope of the certificate. +.IP "\fBX509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature" +Some feature of a certificate extension is not supported. Unused. +.IP "\fBX509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation\fR" 4 +.IX Item "X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation" +A name constraint violation occurred in the permitted subtrees. +.IP "\fBX509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation\fR" 4 +.IX Item "X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation" +A name constraint violation occurred in the excluded subtrees. +.IP "\fBX509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported\fR" 4 +.IX Item "X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported" +A certificate name constraints extension included a minimum or maximum field: +this is not supported. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type" +An unsupported name constraint type was encountered. OpenSSL currently only +supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types. +.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax\fR" 4 +.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax" +The format of the name constraint is not recognised: for example an email +address format of a form not mentioned in \s-1RFC3280.\s0 This could be caused by +a garbage extension or some new feature not currently supported. +.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4 +.IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error" +An error occurred when attempting to verify the \s-1CRL\s0 path. This error can only +happen if extended \s-1CRL\s0 checking is enabled. +.IP "\fBX509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 +.IX Item "X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" +an application specific error. This will never be returned unless explicitly +set by an application. +.SH "NOTES" +.IX Header "NOTES" +The above functions should be used instead of directly referencing the fields +in the \fBX509_VERIFY_CTX\fR structure. +.PP +In versions of OpenSSL before 1.0 the current certificate returned by +\&\fBX509_STORE_CTX_get_current_cert()\fR was never \fB\s-1NULL\s0\fR. Applications should +check the return value before printing out any debugging information relating +to the current certificate. +.PP +If an unrecognised error code is passed to \fBX509_verify_cert_error_string()\fR the +numerical value of the unknown code is returned in a static buffer. This is not +thread safe but will never happen unless an invalid code is passed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_up_ref\fR\|(3), +\&\fBX509_free\fR\|(3). +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 new file mode 100644 index 000000000000..836196cc4ff4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_new.3 @@ -0,0 +1,295 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_NEW 3" +.TH X509_STORE_CTX_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, X509_STORE_CTX_get_num_untrusted, X509_STORE_CTX_set_default, X509_STORE_CTX_set_verify, X509_STORE_CTX_verify_fn \&\- X509_STORE_CTX initialisation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_STORE_CTX *X509_STORE_CTX_new(void); +\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +\& +\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, +\& X509 *x509, STACK_OF(X509) *chain); +\& +\& void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +\& +\& void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); +\& STACK_OF(X509) *X509_STORE_CTX_get0_chain(X609_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); +\& void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); +\& +\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); +\& +\& STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +\& void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +\& +\& int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); +\& +\& typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +\& void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use +by \fBX509_verify_cert()\fR. +.PP +\&\fBX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure. +.PP +\&\fBX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure. +The context can then be reused with an new call to \fBX509_STORE_CTX_init()\fR. +.PP +\&\fBX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR +is no longer valid. +If \fBctx\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation. +It must be called before each call to \fBX509_verify_cert()\fR, i.e. a \fBctx\fR is only +good for one call to \fBX509_verify_cert()\fR; if you want to verify a second +certificate with the same \fBctx\fR then you must call \fBX509_STORE_CTX_cleanup()\fR +and then \fBX509_STORE_CTX_init()\fR again before the second call to +\&\fBX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end +entity certificate to be verified is set to \fBx509\fR and a set of additional +certificates (which will be untrusted but may be used to build the chain) in +\&\fBchain\fR. Any or all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be +\&\fB\s-1NULL\s0\fR. +.PP +\&\fBX509_STORE_CTX_set0_trusted_stack()\fR sets the set of trusted certificates of +\&\fBctx\fR to \fBsk\fR. This is an alternative way of specifying trusted certificates +instead of using an \fBX509_STORE\fR. +.PP +\&\fBX509_STORE_CTX_set_cert()\fR sets the certificate to be verified in \fBctx\fR to +\&\fBx\fR. +.PP +\&\fBX509_STORE_CTX_set0_verified_chain()\fR sets the validated chain used +by \fBctx\fR to be \fBchain\fR. +Ownership of the chain is transferred to \fBctx\fR and should not be +free'd by the caller. +\&\fBX509_STORE_CTX_get0_chain()\fR returns a the internal pointer used by the +\&\fBctx\fR that contains the validated chain. +.PP +\&\fBX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate +verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is +enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be +used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol, +for example in a PKCS#7 structure. +.PP +\&\fBX509_STORE_CTX_get0_param()\fR retrieves an internal pointer +to the verification parameters associated with \fBctx\fR. +.PP +\&\fBX509_STORE_CTX_get0_untrusted()\fR retrieves an internal pointer to the +stack of untrusted certificates associated with \fBctx\fR. +.PP +\&\fBX509_STORE_CTX_set0_untrusted()\fR sets the internal point to the stack +of untrusted certificates associated with \fBctx\fR to \fBsk\fR. +.PP +\&\fBX509_STORE_CTX_set0_param()\fR sets the internal verification parameter pointer +to \fBparam\fR. After this call \fBparam\fR should not be used. +.PP +\&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification +method to \fBname\fR. This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to +find an appropriate set of parameters from \fBname\fR. +.PP +\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +that were used in building the chain following a call to \fBX509_verify_cert()\fR. +.PP +\&\fBX509_STORE_CTX_set_verify()\fR provides the capability for overriding the default +verify function. This function is responsible for verifying chain signatures and +expiration times. +.PP +A verify function is defined as an X509_STORE_CTX_verify type which has the +following signature: +.PP +.Vb 1 +\& int (*verify)(X509_STORE_CTX *); +.Ve +.PP +This function should receive the current X509_STORE_CTX as a parameter and +return 1 on success or 0 on failure. +.SH "NOTES" +.IX Header "NOTES" +The certificates and CRLs in a store are used internally and should \fBnot\fR +be freed up until after the associated \fBX509_STORE_CTX\fR is freed. +.SH "BUGS" +.IX Header "BUGS" +The certificates and CRLs in a context are used internally and should \fBnot\fR +be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies +should be made or reference counts increased instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fBX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fBX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR +structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBX509_STORE_CTX_cleanup()\fR, \fBX509_STORE_CTX_free()\fR, +\&\fBX509_STORE_CTX_set0_trusted_stack()\fR, +\&\fBX509_STORE_CTX_set_cert()\fR, +\&\fBX509_STORE_CTX_set0_crls()\fR and \fBX509_STORE_CTX_set0_param()\fR do not return +values. +.PP +\&\fBX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred. +.PP +\&\fBX509_STORE_CTX_get_num_untrusted()\fR returns the number of untrusted certificates +used. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3) +\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_STORE_CTX_set0_crls()\fR function was added in OpenSSL 1.0.0. +The \fBX509_STORE_CTX_get_num_untrusted()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 new file mode 100644 index 000000000000..df7e6a6e1942 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_STORE_CTX_set_verify_cb.3 @@ -0,0 +1,334 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_CTX_SET_VERIFY_CB 3" +.TH X509_STORE_CTX_SET_VERIFY_CB 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_CTX_get_cleanup, X509_STORE_CTX_get_lookup_crls, X509_STORE_CTX_get_lookup_certs, X509_STORE_CTX_get_check_policy, X509_STORE_CTX_get_cert_crl, X509_STORE_CTX_get_check_crl, X509_STORE_CTX_get_get_crl, X509_STORE_CTX_get_check_revocation, X509_STORE_CTX_get_check_issued, X509_STORE_CTX_get_get_issuer, X509_STORE_CTX_get_verify_cb, X509_STORE_CTX_set_verify_cb, X509_STORE_CTX_verify_cb \&\- get and set verification callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +\& +\& X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, +\& X509_STORE_CTX_verify_cb verify_cb); +\& +\& X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +\& X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_STORE_CTX_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBverify_cb\fR overwriting any existing callback. +.PP +The verification callback can be used to customise the operation of certificate +verification, either by overriding error conditions or logging errors for +debugging purposes. +.PP +However a verification callback is \fBnot\fR essential and the default operation +is often sufficient. +.PP +The \fBok\fR parameter to the callback indicates the value the callback should +return to retain the default behaviour. If it is zero then an error condition +is indicated. If it is 1 then no error occurred. If the flag +\&\fBX509_V_FLAG_NOTIFY_POLICY\fR is set then \fBok\fR is set to 2 to indicate the +policy checking is complete. +.PP +The \fBctx\fR parameter to the callback is the \fBX509_STORE_CTX\fR structure that +is performing the verification operation. A callback can examine this +structure and receive additional information about the error, for example +by calling \fBX509_STORE_CTX_get_current_cert()\fR. Additional application data can +be passed to the callback via the \fBex_data\fR mechanism. +.PP +\&\fBX509_STORE_CTX_get_verify_cb()\fR returns the value of the current callback +for the specific \fBctx\fR. +.PP +\&\fBX509_STORE_CTX_get_get_issuer()\fR, +\&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR, +\&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR, +\&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, +\&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR +and \fBX509_STORE_CTX_get_cleanup()\fR return the function pointers cached +from the corresponding \fBX509_STORE\fR, please see +\&\fBX509_STORE_set_verify\fR\|(3) for more information. +.SH "WARNINGS" +.IX Header "WARNINGS" +In general a verification callback should \fB\s-1NOT\s0\fR unconditionally return 1 in +all circumstances because this will allow verification to succeed no matter +what the error. This effectively removes all security from the application +because \fBany\fR certificate (including untrusted generated ones) will be +accepted. +.SH "NOTES" +.IX Header "NOTES" +The verification callback can be set and inherited from the parent structure +performing the operation. In some cases (such as S/MIME verification) the +\&\fBX509_STORE_CTX\fR structure is created and destroyed internally and the +only way to set a custom verification callback is by inheriting it from the +associated \fBX509_STORE\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_CTX_set_verify_cb()\fR does not return a value. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Default callback operation: +.PP +.Vb 3 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) { +\& return ok; +\& } +.Ve +.PP +Simple example, suppose a certificate in the chain is expired and we wish +to continue after this error: +.PP +.Vb 7 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) { +\& /* Tolerate certificate expiration */ +\& if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) +\& return 1; +\& /* Otherwise don\*(Aqt override */ +\& return ok; +\& } +.Ve +.PP +More complex example, we don't wish to continue after \fBany\fR certificate has +expired just one specific case: +.PP +.Vb 4 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& int err = X509_STORE_CTX_get_error(ctx); +\& X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& +\& if (err == X509_V_ERR_CERT_HAS_EXPIRED) { +\& if (check_is_acceptable_expired_cert(err_cert) +\& return 1; +\& } +\& return ok; +\& } +.Ve +.PP +Full featured logging callback. In this case the \fBbio_err\fR is assumed to be +a global logging \fB\s-1BIO\s0\fR, an alternative would to store a \s-1BIO\s0 in \fBctx\fR using +\&\fBex_data\fR. +.PP +.Vb 4 +\& int verify_callback(int ok, X509_STORE_CTX *ctx) +\& { +\& X509 *err_cert; +\& int err, depth; +\& +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +\& +\& BIO_printf(bio_err, "depth=%d ", depth); +\& if (err_cert) { +\& X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), +\& 0, XN_FLAG_ONELINE); +\& BIO_puts(bio_err, "\en"); +\& } +\& else +\& BIO_puts(bio_err, "\en"); +\& if (!ok) +\& BIO_printf(bio_err, "verify error:num=%d:%s\en", err, +\& X509_verify_cert_error_string(err)); +\& switch (err) { +\& case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: +\& BIO_puts(bio_err, "issuer= "); +\& X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), +\& 0, XN_FLAG_ONELINE); +\& BIO_puts(bio_err, "\en"); +\& break; +\& case X509_V_ERR_CERT_NOT_YET_VALID: +\& case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: +\& BIO_printf(bio_err, "notBefore="); +\& ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); +\& BIO_printf(bio_err, "\en"); +\& break; +\& case X509_V_ERR_CERT_HAS_EXPIRED: +\& case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: +\& BIO_printf(bio_err, "notAfter="); +\& ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); +\& BIO_printf(bio_err, "\en"); +\& break; +\& case X509_V_ERR_NO_EXPLICIT_POLICY: +\& policies_print(bio_err, ctx); +\& break; +\& } +\& if (err == X509_V_OK && ok == 2) +\& /* print out policies */ +\& +\& BIO_printf(bio_err, "verify return:%d\en", ok); +\& return(ok); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_CTX_get_error\fR\|(3) +\&\fBX509_STORE_set_verify_cb_func\fR\|(3) +\&\fBX509_STORE_CTX_get_ex_new_index\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBX509_STORE_CTX_get_get_issuer()\fR, +\&\fBX509_STORE_CTX_get_check_issued()\fR, \fBX509_STORE_CTX_get_check_revocation()\fR, +\&\fBX509_STORE_CTX_get_get_crl()\fR, \fBX509_STORE_CTX_get_check_crl()\fR, +\&\fBX509_STORE_CTX_get_cert_crl()\fR, \fBX509_STORE_CTX_get_check_policy()\fR, +\&\fBX509_STORE_CTX_get_lookup_certs()\fR, \fBX509_STORE_CTX_get_lookup_crls()\fR +and \fBX509_STORE_CTX_get_cleanup()\fR functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 b/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 new file mode 100644 index 000000000000..5ec34234c329 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 @@ -0,0 +1,230 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_ADD_CERT 3" +.TH X509_STORE_ADD_CERT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, X509_STORE_load_locations, X509_STORE_set_default_paths \&\- X509_STORE manipulation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +\& int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); +\& int X509_STORE_set_depth(X509_STORE *store, int depth); +\& int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +\& int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +\& int X509_STORE_set_trust(X509_STORE *ctx, int trust); +\& +\& int X509_STORE_load_locations(X509_STORE *ctx, +\& const char *file, const char *dir); +\& int X509_STORE_set_default_paths(X509_STORE *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_STORE\fR structure is intended to be a consolidated mechanism for +holding information about X.509 certificates and CRLs, and constructing +and validating chains of certificates terminating in trusted roots. +It admits multiple lookup mechanisms and efficient scaling performance +with large numbers of certificates, and a great deal of flexibility in +how validation and policy checks are performed. +.PP +\&\fBX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains +no information about trusted certificates or where such certificates +are located on disk, and is generally not usable. Normally, trusted +certificates will be added to the \fBX509_STORE\fR to prepare it for use, +via mechanisms such as \fBX509_STORE_add_lookup()\fR and \fBX509_LOOKUP_file()\fR, or +\&\fBPEM_read_bio_X509_AUX()\fR and \fBX509_STORE_add_cert()\fR. CRLs can also be added, +and many behaviors configured as desired. +.PP +Once the \fBX509_STORE\fR is suitably configured, \fBX509_STORE_CTX_new()\fR is +used to instantiate a single-use \fBX509_STORE_CTX\fR for each chain-building +and verification operation. That process includes providing the end-entity +certificate to be verified and an additional set of untrusted certificates +that may be used in chain-building. As such, it is expected that the +certificates included in the \fBX509_STORE\fR are certificates that represent +trusted entities such as root certificate authorities (CAs). +OpenSSL represents these trusted certificates internally as \fBX509\fR objects +with an associated \fBX509_CERT_AUX\fR, as are produced by +\&\fBPEM_read_bio_X509_AUX()\fR and similar routines that refer to X509_AUX. +The public interfaces that operate on such trusted certificates still +operate on pointers to \fBX509\fR objects, though. +.PP +\&\fBX509_STORE_add_cert()\fR and \fBX509_STORE_add_crl()\fR add the respective object +to the \fBX509_STORE\fR's local storage. Untrusted objects should not be +added in this way. The added object's reference count is incremented by one, +hence the caller retains ownership of the object and needs to free it when it +is no longer needed. +.PP +\&\fBX509_STORE_set_depth()\fR, \fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, +\&\fBX509_STORE_set_trust()\fR, and \fBX509_STORE_set1_param()\fR set the default values +for the corresponding values used in certificate chain validation. Their +behavior is documented in the corresponding \fBX509_VERIFY_PARAM\fR manual +pages, e.g., \fBX509_VERIFY_PARAM_set_depth\fR\|(3). +.PP +\&\fBX509_STORE_load_locations()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a given file and/or directory path. It is permitted +to specify just a file, just a directory, or both paths. The certificates +in the directory must be in hashed form, as documented in +\&\fBX509_LOOKUP_hash_dir\fR\|(3). +.PP +\&\fBX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not +set what default paths should be used for loading certificates. Instead, +it loads certificates into the \fBX509_STORE\fR from the hardcoded default +paths. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_add_cert()\fR, \fBX509_STORE_add_crl()\fR, \fBX509_STORE_set_depth()\fR, +\&\fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, +\&\fBX509_STORE_set_trust()\fR, \fBX509_STORE_load_locations()\fR, and +\&\fBX509_STORE_set_default_paths()\fR return 1 on success or 0 on failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_LOOKUP_hash_dir\fR\|(3). +\&\fBX509_VERIFY_PARAM_set_depth\fR\|(3). +\&\fBX509_STORE_new\fR\|(3), +\&\fBX509_STORE_get0_param\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 b/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 new file mode 100644 index 000000000000..8196f17935a6 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_STORE_get0_param.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_GET0_PARAM 3" +.TH X509_STORE_GET0_PARAM 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_get0_param, X509_STORE_set1_param, X509_STORE_get0_objects \- X509_STORE setter and getter functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); +\& int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +\& STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_STORE_set1_param()\fR sets the verification parameters +to \fBpm\fR for \fBctx\fR. +.PP +\&\fBX509_STORE_get0_param()\fR retrieves an internal pointer to the verification +parameters for \fBctx\fR. The returned pointer must not be freed by the +calling application +.PP +\&\fBX509_STORE_get0_objects()\fR retrieve an internal pointer to the store's +X509 object cache. The cache contains \fBX509\fR and \fBX509_CRL\fR objects. The +returned pointer must not be freed by the calling application. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_get0_param()\fR returns a pointer to an +\&\fBX509_VERIFY_PARAM\fR structure. +.PP +\&\fBX509_STORE_set1_param()\fR returns 1 for success and 0 for failure. +.PP +\&\fBX509_STORE_get0_objects()\fR returns a pointer to a stack of \fBX509_OBJECT\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_new\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_STORE_get0_param\fR and \fBX509_STORE_get0_objects\fR were added in +OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_new.3 b/secure/lib/libcrypto/man/man3/X509_STORE_new.3 new file mode 100644 index 000000000000..291660b75abe --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_STORE_new.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_NEW 3" +.TH X509_STORE_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock, X509_STORE_unlock \- X509_STORE allocation, freeing and locking functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_STORE *X509_STORE_new(void); +\& void X509_STORE_free(X509_STORE *v); +\& int X509_STORE_lock(X509_STORE *v); +\& int X509_STORE_unlock(X509_STORE *v); +\& int X509_STORE_up_ref(X509_STORE *v); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_STORE_new()\fR function returns a new X509_STORE. +.PP +\&\fBX509_STORE_up_ref()\fR increments the reference count associated with the +X509_STORE object. +.PP +\&\fBX509_STORE_lock()\fR locks the store from modification by other threads, +\&\fBX509_STORE_unlock()\fR unlocks it. +.PP +\&\fBX509_STORE_free()\fR frees up a single X509_STORE object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_STORE_new()\fR returns a newly created X509_STORE or \s-1NULL\s0 if the call fails. +.PP +\&\fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR return +1 for success and 0 for failure. +.PP +\&\fBX509_STORE_free()\fR does not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_set_verify_cb_func\fR\|(3) +\&\fBX509_STORE_get0_param\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_STORE_up_ref()\fR, \fBX509_STORE_lock()\fR and \fBX509_STORE_unlock()\fR +functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 new file mode 100644 index 000000000000..afdc359fdb8d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_STORE_set_verify_cb_func.3 @@ -0,0 +1,364 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_STORE_SET_VERIFY_CB_FUNC 3" +.TH X509_STORE_SET_VERIFY_CB_FUNC 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func, X509_STORE_get_cleanup, X509_STORE_set_cleanup, X509_STORE_get_lookup_crls, X509_STORE_set_lookup_crls, X509_STORE_get_lookup_certs, X509_STORE_set_lookup_certs, X509_STORE_get_check_policy, X509_STORE_set_check_policy, X509_STORE_get_cert_crl, X509_STORE_set_cert_crl, X509_STORE_get_check_crl, X509_STORE_set_check_crl, X509_STORE_get_get_crl, X509_STORE_set_get_crl, X509_STORE_get_check_revocation, X509_STORE_set_check_revocation, X509_STORE_get_check_issued, X509_STORE_set_check_issued, X509_STORE_get_get_issuer, X509_STORE_set_get_issuer, X509_STORE_CTX_get_verify, X509_STORE_set_verify, X509_STORE_get_verify_cb, X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn \&\- set verification callback +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, +\& X509_STORE_CTX *ctx, X509 *x); +\& typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, +\& X509 *x, X509 *issuer); +\& typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +\& typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, +\& X509_CRL **crl, X509 *x); +\& typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +\& typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, +\& X509_CRL *crl, X509 *x); +\& typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +\& typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, +\& X509_NAME *nm); +\& typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, +\& X509_NAME *nm); +\& typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_verify_cb(X509_STORE *ctx, +\& X509_STORE_CTX_verify_cb verify_cb); +\& X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +\& X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_get_issuer(X509_STORE *ctx, +\& X509_STORE_CTX_get_issuer_fn get_issuer); +\& X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_issued(X509_STORE *ctx, +\& X509_STORE_CTX_check_issued_fn check_issued); +\& X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_revocation(X509_STORE *ctx, +\& X509_STORE_CTX_check_revocation_fn check_revocation); +\& X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_get_crl(X509_STORE *ctx, +\& X509_STORE_CTX_get_crl_fn get_crl); +\& X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_crl(X509_STORE *ctx, +\& X509_STORE_CTX_check_crl_fn check_crl); +\& X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_cert_crl(X509_STORE *ctx, +\& X509_STORE_CTX_cert_crl_fn cert_crl); +\& X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_check_policy(X509_STORE *ctx, +\& X509_STORE_CTX_check_policy_fn check_policy); +\& X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_lookup_certs(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_certs_fn lookup_certs); +\& X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_lookup_crls(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_crls_fn lookup_crls); +\& X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx); +\& +\& void X509_STORE_set_cleanup(X509_STORE *ctx, +\& X509_STORE_CTX_cleanup_fn cleanup); +\& X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx); +\& +\& /* Aliases */ +\& void X509_STORE_set_verify_cb_func(X509_STORE *st, +\& X509_STORE_CTX_verify_cb verify_cb); +\& void X509_STORE_set_verify_func(X509_STORE *ctx, +\& X509_STORE_CTX_verify_fn verify); +\& void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, +\& X509_STORE_CTX_lookup_crls_fn lookup_crls); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_STORE_set_verify_cb()\fR sets the verification callback of \fBctx\fR to +\&\fBverify_cb\fR overwriting the previous callback. +The callback assigned with this function becomes a default for the one +that can be assigned directly to the corresponding \fBX509_STORE_CTX\fR, +please see \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further information. +.PP +\&\fBX509_STORE_set_verify()\fR sets the final chain verification function for +\&\fBctx\fR to \fBverify\fR. +Its purpose is to go through the chain of certificates and check that +all signatures are valid and that the current time is within the +limits of each certificate's first and last validity time. +The final chain verification functions must return 0 on failure and 1 +on success. +\&\fIIf no chain verification function is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_get_issuer()\fR sets the function to get the issuer +certificate that verifies the given certificate \fBx\fR. +When found, the issuer certificate must be assigned to \fB*issuer\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_check_issued()\fR sets the function to check that a given +certificate \fBx\fR is issued with the issuer certificate \fBissuer\fR. +This function must return 0 on failure (among others if \fBx\fR hasn't +been issued with \fBissuer\fR) and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_check_revocation()\fR sets the revocation checking +function. +Its purpose is to look through the final chain and check the +revocation status for each certificate. +It must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_get_crl()\fR sets the function to get the crl for a given +certificate \fBx\fR. +When found, the crl must be assigned to \fB*crl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_check_crl()\fR sets the function to check the validity of +the given \fBcrl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_cert_crl()\fR sets the function to check the revocation +status of the given certificate \fBx\fR against the given \fBcrl\fR. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_check_policy()\fR sets the function to check the policies +of all the certificates in the final chain.. +This function must return 0 on failure and 1 on success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_lookup_certs()\fR and \fBX509_STORE_set_lookup_crls()\fR set the +functions to look up all the certs or all the CRLs that match the +given name \fBnm\fR. +These functions return \s-1NULL\s0 on failure and a pointer to a stack of +certificates (\fBX509\fR) or to a stack of CRLs (\fBX509_CRL\fR) on +success. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_set_cleanup()\fR sets the final cleanup function, which is +called when the context (\fBX509_STORE_CTX\fR) is being torn down. +This function doesn't return any value. +\&\fIIf no function to get the issuer is provided, the internal default +function will be used instead.\fR +.PP +\&\fBX509_STORE_get_verify_cb()\fR, \fBX509_STORE_CTX_get_verify()\fR, +\&\fBX509_STORE_get_get_issuer()\fR, \fBX509_STORE_get_check_issued()\fR, +\&\fBX509_STORE_get_check_revocation()\fR, \fBX509_STORE_get_get_crl()\fR, +\&\fBX509_STORE_get_check_crl()\fR, \fBX509_STORE_set_verify()\fR, +\&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_cert_crl()\fR, +\&\fBX509_STORE_get_check_policy()\fR, \fBX509_STORE_get_lookup_certs()\fR, +\&\fBX509_STORE_get_lookup_crls()\fR and \fBX509_STORE_get_cleanup()\fR all return +the function pointer assigned with \fBX509_STORE_set_check_issued()\fR, +\&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_set_get_crl()\fR, +\&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_set_cert_crl()\fR, +\&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_set_lookup_certs()\fR, +\&\fBX509_STORE_set_lookup_crls()\fR and \fBX509_STORE_set_cleanup()\fR, or \s-1NULL\s0 if +no assignment has been made. +.PP +\&\fBX509_STORE_set_verify_cb_func()\fR, \fBX509_STORE_set_verify_func()\fR and +\&\fBX509_STORE_set_lookup_crls_cb()\fR are aliases for +\&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_set_verify()\fR and +X509_STORE_set_lookup_crls, available as macros for backward +compatibility. +.SH "NOTES" +.IX Header "NOTES" +All the callbacks from a \fBX509_STORE\fR are inherited by the +corresponding \fBX509_STORE_CTX\fR structure when it is initialized. +See \fBX509_STORE_CTX_set_verify_cb\fR\|(3) for further details. +.SH "BUGS" +.IX Header "BUGS" +The macro version of this function was the only one available before +OpenSSL 1.0.0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The X509_STORE_set_*() functions do not return a value. +.PP +The X509_STORE_get_*() functions return a pointer of the appropriate +function type. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_CTX_set_verify_cb\fR\|(3), \fBX509_STORE_CTX_get0_chain\fR\|(3), +\&\fBX509_STORE_CTX_verify_cb\fR\|(3), \fBX509_STORE_CTX_verify_fn\fR\|(3), +\&\fBCMS_verify\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_STORE_set_verify_cb()\fR function was added in OpenSSL 1.0.0. +.PP +The functions +\&\fBX509_STORE_set_verify_cb()\fR, \fBX509_STORE_get_verify_cb()\fR, +\&\fBX509_STORE_set_verify()\fR, \fBX509_STORE_CTX_get_verify()\fR, +\&\fBX509_STORE_set_get_issuer()\fR, \fBX509_STORE_get_get_issuer()\fR, +\&\fBX509_STORE_set_check_issued()\fR, \fBX509_STORE_get_check_issued()\fR, +\&\fBX509_STORE_set_check_revocation()\fR, \fBX509_STORE_get_check_revocation()\fR, +\&\fBX509_STORE_set_get_crl()\fR, \fBX509_STORE_get_get_crl()\fR, +\&\fBX509_STORE_set_check_crl()\fR, \fBX509_STORE_get_check_crl()\fR, +\&\fBX509_STORE_set_cert_crl()\fR, \fBX509_STORE_get_cert_crl()\fR, +\&\fBX509_STORE_set_check_policy()\fR, \fBX509_STORE_get_check_policy()\fR, +\&\fBX509_STORE_set_lookup_certs()\fR, \fBX509_STORE_get_lookup_certs()\fR, +\&\fBX509_STORE_set_lookup_crls()\fR, \fBX509_STORE_get_lookup_crls()\fR, +\&\fBX509_STORE_set_cleanup()\fR and \fBX509_STORE_get_cleanup()\fR +were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 new file mode 100644 index 000000000000..09d0211d2d36 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_VERIFY_PARAM_set_flags.3 @@ -0,0 +1,500 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_VERIFY_PARAM_SET_FLAGS 3" +.TH X509_VERIFY_PARAM_SET_FLAGS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_get_inh_flags, X509_VERIFY_PARAM_set_inh_flags, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_auth_level, X509_VERIFY_PARAM_get_auth_level, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_get_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc \&\- X509 verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, +\& unsigned long flags); +\& int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, +\& unsigned long flags); +\& unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, +\& uint32_t flags); +\& uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +\& int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +\& +\& void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +\& time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, +\& ASN1_OBJECT *policy); +\& int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, +\& STACK_OF(ASN1_OBJECT) *policies); +\& +\& void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +\& int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +\& +\& void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, +\& int auth_level); +\& int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); +\& +\& int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, +\& const char *name, size_t namelen); +\& int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, +\& const char *name, size_t namelen); +\& void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, +\& unsigned int flags); +\& unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param); +\& char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); +\& int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, +\& const char *email, size_t emaillen); +\& int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, +\& const unsigned char *ip, size_t iplen); +\& int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with +a certificate verification operation. +.PP +The \fBX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring +it with \fBflags\fR. See the \fB\s-1VERIFICATION FLAGS\s0\fR section for a complete +description of values the \fBflags\fR parameter can take. +.PP +\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR. +.PP +\&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the inheritance flags in \fBparam\fR +which specifies how verification flags are copied from one structure to +another. \fBX509_VERIFY_PARAM_set_inh_flags()\fR sets the inheritance flags. +See the \fB\s-1INHERITANCE FLAGS\s0\fR section for a description of these bits. +.PP +\&\fBX509_VERIFY_PARAM_clear_flags()\fR clears the flags \fBflags\fR in \fBparam\fR. +.PP +\&\fBX509_VERIFY_PARAM_set_purpose()\fR sets the verification purpose in \fBparam\fR +to \fBpurpose\fR. This determines the acceptable purpose of the certificate +chain, for example \s-1SSL\s0 client or \s-1SSL\s0 server. +.PP +\&\fBX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to +\&\fBtrust\fR. +.PP +\&\fBX509_VERIFY_PARAM_set_time()\fR sets the verification time in \fBparam\fR to +\&\fBt\fR. Normally the current time is used. +.PP +\&\fBX509_VERIFY_PARAM_add0_policy()\fR enables policy checking (it is disabled +by default) and adds \fBpolicy\fR to the acceptable policy set. +.PP +\&\fBX509_VERIFY_PARAM_set1_policies()\fR enables policy checking (it is disabled +by default) and sets the acceptable policy set to \fBpolicies\fR. Any existing +policy set is cleared. The \fBpolicies\fR parameter can be \fB\s-1NULL\s0\fR to clear +an existing policy set. +.PP +\&\fBX509_VERIFY_PARAM_set_depth()\fR sets the maximum verification depth to \fBdepth\fR. +That is the maximum number of intermediate \s-1CA\s0 certificates that can appear in a +chain. +A maximal depth chain contains 2 more certificates than the limit, since +neither the end-entity certificate nor the trust-anchor count against this +limit. +Thus a \fBdepth\fR limit of 0 only allows the end-entity certificate to be signed +directly by the trust-anchor, while with a \fBdepth\fR limit of 1 there can be one +intermediate \s-1CA\s0 certificate between the trust-anchor and the end-entity +certificate. +.PP +\&\fBX509_VERIFY_PARAM_set_auth_level()\fR sets the authentication security level to +\&\fBauth_level\fR. +The authentication security level determines the acceptable signature and public +key strength when verifying certificate chains. +For a certificate chain to validate, the public keys of all the certificates +must meet the specified security level. +The signature algorithm security level is not enforced for the chain's \fItrust +anchor\fR certificate, which is either directly trusted or validated by means other +than its signature. +See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available +levels. +The default security level is \-1, or \*(L"not set\*(R". +At security level 0 or lower all algorithms are acceptable. +Security level 1 requires at least 80\-bit\-equivalent security and is broadly +interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0 keys +shorter than 1024 bits. +.PP +\&\fBX509_VERIFY_PARAM_set1_host()\fR sets the expected \s-1DNS\s0 hostname to +\&\fBname\fR clearing any previously specified host name or names. If +\&\fBname\fR is \s-1NULL,\s0 or empty the list of hostnames is cleared, and +name checks are not performed on the peer certificate. If \fBname\fR +is NUL-terminated, \fBnamelen\fR may be zero, otherwise \fBnamelen\fR +must be set to the length of \fBname\fR. +.PP +When a hostname is specified, +certificate verification automatically invokes \fBX509_check_host\fR\|(3) +with flags equal to the \fBflags\fR argument given to +\&\fBX509_VERIFY_PARAM_set_hostflags()\fR (default zero). Applications +are strongly advised to use this interface in preference to explicitly +calling \fBX509_check_host\fR\|(3), hostname checks may be out of scope +with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal check will +be suppressed as appropriate when \s-1DANE\s0 verification is enabled. +.PP +When the subject CommonName will not be ignored, whether as a result of the +\&\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR host flag, or because no \s-1DNS\s0 subject +alternative names are present in the certificate, any \s-1DNS\s0 name constraints in +issuer certificates apply to the subject CommonName as well as the subject +alternative name extension. +.PP +When the subject CommonName will be ignored, whether as a result of the +\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR host flag, or because some \s-1DNS\s0 subject +alternative names are present in the certificate, \s-1DNS\s0 name constraints in +issuer certificates will not be applied to the subject \s-1DN.\s0 +As described in \fBX509_check_host\fR\|(3) the \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR +flag takes precedence over the \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag. +.PP +\&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any host flags previously set via a +call to \fBX509_VERIFY_PARAM_set_hostflags()\fR. +.PP +\&\fBX509_VERIFY_PARAM_add1_host()\fR adds \fBname\fR as an additional reference +identifier that can match the peer's certificate. Any previous names +set via \fBX509_VERIFY_PARAM_set1_host()\fR or \fBX509_VERIFY_PARAM_add1_host()\fR +are retained, no change is made if \fBname\fR is \s-1NULL\s0 or empty. When +multiple names are configured, the peer is considered verified when +any name matches. +.PP +\&\fBX509_VERIFY_PARAM_get0_peername()\fR returns the \s-1DNS\s0 hostname or subject +CommonName from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, or when a +reference identifier specifies a parent domain (starts with \*(L".\*(R") +rather than a hostname, the peer name may be a wildcard name or a +sub-domain of the reference identifier respectively. The return +string is allocated by the library and is no longer valid once the +associated \fBparam\fR argument is freed. Applications must not free +the return value. +.PP +\&\fBX509_VERIFY_PARAM_set1_email()\fR sets the expected \s-1RFC822\s0 email address to +\&\fBemail\fR. If \fBemail\fR is NUL-terminated, \fBemaillen\fR may be zero, otherwise +\&\fBemaillen\fR must be set to the length of \fBemail\fR. When an email address +is specified, certificate verification automatically invokes +\&\fBX509_check_email\fR\|(3). +.PP +\&\fBX509_VERIFY_PARAM_set1_ip()\fR sets the expected \s-1IP\s0 address to \fBip\fR. +The \fBip\fR argument is in binary format, in network byte-order and +\&\fBiplen\fR must be set to 4 for IPv4 and 16 for IPv6. When an \s-1IP\s0 +address is specified, certificate verification automatically invokes +\&\fBX509_check_ip\fR\|(3). +.PP +\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR sets the expected \s-1IP\s0 address to +\&\fBipasc\fR. The \fBipasc\fR argument is a NUL-terminal \s-1ASCII\s0 string: +dotted decimal quad for IPv4 and colon-separated hexadecimal for +IPv6. The condensed \*(L"::\*(R" notation is supported for IPv6 addresses. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_VERIFY_PARAM_set_flags()\fR, \fBX509_VERIFY_PARAM_clear_flags()\fR, +\&\fBX509_VERIFY_PARAM_set_inh_flags()\fR, +\&\fBX509_VERIFY_PARAM_set_purpose()\fR, \fBX509_VERIFY_PARAM_set_trust()\fR, +\&\fBX509_VERIFY_PARAM_add0_policy()\fR \fBX509_VERIFY_PARAM_set1_policies()\fR, +\&\fBX509_VERIFY_PARAM_set1_host()\fR, \fBX509_VERIFY_PARAM_add1_host()\fR, +\&\fBX509_VERIFY_PARAM_set1_email()\fR, \fBX509_VERIFY_PARAM_set1_ip()\fR and +\&\fBX509_VERIFY_PARAM_set1_ip_asc()\fR return 1 for success and 0 for +failure. +.PP +\&\fBX509_VERIFY_PARAM_get_flags()\fR returns the current verification flags. +.PP +\&\fBX509_VERIFY_PARAM_get_hostflags()\fR returns any current host flags. +.PP +\&\fBX509_VERIFY_PARAM_get_inh_flags()\fR returns the current inheritance flags. +.PP +\&\fBX509_VERIFY_PARAM_set_time()\fR and \fBX509_VERIFY_PARAM_set_depth()\fR do not return +values. +.PP +\&\fBX509_VERIFY_PARAM_get_depth()\fR returns the current verification depth. +.PP +\&\fBX509_VERIFY_PARAM_get_auth_level()\fR returns the current authentication security +level. +.SH "VERIFICATION FLAGS" +.IX Header "VERIFICATION FLAGS" +The verification flags consists of zero or more of the following flags +ored together. +.PP +\&\fBX509_V_FLAG_CRL_CHECK\fR enables \s-1CRL\s0 checking for the certificate chain leaf +certificate. An error occurs if a suitable \s-1CRL\s0 cannot be found. +.PP +\&\fBX509_V_FLAG_CRL_CHECK_ALL\fR enables \s-1CRL\s0 checking for the entire certificate +chain. +.PP +\&\fBX509_V_FLAG_IGNORE_CRITICAL\fR disabled critical extension checking. By default +any unhandled critical extensions in certificates or (if checked) CRLs results +in a fatal error. If this flag is set unhandled critical extensions are +ignored. \fB\s-1WARNING\s0\fR setting this option for anything other than debugging +purposes can be a security risk. Finer control over which extensions are +supported can be performed in the verification callback. +.PP +The \fBX509_V_FLAG_X509_STRICT\fR flag disables workarounds for some broken +certificates and makes the verification strictly apply \fBX509\fR rules. +.PP +\&\fBX509_V_FLAG_ALLOW_PROXY_CERTS\fR enables proxy certificate verification. +.PP +\&\fBX509_V_FLAG_POLICY_CHECK\fR enables certificate policy checking, by default +no policy checking is performed. Additional information is sent to the +verification callback relating to policy checking. +.PP +\&\fBX509_V_FLAG_EXPLICIT_POLICY\fR, \fBX509_V_FLAG_INHIBIT_ANY\fR and +\&\fBX509_V_FLAG_INHIBIT_MAP\fR set the \fBrequire explicit policy\fR, \fBinhibit any +policy\fR and \fBinhibit policy mapping\fR flags respectively as defined in +\&\fB\s-1RFC3280\s0\fR. Policy checking is automatically enabled if any of these flags +are set. +.PP +If \fBX509_V_FLAG_NOTIFY_POLICY\fR is set and the policy checking is successful +a special status code is set to the verification callback. This permits it +to examine the valid policy tree and perform additional checks or simply +log it for debugging purposes. +.PP +By default some additional features such as indirect CRLs and CRLs signed by +different keys are disabled. If \fBX509_V_FLAG_EXTENDED_CRL_SUPPORT\fR is set +they are enabled. +.PP +If \fBX509_V_FLAG_USE_DELTAS\fR is set delta CRLs (if present) are used to +determine certificate status. If not set deltas are ignored. +.PP +\&\fBX509_V_FLAG_CHECK_SS_SIGNATURE\fR enables checking of the root \s-1CA\s0 self signed +certificate signature. By default this check is disabled because it doesn't +add any additional security but in some cases applications might want to +check the signature anyway. A side effect of not checking the root \s-1CA\s0 +signature is that disabled or unsupported message digests on the root \s-1CA\s0 +are not treated as fatal errors. +.PP +When \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, construction of the certificate chain +in \fBX509_verify_cert\fR\|(3) will search the trust store for issuer certificates +before searching the provided untrusted certificates. +Local issuer certificates are often more likely to satisfy local security +requirements and lead to a locally trusted root. +This is especially important when some certificates in the trust store have +explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fBx509\fR\|(1)). +As of OpenSSL 1.1.0 this option is on by default. +.PP +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag suppresses checking for alternative +chains. +By default, unless \fBX509_V_FLAG_TRUSTED_FIRST\fR is set, when building a +certificate chain, if the first certificate chain found is not trusted, then +OpenSSL will attempt to replace untrusted certificates supplied by the peer +with certificates from the trust store to see if an alternative chain can be +found that is trusted. +As of OpenSSL 1.1.0, with \fBX509_V_FLAG_TRUSTED_FIRST\fR always set, this option +has no effect. +.PP +The \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag causes intermediate certificates in the +trust store to be treated as trust-anchors, in the same way as the self-signed +root \s-1CA\s0 certificates. +This makes it possible to trust certificates issued by an intermediate \s-1CA\s0 +without having to trust its ancestor root \s-1CA.\s0 +With OpenSSL 1.1.0 and later and set, chain +construction stops as soon as the first certificate from the trust store is +added to the chain, whether that certificate is a self-signed \*(L"root\*(R" +certificate or a not self-signed intermediate certificate. +Thus, when an intermediate certificate is found in the trust store, the +verified chain passed to callbacks may be shorter than it otherwise would +be without the \fBX509_V_FLAG_PARTIAL_CHAIN\fR flag. +.PP +The \fBX509_V_FLAG_NO_CHECK_TIME\fR flag suppresses checking the validity period +of certificates and CRLs against the current time. If \fBX509_VERIFY_PARAM_set_time()\fR +is used to specify a verification time, the check is not suppressed. +.SH "INHERITANCE FLAGS" +.IX Header "INHERITANCE FLAGS" +These flags specify how parameters are \*(L"inherited\*(R" from one structure to +another. +.PP +If \fBX509_VP_FLAG_ONCE\fR is set then the current setting is zeroed +after the next call. +.PP +If \fBX509_VP_FLAG_LOCKED\fR is set then no values are copied. This overrides +all of the following flags. +.PP +If \fBX509_VP_FLAG_DEFAULT\fR is set then anything set in the source is copied +to the destination. Effectively the values in \*(L"to\*(R" become default values +which will be used only if nothing new is set in \*(L"from\*(R". This is the +default. +.PP +If \fBX509_VP_FLAG_OVERWRITE\fR is set then all value are copied across whether +they are set or not. Flags is still Ored though. +.PP +If \fBX509_VP_FLAG_RESET_FLAGS\fR is set then the flags value is copied instead +of ORed. +.SH "NOTES" +.IX Header "NOTES" +The above functions should be used to manipulate verification parameters +instead of functions which work in specific structures such as +\&\fBX509_STORE_CTX_set_flags()\fR which are likely to be deprecated in a future +release. +.SH "BUGS" +.IX Header "BUGS" +Delta \s-1CRL\s0 checking is currently primitive. Only a single delta can be used and +(partly due to limitations of \fBX509_STORE\fR) constructed CRLs are not +maintained. +.PP +If CRLs checking is enable CRLs are expected to be available in the +corresponding \fBX509_STORE\fR structure. No attempt is made to download +CRLs from the \s-1CRL\s0 distribution points extension. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0 +connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: +.PP +.Vb 1 +\& X509_VERIFY_PARAM *param; +\& +\& param = X509_VERIFY_PARAM_new(); +\& X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); +\& SSL_CTX_set1_param(ctx, param); +\& X509_VERIFY_PARAM_free(param); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_host\fR\|(3), +\&\fBX509_check_email\fR\|(3), +\&\fBX509_check_ip\fR\|(3), +\&\fBx509\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.1.0. +The flag \fBX509_V_FLAG_CB_ISSUER_CHECK\fR was deprecated in OpenSSL 1.1.0 +and has no effect. +.PP +The \fBX509_VERIFY_PARAM_get_hostflags()\fR function was added in OpenSSL 1.1.0i. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_check_ca.3 b/secure/lib/libcrypto/man/man3/X509_check_ca.3 new file mode 100644 index 000000000000..289b9369d068 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_check_ca.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_CA 3" +.TH X509_CHECK_CA 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_ca \- check if given certificate is CA certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_ca(X509 *cert); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function checks if given certificate is \s-1CA\s0 certificate (can be used +to sign other certificates). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Function return 0, if it is not \s-1CA\s0 certificate, 1 if it is proper X509v3 +\&\s-1CA\s0 certificate with \fBbasicConstraints\fR extension \s-1CA:TRUE, +3,\s0 if it is self-signed X509 v1 certificate, 4, if it is certificate with +\&\fBkeyUsage\fR extension with bit \fBkeyCertSign\fR set, but without +\&\fBbasicConstraints\fR, and 5 if it has outdated Netscape Certificate Type +extension telling that it is \s-1CA\s0 certificate. +.PP +Actually, any non-zero value means that this certificate could have been +used to sign other certificates. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_issued\fR\|(3), +\&\fBX509_check_purpose\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_check_host.3 b/secure/lib/libcrypto/man/man3/X509_check_host.3 new file mode 100644 index 000000000000..9f6b088d4294 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_check_host.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_HOST 3" +.TH X509_CHECK_HOST 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc \- X.509 certificate matching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_host(X509 *, const char *name, size_t namelen, +\& unsigned int flags, char **peername); +\& int X509_check_email(X509 *, const char *address, size_t addresslen, +\& unsigned int flags); +\& int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen, +\& unsigned int flags); +\& int X509_check_ip_asc(X509 *, const char *address, unsigned int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The certificate matching functions are used to check whether a +certificate matches a given host name, email address, or \s-1IP\s0 address. +The validity of the certificate and its trust level has to be checked by +other means. +.PP +\&\fBX509_check_host()\fR checks if the certificate Subject Alternative +Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified host +name, which must be encoded in the preferred name syntax described +in section 3.5 of \s-1RFC 1034.\s0 By default, wildcards are supported +and they match only in the left-most label; but they may match +part of that label with an explicit prefix or suffix. For example, +by default, the host \fBname\fR \*(L"www.example.com\*(R" would match a +certificate with a \s-1SAN\s0 or \s-1CN\s0 value of \*(L"*.example.com\*(R", \*(L"w*.example.com\*(R" +or \*(L"*w.example.com\*(R". +.PP +Per section 6.4.2 of \s-1RFC 6125,\s0 \fBname\fR values representing international +domain names must be given in A\-label form. The \fBnamelen\fR argument +must be the number of characters in the name string or zero in which +case the length is calculated with strlen(\fBname\fR). When \fBname\fR starts +with a dot (e.g \*(L".example.com\*(R"), it will be matched by a certificate +valid for any sub-domain of \fBname\fR, (see also +\&\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR below). +.PP +When the certificate is matched, and \fBpeername\fR is not \s-1NULL,\s0 a +pointer to a copy of the matching \s-1SAN\s0 or \s-1CN\s0 from the peer certificate +is stored at the address passed in \fBpeername\fR. The application +is responsible for freeing the peername via \fBOPENSSL_free()\fR when it +is no longer needed. +.PP +\&\fBX509_check_email()\fR checks if the certificate matches the specified +email \fBaddress\fR. Only the mailbox syntax of \s-1RFC 822\s0 is supported, +comments are not allowed, and no attempt is made to normalize quoted +characters. The \fBaddresslen\fR argument must be the number of +characters in the address string or zero in which case the length +is calculated with strlen(\fBaddress\fR). +.PP +\&\fBX509_check_ip()\fR checks if the certificate matches a specified IPv4 or +IPv6 address. The \fBaddress\fR array is in binary format, in network +byte order. The length is either 4 (IPv4) or 16 (IPv6). Only +explicitly marked addresses in the certificates are considered; \s-1IP\s0 +addresses stored in \s-1DNS\s0 names and Common Names are ignored. +.PP +\&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated +string \fBaddress\fR is first converted to the internal representation. +.PP +The \fBflags\fR argument is usually 0. It can be the bitwise \s-1OR\s0 of the +flags: +.IP "\fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR," 4 +.IX Item "X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT," +.PD 0 +.IP "\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR," 4 +.IX Item "X509_CHECK_FLAG_NEVER_CHECK_SUBJECT," +.IP "\fBX509_CHECK_FLAG_NO_WILDCARDS\fR," 4 +.IX Item "X509_CHECK_FLAG_NO_WILDCARDS," +.IP "\fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR," 4 +.IX Item "X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS," +.IP "\fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR." 4 +.IX Item "X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS." +.IP "\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR." 4 +.IX Item "X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS." +.PD +.PP +The \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR flag causes the function +to consider the subject \s-1DN\s0 even if the certificate contains at least +one subject alternative name of the right type (\s-1DNS\s0 name or email +address as appropriate); the default is to ignore the subject \s-1DN\s0 +when at least one corresponding subject alternative names is present. +.PP +The \fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR flag causes the function to never +consider the subject \s-1DN\s0 even if the certificate contains no subject alternative +names of the right type (\s-1DNS\s0 name or email address as appropriate); the default +is to use the subject \s-1DN\s0 when no corresponding subject alternative names are +present. +If both \fBX509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT\fR and +\&\fBX509_CHECK_FLAG_NEVER_CHECK_SUBJECT\fR are specified, the latter takes +precedence and the subject \s-1DN\s0 is not checked for matching names. +.PP +If set, \fBX509_CHECK_FLAG_NO_WILDCARDS\fR disables wildcard +expansion; this only applies to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_NO_PARTIAL_WILDCARDS\fR suppresses support +for \*(L"*\*(R" as wildcard pattern in labels that have a prefix or suffix, +such as: \*(L"www*\*(R" or \*(L"*www\*(R"; this only applies to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_MULTI_LABEL_WILDCARDS\fR allows a \*(L"*\*(R" that +constitutes the complete label of a \s-1DNS\s0 name (e.g. \*(L"*.example.com\*(R") +to match more than one label in \fBname\fR; this flag only applies +to \fBX509_check_host\fR. +.PP +If set, \fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR restricts \fBname\fR +values which start with \*(L".\*(R", that would otherwise match any sub-domain +in the peer certificate, to only match direct child sub-domains. +Thus, for instance, with this flag set a \fBname\fR of \*(L".example.com\*(R" +would match a peer certificate with a \s-1DNS\s0 name of \*(L"www.example.com\*(R", +but would not match a peer certificate with a \s-1DNS\s0 name of +\&\*(L"www.sub.example.com\*(R"; this flag only applies to \fBX509_check_host\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return 1 for a successful match, 0 for a failed match +and \-1 for an internal error: typically a memory allocation failure +or an \s-1ASN.1\s0 decoding error. +.PP +All functions can also return \-2 if the input is malformed. For example, +\&\fBX509_check_host()\fR returns \-2 if the provided \fBname\fR contains embedded +NULs. +.SH "NOTES" +.IX Header "NOTES" +Applications are encouraged to use \fBX509_VERIFY_PARAM_set1_host()\fR +rather than explicitly calling \fBX509_check_host\fR\|(3). Host name +checks may be out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, +and the internal checks will be suppressed as appropriate when +\&\s-1DANE\s0 support is enabled. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_host\fR\|(3), +\&\fBX509_VERIFY_PARAM_add1_host\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_email\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3), +\&\fBX509_VERIFY_PARAM_set1_ipasc\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.0.2. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2012\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_check_issued.3 b/secure/lib/libcrypto/man/man3/X509_check_issued.3 new file mode 100644 index 000000000000..e109f1dfcb40 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_check_issued.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_ISSUED 3" +.TH X509_CHECK_ISSUED 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_issued \- checks if certificate is issued by another certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_issued(X509 *issuer, X509 *subject); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function checks if certificate \fIsubject\fR was issued using \s-1CA\s0 +certificate \fIissuer\fR. This function takes into account not only +matching of issuer field of \fIsubject\fR with subject field of \fIissuer\fR, +but also compares \fBauthorityKeyIdentifier\fR extension of \fIsubject\fR with +\&\fBsubjectKeyIdentifier\fR of \fIissuer\fR if \fBauthorityKeyIdentifier\fR +present in the \fIsubject\fR certificate and checks \fBkeyUsage\fR field of +\&\fIissuer\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Function return \fBX509_V_OK\fR if certificate \fIsubject\fR is issued by +\&\fIissuer\fR or some \fBX509_V_ERR*\fR constant to indicate an error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_verify_cert\fR\|(3), +\&\fBX509_check_ca\fR\|(3), +\&\fBverify\fR\|(1) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_check_private_key.3 b/secure/lib/libcrypto/man/man3/X509_check_private_key.3 new file mode 100644 index 000000000000..7f00cf473eb4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_check_private_key.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CHECK_PRIVATE_KEY 3" +.TH X509_CHECK_PRIVATE_KEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_check_private_key, X509_REQ_check_private_key \- check the consistency of a private key with the public key in an X509 certificate or certificate request +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_check_private_key(X509 *x, EVP_PKEY *k); +\& +\& int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_check_private_key()\fR function checks the consistency of private +key \fBk\fR with the public key in \fBx\fR. +.PP +\&\fBX509_REQ_check_private_key()\fR is equivalent to \fBX509_check_private_key()\fR +except that \fBx\fR represents a certificate request of structure \fBX509_REQ\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_check_private_key()\fR and \fBX509_REQ_check_private_key()\fR return 1 if +the keys match each other, and 0 if not. +.PP +If the key is invalid or an error occurred, the reason code can be +obtained using \fBERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +The \fBcheck_private_key\fR functions don't check if \fBk\fR itself is indeed +a private key or not. It merely compares the public materials (e.g. exponent +and modulus of an \s-1RSA\s0 key) and/or key parameters (e.g. \s-1EC\s0 params of an \s-1EC\s0 key) +of a key pair. So if you pass a public key to these functions in \fBk\fR, it will +return success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_cmp.3 b/secure/lib/libcrypto/man/man3/X509_cmp.3 new file mode 100644 index 000000000000..74c3882ea322 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_cmp.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CMP 3" +.TH X509_CMP 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_cmp, X509_NAME_cmp, X509_issuer_and_serial_cmp, X509_issuer_name_cmp, X509_subject_name_cmp, X509_CRL_cmp, X509_CRL_match \&\- compare X509 certificates and related values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_cmp(const X509 *a, const X509 *b); +\& int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +\& int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +\& int X509_issuer_name_cmp(const X509 *a, const X509 *b); +\& int X509_subject_name_cmp(const X509 *a, const X509 *b); +\& int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +\& int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This set of functions are used to compare X509 objects, including X509 +certificates, X509 \s-1CRL\s0 objects and various values in an X509 certificate. +.PP +The \fBX509_cmp()\fR function compares two \fBX509\fR objects indicated by parameters +\&\fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of the hash +values of two \fBX509\fR objects and the canonical (\s-1DER\s0) encoding values. +.PP +The \fBX509_NAME_cmp()\fR function compares two \fBX509_NAME\fR objects indicated by +parameters \fBa\fR and \fBb\fR. The comparison is based on the \fBmemcmp\fR result of +the canonical (\s-1DER\s0) encoding values of the two objects. \fBi2d_X509_NAME\fR\|(3) +has a more detailed description of the \s-1DER\s0 encoding of the \fBX509_NAME\fR structure. +.PP +The \fBX509_issuer_and_serial_cmp()\fR function compares the serial number and issuer +values in the given \fBX509\fR objects \fBa\fR and \fBb\fR. +.PP +The \fBX509_issuer_name_cmp()\fR, \fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR functions +are effectively wrappers of the \fBX509_NAME_cmp()\fR function. These functions compare +issuer names and subject names of the objects, or issuers of \fBX509_CRL\fR +objects, respectively. +.IX Xref "509" +.PP +The \fBX509_CRL_match()\fR function compares two \fBX509_CRL\fR objects. Unlike the +\&\fBX509_CRL_cmp()\fR function, this function compares the whole \s-1CRL\s0 content instead +of just the issuer name. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Like common memory comparison functions, the \fBX509\fR comparison functions return +an integer less than, equal to, or greater than zero if object \fBa\fR is found to +be less than, to match, or be greater than object \fBb\fR, respectively. +.PP +\&\fBX509_NAME_cmp()\fR, \fBX509_issuer_and_serial_cmp()\fR, \fBX509_issuer_name_cmp()\fR, +\&\fBX509_subject_name_cmp()\fR and \fBX509_CRL_cmp()\fR may return \fB\-2\fR to indicate an error. +.SH "NOTES" +.IX Header "NOTES" +These functions in fact utilize the underlying \fBmemcmp\fR of the C library to do +the comparison job. Data to be compared varies from \s-1DER\s0 encoding data, hash +value or \fB\s-1ASN1_STRING\s0\fR. The sign of the comparison can be used to order the +objects but it does not have a special meaning in some cases. +.PP +\&\fBX509_NAME_cmp()\fR and wrappers utilize the value \fB\-2\fR to indicate errors in some +circumstances, which could cause confusion for the applications. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBi2d_X509_NAME\fR\|(3), \fBi2d_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_cmp_time.3 b/secure/lib/libcrypto/man/man3/X509_cmp_time.3 new file mode 100644 index 000000000000..aa0e6c9e32e8 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_cmp_time.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_CMP_TIME 3" +.TH X509_CMP_TIME 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_cmp_time, X509_cmp_current_time, X509_time_adj, X509_time_adj_ex \&\- X509 time functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 5 +\& int X509_cmp_time(const ASN1_TIME *asn1_time, time_t *in_tm); +\& int X509_cmp_current_time(const ASN1_TIME *asn1_time); +\& ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm); +\& ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long +\& offset_sec, time_t *in_tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time +in . \fBX509_cmp_current_time()\fR compares the \s-1ASN1_TIME\s0 in +\&\fBasn1_time\fR with the current time, expressed as time_t. \fBasn1_time\fR +must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC 5280,\s0 i.e., its +format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ.\s0 +.PP +\&\fBX509_time_adj_ex()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time +\&\fBoffset_day\fR and \fBoffset_sec\fR after \fBin_tm\fR. +.PP +\&\fBX509_time_adj()\fR sets the \s-1ASN1_TIME\s0 structure \fBasn1_time\fR to the time +\&\fBoffset_sec\fR after \fBin_tm\fR. This method can only handle second +offsets up to the capacity of long, so the newer \fBX509_time_adj_ex()\fR +\&\s-1API\s0 should be preferred. +.PP +In both methods, if \fBasn1_time\fR is \s-1NULL,\s0 a new \s-1ASN1_TIME\s0 structure +is allocated and returned. +.PP +In all methods, if \fBin_tm\fR is \s-1NULL,\s0 the current time, expressed as +time_t, is used. +.SH "BUGS" +.IX Header "BUGS" +Unlike many standard comparison functions, \fBX509_cmp_time()\fR and +\&\fBX509_cmp_current_time()\fR return 0 on error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_cmp_time()\fR and \fBX509_cmp_current_time()\fR return \-1 if \fBasn1_time\fR +is earlier than, or equal to, \fBcmp_time\fR (resp. current time), and 1 +otherwise. These methods return 0 on error. +.PP +\&\fBX509_time_adj()\fR and \fBX509_time_adj_ex()\fR return a pointer to the updated +\&\s-1ASN1_TIME\s0 structure, and \s-1NULL\s0 on error. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_digest.3 b/secure/lib/libcrypto/man/man3/X509_digest.3 new file mode 100644 index 000000000000..a976fca38ae7 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_digest.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_DIGEST 3" +.TH X509_DIGEST 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_digest, X509_CRL_digest, X509_pubkey_digest, X509_NAME_digest, X509_REQ_digest, PKCS7_ISSUER_AND_SERIAL_digest \&\- get digest of various objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +\& +\& int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +\& +\& int X509_pubkey_digest(const X509 *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, +\& unsigned char *md, unsigned int *len); +\& +\& #include +\& +\& int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, +\& const EVP_MD *type, unsigned char *md, +\& unsigned int *len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_pubkey_digest()\fR returns a digest of the \s-1DER\s0 representation of the public +key in the specified X509 \fBdata\fR object. +All other functions described here return a digest of the \s-1DER\s0 representation +of their entire \fBdata\fR objects. +.PP +The \fBtype\fR parameter specifies the digest to +be used, such as \fBEVP_sha1()\fR. The \fBmd\fR is a pointer to the buffer where the +digest will be copied and is assumed to be large enough; the constant +\&\fB\s-1EVP_MAX_MD_SIZE\s0\fR is suggested. The \fBlen\fR parameter, if not \s-1NULL,\s0 points +to a place where the digest size will be stored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All functions described here return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_sha1\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_dup.3 b/secure/lib/libcrypto/man/man3/X509_dup.3 new file mode 100644 index 000000000000..291044d591ca --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_dup.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_DUP 3" +.TH X509_DUP 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +DECLARE_ASN1_FUNCTIONS, IMPLEMENT_ASN1_FUNCTIONS, ASN1_ITEM, ACCESS_DESCRIPTION_free, ACCESS_DESCRIPTION_new, ADMISSIONS_free, ADMISSIONS_new, ADMISSION_SYNTAX_free, ADMISSION_SYNTAX_new, ASIdOrRange_free, ASIdOrRange_new, ASIdentifierChoice_free, ASIdentifierChoice_new, ASIdentifiers_free, ASIdentifiers_new, ASRange_free, ASRange_new, AUTHORITY_INFO_ACCESS_free, AUTHORITY_INFO_ACCESS_new, AUTHORITY_KEYID_free, AUTHORITY_KEYID_new, BASIC_CONSTRAINTS_free, BASIC_CONSTRAINTS_new, CERTIFICATEPOLICIES_free, CERTIFICATEPOLICIES_new, CMS_ContentInfo_free, CMS_ContentInfo_new, CMS_ContentInfo_print_ctx, CMS_ReceiptRequest_free, CMS_ReceiptRequest_new, CRL_DIST_POINTS_free, CRL_DIST_POINTS_new, DIRECTORYSTRING_free, DIRECTORYSTRING_new, DISPLAYTEXT_free, DISPLAYTEXT_new, DIST_POINT_NAME_free, DIST_POINT_NAME_new, DIST_POINT_free, DIST_POINT_new, DSAparams_dup, ECPARAMETERS_free, ECPARAMETERS_new, ECPKPARAMETERS_free, ECPKPARAMETERS_new, EDIPARTYNAME_free, EDIPARTYNAME_new, ESS_CERT_ID_dup, ESS_CERT_ID_free, ESS_CERT_ID_new, ESS_ISSUER_SERIAL_dup, ESS_ISSUER_SERIAL_free, ESS_ISSUER_SERIAL_new, ESS_SIGNING_CERT_dup, ESS_SIGNING_CERT_free, ESS_SIGNING_CERT_new, EXTENDED_KEY_USAGE_free, EXTENDED_KEY_USAGE_new, GENERAL_NAMES_free, GENERAL_NAMES_new, GENERAL_NAME_dup, GENERAL_NAME_free, GENERAL_NAME_new, GENERAL_SUBTREE_free, GENERAL_SUBTREE_new, IPAddressChoice_free, IPAddressChoice_new, IPAddressFamily_free, IPAddressFamily_new, IPAddressOrRange_free, IPAddressOrRange_new, IPAddressRange_free, IPAddressRange_new, ISSUING_DIST_POINT_free, ISSUING_DIST_POINT_new, NAME_CONSTRAINTS_free, NAME_CONSTRAINTS_new, NAMING_AUTHORITY_free, NAMING_AUTHORITY_new, NETSCAPE_CERT_SEQUENCE_free, NETSCAPE_CERT_SEQUENCE_new, NETSCAPE_SPKAC_free, NETSCAPE_SPKAC_new, NETSCAPE_SPKI_free, NETSCAPE_SPKI_new, NOTICEREF_free, NOTICEREF_new, OCSP_BASICRESP_free, OCSP_BASICRESP_new, OCSP_CERTID_dup, OCSP_CERTID_new, OCSP_CERTSTATUS_free, OCSP_CERTSTATUS_new, OCSP_CRLID_free, OCSP_CRLID_new, OCSP_ONEREQ_free, OCSP_ONEREQ_new, OCSP_REQINFO_free, OCSP_REQINFO_new, OCSP_RESPBYTES_free, OCSP_RESPBYTES_new, OCSP_RESPDATA_free, OCSP_RESPDATA_new, OCSP_RESPID_free, OCSP_RESPID_new, OCSP_RESPONSE_new, OCSP_REVOKEDINFO_free, OCSP_REVOKEDINFO_new, OCSP_SERVICELOC_free, OCSP_SERVICELOC_new, OCSP_SIGNATURE_free, OCSP_SIGNATURE_new, OCSP_SINGLERESP_free, OCSP_SINGLERESP_new, OTHERNAME_free, OTHERNAME_new, PBE2PARAM_free, PBE2PARAM_new, PBEPARAM_free, PBEPARAM_new, PBKDF2PARAM_free, PBKDF2PARAM_new, PKCS12_BAGS_free, PKCS12_BAGS_new, PKCS12_MAC_DATA_free, PKCS12_MAC_DATA_new, PKCS12_SAFEBAG_free, PKCS12_SAFEBAG_new, PKCS12_free, PKCS12_new, PKCS7_DIGEST_free, PKCS7_DIGEST_new, PKCS7_ENCRYPT_free, PKCS7_ENCRYPT_new, PKCS7_ENC_CONTENT_free, PKCS7_ENC_CONTENT_new, PKCS7_ENVELOPE_free, PKCS7_ENVELOPE_new, PKCS7_ISSUER_AND_SERIAL_free, PKCS7_ISSUER_AND_SERIAL_new, PKCS7_RECIP_INFO_free, PKCS7_RECIP_INFO_new, PKCS7_SIGNED_free, PKCS7_SIGNED_new, PKCS7_SIGNER_INFO_free, PKCS7_SIGNER_INFO_new, PKCS7_SIGN_ENVELOPE_free, PKCS7_SIGN_ENVELOPE_new, PKCS7_dup, PKCS7_free, PKCS7_new, PKCS7_print_ctx, PKCS8_PRIV_KEY_INFO_free, PKCS8_PRIV_KEY_INFO_new, PKEY_USAGE_PERIOD_free, PKEY_USAGE_PERIOD_new, POLICYINFO_free, POLICYINFO_new, POLICYQUALINFO_free, POLICYQUALINFO_new, POLICY_CONSTRAINTS_free, POLICY_CONSTRAINTS_new, POLICY_MAPPING_free, POLICY_MAPPING_new, PROFESSION_INFO_free, PROFESSION_INFO_new, PROFESSION_INFOS_free, PROFESSION_INFOS_new, PROXY_CERT_INFO_EXTENSION_free, PROXY_CERT_INFO_EXTENSION_new, PROXY_POLICY_free, PROXY_POLICY_new, RSAPrivateKey_dup, RSAPublicKey_dup, RSA_OAEP_PARAMS_free, RSA_OAEP_PARAMS_new, RSA_PSS_PARAMS_free, RSA_PSS_PARAMS_new, SCRYPT_PARAMS_free, SCRYPT_PARAMS_new, SXNETID_free, SXNETID_new, SXNET_free, SXNET_new, TLS_FEATURE_free, TLS_FEATURE_new, TS_ACCURACY_dup, TS_ACCURACY_free, TS_ACCURACY_new, TS_MSG_IMPRINT_dup, TS_MSG_IMPRINT_free, TS_MSG_IMPRINT_new, TS_REQ_dup, TS_REQ_free, TS_REQ_new, TS_RESP_dup, TS_RESP_free, TS_RESP_new, TS_STATUS_INFO_dup, TS_STATUS_INFO_free, TS_STATUS_INFO_new, TS_TST_INFO_dup, TS_TST_INFO_free, TS_TST_INFO_new, USERNOTICE_free, USERNOTICE_new, X509_ALGOR_free, X509_ALGOR_new, X509_ATTRIBUTE_dup, X509_ATTRIBUTE_free, X509_ATTRIBUTE_new, X509_CERT_AUX_free, X509_CERT_AUX_new, X509_CINF_free, X509_CINF_new, X509_CRL_INFO_free, X509_CRL_INFO_new, X509_CRL_dup, X509_CRL_free, X509_CRL_new, X509_EXTENSION_dup, X509_EXTENSION_free, X509_EXTENSION_new, X509_NAME_ENTRY_dup, X509_NAME_ENTRY_free, X509_NAME_ENTRY_new, X509_NAME_dup, X509_NAME_free, X509_NAME_new, X509_REQ_INFO_free, X509_REQ_INFO_new, X509_REQ_dup, X509_REQ_free, X509_REQ_new, X509_REVOKED_dup, X509_REVOKED_free, X509_REVOKED_new, X509_SIG_free, X509_SIG_new, X509_VAL_free, X509_VAL_new, X509_dup, \&\- ASN1 object utilities +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DECLARE_ASN1_FUNCTIONS(type) +\& IMPLEMENT_ASN1_FUNCTIONS(stname) +\& +\& typedef struct ASN1_ITEM_st ASN1_ITEM; +\& +\& extern const ASN1_ITEM TYPE_it; +\& TYPE *TYPE_new(void); +\& TYPE *TYPE_dup(TYPE *a); +\& void TYPE_free(TYPE *a); +\& int TYPE_print_ctx(BIO *out, TYPE *a, int indent, const ASN1_PCTX *pctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description below, \fI\s-1TYPE\s0\fR is used +as a placeholder for any of the OpenSSL datatypes, such as \fIX509\fR. +.PP +The OpenSSL \s-1ASN1\s0 parsing library templates are like a data-driven bytecode +interpreter. +Every \s-1ASN1\s0 object as a global variable, TYPE_it, that describes the item +such as its fields. (On systems which cannot export variables from shared +libraries, the global is instead a function which returns a pointer to a +static variable. +.PP +The macro \s-1\fBDECLARE_ASN1_FUNCTIONS\s0()\fR is typically used in header files +to generate the function declarations. +.PP +The macro \s-1\fBIMPLEMENT_ASN1_FUNCTIONS\s0()\fR is used once in a source file +to generate the function bodies. +.PP +\&\fBTYPE_new()\fR allocates an empty object of the indicated type. +The object returned must be released by calling \fBTYPE_free()\fR. +.PP +\&\fBTYPE_dup()\fR copies an existing object. +.PP +\&\fBTYPE_free()\fR releases the object and all pointers and sub-objects +within it. +.PP +\&\fBTYPE_print_ctx()\fR prints the object \fBa\fR on the specified \s-1BIO\s0 \fBout\fR. +Each line will be prefixed with \fBindent\fR spaces. +The \fBpctx\fR specifies the printing context and is for internal +use; use \s-1NULL\s0 to get the default behavior. If a print function is +user-defined, then pass in any \fBpctx\fR down to any nested calls. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBTYPE_new()\fR and \fBTYPE_dup()\fR return a pointer to the object or \s-1NULL\s0 on failure. +.PP +\&\fBTYPE_print_ctx()\fR returns 1 on success or zero on failure. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 b/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 new file mode 100644 index 000000000000..e9f67eb3cd84 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_get0_notBefore.3 @@ -0,0 +1,231 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_NOTBEFORE 3" +.TH X509_GET0_NOTBEFORE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_notBefore, X509_getm_notBefore, X509_get0_notAfter, X509_getm_notAfter, X509_set1_notBefore, X509_set1_notAfter, X509_CRL_get0_lastUpdate, X509_CRL_get0_nextUpdate, X509_CRL_set1_lastUpdate, X509_CRL_set1_nextUpdate \- get or set certificate or CRL dates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& const ASN1_TIME *X509_get0_notBefore(const X509 *x); +\& const ASN1_TIME *X509_get0_notAfter(const X509 *x); +\& +\& ASN1_TIME *X509_getm_notBefore(const X509 *x); +\& ASN1_TIME *X509_getm_notAfter(const X509 *x); +\& +\& int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +\& int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +\& +\& const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +\& const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +\& +\& int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +\& int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR return the \fBnotBefore\fR +and \fBnotAfter\fR fields of certificate \fBx\fR respectively. The value +returned is an internal pointer which must not be freed up after +the call. +.PP +\&\fBX509_getm_notBefore()\fR and \fBX509_getm_notAfter()\fR are similar to +\&\fBX509_get0_notBefore()\fR and \fBX509_get0_notAfter()\fR except they return +non-constant mutable references to the associated date field of +the certificate. +.PP +\&\fBX509_set1_notBefore()\fR and \fBX509_set1_notAfter()\fR set the \fBnotBefore\fR +and \fBnotAfter\fR fields of \fBx\fR to \fBtm\fR. Ownership of the passed +parameter \fBtm\fR is not transferred by these functions so it must +be freed up after the call. +.PP +\&\fBX509_CRL_get0_lastUpdate()\fR and \fBX509_CRL_get0_nextUpdate()\fR return the +\&\fBlastUpdate\fR and \fBnextUpdate\fR fields of \fBcrl\fR. The value +returned is an internal pointer which must not be freed up after +the call. If the \fBnextUpdate\fR field is absent from \fBcrl\fR then +\&\fB\s-1NULL\s0\fR is returned. +.PP +\&\fBX509_CRL_set1_lastUpdate()\fR and \fBX509_CRL_set1_nextUpdate()\fR set the \fBlastUpdate\fR +and \fBnextUpdate\fR fields of \fBcrl\fR to \fBtm\fR. Ownership of the passed parameter +\&\fBtm\fR is not transferred by these functions so it must be freed up after the +call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get0_notBefore()\fR, \fBX509_get0_notAfter()\fR and \fBX509_CRL_get0_lastUpdate()\fR +return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure. +.PP +\&\fBX509_CRL_get0_lastUpdate()\fR return a pointer to an \fB\s-1ASN1_TIME\s0\fR structure +or \s-1NULL\s0 if the \fBlastUpdate\fR field is absent. +.PP +\&\fBX509_set1_notBefore()\fR, \fBX509_set1_notAfter()\fR, \fBX509_CRL_set1_lastUpdate()\fR and +\&\fBX509_CRL_set1_nextUpdate()\fR return 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions are available in all versions of OpenSSL. +.PP +\&\fBX509_get_notBefore()\fR and \fBX509_get_notAfter()\fR were deprecated in OpenSSL +1.1.0 +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_get0_signature.3 b/secure/lib/libcrypto/man/man3/X509_get0_signature.3 new file mode 100644 index 000000000000..da6a641fa2fd --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_get0_signature.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_SIGNATURE 3" +.TH X509_GET0_SIGNATURE 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set \- signature information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_get0_signature(const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg, +\& const X509 *x); +\& int X509_get_signature_nid(const X509 *x); +\& const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); +\& +\& void X509_REQ_get0_signature(const X509_REQ *crl, +\& const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg); +\& int X509_REQ_get_signature_nid(const X509_REQ *crl); +\& +\& void X509_CRL_get0_signature(const X509_CRL *crl, +\& const ASN1_BIT_STRING **psig, +\& const X509_ALGOR **palg); +\& int X509_CRL_get_signature_nid(const X509_CRL *crl); +\& +\& int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, +\& uint32_t *flags); +\& +\& int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, +\& int *secbits, uint32_t *flags); +\& void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, +\& int secbits, uint32_t flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get0_signature()\fR sets \fB*psig\fR to the signature of \fBx\fR and \fB*palg\fR +to the signature algorithm of \fBx\fR. The values returned are internal +pointers which \fB\s-1MUST NOT\s0\fR be freed up after the call. +.PP +\&\fBX509_get0_tbs_sigalg()\fR returns the signature algorithm in the signed +portion of \fBx\fR. +.PP +\&\fBX509_get_signature_nid()\fR returns the \s-1NID\s0 corresponding to the signature +algorithm of \fBx\fR. +.PP +\&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR +\&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR perform the +same function for certificate requests and CRLs. +.PP +\&\fBX509_get_signature_info()\fR retrieves information about the signature of +certificate \fBx\fR. The \s-1NID\s0 of the signing digest is written to \fB*mdnid\fR, +the public key algorithm to \fB*pknid\fR, the effective security bits to +\&\fB*secbits\fR and flag details to \fB*flags\fR. Any of the parameters can +be set to \fB\s-1NULL\s0\fR if the information is not required. +.PP +\&\fBX509_SIG_INFO_get()\fR and \fBX509_SIG_INFO_set()\fR get and set information +about a signature in an \fBX509_SIG_INFO\fR structure. They are only +used by implementations of algorithms which need to set custom +signature information: most applications will never need to call +them. +.SH "NOTES" +.IX Header "NOTES" +These functions provide lower level access to signatures in certificates +where an application wishes to analyse or generate a signature in a form +where \fBX509_sign()\fR et al is not appropriate (for example a non standard +or unsupported format). +.PP +The security bits returned by \fBX509_get_signature_info()\fR refers to information +available from the certificate signature (such as the signing digest). In some +cases the actual security of the signature is less because the signing +key is less secure: for example a certificate signed using \s-1SHA\-512\s0 and a +1024 bit \s-1RSA\s0 key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_signature_nid()\fR, \fBX509_REQ_get_signature_nid()\fR and +\&\fBX509_CRL_get_signature_nid()\fR return a \s-1NID.\s0 +.PP +\&\fBX509_get0_signature()\fR, \fBX509_REQ_get0_signature()\fR and +\&\fBX509_CRL_get0_signature()\fR do not return values. +.PP +\&\fBX509_get_signature_info()\fR returns 1 if the signature information +returned is valid or 0 if the information is not available (e.g. +unknown algorithms or malformed parameters). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The +\&\fBX509_get0_signature()\fR and \fBX509_get_signature_nid()\fR functions were +added in OpenSSL 1.0.2. +.PP +The +\&\fBX509_REQ_get0_signature()\fR, \fBX509_REQ_get_signature_nid()\fR, +\&\fBX509_CRL_get0_signature()\fR and \fBX509_CRL_get_signature_nid()\fR were +added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_get0_uids.3 b/secure/lib/libcrypto/man/man3/X509_get0_uids.3 new file mode 100644 index 000000000000..cf86bfafea67 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_get0_uids.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET0_UIDS 3" +.TH X509_GET0_UIDS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_uids \- get certificate unique identifiers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, +\& const ASN1_BIT_STRING **psuid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get0_uids()\fR sets \fB*piuid\fR and \fB*psuid\fR to the issuer and subject unique +identifiers of certificate \fBx\fR or \s-1NULL\s0 if the fields are not present. +.SH "NOTES" +.IX Header "NOTES" +The issuer and subject unique identifier fields are very rarely encountered in +practice outside test cases. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get0_uids()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 b/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 new file mode 100644 index 000000000000..7d132afcb6f4 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_get_extension_flags.3 @@ -0,0 +1,298 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_EXTENSION_FLAGS 3" +.TH X509_GET_EXTENSION_FLAGS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get0_subject_key_id, X509_get0_authority_key_id, X509_get0_authority_issuer, X509_get0_authority_serial, X509_get_pathlen, X509_get_extension_flags, X509_get_key_usage, X509_get_extended_key_usage, X509_set_proxy_flag, X509_set_proxy_pathlen, X509_get_proxy_pathlen \- retrieve certificate extension data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long X509_get_pathlen(X509 *x); +\& uint32_t X509_get_extension_flags(X509 *x); +\& uint32_t X509_get_key_usage(X509 *x); +\& uint32_t X509_get_extended_key_usage(X509 *x); +\& const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +\& const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x); +\& const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x); +\& const ASN1_INTEGER *X509_get0_authority_serial(X509 *x); +\& void X509_set_proxy_flag(X509 *x); +\& void X509_set_proxy_pathlen(int l); +\& long X509_get_proxy_pathlen(X509 *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions retrieve information related to commonly used certificate extensions. +.PP +\&\fBX509_get_pathlen()\fR retrieves the path length extension from a certificate. +This extension is used to limit the length of a cert chain that may be +issued from that \s-1CA.\s0 +.PP +\&\fBX509_get_extension_flags()\fR retrieves general information about a certificate, +it will return one or more of the following flags ored together. +.IP "\fB\s-1EXFLAG_V1\s0\fR" 4 +.IX Item "EXFLAG_V1" +The certificate is an obsolete version 1 certificate. +.IP "\fB\s-1EXFLAG_BCONS\s0\fR" 4 +.IX Item "EXFLAG_BCONS" +The certificate contains a basic constraints extension. +.IP "\fB\s-1EXFLAG_CA\s0\fR" 4 +.IX Item "EXFLAG_CA" +The certificate contains basic constraints and asserts the \s-1CA\s0 flag. +.IP "\fB\s-1EXFLAG_PROXY\s0\fR" 4 +.IX Item "EXFLAG_PROXY" +The certificate is a valid proxy certificate. +.IP "\fB\s-1EXFLAG_SI\s0\fR" 4 +.IX Item "EXFLAG_SI" +The certificate is self issued (that is subject and issuer names match). +.IP "\fB\s-1EXFLAG_SS\s0\fR" 4 +.IX Item "EXFLAG_SS" +The subject and issuer names match and extension values imply it is self +signed. +.IP "\fB\s-1EXFLAG_FRESHEST\s0\fR" 4 +.IX Item "EXFLAG_FRESHEST" +The freshest \s-1CRL\s0 extension is present in the certificate. +.IP "\fB\s-1EXFLAG_CRITICAL\s0\fR" 4 +.IX Item "EXFLAG_CRITICAL" +The certificate contains an unhandled critical extension. +.IP "\fB\s-1EXFLAG_INVALID\s0\fR" 4 +.IX Item "EXFLAG_INVALID" +Some certificate extension values are invalid or inconsistent. The +certificate should be rejected. +.IP "\fB\s-1EXFLAG_KUSAGE\s0\fR" 4 +.IX Item "EXFLAG_KUSAGE" +The certificate contains a key usage extension. The value can be retrieved +using \fBX509_get_key_usage()\fR. +.IP "\fB\s-1EXFLAG_XKUSAGE\s0\fR" 4 +.IX Item "EXFLAG_XKUSAGE" +The certificate contains an extended key usage extension. The value can be +retrieved using \fBX509_get_extended_key_usage()\fR. +.PP +\&\fBX509_get_key_usage()\fR returns the value of the key usage extension. If key +usage is present will return zero or more of the flags: +\&\fB\s-1KU_DIGITAL_SIGNATURE\s0\fR, \fB\s-1KU_NON_REPUDIATION\s0\fR, \fB\s-1KU_KEY_ENCIPHERMENT\s0\fR, +\&\fB\s-1KU_DATA_ENCIPHERMENT\s0\fR, \fB\s-1KU_KEY_AGREEMENT\s0\fR, \fB\s-1KU_KEY_CERT_SIGN\s0\fR, +\&\fB\s-1KU_CRL_SIGN\s0\fR, \fB\s-1KU_ENCIPHER_ONLY\s0\fR or \fB\s-1KU_DECIPHER_ONLY\s0\fR corresponding to +individual key usage bits. If key usage is absent then \fB\s-1UINT32_MAX\s0\fR is +returned. +.PP +\&\fBX509_get_extended_key_usage()\fR returns the value of the extended key usage +extension. If extended key usage is present it will return zero or more of the +flags: \fB\s-1XKU_SSL_SERVER\s0\fR, \fB\s-1XKU_SSL_CLIENT\s0\fR, \fB\s-1XKU_SMIME\s0\fR, \fB\s-1XKU_CODE_SIGN\s0\fR +\&\fB\s-1XKU_OCSP_SIGN\s0\fR, \fB\s-1XKU_TIMESTAMP\s0\fR, \fB\s-1XKU_DVCS\s0\fR or \fB\s-1XKU_ANYEKU\s0\fR. These +correspond to the OIDs \fBid-kp-serverAuth\fR, \fBid-kp-clientAuth\fR, +\&\fBid-kp-emailProtection\fR, \fBid-kp-codeSigning\fR, \fBid-kp-OCSPSigning\fR, +\&\fBid-kp-timeStamping\fR, \fBid-kp-dvcs\fR and \fBanyExtendedKeyUsage\fR respectively. +Additionally \fB\s-1XKU_SGC\s0\fR is set if either Netscape or Microsoft \s-1SGC\s0 OIDs are +present. +.PP +\&\fBX509_get0_subject_key_id()\fR returns an internal pointer to the subject key +identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension +is not present or cannot be parsed. +.PP +\&\fBX509_get0_authority_key_id()\fR returns an internal pointer to the authority key +identifier of \fBx\fR as an \fB\s-1ASN1_OCTET_STRING\s0\fR or \fB\s-1NULL\s0\fR if the extension +is not present or cannot be parsed. +.PP +\&\fBX509_get0_authority_issuer()\fR returns an internal pointer to the authority +certificate issuer of \fBx\fR as a stack of \fB\s-1GENERAL_NAME\s0\fR structures or +\&\fB\s-1NULL\s0\fR if the extension is not present or cannot be parsed. +.PP +\&\fBX509_get0_authority_serial()\fR returns an internal pointer to the authority +certificate serial number of \fBx\fR as an \fB\s-1ASN1_INTEGER\s0\fR or \fB\s-1NULL\s0\fR if the +extension is not present or cannot be parsed. +.PP +\&\fBX509_set_proxy_flag()\fR marks the certificate with the \fB\s-1EXFLAG_PROXY\s0\fR flag. +This is for the users who need to mark non\-RFC3820 proxy certificates as +such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. +.PP +\&\fBX509_set_proxy_pathlen()\fR sets the proxy certificate path length for the given +certificate \fBx\fR. This is for the users who need to mark non\-RFC3820 proxy +certificates as such, as OpenSSL only detects \s-1RFC3820\s0 compliant ones. +.PP +\&\fBX509_get_proxy_pathlen()\fR returns the proxy certificate path length for the +given certificate \fBx\fR if it is a proxy certificate. +.SH "NOTES" +.IX Header "NOTES" +The value of the flags correspond to extension values which are cached +in the \fBX509\fR structure. If the flags returned do not provide sufficient +information an application should examine extension values directly +for example using \fBX509_get_ext_d2i()\fR. +.PP +If the key usage or extended key usage extension is absent then typically usage +is unrestricted. For this reason \fBX509_get_key_usage()\fR and +\&\fBX509_get_extended_key_usage()\fR return \fB\s-1UINT32_MAX\s0\fR when the corresponding +extension is absent. Applications can additionally check the return value of +\&\fBX509_get_extension_flags()\fR and take appropriate action is an extension is +absent. +.PP +If \fBX509_get0_subject_key_id()\fR returns \fB\s-1NULL\s0\fR then the extension may be +absent or malformed. Applications can determine the precise reason using +\&\fBX509_get_ext_d2i()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_pathlen()\fR returns the path length value, or \-1 if the extension +is not present. +.PP +\&\fBX509_get_extension_flags()\fR, \fBX509_get_key_usage()\fR and +\&\fBX509_get_extended_key_usage()\fR return sets of flags corresponding to the +certificate extension values. +.PP +\&\fBX509_get0_subject_key_id()\fR returns the subject key identifier as a +pointer to an \fB\s-1ASN1_OCTET_STRING\s0\fR structure or \fB\s-1NULL\s0\fR if the extension +is absent or an error occurred during parsing. +.PP +\&\fBX509_get_proxy_pathlen()\fR returns the path length value if the given +certificate is a proxy one and has a path length set, and \-1 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_check_purpose\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_get_pathlen()\fR, \fBX509_set_proxy_flag()\fR, \fBX509_set_proxy_pathlen()\fR and +\&\fBX509_get_proxy_pathlen()\fR were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 b/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 new file mode 100644 index 000000000000..201d862f6072 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_get_pubkey.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_PUBKEY 3" +.TH X509_GET_PUBKEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_pubkey, X509_get0_pubkey, X509_set_pubkey, X509_get_X509_PUBKEY, X509_REQ_get_pubkey, X509_REQ_get0_pubkey, X509_REQ_set_pubkey, X509_REQ_get_X509_PUBKEY \- get or set certificate or certificate request public key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *X509_get_pubkey(X509 *x); +\& EVP_PKEY *X509_get0_pubkey(const X509 *x); +\& int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +\& X509_PUBKEY *X509_get_X509_PUBKEY(X509 *x); +\& +\& EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +\& EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +\& int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +\& X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get_pubkey()\fR attempts to decode the public key for certificate \fBx\fR. If +successful it returns the public key as an \fB\s-1EVP_PKEY\s0\fR pointer with its +reference count incremented: this means the returned key must be freed up +after use. \fBX509_get0_pubkey()\fR is similar except it does \fBnot\fR increment +the reference count of the returned \fB\s-1EVP_PKEY\s0\fR so it must not be freed up +after use. +.PP +\&\fBX509_get_X509_PUBKEY()\fR returns an internal pointer to the \fBX509_PUBKEY\fR +structure which encodes the certificate of \fBx\fR. The returned value +must not be freed up after use. +.PP +\&\fBX509_set_pubkey()\fR attempts to set the public key for certificate \fBx\fR to +\&\fBpkey\fR. The key \fBpkey\fR should be freed up after use. +.PP +\&\fBX509_REQ_get_pubkey()\fR, \fBX509_REQ_get0_pubkey()\fR, \fBX509_REQ_set_pubkey()\fR and +\&\fBX509_REQ_get_X509_PUBKEY()\fR are similar but operate on certificate request \fBreq\fR. +.SH "NOTES" +.IX Header "NOTES" +The first time a public key is decoded the \fB\s-1EVP_PKEY\s0\fR structure is +cached in the certificate or certificate request itself. Subsequent calls +return the cached structure with its reference count incremented to +improve performance. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_pubkey()\fR, \fBX509_get0_pubkey()\fR, \fBX509_get_X509_PUBKEY()\fR, +\&\fBX509_REQ_get_pubkey()\fR and \fBX509_REQ_get_X509_PUBKEY()\fR return a public key or +\&\fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fBX509_set_pubkey()\fR and \fBX509_REQ_set_pubkey()\fR return 1 for success and 0 +for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 b/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 new file mode 100644 index 000000000000..9f7d1700c5eb --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_get_serialNumber.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_SERIALNUMBER 3" +.TH X509_GET_SERIALNUMBER 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_serialNumber, X509_get0_serialNumber, X509_set_serialNumber \&\- get or set certificate serial number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& ASN1_INTEGER *X509_get_serialNumber(X509 *x); +\& const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +\& int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get_serialNumber()\fR returns the serial number of certificate \fBx\fR as an +\&\fB\s-1ASN1_INTEGER\s0\fR structure which can be examined or initialised. The value +returned is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed up after the call. +.PP +\&\fBX509_get0_serialNumber()\fR is the same as \fBX509_get_serialNumber()\fR except it +accepts a const parameter and returns a const result. +.PP +\&\fBX509_set_serialNumber()\fR sets the serial number of certificate \fBx\fR to +\&\fBserial\fR. A copy of the serial number is used internally so \fBserial\fR should +be freed up after use. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_serialNumber()\fR and \fBX509_get0_serialNumber()\fR return an \fB\s-1ASN1_INTEGER\s0\fR +structure. +.PP +\&\fBX509_set_serialNumber()\fR returns 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_get_serialNumber()\fR and \fBX509_set_serialNumber()\fR functions are +available in all versions of OpenSSL. +The \fBX509_get0_serialNumber()\fR function was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 b/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 new file mode 100644 index 000000000000..778f302bf29a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_get_subject_name.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_SUBJECT_NAME 3" +.TH X509_GET_SUBJECT_NAME 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_subject_name, X509_set_subject_name, X509_get_issuer_name, X509_set_issuer_name, X509_REQ_get_subject_name, X509_REQ_set_subject_name, X509_CRL_get_issuer, X509_CRL_set_issuer_name \- get and set issuer or subject names +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509_NAME *X509_get_subject_name(const X509 *x); +\& int X509_set_subject_name(X509 *x, X509_NAME *name); +\& +\& X509_NAME *X509_get_issuer_name(const X509 *x); +\& int X509_set_issuer_name(X509 *x, X509_NAME *name); +\& +\& X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); +\& int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +\& +\& X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +\& int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get_subject_name()\fR returns the subject name of certificate \fBx\fR. The +returned value is an internal pointer which \fB\s-1MUST NOT\s0\fR be freed. +.PP +\&\fBX509_set_subject_name()\fR sets the issuer name of certificate \fBx\fR to +\&\fBname\fR. The \fBname\fR parameter is copied internally and should be freed +up when it is no longer needed. +.PP +\&\fBX509_get_issuer_name()\fR and \fBX509_set_issuer_name()\fR are identical to +\&\fBX509_get_subject_name()\fR and \fBX509_set_subject_name()\fR except the get and +set the issuer name of \fBx\fR. +.PP +Similarly \fBX509_REQ_get_subject_name()\fR, \fBX509_REQ_set_subject_name()\fR, +\&\fBX509_CRL_get_issuer()\fR and \fBX509_CRL_set_issuer_name()\fR get or set the subject +or issuer names of certificate requests of CRLs respectively. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_subject_name()\fR, \fBX509_get_issuer_name()\fR, \fBX509_REQ_get_subject_name()\fR +and \fBX509_CRL_get_issuer()\fR return an \fBX509_NAME\fR pointer. +.PP +\&\fBX509_set_subject_name()\fR, \fBX509_set_issuer_name()\fR, \fBX509_REQ_set_subject_name()\fR +and \fBX509_CRL_set_issuer_name()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), \fBd2i_X509\fR\|(3) +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_REQ_get_subject_name()\fR is a function in OpenSSL 1.1.0 and a macro in +earlier versions. +.PP +\&\fBX509_CRL_get_issuer()\fR is a function in OpenSSL 1.1.0. It was previously +added in OpenSSL 1.0.0 as a macro. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_get_version.3 b/secure/lib/libcrypto/man/man3/X509_get_version.3 new file mode 100644 index 000000000000..2c20c6df2d5c --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_get_version.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_GET_VERSION 3" +.TH X509_GET_VERSION 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_get_version, X509_set_version, X509_REQ_get_version, X509_REQ_set_version, X509_CRL_get_version, X509_CRL_set_version \- get or set certificate, certificate request or CRL version +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& long X509_get_version(const X509 *x); +\& int X509_set_version(X509 *x, long version); +\& +\& long X509_REQ_get_version(const X509_REQ *req); +\& int X509_REQ_set_version(X509_REQ *x, long version); +\& +\& long X509_CRL_get_version(const X509_CRL *crl); +\& int X509_CRL_set_version(X509_CRL *x, long version); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_get_version()\fR returns the numerical value of the version field of +certificate \fBx\fR. Note: this is defined by standards (X.509 et al) to be one +less than the certificate version. So a version 3 certificate will return 2 and +a version 1 certificate will return 0. +.PP +\&\fBX509_set_version()\fR sets the numerical value of the version field of certificate +\&\fBx\fR to \fBversion\fR. +.PP +Similarly \fBX509_REQ_get_version()\fR, \fBX509_REQ_set_version()\fR, +\&\fBX509_CRL_get_version()\fR and \fBX509_CRL_set_version()\fR get and set the version +number of certificate requests and CRLs. +.SH "NOTES" +.IX Header "NOTES" +The version field of certificates, certificate requests and CRLs has a +\&\s-1DEFAULT\s0 value of \fB\fBv1\fB\|(0)\fR meaning the field should be omitted for version +1. This is handled transparently by these functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR +return the numerical value of the version field. +.PP +\&\fBX509_set_version()\fR, \fBX509_REQ_set_version()\fR and \fBX509_CRL_set_version()\fR +return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBX509_get_version()\fR, \fBX509_REQ_get_version()\fR and \fBX509_CRL_get_version()\fR are +functions in OpenSSL 1.1.0, in previous versions they were macros. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_new.3 b/secure/lib/libcrypto/man/man3/X509_new.3 new file mode 100644 index 000000000000..ad0412dbd854 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_new.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_NEW 3" +.TH X509_NEW 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_chain_up_ref, X509_new, X509_free, X509_up_ref \- X509 certificate ASN1 allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *X509_new(void); +\& void X509_free(X509 *a); +\& int X509_up_ref(X509 *a); +\& STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 \s-1ASN1\s0 allocation routines, allocate and free an +X509 structure, which represents an X509 certificate. +.PP +\&\fBX509_new()\fR allocates and initializes a X509 structure with reference count +\&\fB1\fR. +.PP +\&\fBX509_free()\fR decrements the reference count of \fBX509\fR structure \fBa\fR and +frees it up if the reference count is zero. If \fBa\fR is \s-1NULL\s0 nothing is done. +.PP +\&\fBX509_up_ref()\fR increments the reference count of \fBa\fR. +.PP +\&\fBX509_chain_up_ref()\fR increases the reference count of all certificates in +chain \fBx\fR and returns a copy of the stack. +.SH "NOTES" +.IX Header "NOTES" +The function \fBX509_up_ref()\fR if useful if a certificate structure is being +used by several different operations each of which will free it up after +use: this avoids the need to duplicate the entire certificate structure. +.PP +The function \fBX509_chain_up_ref()\fR doesn't just up the reference count of +each certificate it also returns a copy of the stack, using \fBsk_X509_dup()\fR, +but it serves a similar purpose: the returned chain persists after the +original has been freed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fBX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by \fBERR_get_error\fR\|(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fBX509_up_ref()\fR returns 1 for success and 0 for failure. +.PP +\&\fBX509_chain_up_ref()\fR returns a copy of the stack or \fB\s-1NULL\s0\fR if an error +occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_sign.3 b/secure/lib/libcrypto/man/man3/X509_sign.3 new file mode 100644 index 000000000000..81bfc191e03f --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_sign.3 @@ -0,0 +1,227 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_SIGN 3" +.TH X509_SIGN 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_sign, X509_sign_ctx, X509_verify, X509_REQ_sign, X509_REQ_sign_ctx, X509_REQ_verify, X509_CRL_sign, X509_CRL_sign_ctx, X509_CRL_verify \- sign or verify certificate, certificate request or CRL signature +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +\& int X509_verify(X509 *a, EVP_PKEY *r); +\& +\& int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +\& int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +\& +\& int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +\& int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +\& int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509_sign()\fR signs certificate \fBx\fR using private key \fBpkey\fR and message +digest \fBmd\fR and sets the signature in \fBx\fR. \fBX509_sign_ctx()\fR also signs +certificate \fBx\fR but uses the parameters contained in digest context \fBctx\fR. +.PP +\&\fBX509_verify()\fR verifies the signature of certificate \fBx\fR using public key +\&\fBpkey\fR. Only the signature is checked: no other checks (such as certificate +chain validity) are performed. +.PP +\&\fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, \fBX509_REQ_verify()\fR, +\&\fBX509_CRL_sign()\fR, \fBX509_CRL_sign_ctx()\fR and \fBX509_CRL_verify()\fR sign and verify +certificate requests and CRLs respectively. +.SH "NOTES" +.IX Header "NOTES" +\&\fBX509_sign_ctx()\fR is used where the default parameters for the corresponding +public key and digest are not suitable. It can be used to sign keys using +RSA-PSS for example. +.PP +For efficiency reasons and to work around \s-1ASN.1\s0 encoding issues the encoding +of the signed portion of a certificate, certificate request and \s-1CRL\s0 is cached +internally. If the signed portion of the structure is modified the encoding +is not always updated meaning a stale version is sometimes used. This is not +normally a problem because modifying the signed portion will invalidate the +signature and signing will always update the encoding. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509_sign()\fR, \fBX509_sign_ctx()\fR, \fBX509_REQ_sign()\fR, \fBX509_REQ_sign_ctx()\fR, +\&\fBX509_CRL_sign()\fR and \fBX509_CRL_sign_ctx()\fR return the size of the signature +in bytes for success and zero for failure. +.PP +\&\fBX509_verify()\fR, \fBX509_REQ_verify()\fR and \fBX509_CRL_verify()\fR return 1 if the +signature is valid and 0 if the signature check fails. If the signature +could not be checked at all because it was invalid or some other error +occurred then \-1 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3), +\&\fBERR_get_error\fR\|(3), +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBX509_sign()\fR, \fBX509_REQ_sign()\fR and \fBX509_CRL_sign()\fR functions are +available in all versions of OpenSSL. +.PP +The \fBX509_sign_ctx()\fR, \fBX509_REQ_sign_ctx()\fR +and \fBX509_CRL_sign_ctx()\fR functions were added OpenSSL 1.0.1. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509_verify_cert.3 b/secure/lib/libcrypto/man/man3/X509_verify_cert.3 new file mode 100644 index 000000000000..d745211a3bf2 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509_verify_cert.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509_VERIFY_CERT 3" +.TH X509_VERIFY_CERT 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509_verify_cert \- discover and verify X509 certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509_verify_cert(X509_STORE_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX509_verify_cert()\fR function attempts to discover and validate a +certificate chain based on parameters in \fBctx\fR. A complete description of +the process is contained in the \fBverify\fR\|(1) manual page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If a complete chain can be built and validated this function returns 1, +otherwise it return zero, in exceptional circumstances it can also +return a negative code. +.PP +If the function fails additional error information can be obtained by +examining \fBctx\fR using, for example \fBX509_STORE_CTX_get_error()\fR. +.SH "NOTES" +.IX Header "NOTES" +Applications rarely call this function directly but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +\&\s-1SSL/TLS\s0 code. +.PP +A negative return value from \fBX509_verify_cert()\fR can occur if it is invoked +incorrectly, such as with no certificate set in \fBctx\fR, or when it is called +twice in succession without reinitialising \fBctx\fR for the second call. +A negative return value can also happen due to internal resource problems or if +a retry operation is requested during internal lookups (which never happens +with standard lookup methods). +Applications must check for <= 0 return value on error. +.SH "BUGS" +.IX Header "BUGS" +This function uses the header \fBx509.h\fR as opposed to most chain verification +functions which use \fBx509_vfy.h\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_STORE_CTX_get_error\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2009\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 b/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 new file mode 100644 index 000000000000..9de93b5ce8b2 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/X509v3_get_ext_by_NID.3 @@ -0,0 +1,264 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_GET_EXT_BY_NID 3" +.TH X509V3_GET_EXT_BY_NID 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X509v3_get_ext_count, X509v3_get_ext, X509v3_get_ext_by_NID, X509v3_get_ext_by_OBJ, X509v3_get_ext_by_critical, X509v3_delete_ext, X509v3_add_ext, X509_get_ext_count, X509_get_ext, X509_get_ext_by_NID, X509_get_ext_by_OBJ, X509_get_ext_by_critical, X509_delete_ext, X509_add_ext, X509_CRL_get_ext_count, X509_CRL_get_ext, X509_CRL_get_ext_by_NID, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext_by_critical, X509_CRL_delete_ext, X509_CRL_add_ext, X509_REVOKED_get_ext_count, X509_REVOKED_get_ext, X509_REVOKED_get_ext_by_NID, X509_REVOKED_get_ext_by_OBJ, X509_REVOKED_get_ext_by_critical, X509_REVOKED_delete_ext, X509_REVOKED_add_ext \- extension stack utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +\& X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +\& +\& int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, +\& int nid, int lastpos); +\& int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, +\& const ASN1_OBJECT *obj, int lastpos); +\& int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, +\& int crit, int lastpos); +\& X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +\& STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, +\& X509_EXTENSION *ex, int loc); +\& +\& int X509_get_ext_count(const X509 *x); +\& X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +\& int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +\& int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +\& int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +\& X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +\& int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +\& +\& int X509_CRL_get_ext_count(const X509_CRL *x); +\& X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +\& int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +\& int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); +\& int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +\& X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +\& int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +\& +\& int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +\& X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +\& int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +\& int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, +\& int lastpos); +\& int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos); +\& X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +\& int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBX509v3_get_ext_count()\fR retrieves the number of extensions in \fBx\fR. +.PP +\&\fBX509v3_get_ext()\fR retrieves extension \fBloc\fR from \fBx\fR. The index \fBloc\fR +can take any value from \fB0\fR to X509_get_ext_count(x) \- 1. The returned +extension is an internal pointer which \fBmust not\fR be freed up by the +application. +.PP +\&\fBX509v3_get_ext_by_NID()\fR and \fBX509v3_get_ext_by_OBJ()\fR look for an extension +with \fBnid\fR or \fBobj\fR from extension stack \fBx\fR. The search starts from the +extension after \fBlastpos\fR or from the beginning if is \fB\-1\fR. If +the extension is found its index is returned otherwise \fB\-1\fR is returned. +.PP +\&\fBX509v3_get_ext_by_critical()\fR is similar to \fBX509v3_get_ext_by_NID()\fR except it +looks for an extension of criticality \fBcrit\fR. A zero value for \fBcrit\fR +looks for a non-critical extension a non-zero value looks for a critical +extension. +.PP +\&\fBX509v3_delete_ext()\fR deletes the extension with index \fBloc\fR from \fBx\fR. The +deleted extension is returned and must be freed by the caller. If \fBloc\fR +is in invalid index value \fB\s-1NULL\s0\fR is returned. +.PP +\&\fBX509v3_add_ext()\fR adds extension \fBex\fR to stack \fB*x\fR at position \fBloc\fR. If +\&\fBloc\fR is \fB\-1\fR the new extension is added to the end. If \fB*x\fR is \fB\s-1NULL\s0\fR +a new stack will be allocated. The passed extension \fBex\fR is duplicated +internally so it must be freed after use. +.PP +\&\fBX509_get_ext_count()\fR, \fBX509_get_ext()\fR, \fBX509_get_ext_by_NID()\fR, +\&\fBX509_get_ext_by_OBJ()\fR, \fBX509_get_ext_by_critical()\fR, \fBX509_delete_ext()\fR +and \fBX509_add_ext()\fR operate on the extensions of certificate \fBx\fR they are +otherwise identical to the X509v3 functions. +.PP +\&\fBX509_CRL_get_ext_count()\fR, \fBX509_CRL_get_ext()\fR, \fBX509_CRL_get_ext_by_NID()\fR, +\&\fBX509_CRL_get_ext_by_OBJ()\fR, \fBX509_CRL_get_ext_by_critical()\fR, +\&\fBX509_CRL_delete_ext()\fR and \fBX509_CRL_add_ext()\fR operate on the extensions of +\&\s-1CRL\s0 \fBx\fR they are otherwise identical to the X509v3 functions. +.PP +\&\fBX509_REVOKED_get_ext_count()\fR, \fBX509_REVOKED_get_ext()\fR, +\&\fBX509_REVOKED_get_ext_by_NID()\fR, \fBX509_REVOKED_get_ext_by_OBJ()\fR, +\&\fBX509_REVOKED_get_ext_by_critical()\fR, \fBX509_REVOKED_delete_ext()\fR and +\&\fBX509_REVOKED_add_ext()\fR operate on the extensions of \s-1CRL\s0 entry \fBx\fR +they are otherwise identical to the X509v3 functions. +.SH "NOTES" +.IX Header "NOTES" +These functions are used to examine stacks of extensions directly. Many +applications will want to parse or encode and add an extension: they should +use the extension encode and decode functions instead such as +\&\fBX509_add1_ext_i2d()\fR and \fBX509_get_ext_d2i()\fR. +.PP +Extension indices start from zero, so a zero index return value is \fBnot\fR an +error. These search functions start from the extension \fBafter\fR the \fBlastpos\fR +parameter so it should initially be set to \fB\-1\fR, if it is set to zero the +initial extension will not be checked. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBX509v3_get_ext_count()\fR returns the extension count. +.PP +\&\fBX509v3_get_ext()\fR, \fBX509v3_delete_ext()\fR and \fBX509_delete_ext()\fR return an +\&\fBX509_EXTENSION\fR pointer or \fB\s-1NULL\s0\fR if an error occurs. +.PP +\&\fBX509v3_get_ext_by_NID()\fR \fBX509v3_get_ext_by_OBJ()\fR and +\&\fBX509v3_get_ext_by_critical()\fR return the an extension index or \fB\-1\fR if an +error occurs. +.PP +\&\fBX509v3_add_ext()\fR returns a stack of extensions or \fB\s-1NULL\s0\fR on error. +.PP +\&\fBX509_add_ext()\fR returns 1 on success and 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509V3_get_d2i\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/d2i_DHparams.3 b/secure/lib/libcrypto/man/man3/d2i_DHparams.3 new file mode 100644 index 000000000000..d4ba9be40c31 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/d2i_DHparams.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_DHPARAMS 3" +.TH D2I_DHPARAMS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_DHparams, i2d_DHparams \- PKCS#3 DH parameter functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& DH *d2i_DHparams(DH **a, unsigned char **pp, long length); +\& int i2d_DHparams(DH *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the +DHparameter structure described in PKCS#3. +.PP +Otherwise these behave in a similar way to \fBd2i_X509()\fR and \fBi2d_X509()\fR +described in the \fBd2i_X509\fR\|(3) manual page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_DHparams()\fR returns a valid \fB\s-1DH\s0\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBi2d_DHparams()\fR returns the length of encoded data on success or a value which +is less than or equal to 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 b/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 new file mode 100644 index 000000000000..aabcf3a27a67 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/d2i_PKCS8PrivateKey_bio.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_PKCS8PRIVATEKEY_BIO 3" +.TH D2I_PKCS8PRIVATEKEY_BIO 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +\& +\& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The PKCS#8 functions encode and decode private keys in PKCS#8 format using both +PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. +.PP +Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the +corresponding \fB\s-1PEM\s0\fR function as described in \fBPEM_read_PrivateKey\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format. +.PP +Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which +work directly on memory: this can be readily worked around by converting the buffers +to memory BIOs, see \fBBIO_s_mem\fR\|(3) for details. +.PP +These functions make no assumption regarding the pass phrase received from the +password callback. +It will simply be treated as a byte sequence. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_PKCS8PrivateKey_bio()\fR and \fBd2i_PKCS8PrivateKey_fp()\fR return a valid \fB\s-1EVP_PKEY\s0\fR +structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBi2d_PKCS8PrivateKey_bio()\fR, \fBi2d_PKCS8PrivateKey_fp()\fR, \fBi2d_PKCS8PrivateKey_nid_bio()\fR +and \fBi2d_PKCS8PrivateKey_nid_fp()\fR return 1 on success or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBPEM_read_PrivateKey\fR\|(3), +\&\fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 b/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 new file mode 100644 index 000000000000..fe1f6493b36d --- /dev/null +++ b/secure/lib/libcrypto/man/man3/d2i_PrivateKey.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_PRIVATEKEY 3" +.TH D2I_PRIVATEKEY 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_PrivateKey, d2i_PublicKey, d2i_AutoPrivateKey, i2d_PrivateKey, i2d_PublicKey, d2i_PrivateKey_bio, d2i_PrivateKey_fp \&\- decode and encode functions for reading and saving EVP_PKEY structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, +\& long length); +\& int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); +\& int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); +\& +\& EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +\& EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBd2i_PrivateKey()\fR decodes a private key using algorithm \fBtype\fR. It attempts to +use any key specific format or PKCS#8 unencrypted PrivateKeyInfo format. The +\&\fBtype\fR parameter should be a public key algorithm constant such as +\&\fB\s-1EVP_PKEY_RSA\s0\fR. An error occurs if the decoded key does not match \fBtype\fR. +\&\fBd2i_PublicKey()\fR does the same for public keys. +.PP +\&\fBd2i_AutoPrivateKey()\fR is similar to \fBd2i_PrivateKey()\fR except it attempts to +automatically detect the private key format. +.PP +\&\fBi2d_PrivateKey()\fR encodes \fBkey\fR. It uses a key specific format or, if none is +defined for that key type, PKCS#8 unencrypted PrivateKeyInfo format. +\&\fBi2d_PublicKey()\fR does the same for public keys. +.PP +These functions are similar to the \fBd2i_X509()\fR functions; see \fBd2i_X509\fR\|(3). +.SH "NOTES" +.IX Header "NOTES" +All these functions use \s-1DER\s0 format and unencrypted keys. Applications wishing +to encrypt or decrypt private keys should use other functions such as +\&\fBd2i_PKCS8PrivateKey()\fR instead. +.PP +If the \fB*a\fR is not \s-1NULL\s0 when calling \fBd2i_PrivateKey()\fR or \fBd2i_AutoPrivateKey()\fR +(i.e. an existing structure is being reused) and the key format is PKCS#8 +then \fB*a\fR will be freed and replaced on a successful call. +.PP +To decode a key with type \fB\s-1EVP_PKEY_EC\s0\fR, \fBd2i_PublicKey()\fR requires \fB*a\fR to be +a non-NULL \s-1EVP_PKEY\s0 structure assigned an \s-1EC_KEY\s0 structure referencing the proper +\&\s-1EC_GROUP.\s0 +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fBd2i_PrivateKey()\fR, \fBd2i_AutoPrivateKey()\fR, \fBd2i_PrivateKey_bio()\fR, \fBd2i_PrivateKey_fp()\fR, +and \fBd2i_PublicKey()\fR functions return a valid \fB\s-1EVP_KEY\s0\fR structure or \fB\s-1NULL\s0\fR if an +error occurs. The error code can be obtained by calling \fBERR_get_error\fR\|(3). +.PP +\&\fBi2d_PrivateKey()\fR and \fBi2d_PublicKey()\fR return the number of bytes successfully +encoded or a negative value if an error occurs. The error code can be obtained +by calling \fBERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBcrypto\fR\|(7), +\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 b/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 new file mode 100644 index 000000000000..1c12812fe973 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/d2i_SSL_SESSION.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_SSL_SESSION 3" +.TH D2I_SSL_SESSION 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_SSL_SESSION, i2d_SSL_SESSION \- convert SSL_SESSION object from/to ASN1 representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, +\& long length); +\& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an \s-1SSL_SESSION\s0 object. +For encoding details see \fBd2i_X509\fR\|(3). +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 +object. In case of failure the NULL-pointer is returned and the error message +can be retrieved from the error stack. +.PP +\&\fBi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. +When the session is not valid, \fB0\fR is returned and no operation is performed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBssl\fR\|(7), \fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBd2i_X509\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2001\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/d2i_X509.3 b/secure/lib/libcrypto/man/man3/d2i_X509.3 new file mode 100644 index 000000000000..024c8dcefd63 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/d2i_X509.3 @@ -0,0 +1,385 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "D2I_X509 3" +.TH D2I_X509 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_ACCESS_DESCRIPTION, d2i_ADMISSIONS, d2i_ADMISSION_SYNTAX, d2i_ASIdOrRange, d2i_ASIdentifierChoice, d2i_ASIdentifiers, d2i_ASN1_BIT_STRING, d2i_ASN1_BMPSTRING, d2i_ASN1_ENUMERATED, d2i_ASN1_GENERALIZEDTIME, d2i_ASN1_GENERALSTRING, d2i_ASN1_IA5STRING, d2i_ASN1_INTEGER, d2i_ASN1_NULL, d2i_ASN1_OBJECT, d2i_ASN1_OCTET_STRING, d2i_ASN1_PRINTABLE, d2i_ASN1_PRINTABLESTRING, d2i_ASN1_SEQUENCE_ANY, d2i_ASN1_SET_ANY, d2i_ASN1_T61STRING, d2i_ASN1_TIME, d2i_ASN1_TYPE, d2i_ASN1_UINTEGER, d2i_ASN1_UNIVERSALSTRING, d2i_ASN1_UTCTIME, d2i_ASN1_UTF8STRING, d2i_ASN1_VISIBLESTRING, d2i_ASRange, d2i_AUTHORITY_INFO_ACCESS, d2i_AUTHORITY_KEYID, d2i_BASIC_CONSTRAINTS, d2i_CERTIFICATEPOLICIES, d2i_CMS_ContentInfo, d2i_CMS_ReceiptRequest, d2i_CMS_bio, d2i_CRL_DIST_POINTS, d2i_DHxparams, d2i_DIRECTORYSTRING, d2i_DISPLAYTEXT, d2i_DIST_POINT, d2i_DIST_POINT_NAME, d2i_DSAPrivateKey, d2i_DSAPrivateKey_bio, d2i_DSAPrivateKey_fp, d2i_DSAPublicKey, d2i_DSA_PUBKEY, d2i_DSA_PUBKEY_bio, d2i_DSA_PUBKEY_fp, d2i_DSA_SIG, d2i_DSAparams, d2i_ECDSA_SIG, d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, d2i_ECPrivateKey_fp, d2i_EC_PUBKEY, d2i_EC_PUBKEY_bio, d2i_EC_PUBKEY_fp, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, d2i_ESS_ISSUER_SERIAL, d2i_ESS_SIGNING_CERT, d2i_EXTENDED_KEY_USAGE, d2i_GENERAL_NAME, d2i_GENERAL_NAMES, d2i_IPAddressChoice, d2i_IPAddressFamily, d2i_IPAddressOrRange, d2i_IPAddressRange, d2i_ISSUING_DIST_POINT, d2i_NAMING_AUTHORITY, d2i_NETSCAPE_CERT_SEQUENCE, d2i_NETSCAPE_SPKAC, d2i_NETSCAPE_SPKI, d2i_NOTICEREF, d2i_OCSP_BASICRESP, d2i_OCSP_CERTID, d2i_OCSP_CERTSTATUS, d2i_OCSP_CRLID, d2i_OCSP_ONEREQ, d2i_OCSP_REQINFO, d2i_OCSP_REQUEST, d2i_OCSP_RESPBYTES, d2i_OCSP_RESPDATA, d2i_OCSP_RESPID, d2i_OCSP_RESPONSE, d2i_OCSP_REVOKEDINFO, d2i_OCSP_SERVICELOC, d2i_OCSP_SIGNATURE, d2i_OCSP_SINGLERESP, d2i_OTHERNAME, d2i_PBE2PARAM, d2i_PBEPARAM, d2i_PBKDF2PARAM, d2i_PKCS12, d2i_PKCS12_BAGS, d2i_PKCS12_MAC_DATA, d2i_PKCS12_SAFEBAG, d2i_PKCS12_bio, d2i_PKCS12_fp, d2i_PKCS7, d2i_PKCS7_DIGEST, d2i_PKCS7_ENCRYPT, d2i_PKCS7_ENC_CONTENT, d2i_PKCS7_ENVELOPE, d2i_PKCS7_ISSUER_AND_SERIAL, d2i_PKCS7_RECIP_INFO, d2i_PKCS7_SIGNED, d2i_PKCS7_SIGNER_INFO, d2i_PKCS7_SIGN_ENVELOPE, d2i_PKCS7_bio, d2i_PKCS7_fp, d2i_PKCS8_PRIV_KEY_INFO, d2i_PKCS8_PRIV_KEY_INFO_bio, d2i_PKCS8_PRIV_KEY_INFO_fp, d2i_PKCS8_bio, d2i_PKCS8_fp, d2i_PKEY_USAGE_PERIOD, d2i_POLICYINFO, d2i_POLICYQUALINFO, d2i_PROFESSION_INFO, d2i_PROXY_CERT_INFO_EXTENSION, d2i_PROXY_POLICY, d2i_RSAPrivateKey, d2i_RSAPrivateKey_bio, d2i_RSAPrivateKey_fp, d2i_RSAPublicKey, d2i_RSAPublicKey_bio, d2i_RSAPublicKey_fp, d2i_RSA_OAEP_PARAMS, d2i_RSA_PSS_PARAMS, d2i_RSA_PUBKEY, d2i_RSA_PUBKEY_bio, d2i_RSA_PUBKEY_fp, d2i_SCRYPT_PARAMS, d2i_SCT_LIST, d2i_SXNET, d2i_SXNETID, d2i_TS_ACCURACY, d2i_TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT_bio, d2i_TS_MSG_IMPRINT_fp, d2i_TS_REQ, d2i_TS_REQ_bio, d2i_TS_REQ_fp, d2i_TS_RESP, d2i_TS_RESP_bio, d2i_TS_RESP_fp, d2i_TS_STATUS_INFO, d2i_TS_TST_INFO, d2i_TS_TST_INFO_bio, d2i_TS_TST_INFO_fp, d2i_USERNOTICE, d2i_X509, d2i_X509_ALGOR, d2i_X509_ALGORS, d2i_X509_ATTRIBUTE, d2i_X509_CERT_AUX, d2i_X509_CINF, d2i_X509_CRL, d2i_X509_CRL_INFO, d2i_X509_CRL_bio, d2i_X509_CRL_fp, d2i_X509_EXTENSION, d2i_X509_EXTENSIONS, d2i_X509_NAME, d2i_X509_NAME_ENTRY, d2i_X509_PUBKEY, d2i_X509_REQ, d2i_X509_REQ_INFO, d2i_X509_REQ_bio, d2i_X509_REQ_fp, d2i_X509_REVOKED, d2i_X509_SIG, d2i_X509_VAL, i2d_ACCESS_DESCRIPTION, i2d_ADMISSIONS, i2d_ADMISSION_SYNTAX, i2d_ASIdOrRange, i2d_ASIdentifierChoice, i2d_ASIdentifiers, i2d_ASN1_BIT_STRING, i2d_ASN1_BMPSTRING, i2d_ASN1_ENUMERATED, i2d_ASN1_GENERALIZEDTIME, i2d_ASN1_GENERALSTRING, i2d_ASN1_IA5STRING, i2d_ASN1_INTEGER, i2d_ASN1_NULL, i2d_ASN1_OBJECT, i2d_ASN1_OCTET_STRING, i2d_ASN1_PRINTABLE, i2d_ASN1_PRINTABLESTRING, i2d_ASN1_SEQUENCE_ANY, i2d_ASN1_SET_ANY, i2d_ASN1_T61STRING, i2d_ASN1_TIME, i2d_ASN1_TYPE, i2d_ASN1_UNIVERSALSTRING, i2d_ASN1_UTCTIME, i2d_ASN1_UTF8STRING, i2d_ASN1_VISIBLESTRING, i2d_ASN1_bio_stream, i2d_ASRange, i2d_AUTHORITY_INFO_ACCESS, i2d_AUTHORITY_KEYID, i2d_BASIC_CONSTRAINTS, i2d_CERTIFICATEPOLICIES, i2d_CMS_ContentInfo, i2d_CMS_ReceiptRequest, i2d_CMS_bio, i2d_CRL_DIST_POINTS, i2d_DHxparams, i2d_DIRECTORYSTRING, i2d_DISPLAYTEXT, i2d_DIST_POINT, i2d_DIST_POINT_NAME, i2d_DSAPrivateKey, i2d_DSAPrivateKey_bio, i2d_DSAPrivateKey_fp, i2d_DSAPublicKey, i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp, i2d_DSA_SIG, i2d_DSAparams, i2d_ECDSA_SIG, i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio, i2d_ECPrivateKey_fp, i2d_EC_PUBKEY, i2d_EC_PUBKEY_bio, i2d_EC_PUBKEY_fp, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, i2d_ESS_ISSUER_SERIAL, i2d_ESS_SIGNING_CERT, i2d_EXTENDED_KEY_USAGE, i2d_GENERAL_NAME, i2d_GENERAL_NAMES, i2d_IPAddressChoice, i2d_IPAddressFamily, i2d_IPAddressOrRange, i2d_IPAddressRange, i2d_ISSUING_DIST_POINT, i2d_NAMING_AUTHORITY, i2d_NETSCAPE_CERT_SEQUENCE, i2d_NETSCAPE_SPKAC, i2d_NETSCAPE_SPKI, i2d_NOTICEREF, i2d_OCSP_BASICRESP, i2d_OCSP_CERTID, i2d_OCSP_CERTSTATUS, i2d_OCSP_CRLID, i2d_OCSP_ONEREQ, i2d_OCSP_REQINFO, i2d_OCSP_REQUEST, i2d_OCSP_RESPBYTES, i2d_OCSP_RESPDATA, i2d_OCSP_RESPID, i2d_OCSP_RESPONSE, i2d_OCSP_REVOKEDINFO, i2d_OCSP_SERVICELOC, i2d_OCSP_SIGNATURE, i2d_OCSP_SINGLERESP, i2d_OTHERNAME, i2d_PBE2PARAM, i2d_PBEPARAM, i2d_PBKDF2PARAM, i2d_PKCS12, i2d_PKCS12_BAGS, i2d_PKCS12_MAC_DATA, i2d_PKCS12_SAFEBAG, i2d_PKCS12_bio, i2d_PKCS12_fp, i2d_PKCS7, i2d_PKCS7_DIGEST, i2d_PKCS7_ENCRYPT, i2d_PKCS7_ENC_CONTENT, i2d_PKCS7_ENVELOPE, i2d_PKCS7_ISSUER_AND_SERIAL, i2d_PKCS7_NDEF, i2d_PKCS7_RECIP_INFO, i2d_PKCS7_SIGNED, i2d_PKCS7_SIGNER_INFO, i2d_PKCS7_SIGN_ENVELOPE, i2d_PKCS7_bio, i2d_PKCS7_fp, i2d_PKCS8PrivateKeyInfo_bio, i2d_PKCS8PrivateKeyInfo_fp, i2d_PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO_bio, i2d_PKCS8_PRIV_KEY_INFO_fp, i2d_PKCS8_bio, i2d_PKCS8_fp, i2d_PKEY_USAGE_PERIOD, i2d_POLICYINFO, i2d_POLICYQUALINFO, i2d_PROFESSION_INFO, i2d_PROXY_CERT_INFO_EXTENSION, i2d_PROXY_POLICY, i2d_PublicKey, i2d_RSAPrivateKey, i2d_RSAPrivateKey_bio, i2d_RSAPrivateKey_fp, i2d_RSAPublicKey, i2d_RSAPublicKey_bio, i2d_RSAPublicKey_fp, i2d_RSA_OAEP_PARAMS, i2d_RSA_PSS_PARAMS, i2d_RSA_PUBKEY, i2d_RSA_PUBKEY_bio, i2d_RSA_PUBKEY_fp, i2d_SCRYPT_PARAMS, i2d_SCT_LIST, i2d_SXNET, i2d_SXNETID, i2d_TS_ACCURACY, i2d_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT_bio, i2d_TS_MSG_IMPRINT_fp, i2d_TS_REQ, i2d_TS_REQ_bio, i2d_TS_REQ_fp, i2d_TS_RESP, i2d_TS_RESP_bio, i2d_TS_RESP_fp, i2d_TS_STATUS_INFO, i2d_TS_TST_INFO, i2d_TS_TST_INFO_bio, i2d_TS_TST_INFO_fp, i2d_USERNOTICE, i2d_X509, i2d_X509_ALGOR, i2d_X509_ALGORS, i2d_X509_ATTRIBUTE, i2d_X509_CERT_AUX, i2d_X509_CINF, i2d_X509_CRL, i2d_X509_CRL_INFO, i2d_X509_CRL_bio, i2d_X509_CRL_fp, i2d_X509_EXTENSION, i2d_X509_EXTENSIONS, i2d_X509_NAME, i2d_X509_NAME_ENTRY, i2d_X509_PUBKEY, i2d_X509_REQ, i2d_X509_REQ_INFO, i2d_X509_REQ_bio, i2d_X509_REQ_fp, i2d_X509_REVOKED, i2d_X509_SIG, i2d_X509_VAL, \&\- convert objects from/to ASN.1/DER representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& TYPE *d2i_TYPE(TYPE **a, unsigned char **ppin, long length); +\& TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); +\& TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); +\& +\& int i2d_TYPE(TYPE *a, unsigned char **ppout); +\& int i2d_TYPE_fp(FILE *fp, TYPE *a); +\& int i2d_TYPE_bio(BIO *bp, TYPE *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In the description here, \fI\s-1TYPE\s0\fR is used a placeholder +for any of the OpenSSL datatypes, such as \fIX509_CRL\fR. +The function parameters \fIppin\fR and \fIppout\fR are generally +either both named \fIpp\fR in the headers, or \fIin\fR and \fIout\fR. +.PP +These functions convert OpenSSL objects to and from their \s-1ASN.1/DER\s0 +encoding. Unlike the C structures which can have pointers to sub-objects +within, the \s-1DER\s0 is a serialized encoding, suitable for sending over the +network, writing to a file, and so on. +.PP +\&\fBd2i_TYPE()\fR attempts to decode \fBlen\fR bytes at \fB*ppin\fR. If successful a +pointer to the \fB\s-1TYPE\s0\fR structure is returned and \fB*ppin\fR is incremented to +the byte following the parsed data. If \fBa\fR is not \fB\s-1NULL\s0\fR then a pointer +to the returned structure is also written to \fB*a\fR. If an error occurred +then \fB\s-1NULL\s0\fR is returned. +.PP +On a successful return, if \fB*a\fR is not \fB\s-1NULL\s0\fR then it is assumed that \fB*a\fR +contains a valid \fB\s-1TYPE\s0\fR structure and an attempt is made to reuse it. This +\&\*(L"reuse\*(R" capability is present for historical compatibility but its use is +\&\fBstrongly discouraged\fR (see \s-1BUGS\s0 below, and the discussion in the \s-1RETURN +VALUES\s0 section). +.PP +\&\fBd2i_TYPE_bio()\fR is similar to \fBd2i_TYPE()\fR except it attempts +to parse data from \s-1BIO\s0 \fBbp\fR. +.PP +\&\fBd2i_TYPE_fp()\fR is similar to \fBd2i_TYPE()\fR except it attempts +to parse data from \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fBi2d_TYPE()\fR encodes the structure pointed to by \fBa\fR into \s-1DER\s0 format. +If \fBppout\fR is not \fB\s-1NULL\s0\fR, it writes the \s-1DER\s0 encoded data to the buffer +at \fB*ppout\fR, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data. +.PP +If \fB*ppout\fR is \fB\s-1NULL\s0\fR memory will be allocated for a buffer and the encoded +data written to it. In this case \fB*ppout\fR is not incremented and it points +to the start of the data just written. +.PP +\&\fBi2d_TYPE_bio()\fR is similar to \fBi2d_TYPE()\fR except it writes +the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it +returns 1 for success and 0 for failure. +.PP +\&\fBi2d_TYPE_fp()\fR is similar to \fBi2d_TYPE()\fR except it writes +the encoding of the structure \fBa\fR to \s-1BIO\s0 \fBbp\fR and it +returns 1 for success and 0 for failure. +.PP +These routines do not encrypt private keys and therefore offer no +security; use \fBPEM_write_PrivateKey\fR\|(3) or similar for writing to files. +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBd\fR in \fBi2d_TYPE\fR stand for +\&\*(L"internal\*(R" (that is, an internal C structure) and \*(L"\s-1DER\*(R"\s0 respectively. +So \fBi2d_TYPE\fR converts from internal to \s-1DER.\s0 +.PP +The functions can also understand \fB\s-1BER\s0\fR forms. +.PP +The actual \s-1TYPE\s0 structure passed to \fBi2d_TYPE()\fR must be a valid +populated \fB\s-1TYPE\s0\fR structure \*(-- it \fBcannot\fR simply be fed with an +empty structure such as that returned by \fBTYPE_new()\fR. +.PP +The encoded data is in binary form and may contain embedded zeroes. +Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +Functions such as \fBstrlen()\fR will \fBnot\fR return the correct length +of the encoded structure. +.PP +The ways that \fB*ppin\fR and \fB*ppout\fR are incremented after the operation +can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common +errors. +The reason for this-auto increment behaviour is to reflect a typical +usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded +another will be processed after it. +.PP +The following points about the data types might be useful: +.IP "\fB\s-1ASN1_OBJECT\s0\fR" 4 +.IX Item "ASN1_OBJECT" +Represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 +.IP "\fBDHparams\fR" 4 +.IX Item "DHparams" +Represents a PKCS#3 \s-1DH\s0 parameters structure. +.IP "\fBDHparamx\fR" 4 +.IX Item "DHparamx" +Represents an \s-1ANSI X9.42 DH\s0 parameters structure. +.IP "\fB\s-1DSA_PUBKEY\s0\fR" 4 +.IX Item "DSA_PUBKEY" +Represents a \s-1DSA\s0 public key using a \fBSubjectPublicKeyInfo\fR structure. +.IP "\fBDSAPublicKey, DSAPrivateKey\fR" 4 +.IX Item "DSAPublicKey, DSAPrivateKey" +Use a non-standard OpenSSL format and should be avoided; use \fB\s-1DSA_PUBKEY\s0\fR, +\&\fB\fBPEM_write_PrivateKey\fB\|(3)\fR, or similar instead. +.IP "\fB\s-1ECDSA_SIG\s0\fR" 4 +.IX Item "ECDSA_SIG" +Represents an \s-1ECDSA\s0 signature. +.IP "\fBRSAPublicKey\fR" 4 +.IX Item "RSAPublicKey" +Represents a PKCS#1 \s-1RSA\s0 public key structure. +.IP "\fBX509_ALGOR\fR" 4 +.IX Item "X509_ALGOR" +Represents an \fBAlgorithmIdentifier\fR structure as used in \s-1IETF RFC 6960\s0 and +elsewhere. +.IP "\fBX509_Name\fR" 4 +.IX Item "X509_Name" +Represents a \fBName\fR type as used for subject and issuer names in +\&\s-1IETF RFC 6960\s0 and elsewhere. +.IP "\fBX509_REQ\fR" 4 +.IX Item "X509_REQ" +Represents a PKCS#10 certificate request. +.IP "\fBX509_SIG\fR" 4 +.IX Item "X509_SIG" +Represents the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_TYPE()\fR, \fBd2i_TYPE_bio()\fR and \fBd2i_TYPE_fp()\fR return a valid \fB\s-1TYPE\s0\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. If the \*(L"reuse\*(R" capability has been used with +a valid structure being passed in via \fBa\fR, then the object is freed in +the event of error and \fB*a\fR is set to \s-1NULL.\s0 +.PP +\&\fBi2d_TYPE()\fR returns the number of bytes successfully encoded or a negative +value if an error occurs. +.PP +\&\fBi2d_TYPE_bio()\fR and \fBi2d_TYPE_fp()\fR return 1 for success and 0 if an error +occurs. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Allocate and encode the \s-1DER\s0 encoding of an X509 structure: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +\& +\& buf = NULL; +\& len = i2d_X509(x, &buf); +\& if (len < 0) +\& /* error */ +.Ve +.PP +Attempt to decode a buffer: +.PP +.Vb 3 +\& X509 *x; +\& unsigned char *buf, *p; +\& int len; +\& +\& /* Set up buf and len to point to the input buffer. */ +\& p = buf; +\& x = d2i_X509(NULL, &p, len); +\& if (x == NULL) +\& /* error */ +.Ve +.PP +Alternative technique: +.PP +.Vb 3 +\& X509 *x; +\& unsigned char *buf, *p; +\& int len; +\& +\& /* Set up buf and len to point to the input buffer. */ +\& p = buf; +\& x = NULL; +\& +\& if (d2i_X509(&x, &p, len) == NULL) +\& /* error */ +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +Using a temporary variable is mandatory. A common +mistake is to attempt to use a buffer directly as follows: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +\& +\& len = i2d_X509(x, NULL); +\& buf = OPENSSL_malloc(len); +\& ... +\& i2d_X509(x, &buf); +\& ... +\& OPENSSL_free(buf); +.Ve +.PP +This code will result in \fBbuf\fR apparently containing garbage because +it was incremented after the call to point after the data just written. +Also \fBbuf\fR will no longer contain the pointer allocated by \fBOPENSSL_malloc()\fR +and the subsequent call to \fBOPENSSL_free()\fR is likely to crash. +.PP +Another trap to avoid is misuse of the \fBa\fR argument to \fBd2i_TYPE()\fR: +.PP +.Vb 1 +\& X509 *x; +\& +\& if (d2i_X509(&x, &p, len) == NULL) +\& /* error */ +.Ve +.PP +This will probably crash somewhere in \fBd2i_X509()\fR. The reason for this +is that the variable \fBx\fR is uninitialized and an attempt will be made to +interpret its (invalid) value as an \fBX509\fR structure, typically causing +a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not +happen. +.SH "BUGS" +.IX Header "BUGS" +In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fBd2i_TYPE()\fR when +\&\fB*a\fR is valid is broken and some parts of the reused structure may +persist if they are not present in the new one. Additionally, in versions of +OpenSSL prior to 1.1.0, when the \*(L"reuse\*(R" behaviour is used and an error occurs +the behaviour is inconsistent. Some functions behaved as described here, while +some did not free \fB*a\fR on error and did not set \fB*a\fR to \s-1NULL.\s0 +.PP +As a result of the above issues the \*(L"reuse\*(R" behaviour is strongly discouraged. +.PP +\&\fBi2d_TYPE()\fR will not return an error in many versions of OpenSSL, +if mandatory fields are not initialized due to a programming error +then the encoded structure may contain invalid data or omit the +fields entirely and will not be parsed by \fBd2i_TYPE()\fR. This may be +fixed in future so code should not assume that \fBi2d_TYPE()\fR will +always succeed. +.PP +Any function which encodes a structure (\fBi2d_TYPE()\fR, +\&\fBi2d_TYPE()\fR or \fBi2d_TYPE()\fR) may return a stale encoding if the +structure has been modified after deserialization or previous +serialization. This is because some objects cache the encoding for +efficiency reasons. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 1998\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 new file mode 100644 index 000000000000..36903b121e1a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/i2d_CMS_bio_stream.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_CMS_BIO_STREAM 3" +.TH I2D_CMS_BIO_STREAM 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2d_CMS_bio_stream \- output CMS_ContentInfo structure in BER format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBi2d_CMS_bio_stream()\fR outputs a CMS_ContentInfo structure in \s-1BER\s0 format. +.PP +It is otherwise identical to the function \fBSMIME_write_CMS()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fBi2d_CMS_bio()\fR supporting +streaming. +.SH "BUGS" +.IX Header "BUGS" +The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBi2d_CMS_bio_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBCMS_sign\fR\|(3), +\&\fBCMS_verify\fR\|(3), \fBCMS_encrypt\fR\|(3) +\&\fBCMS_decrypt\fR\|(3), +\&\fBSMIME_write_CMS\fR\|(3), +\&\fBPEM_write_bio_CMS_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBi2d_CMS_bio_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 new file mode 100644 index 000000000000..96e62e7fb4c9 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/i2d_PKCS7_bio_stream.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_PKCS7_BIO_STREAM 3" +.TH I2D_PKCS7_BIO_STREAM 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +i2d_PKCS7_bio_stream \- output PKCS7 structure in BER format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *data, int flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBi2d_PKCS7_bio_stream()\fR outputs a \s-1PKCS7\s0 structure in \s-1BER\s0 format. +.PP +It is otherwise identical to the function \fBSMIME_write_PKCS7()\fR. +.SH "NOTES" +.IX Header "NOTES" +This function is effectively a version of the \fBd2i_PKCS7_bio()\fR supporting +streaming. +.SH "BUGS" +.IX Header "BUGS" +The prefix \*(L"i2d\*(R" is arguably wrong because the function outputs \s-1BER\s0 format. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBi2d_PKCS7_bio_stream()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3), \fBPKCS7_sign\fR\|(3), +\&\fBPKCS7_verify\fR\|(3), \fBPKCS7_encrypt\fR\|(3) +\&\fBPKCS7_decrypt\fR\|(3), +\&\fBSMIME_write_PKCS7\fR\|(3), +\&\fBPEM_write_bio_PKCS7_stream\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBi2d_PKCS7_bio_stream()\fR function was added in OpenSSL 1.0.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2008\-2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 b/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 new file mode 100644 index 000000000000..9fcbc89df3b5 --- /dev/null +++ b/secure/lib/libcrypto/man/man3/i2d_re_X509_tbs.3 @@ -0,0 +1,218 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "I2D_RE_X509_TBS 3" +.TH I2D_RE_X509_TBS 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +d2i_X509_AUX, i2d_X509_AUX, i2d_re_X509_tbs, i2d_re_X509_CRL_tbs, i2d_re_X509_REQ_tbs \&\- X509 encode and decode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& X509 *d2i_X509_AUX(X509 **px, const unsigned char **in, long len); +\& int i2d_X509_AUX(X509 *x, unsigned char **out); +\& int i2d_re_X509_tbs(X509 *x, unsigned char **out); +\& int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp); +\& int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 encode and decode routines encode and parse an +\&\fBX509\fR structure, which represents an X509 certificate. +.PP +\&\fBd2i_X509_AUX()\fR is similar to \fBd2i_X509\fR\|(3) but the input is expected to +consist of an X509 certificate followed by auxiliary trust information. +This is used by the \s-1PEM\s0 routines to read \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. +This function should not be called on untrusted input. +.PP +\&\fBi2d_X509_AUX()\fR is similar to \fBi2d_X509\fR\|(3), but the encoded output +contains both the certificate and any auxiliary trust information. +This is used by the \s-1PEM\s0 routines to write \*(L"\s-1TRUSTED CERTIFICATE\*(R"\s0 objects. +Note that this is a non-standard OpenSSL-specific data format. +.PP +\&\fBi2d_re_X509_tbs()\fR is similar to \fBi2d_X509\fR\|(3) except it encodes only +the TBSCertificate portion of the certificate. \fBi2d_re_X509_CRL_tbs()\fR +and \fBi2d_re_X509_REQ_tbs()\fR are analogous for \s-1CRL\s0 and certificate request, +respectively. The \*(L"re\*(R" in \fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R", +and ensures that a fresh encoding is generated in case the object has been +modified after creation (see the \s-1BUGS\s0 section). +.PP +The encoding of the TBSCertificate portion of a certificate is cached +in the \fBX509\fR structure internally to improve encoding performance +and to ensure certificate signatures are verified correctly in some +certificates with broken (non-DER) encodings. +.PP +If, after modification, the \fBX509\fR object is re-signed with \fBX509_sign()\fR, +the encoding is automatically renewed. Otherwise, the encoding of the +TBSCertificate portion of the \fBX509\fR can be manually renewed by calling +\&\fBi2d_re_X509_tbs()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fBd2i_X509_AUX()\fR returns a valid \fBX509\fR structure or \s-1NULL\s0 if an error occurred. +.PP +\&\fBi2d_X509_AUX()\fR returns the length of encoded data or \-1 on error. +.PP +\&\fBi2d_re_X509_tbs()\fR, \fBi2d_re_X509_CRL_tbs()\fR and \fBi2d_re_X509_REQ_tbs()\fR return the +length of encoded data or 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBERR_get_error\fR\|(3) +\&\fBX509_CRL_get0_by_serial\fR\|(3), +\&\fBX509_get0_signature\fR\|(3), +\&\fBX509_get_ext_d2i\fR\|(3), +\&\fBX509_get_extension_flags\fR\|(3), +\&\fBX509_get_pubkey\fR\|(3), +\&\fBX509_get_subject_name\fR\|(3), +\&\fBX509_get_version\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_get_index_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_new\fR\|(3), +\&\fBX509_sign\fR\|(3), +\&\fBX509V3_get_d2i\fR\|(3), +\&\fBX509_verify_cert\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2002\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 b/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 new file mode 100644 index 000000000000..aefa717ba74a --- /dev/null +++ b/secure/lib/libcrypto/man/man3/o2i_SCT_LIST.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "O2I_SCT_LIST 3" +.TH O2I_SCT_LIST 3 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT \- decode and encode Signed Certificate Timestamp lists in TLS wire format +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, +\& size_t len); +\& int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); +\& SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); +\& int i2o_SCT(const SCT *sct, unsigned char **out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1SCT_LIST\s0 and \s-1SCT\s0 functions are very similar to the i2d and d2i family of +functions, except that they convert to and from \s-1TLS\s0 wire format, as described in +\&\s-1RFC 6962.\s0 See d2i_SCT_LIST for more information about how the parameters are +treated and the return values. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All of the functions have return values consistent with those stated for +d2i_SCT_LIST and i2d_SCT_LIST. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBct\fR\|(7), +\&\fBd2i_SCT_LIST\fR\|(3), +\&\fBi2d_SCT_LIST\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions were added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man5/Makefile b/secure/lib/libcrypto/man/man5/Makefile new file mode 100644 index 000000000000..099b7fad81f1 --- /dev/null +++ b/secure/lib/libcrypto/man/man5/Makefile @@ -0,0 +1,3 @@ +# $FreeBSD$ +# MAN+= config.5 +MAN+= x509v3_config.5 diff --git a/secure/lib/libcrypto/man/man5/x509v3_config.5 b/secure/lib/libcrypto/man/man5/x509v3_config.5 new file mode 100644 index 000000000000..c0fda6e92019 --- /dev/null +++ b/secure/lib/libcrypto/man/man5/x509v3_config.5 @@ -0,0 +1,704 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509V3_CONFIG 5" +.TH X509V3_CONFIG 5 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +x509v3_config \- X509 V3 certificate extension configuration format +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several of the OpenSSL utilities can add extensions to a certificate or +certificate request based on the contents of a configuration file. +.PP +Typically the application will contain an option to point to an extension +section. Each line of the extension section takes the form: +.PP +.Vb 1 +\& extension_name=[critical,] extension_options +.Ve +.PP +If \fBcritical\fR is present then the extension will be critical. +.PP +The format of \fBextension_options\fR depends on the value of \fBextension_name\fR. +.PP +There are four main types of extension: \fIstring\fR extensions, \fImulti-valued\fR +extensions, \fIraw\fR and \fIarbitrary\fR extensions. +.PP +String extensions simply have a string which contains either the value itself +or how it is obtained. +.PP +For example: +.PP +.Vb 1 +\& nsComment="This is a Comment" +.Ve +.PP +Multi-valued extensions have a short form and a long form. The short form +is a list of names and values: +.PP +.Vb 1 +\& basicConstraints=critical,CA:true,pathlen:1 +.Ve +.PP +The long form allows the values to be placed in a separate section: +.PP +.Vb 1 +\& basicConstraints=critical,@bs_section +\& +\& [bs_section] +\& +\& CA=true +\& pathlen=1 +.Ve +.PP +Both forms are equivalent. +.PP +The syntax of raw extensions is governed by the extension code: it can +for example contain data in multiple sections. The correct syntax to +use is defined by the extension code itself: check out the certificate +policies extension for an example. +.PP +If an extension type is unsupported then the \fIarbitrary\fR extension syntax +must be used, see the \s-1ARBITRARY EXTENSIONS\s0 section for more details. +.SH "STANDARD EXTENSIONS" +.IX Header "STANDARD EXTENSIONS" +The following sections describe each supported extension in detail. +.SS "Basic Constraints." +.IX Subsection "Basic Constraints." +This is a multi valued extension which indicates whether a certificate is +a \s-1CA\s0 certificate. The first (mandatory) name is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or +\&\fB\s-1FALSE\s0\fR. If \fB\s-1CA\s0\fR is \fB\s-1TRUE\s0\fR then an optional \fBpathlen\fR name followed by an +non-negative value can be included. +.PP +For example: +.PP +.Vb 1 +\& basicConstraints=CA:TRUE +\& +\& basicConstraints=CA:FALSE +\& +\& basicConstraints=critical,CA:TRUE, pathlen:0 +.Ve +.PP +A \s-1CA\s0 certificate \fBmust\fR include the basicConstraints value with the \s-1CA\s0 field +set to \s-1TRUE.\s0 An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the +extension entirely. Some software may require the inclusion of basicConstraints +with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates. +.PP +The pathlen parameter indicates the maximum number of CAs that can appear +below this one in a chain. So if you have a \s-1CA\s0 with a pathlen of zero it can +only be used to sign end user certificates and not further CAs. +.SS "Key Usage." +.IX Subsection "Key Usage." +Key usage is a multi valued extension consisting of a list of names of the +permitted key usages. +.PP +The supported names are: digitalSignature, nonRepudiation, keyEncipherment, +dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly +and decipherOnly. +.PP +Examples: +.PP +.Vb 1 +\& keyUsage=digitalSignature, nonRepudiation +\& +\& keyUsage=critical, keyCertSign +.Ve +.SS "Extended Key Usage." +.IX Subsection "Extended Key Usage." +This extensions consists of a list of usages indicating purposes for which +the certificate public key can be used for, +.PP +These can either be object short names or the dotted numerical form of OIDs. +While any \s-1OID\s0 can be used only certain values make sense. In particular the +following \s-1PKIX, NS\s0 and \s-1MS\s0 values are meaningful: +.PP +.Vb 10 +\& Value Meaning +\& \-\-\-\-\- \-\-\-\-\-\-\- +\& serverAuth SSL/TLS Web Server Authentication. +\& clientAuth SSL/TLS Web Client Authentication. +\& codeSigning Code signing. +\& emailProtection E\-mail Protection (S/MIME). +\& timeStamping Trusted Timestamping +\& OCSPSigning OCSP Signing +\& ipsecIKE ipsec Internet Key Exchange +\& msCodeInd Microsoft Individual Code Signing (authenticode) +\& msCodeCom Microsoft Commercial Code Signing (authenticode) +\& msCTLSign Microsoft Trust List Signing +\& msEFS Microsoft Encrypted File System +.Ve +.PP +Examples: +.PP +.Vb 2 +\& extendedKeyUsage=critical,codeSigning,1.2.3.4 +\& extendedKeyUsage=serverAuth,clientAuth +.Ve +.SS "Subject Key Identifier." +.IX Subsection "Subject Key Identifier." +This is really a string extension and can take two possible values. Either +the word \fBhash\fR which will automatically follow the guidelines in \s-1RFC3280\s0 +or a hex string giving the extension value to include. The use of the hex +string is strongly discouraged. +.PP +Example: +.PP +.Vb 1 +\& subjectKeyIdentifier=hash +.Ve +.SS "Authority Key Identifier." +.IX Subsection "Authority Key Identifier." +The authority key identifier extension permits two options. keyid and issuer: +both can take the optional value \*(L"always\*(R". +.PP +If the keyid option is present an attempt is made to copy the subject key +identifier from the parent certificate. If the value \*(L"always\*(R" is present +then an error is returned if the option fails. +.PP +The issuer option copies the issuer and serial number from the issuer +certificate. This will only be done if the keyid option fails or +is not included unless the \*(L"always\*(R" flag will always include the value. +.PP +Example: +.PP +.Vb 1 +\& authorityKeyIdentifier=keyid,issuer +.Ve +.SS "Subject Alternative Name." +.IX Subsection "Subject Alternative Name." +The subject alternative name extension allows various literal values to be +included in the configuration file. These include \fBemail\fR (an email address) +\&\fB\s-1URI\s0\fR a uniform resource indicator, \fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), \fB\s-1RID\s0\fR (a +registered \s-1ID: OBJECT IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR +(a distinguished name) and otherName. +.PP +The email option include a special 'copy' value. This will automatically +include any email addresses contained in the certificate subject name in +the extension. +.PP +The \s-1IP\s0 address used in the \fB\s-1IP\s0\fR options can be in either IPv4 or IPv6 format. +.PP +The value of \fBdirName\fR should point to a section containing the distinguished +name to use as a set of name value pairs. Multi values AVAs can be formed by +prefacing the name with a \fB+\fR character. +.PP +otherName can include arbitrary data associated with an \s-1OID:\s0 the value +should be the \s-1OID\s0 followed by a semicolon and the content in standard +\&\fBASN1_generate_nconf\fR\|(3) format. +.PP +Examples: +.PP +.Vb 5 +\& subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ +\& subjectAltName=IP:192.168.7.1 +\& subjectAltName=IP:13::17 +\& subjectAltName=email:my@other.address,RID:1.2.3.4 +\& subjectAltName=otherName:1.2.3.4;UTF8:some other identifier +\& +\& subjectAltName=dirName:dir_sect +\& +\& [dir_sect] +\& C=UK +\& O=My Organization +\& OU=My Unit +\& CN=My Name +.Ve +.SS "Issuer Alternative Name." +.IX Subsection "Issuer Alternative Name." +The issuer alternative name option supports all the literal options of +subject alternative name. It does \fBnot\fR support the email:copy option because +that would not make sense. It does support an additional issuer:copy option +that will copy all the subject alternative name values from the issuer +certificate (if possible). +.PP +Example: +.PP +.Vb 1 +\& issuerAltName = issuer:copy +.Ve +.SS "Authority Info Access." +.IX Subsection "Authority Info Access." +The authority information access extension gives details about how to access +certain information relating to the \s-1CA.\s0 Its syntax is accessOID;location +where \fIlocation\fR has the same syntax as subject alternative name (except +that email:copy is not supported). accessOID can be any valid \s-1OID\s0 but only +certain values are meaningful, for example \s-1OCSP\s0 and caIssuers. +.PP +Example: +.PP +.Vb 2 +\& authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ +\& authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html +.Ve +.SS "\s-1CRL\s0 distribution points" +.IX Subsection "CRL distribution points" +This is a multi-valued extension whose options can be either in name:value pair +using the same form as subject alternative name or a single value representing +a section name containing all the distribution point fields. +.PP +For a name:value pair a new DistributionPoint with the fullName field set to +the given value both the cRLissuer and reasons fields are omitted in this case. +.PP +In the single option case the section indicated contains values for each +field. In this section: +.PP +If the name is \*(L"fullname\*(R" the value field should contain the full name +of the distribution point in the same format as subject alternative name. +.PP +If the name is \*(L"relativename\*(R" then the value field should contain a section +name whose contents represent a \s-1DN\s0 fragment to be placed in this field. +.PP +The name \*(L"CRLIssuer\*(R" if present should contain a value for this field in +subject alternative name format. +.PP +If the name is \*(L"reasons\*(R" the value field should consist of a comma +separated field containing the reasons. Valid reasons are: \*(L"keyCompromise\*(R", +\&\*(L"CACompromise\*(R", \*(L"affiliationChanged\*(R", \*(L"superseded\*(R", \*(L"cessationOfOperation\*(R", +\&\*(L"certificateHold\*(R", \*(L"privilegeWithdrawn\*(R" and \*(L"AACompromise\*(R". +.PP +Simple examples: +.PP +.Vb 2 +\& crlDistributionPoints=URI:http://myhost.com/myca.crl +\& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl +.Ve +.PP +Full distribution point example: +.PP +.Vb 1 +\& crlDistributionPoints=crldp1_section +\& +\& [crldp1_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& CRLissuer=dirName:issuer_sect +\& reasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Issuing Distribution Point" +.IX Subsection "Issuing Distribution Point" +This extension should only appear in CRLs. It is a multi valued extension +whose syntax is similar to the \*(L"section\*(R" pointed to by the \s-1CRL\s0 distribution +points extension with a few differences. +.PP +The names \*(L"reasons\*(R" and \*(L"CRLissuer\*(R" are not recognized. +.PP +The name \*(L"onlysomereasons\*(R" is accepted which sets this field. The value is +in the same format as the \s-1CRL\s0 distribution point \*(L"reasons\*(R" field. +.PP +The names \*(L"onlyuser\*(R", \*(L"onlyCA\*(R", \*(L"onlyAA\*(R" and \*(L"indirectCRL\*(R" are also accepted +the values should be a boolean value (\s-1TRUE\s0 or \s-1FALSE\s0) to indicate the value of +the corresponding field. +.PP +Example: +.PP +.Vb 1 +\& issuingDistributionPoint=critical, @idp_section +\& +\& [idp_section] +\& +\& fullname=URI:http://myhost.com/myca.crl +\& indirectCRL=TRUE +\& onlysomereasons=keyCompromise, CACompromise +\& +\& [issuer_sect] +\& C=UK +\& O=Organisation +\& CN=Some Name +.Ve +.SS "Certificate Policies." +.IX Subsection "Certificate Policies." +This is a \fIraw\fR extension. All the fields of this extension can be set by +using the appropriate syntax. +.PP +If you follow the \s-1PKIX\s0 recommendations and just using one \s-1OID\s0 then you just +include the value of that \s-1OID.\s0 Multiple OIDs can be set separated by commas, +for example: +.PP +.Vb 1 +\& certificatePolicies= 1.2.4.5, 1.1.3.4 +.Ve +.PP +If you wish to include qualifiers then the policy \s-1OID\s0 and qualifiers need to +be specified in a separate section: this is done by using the \f(CW@section\fR syntax +instead of a literal \s-1OID\s0 value. +.PP +The section referred to must include the policy \s-1OID\s0 using the name +policyIdentifier, cPSuri qualifiers can be included using the syntax: +.PP +.Vb 1 +\& CPS.nnn=value +.Ve +.PP +userNotice qualifiers can be set using the syntax: +.PP +.Vb 1 +\& userNotice.nnn=@notice +.Ve +.PP +The value of the userNotice qualifier is specified in the relevant section. +This section can include explicitText, organization and noticeNumbers +options. explicitText and organization are text strings, noticeNumbers is a +comma separated list of numbers. The organization and noticeNumbers options +(if included) must \s-1BOTH\s0 be present. If you use the userNotice option with \s-1IE5\s0 +then you need the 'ia5org' option at the top level to modify the encoding: +otherwise it will not be interpreted properly. +.PP +Example: +.PP +.Vb 1 +\& certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect +\& +\& [polsect] +\& +\& policyIdentifier = 1.3.5.8 +\& CPS.1="http://my.host.name/" +\& CPS.2="http://my.your.name/" +\& userNotice.1=@notice +\& +\& [notice] +\& +\& explicitText="Explicit Text Here" +\& organization="Organisation Name" +\& noticeNumbers=1,2,3,4 +.Ve +.PP +The \fBia5org\fR option changes the type of the \fIorganization\fR field. In \s-1RFC2459\s0 +it can only be of type DisplayText. In \s-1RFC3280\s0 IA5String is also permissible. +Some software (for example some versions of \s-1MSIE\s0) may require ia5org. +.PP +\&\s-1ASN1\s0 type of explicitText can be specified by prepending \fB\s-1UTF8\s0\fR, +\&\fB\s-1BMP\s0\fR or \fB\s-1VISIBLE\s0\fR prefix followed by colon. For example: +.PP +.Vb 2 +\& [notice] +\& explicitText="UTF8:Explicit Text Here" +.Ve +.SS "Policy Constraints" +.IX Subsection "Policy Constraints" +This is a multi-valued extension which consisting of the names +\&\fBrequireExplicitPolicy\fR or \fBinhibitPolicyMapping\fR and a non negative integer +value. At least one component must be present. +.PP +Example: +.PP +.Vb 1 +\& policyConstraints = requireExplicitPolicy:3 +.Ve +.SS "Inhibit Any Policy" +.IX Subsection "Inhibit Any Policy" +This is a string extension whose value must be a non negative integer. +.PP +Example: +.PP +.Vb 1 +\& inhibitAnyPolicy = 2 +.Ve +.SS "Name Constraints" +.IX Subsection "Name Constraints" +The name constraints extension is a multi-valued extension. The name should +begin with the word \fBpermitted\fR or \fBexcluded\fR followed by a \fB;\fR. The rest of +the name and the value follows the syntax of subjectAltName except email:copy +is not supported and the \fB\s-1IP\s0\fR form should consist of an \s-1IP\s0 addresses and +subnet mask separated by a \fB/\fR. +.PP +Examples: +.PP +.Vb 1 +\& nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 +\& +\& nameConstraints=permitted;email:.somedomain.com +\& +\& nameConstraints=excluded;email:.com +.Ve +.SS "\s-1OCSP\s0 No Check" +.IX Subsection "OCSP No Check" +The \s-1OCSP\s0 No Check extension is a string extension but its value is ignored. +.PP +Example: +.PP +.Vb 1 +\& noCheck = ignored +.Ve +.SS "\s-1TLS\s0 Feature (aka Must Staple)" +.IX Subsection "TLS Feature (aka Must Staple)" +This is a multi-valued extension consisting of a list of \s-1TLS\s0 extension +identifiers. Each identifier may be a number (0..65535) or a supported name. +When a \s-1TLS\s0 client sends a listed extension, the \s-1TLS\s0 server is expected to +include that extension in its reply. +.PP +The supported names are: \fBstatus_request\fR and \fBstatus_request_v2\fR. +.PP +Example: +.PP +.Vb 1 +\& tlsfeature = status_request +.Ve +.SH "DEPRECATED EXTENSIONS" +.IX Header "DEPRECATED EXTENSIONS" +The following extensions are non standard, Netscape specific and largely +obsolete. Their use in new applications is discouraged. +.SS "Netscape String extensions." +.IX Subsection "Netscape String extensions." +Netscape Comment (\fBnsComment\fR) is a string extension containing a comment +which will be displayed when the certificate is viewed in some browsers. +.PP +Example: +.PP +.Vb 1 +\& nsComment = "Some Random Comment" +.Ve +.PP +Other supported extensions in this category are: \fBnsBaseUrl\fR, +\&\fBnsRevocationUrl\fR, \fBnsCaRevocationUrl\fR, \fBnsRenewalUrl\fR, \fBnsCaPolicyUrl\fR +and \fBnsSslServerName\fR. +.SS "Netscape Certificate Type" +.IX Subsection "Netscape Certificate Type" +This is a multi-valued extensions which consists of a list of flags to be +included. It was used to indicate the purposes for which a certificate could +be used. The basicConstraints, keyUsage and extended key usage extensions are +now used instead. +.PP +Acceptable values for nsCertType are: \fBclient\fR, \fBserver\fR, \fBemail\fR, +\&\fBobjsign\fR, \fBreserved\fR, \fBsslCA\fR, \fBemailCA\fR, \fBobjCA\fR. +.SH "ARBITRARY EXTENSIONS" +.IX Header "ARBITRARY EXTENSIONS" +If an extension is not supported by the OpenSSL code then it must be encoded +using the arbitrary extension format. It is also possible to use the arbitrary +format for supported extensions. Extreme care should be taken to ensure that +the data is formatted correctly for the given extension type. +.PP +There are two ways to encode arbitrary extensions. +.PP +The first way is to use the word \s-1ASN1\s0 followed by the extension content +using the same syntax as \fBASN1_generate_nconf\fR\|(3). +For example: +.PP +.Vb 1 +\& 1.2.3.4=critical,ASN1:UTF8String:Some random data +\& +\& 1.2.3.4=ASN1:SEQUENCE:seq_sect +\& +\& [seq_sect] +\& +\& field1 = UTF8:field1 +\& field2 = UTF8:field2 +.Ve +.PP +It is also possible to use the word \s-1DER\s0 to include the raw encoded data in any +extension. +.PP +.Vb 2 +\& 1.2.3.4=critical,DER:01:02:03:04 +\& 1.2.3.4=DER:01020304 +.Ve +.PP +The value following \s-1DER\s0 is a hex dump of the \s-1DER\s0 encoding of the extension +Any extension can be placed in this form to override the default behaviour. +For example: +.PP +.Vb 1 +\& basicConstraints=critical,DER:00:01:02:03 +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +There is no guarantee that a specific implementation will process a given +extension. It may therefore be sometimes possible to use certificates for +purposes prohibited by their extensions because a specific application does +not recognize or honour the values of the relevant extensions. +.PP +The \s-1DER\s0 and \s-1ASN1\s0 options should be used with caution. It is possible to create +totally invalid extensions if they are not used carefully. +.SH "NOTES" +.IX Header "NOTES" +If an extension is multi-value and a field value must contain a comma the long +form must be used otherwise the comma would be misinterpreted as a field +separator. For example: +.PP +.Vb 1 +\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ve +.PP +will produce an error but the equivalent form: +.PP +.Vb 1 +\& subjectAltName=@subject_alt_section +\& +\& [subject_alt_section] +\& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ve +.PP +is valid. +.PP +Due to the behaviour of the OpenSSL \fBconf\fR library the same field name +can only occur once in a section. This means that: +.PP +.Vb 1 +\& subjectAltName=@alt_section +\& +\& [alt_section] +\& +\& email=steve@here +\& email=steve@there +.Ve +.PP +will only recognize the last value. This can be worked around by using the form: +.PP +.Vb 1 +\& [alt_section] +\& +\& email.1=steve@here +\& email.2=steve@there +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBreq\fR\|(1), \fBca\fR\|(1), \fBx509\fR\|(1), +\&\fBASN1_generate_nconf\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2004\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/Ed25519.7 b/secure/lib/libcrypto/man/man7/Ed25519.7 new file mode 100644 index 000000000000..20fe73d686ec --- /dev/null +++ b/secure/lib/libcrypto/man/man7/Ed25519.7 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "ED25519 7" +.TH ED25519 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +Ed25519, Ed448 \&\- EVP_PKEY Ed25519 and Ed448 support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBEd25519\fR and \fBEd448\fR \s-1EVP_PKEY\s0 implementation supports key generation, +one-shot digest sign and digest verify using PureEdDSA and \fBEd25519\fR or \fBEd448\fR +(see \s-1RFC8032\s0). It has associated private and public key formats compatible with +draft\-ietf\-curdle\-pkix\-04. +.PP +No additional parameters can be set during key generation, one-shot signing or +verification. In particular, because PureEdDSA is used, a digest must \fB\s-1NOT\s0\fR be +specified when signing or verifying. +.SH "NOTES" +.IX Header "NOTES" +The PureEdDSA algorithm does not support the streaming mechanism +of other signature algorithms using, for example, \fBEVP_DigestUpdate()\fR. +The message to sign or verify must be passed using the one-shot +\&\fBEVP_DigestSign()\fR and \fBEVP_DigestVerify()\fR functions. +.PP +When calling \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR, the +digest \fBtype\fR parameter \fB\s-1MUST\s0\fR be set to \fB\s-1NULL\s0\fR. +.PP +Applications wishing to sign certificates (or other structures such as +CRLs or certificate requests) using Ed25519 or Ed448 can either use \fBX509_sign()\fR +or \fBX509_sign_ctx()\fR in the usual way. +.PP +A context for the \fBEd25519\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); +.Ve +.PP +For the \fBEd448\fR algorithm a context can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED448, NULL); +.Ve +.PP +Ed25519 or Ed448 private keys can be set directly using +\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file +using \fBPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. +.PP +Ed25519 or Ed448 public keys can be set directly using +\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo +structure in a \s-1PEM\s0 file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +.PP +Ed25519 and Ed448 can be tested within \fBspeed\fR\|(1) application since version 1.1.1. +Valid algorithm names are \fBed25519\fR, \fBed448\fR and \fBeddsa\fR. If \fBeddsa\fR is +specified, then both Ed25519 and Ed448 are benchmarked. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example generates an \fB\s-1ED25519\s0\fR private key and writes it to standard +output in \s-1PEM\s0 format: +.PP +.Vb 9 +\& #include +\& #include +\& ... +\& EVP_PKEY *pkey = NULL; +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL); +\& EVP_PKEY_keygen_init(pctx); +\& EVP_PKEY_keygen(pctx, &pkey); +\& EVP_PKEY_CTX_free(pctx); +\& PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestVerifyInit\fR\|(3), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/Makefile b/secure/lib/libcrypto/man/man7/Makefile new file mode 100644 index 000000000000..34c0ff786be6 --- /dev/null +++ b/secure/lib/libcrypto/man/man7/Makefile @@ -0,0 +1,20 @@ +# $FreeBSD$ +MAN+= Ed25519.7 +MAN+= RAND.7 +MAN+= RAND_DRBG.7 +MAN+= RSA-PSS.7 +MAN+= SM2.7 +MAN+= X25519.7 +MAN+= bio.7 +# MAN+= crypto.7 +MAN+= ct.7 +MAN+= des_modes.7 +MAN+= evp.7 +MAN+= ossl_store-file.7 +MAN+= ossl_store.7 +MAN+= passphrase-encoding.7 +MAN+= scrypt.7 +MAN+= ssl.7 +MAN+= x509.7 +MLINKS+= Ed25519.7 Ed448.7 +MLINKS+= X25519.7 X448.7 diff --git a/secure/lib/libcrypto/man/man7/RAND.7 b/secure/lib/libcrypto/man/man7/RAND.7 new file mode 100644 index 000000000000..9352e577af89 --- /dev/null +++ b/secure/lib/libcrypto/man/man7/RAND.7 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND 7" +.TH RAND 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND \&\- the OpenSSL random generator +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Random numbers are a vital part of cryptography, they are needed to provide +unpredictability for tasks like key generation, creating salts, and many more. +Software-based generators must be seeded with external randomness before they +can be used as a cryptographically-secure pseudo-random number generator +(\s-1CSPRNG\s0). +The availability of common hardware with special instructions and +modern operating systems, which may use items such as interrupt jitter +and network packet timings, can be reasonable sources of seeding material. +.PP +OpenSSL comes with a default implementation of the \s-1RAND API\s0 which is based on +the deterministic random bit generator (\s-1DRBG\s0) model as described in +[\s-1NIST SP 800\-90A\s0 Rev. 1]. The default random generator will initialize +automatically on first use and will be fully functional without having +to be initialized ('seeded') explicitly. +It seeds and reseeds itself automatically using trusted random sources +provided by the operating system. +.PP +As a normal application developer, you do not have to worry about any details, +just use \fBRAND_bytes\fR\|(3) to obtain random data. +Having said that, there is one important rule to obey: Always check the error +return value of \fBRAND_bytes\fR\|(3) and do not take randomness for granted. +Although (re\-)seeding is automatic, it can fail because no trusted random source +is available or the trusted source(s) temporarily fail to provide sufficient +random seed material. +In this case the \s-1CSPRNG\s0 enters an error state and ceases to provide output, +until it is able to recover from the error by reseeding itself. +For more details on reseeding and error recovery, see \s-1\fBRAND_DRBG\s0\fR\|(7). +.PP +For values that should remain secret, you can use \fBRAND_priv_bytes\fR\|(3) +instead. +This method does not provide 'better' randomness, it uses the same type of \s-1CSPRNG.\s0 +The intention behind using a dedicated \s-1CSPRNG\s0 exclusively for private +values is that none of its output should be visible to an attacker (e.g., +used as salt value), in order to reveal as little information as +possible about its internal state, and that a compromise of the \*(L"public\*(R" +\&\s-1CSPRNG\s0 instance will not affect the secrecy of these private values. +.PP +In the rare case where the default implementation does not satisfy your special +requirements, there are two options: +.IP "\(bu" 2 +Replace the default \s-1RAND\s0 method by your own \s-1RAND\s0 method using +\&\fBRAND_set_rand_method\fR\|(3). +.IP "\(bu" 2 +Modify the default settings of the OpenSSL \s-1RAND\s0 method by modifying the security +parameters of the underlying \s-1DRBG,\s0 which is described in detail in \s-1\fBRAND_DRBG\s0\fR\|(7). +.PP +Changing the default random generator or its default parameters should be necessary +only in exceptional cases and is not recommended, unless you have a profound knowledge +of cryptographic principles and understand the implications of your changes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_add\fR\|(3), +\&\fBRAND_bytes\fR\|(3), +\&\fBRAND_priv_bytes\fR\|(3), +\&\fBRAND_get_rand_method\fR\|(3), +\&\fBRAND_set_rand_method\fR\|(3), +\&\fBRAND_OpenSSL\fR\|(3), +\&\s-1\fBRAND_DRBG\s0\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/RAND_DRBG.7 b/secure/lib/libcrypto/man/man7/RAND_DRBG.7 new file mode 100644 index 000000000000..aab4f1dbf856 --- /dev/null +++ b/secure/lib/libcrypto/man/man7/RAND_DRBG.7 @@ -0,0 +1,396 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RAND_DRBG 7" +.TH RAND_DRBG 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RAND_DRBG \- the deterministic random bit generator +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The default OpenSSL \s-1RAND\s0 method is based on the \s-1RAND_DRBG\s0 class, +which implements a deterministic random bit generator (\s-1DRBG\s0). +A \s-1DRBG\s0 is a certain type of cryptographically-secure pseudo-random +number generator (\s-1CSPRNG\s0), which is described in +[\s-1NIST SP 800\-90A\s0 Rev. 1]. +.PP +While the \s-1RAND API\s0 is the 'frontend' which is intended to be used by +application developers for obtaining random bytes, the \s-1RAND_DRBG API\s0 +serves as the 'backend', connecting the former with the operating +systems's entropy sources and providing access to the \s-1DRBG\s0's +configuration parameters. +.SS "Disclaimer" +.IX Subsection "Disclaimer" +Unless you have very specific requirements for your random generator, +it is in general not necessary to utilize the \s-1RAND_DRBG API\s0 directly. +The usual way to obtain random bytes is to use \fBRAND_bytes\fR\|(3) or +\&\fBRAND_priv_bytes\fR\|(3), see also \s-1\fBRAND\s0\fR\|(7). +.SS "Typical Use Cases" +.IX Subsection "Typical Use Cases" +Typical examples for such special use cases are the following: +.IP "\(bu" 2 +You want to use your own private \s-1DRBG\s0 instances. +Multiple \s-1DRBG\s0 instances which are accessed only by a single thread provide +additional security (because their internal states are independent) and +better scalability in multithreaded applications (because they don't need +to be locked). +.IP "\(bu" 2 +You need to integrate a previously unsupported entropy source. +.IP "\(bu" 2 +You need to change the default settings of the standard OpenSSL \s-1RAND\s0 +implementation to meet specific requirements. +.SH "CHAINING" +.IX Header "CHAINING" +A \s-1DRBG\s0 instance can be used as the entropy source of another \s-1DRBG\s0 instance, +provided it has itself access to a valid entropy source. +The \s-1DRBG\s0 instance which acts as entropy source is called the \fIparent\fR \s-1DRBG,\s0 +the other instance the \fIchild\fR \s-1DRBG.\s0 +.PP +This is called chaining. A chained \s-1DRBG\s0 instance is created by passing +a pointer to the parent \s-1DRBG\s0 as argument to the \fBRAND_DRBG_new()\fR call. +It is possible to create chains of more than two \s-1DRBG\s0 in a row. +.SH "THE THREE SHARED DRBG INSTANCES" +.IX Header "THE THREE SHARED DRBG INSTANCES" +Currently, there are three shared \s-1DRBG\s0 instances, +the , , and \s-1DRBG.\s0 +While the \s-1DRBG\s0 is a single global instance, the and +\&\s-1DRBG\s0 are created per thread and accessed through thread-local storage. +.PP +By default, the functions \fBRAND_bytes\fR\|(3) and \fBRAND_priv_bytes\fR\|(3) use +the thread-local and \s-1DRBG\s0 instance, respectively. +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +The \s-1DRBG\s0 is not used directly by the application, only for reseeding +the two other two \s-1DRBG\s0 instances. It reseeds itself by obtaining randomness +either from os entropy sources or by consuming randomness which was added +previously by \fBRAND_add\fR\|(3). +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +This instance is used per default by \fBRAND_bytes\fR\|(3). +.SS "The \s-1DRBG\s0 instance" +.IX Subsection "The DRBG instance" +This instance is used per default by \fBRAND_priv_bytes\fR\|(3) +.SH "LOCKING" +.IX Header "LOCKING" +The \s-1DRBG\s0 is intended to be accessed concurrently for reseeding +by its child \s-1DRBG\s0 instances. The necessary locking is done internally. +It is \fInot\fR thread-safe to access the \s-1DRBG\s0 directly via the +\&\s-1RAND_DRBG\s0 interface. +The and \s-1DRBG\s0 are thread-local, i.e. there is an +instance of each per thread. So they can safely be accessed without +locking via the \s-1RAND_DRBG\s0 interface. +.PP +Pointers to these \s-1DRBG\s0 instances can be obtained using +\&\fBRAND_DRBG_get0_master()\fR, +\&\fBRAND_DRBG_get0_public()\fR, and +\&\fBRAND_DRBG_get0_private()\fR, respectively. +Note that it is not allowed to store a pointer to one of the thread-local +\&\s-1DRBG\s0 instances in a variable or other memory location where it will be +accessed and used by multiple threads. +.PP +All other \s-1DRBG\s0 instances created by an application don't support locking, +because they are intended to be used by a single thread. +Instead of accessing a single \s-1DRBG\s0 instance concurrently from different +threads, it is recommended to instantiate a separate \s-1DRBG\s0 instance per +thread. Using the \s-1DRBG\s0 as entropy source for multiple \s-1DRBG\s0 +instances on different threads is thread-safe, because the \s-1DRBG\s0 instance +will lock the \s-1DRBG\s0 automatically for obtaining random input. +.SH "THE OVERALL PICTURE" +.IX Header "THE OVERALL PICTURE" +The following picture gives an overview over how the \s-1DRBG\s0 instances work +together and are being used. +.PP +.Vb 10 +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | os entropy sources | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | +\& v +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& RAND_add() ==> <\-| shared DRBG (with locking) | +\& / \e +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& / \e +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& <\- | per\-thread DRBG instances | +\& | | +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& v v +\& RAND_bytes() RAND_priv_bytes() +\& | ^ +\& | | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\& | general purpose | | used for secrets like session keys | +\& | random generator | | and private keys for certificates | +\& +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+ +.Ve +.PP +The usual way to obtain random bytes is to call RAND_bytes(...) or +RAND_priv_bytes(...). These calls are roughly equivalent to calling +RAND_DRBG_bytes(, ...) and RAND_DRBG_bytes(, ...), +respectively. The method \fBRAND_DRBG_bytes\fR\|(3) is a convenience method +wrapping the \fBRAND_DRBG_generate\fR\|(3) function, which serves the actual +request for random data. +.SH "RESEEDING" +.IX Header "RESEEDING" +A \s-1DRBG\s0 instance seeds itself automatically, pulling random input from +its entropy source. The entropy source can be either a trusted operating +system entropy source, or another \s-1DRBG\s0 with access to such a source. +.PP +Automatic reseeding occurs after a predefined number of generate requests. +The selection of the trusted entropy sources is configured at build +time using the \-\-with\-rand\-seed option. The following sections explain +the reseeding process in more detail. +.SS "Automatic Reseeding" +.IX Subsection "Automatic Reseeding" +Before satisfying a generate request (\fBRAND_DRBG_generate\fR\|(3)), the \s-1DRBG\s0 +reseeds itself automatically, if one of the following conditions holds: +.PP +\&\- the \s-1DRBG\s0 was not instantiated (=seeded) yet or has been uninstantiated. +.PP +\&\- the number of generate requests since the last reseeding exceeds a +certain threshold, the so called \fIreseed_interval\fR. +This behaviour can be disabled by setting the \fIreseed_interval\fR to 0. +.PP +\&\- the time elapsed since the last reseeding exceeds a certain time +interval, the so called \fIreseed_time_interval\fR. +This can be disabled by setting the \fIreseed_time_interval\fR to 0. +.PP +\&\- the \s-1DRBG\s0 is in an error state. +.PP +\&\fBNote\fR: An error state is entered if the entropy source fails while +the \s-1DRBG\s0 is seeding or reseeding. +The last case ensures that the \s-1DRBG\s0 automatically recovers +from the error as soon as the entropy source is available again. +.SS "Manual Reseeding" +.IX Subsection "Manual Reseeding" +In addition to automatic reseeding, the caller can request an immediate +reseeding of the \s-1DRBG\s0 with fresh entropy by setting the +\&\fIprediction resistance\fR parameter to 1 when calling \fBRAND_DRBG_generate\fR\|(3). +.PP +The document [\s-1NIST SP 800\-90C\s0] describes prediction resistance requests +in detail and imposes strict conditions on the entropy sources that are +approved for providing prediction resistance. +Since the default \s-1DRBG\s0 implementation does not have access to such an approved +entropy source, a request for prediction resistance will currently always fail. +In other words, prediction resistance is currently not supported yet by the \s-1DRBG.\s0 +.PP +For the three shared DRBGs (and only for these) there is another way to +reseed them manually: +If \fBRAND_add\fR\|(3) is called with a positive \fIrandomness\fR argument +(or \fBRAND_seed\fR\|(3)), then this will immediately reseed the \s-1DRBG.\s0 +The and \s-1DRBG\s0 will detect this on their next generate +call and reseed, pulling randomness from . +.PP +The last feature has been added to support the common practice used with +previous OpenSSL versions to call \fBRAND_add()\fR before calling \fBRAND_bytes()\fR. +.SS "Entropy Input vs. Additional Data" +.IX Subsection "Entropy Input vs. Additional Data" +The \s-1DRBG\s0 distinguishes two different types of random input: \fIentropy\fR, +which comes from a trusted source, and \fIadditional input\fR', +which can optionally be added by the user and is considered untrusted. +It is possible to add \fIadditional input\fR not only during reseeding, +but also for every generate request. +This is in fact done automatically by \fBRAND_DRBG_bytes\fR\|(3). +.SS "Configuring the Random Seed Source" +.IX Subsection "Configuring the Random Seed Source" +In most cases OpenSSL will automatically choose a suitable seed source +for automatically seeding and reseeding its \s-1DRBG.\s0 In some cases +however, it will be necessary to explicitly specify a seed source during +configuration, using the \-\-with\-rand\-seed option. For more information, +see the \s-1INSTALL\s0 instructions. There are also operating systems where no +seed source is available and automatic reseeding is disabled by default. +.PP +The following two sections describe the reseeding process of the master +\&\s-1DRBG,\s0 depending on whether automatic reseeding is available or not. +.SS "Reseeding the master \s-1DRBG\s0 with automatic seeding enabled" +.IX Subsection "Reseeding the master DRBG with automatic seeding enabled" +Calling \fBRAND_poll()\fR or \fBRAND_add()\fR is not necessary, because the \s-1DRBG\s0 +pulls the necessary entropy from its source automatically. +However, both calls are permitted, and do reseed the \s-1RNG.\s0 +.PP +\&\fBRAND_add()\fR can be used to add both kinds of random input, depending on the +value of the \fBrandomness\fR argument: +.IP "randomness == 0:" 4 +.IX Item "randomness == 0:" +The random bytes are mixed as additional input into the current state of +the \s-1DRBG.\s0 +Mixing in additional input is not considered a full reseeding, hence the +reseed counter is not reset. +.IP "randomness > 0:" 4 +.IX Item "randomness > 0:" +The random bytes are used as entropy input for a full reseeding +(resp. reinstantiation) if the \s-1DRBG\s0 is instantiated +(resp. uninstantiated or in an error state). +The number of random bits required for reseeding is determined by the +security strength of the \s-1DRBG.\s0 Currently it defaults to 256 bits (32 bytes). +It is possible to provide less randomness than required. +In this case the missing randomness will be obtained by pulling random input +from the trusted entropy sources. +.SS "Reseeding the master \s-1DRBG\s0 with automatic seeding disabled" +.IX Subsection "Reseeding the master DRBG with automatic seeding disabled" +Calling \fBRAND_poll()\fR will always fail. +.PP +\&\fBRAND_add()\fR needs to be called for initial seeding and periodic reseeding. +At least 48 bytes (384 bits) of randomness have to be provided, otherwise +the (re\-)seeding of the \s-1DRBG\s0 will fail. This corresponds to one and a half +times the security strength of the \s-1DRBG.\s0 The extra half is used for the +nonce during instantiation. +.PP +More precisely, the number of bytes needed for seeding depend on the +\&\fIsecurity strength\fR of the \s-1DRBG,\s0 which is set to 256 by default. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBRAND_DRBG_bytes\fR\|(3), +\&\fBRAND_DRBG_generate\fR\|(3), +\&\fBRAND_DRBG_reseed\fR\|(3), +\&\fBRAND_DRBG_get0_master\fR\|(3), +\&\fBRAND_DRBG_get0_public\fR\|(3), +\&\fBRAND_DRBG_get0_private\fR\|(3), +\&\fBRAND_DRBG_set_reseed_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_time_interval\fR\|(3), +\&\fBRAND_DRBG_set_reseed_defaults\fR\|(3), +\&\s-1\fBRAND\s0\fR\|(7), +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/RSA-PSS.7 b/secure/lib/libcrypto/man/man7/RSA-PSS.7 new file mode 100644 index 000000000000..6be71bad5ba0 --- /dev/null +++ b/secure/lib/libcrypto/man/man7/RSA-PSS.7 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "RSA-PSS 7" +.TH RSA-PSS 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +RSA\-PSS \- EVP_PKEY RSA\-PSS algorithm support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBRSA-PSS\fR \s-1EVP_PKEY\s0 implementation is a restricted version of the \s-1RSA\s0 +algorithm which only supports signing, verification and key generation +using \s-1PSS\s0 padding modes with optional parameter restrictions. +.PP +It has associated private key and public key formats. +.PP +This algorithm shares several control operations with the \fB\s-1RSA\s0\fR algorithm +but with some restrictions described below. +.SS "Signing and Verification" +.IX Subsection "Signing and Verification" +Signing and verification is similar to the \fB\s-1RSA\s0\fR algorithm except the +padding mode is always \s-1PSS.\s0 If the key in use has parameter restrictions then +the corresponding signature parameters are set to the restrictions: +for example, if the key can only be used with digest \s-1SHA256, MGF1 SHA256\s0 +and minimum salt length 32 then the digest, \s-1MGF1\s0 digest and salt length +will be set to \s-1SHA256, SHA256\s0 and 32 respectively. +.SS "Key Generation" +.IX Subsection "Key Generation" +By default no parameter restrictions are placed on the generated key. +.SH "NOTES" +.IX Header "NOTES" +The public key format is documented in \s-1RFC4055.\s0 +.PP +The PKCS#8 private key format used for RSA-PSS keys is similar to the \s-1RSA\s0 +format except it uses the \fBid-RSASSA-PSS\fR \s-1OID\s0 and the parameters field, if +present, restricts the key parameters in the same way as the public key. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 4055\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_md\fR\|(3), +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md\fR\|(3), +\&\fBEVP_PKEY_CTX_set_rsa_pss_keygen_saltlen\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/SM2.7 b/secure/lib/libcrypto/man/man7/SM2.7 new file mode 100644 index 000000000000..228278eb46f0 --- /dev/null +++ b/secure/lib/libcrypto/man/man7/SM2.7 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SM2 7" +.TH SM2 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SM2 \- Chinese SM2 signature and encryption algorithm support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1SM2\s0\fR algorithm was first defined by the Chinese national standard \s-1GM/T +0003\-2012\s0 and was later standardized by \s-1ISO\s0 as \s-1ISO/IEC 14888.\s0 \fB\s-1SM2\s0\fR is actually +an elliptic curve based algorithm. The current implementation in OpenSSL supports +both signature and encryption schemes via the \s-1EVP\s0 interface. +.PP +When doing the \fB\s-1SM2\s0\fR signature algorithm, it requires a distinguishing identifier +to form the message prefix which is hashed before the real message is hashed. +.SH "NOTES" +.IX Header "NOTES" +\&\fB\s-1SM2\s0\fR signatures can be generated by using the 'DigestSign' series of APIs, for +instance, \fBEVP_DigestSignInit()\fR, \fBEVP_DigestSignUpdate()\fR and \fBEVP_DigestSignFinal()\fR. +Ditto for the verification process by calling the 'DigestVerify' series of APIs. +.PP +There are several special steps that need to be done before computing an \fB\s-1SM2\s0\fR +signature. +.PP +The \fB\s-1EVP_PKEY\s0\fR structure will default to using \s-1ECDSA\s0 for signatures when it is +created. It should be set to \fB\s-1EVP_PKEY_SM2\s0\fR by calling: +.PP +.Vb 1 +\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +.Ve +.PP +Then an \s-1ID\s0 should be set by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX_set1_id(pctx, id, id_len); +.Ve +.PP +When calling the \fBEVP_DigestSignInit()\fR or \fBEVP_DigestVerifyInit()\fR functions, a +pre-allocated \fB\s-1EVP_PKEY_CTX\s0\fR should be assigned to the \fB\s-1EVP_MD_CTX\s0\fR. This is +done by calling: +.PP +.Vb 1 +\& EVP_MD_CTX_set_pkey_ctx(mctx, pctx); +.Ve +.PP +And normally there is no need to pass a \fBpctx\fR parameter to \fBEVP_DigestSignInit()\fR +or \fBEVP_DigestVerifyInit()\fR in such a scenario. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example demonstrates the calling sequence for using an \fB\s-1EVP_PKEY\s0\fR to verify +a message with the \s-1SM2\s0 signature algorithm and the \s-1SM3\s0 hash algorithm: +.PP +.Vb 1 +\& #include +\& +\& /* obtain an EVP_PKEY using whatever methods... */ +\& EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2); +\& mctx = EVP_MD_CTX_new(); +\& pctx = EVP_PKEY_CTX_new(pkey, NULL); +\& EVP_PKEY_CTX_set1_id(pctx, id, id_len); +\& EVP_MD_CTX_set_pkey_ctx(mctx, pctx);; +\& EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey); +\& EVP_DigestVerifyUpdate(mctx, msg, msg_len); +\& EVP_DigestVerifyFinal(mctx, sig, sig_len) +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_set_alias_type\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_DigestVerifyInit\fR\|(3), +\&\fBEVP_PKEY_CTX_set1_id\fR\|(3), +\&\fBEVP_MD_CTX_set_pkey_ctx\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/X25519.7 b/secure/lib/libcrypto/man/man7/X25519.7 new file mode 100644 index 000000000000..4fcedf08dddd --- /dev/null +++ b/secure/lib/libcrypto/man/man7/X25519.7 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X25519 7" +.TH X25519 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +X25519, X448 \&\- EVP_PKEY X25519 and X448 support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBX25519\fR and \fBX448\fR \s-1EVP_PKEY\s0 implementation supports key generation and +key derivation using \fBX25519\fR and \fBX448\fR. It has associated private and public +key formats compatible with draft\-ietf\-curdle\-pkix\-03. +.PP +No additional parameters can be set during key generation. +.PP +The peer public key must be set using \fBEVP_PKEY_derive_set_peer()\fR when +performing key derivation. +.SH "NOTES" +.IX Header "NOTES" +A context for the \fBX25519\fR algorithm can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); +.Ve +.PP +For the \fBX448\fR algorithm a context can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X448, NULL); +.Ve +.PP +X25519 or X448 private keys can be set directly using +\&\fBEVP_PKEY_new_raw_private_key\fR\|(3) or loaded from a PKCS#8 private key file +using \fBPEM_read_bio_PrivateKey\fR\|(3) (or similar function). Completely new keys +can also be generated (see the example below). Setting a private key also sets +the associated public key. +.PP +X25519 or X448 public keys can be set directly using +\&\fBEVP_PKEY_new_raw_public_key\fR\|(3) or loaded from a SubjectPublicKeyInfo +structure in a \s-1PEM\s0 file using \fBPEM_read_bio_PUBKEY\fR\|(3) (or similar function). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example generates an \fBX25519\fR private key and writes it to standard +output in \s-1PEM\s0 format: +.PP +.Vb 9 +\& #include +\& #include +\& ... +\& EVP_PKEY *pkey = NULL; +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL); +\& EVP_PKEY_keygen_init(pctx); +\& EVP_PKEY_keygen(pctx, &pkey); +\& EVP_PKEY_CTX_free(pctx); +\& PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); +.Ve +.PP +The key derivation example in \fBEVP_PKEY_derive\fR\|(3) can be used with +\&\fBX25519\fR and \fBX448\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3), +\&\fBEVP_PKEY_derive_set_peer\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/bio.7 b/secure/lib/libcrypto/man/man7/bio.7 new file mode 100644 index 000000000000..2d16323f72a2 --- /dev/null +++ b/secure/lib/libcrypto/man/man7/bio.7 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BIO 7" +.TH BIO 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +bio \- Basic I/O abstraction +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1BIO\s0 is an I/O abstraction, it hides many of the underlying I/O +details from an application. If an application uses a \s-1BIO\s0 for its +I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network +connections and file I/O. +.PP +There are two type of \s-1BIO,\s0 a source/sink \s-1BIO\s0 and a filter \s-1BIO.\s0 +.PP +As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data, +examples include a socket \s-1BIO\s0 and a file \s-1BIO.\s0 +.PP +A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to +another, or the application. The data may be left unmodified (for +example a message digest \s-1BIO\s0) or translated (for example an +encryption \s-1BIO\s0). The effect of a filter \s-1BIO\s0 may change according +to the I/O operation it is performing: for example an encryption +\&\s-1BIO\s0 will encrypt data if it is being written to and decrypt data +if it is being read from. +.PP +BIOs can be joined together to form a chain (a single \s-1BIO\s0 is a chain +with one component). A chain normally consist of one source/sink +\&\s-1BIO\s0 and one or more filter BIOs. Data read from or written to the +first \s-1BIO\s0 then traverses the chain to the end (normally a source/sink +\&\s-1BIO\s0). +.PP +Some BIOs (such as memory BIOs) can be used immediately after calling +\&\fBBIO_new()\fR. Others (such as file BIOs) need some additional initialization, +and frequently a utility function exists to create and initialize such BIOs. +.PP +If \fBBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +in a memory leak. +.PP +Calling \fBBIO_free_all()\fR on a single \s-1BIO\s0 has the same effect as calling +\&\fBBIO_free()\fR on it other than the discarded return value. +.PP +Normally the \fBtype\fR argument is supplied by a function which returns a +pointer to a \s-1BIO_METHOD.\s0 There is a naming convention for such functions: +a source/sink \s-1BIO\s0 is normally called BIO_s_*() and a filter \s-1BIO\s0 +BIO_f_*(); +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a memory \s-1BIO:\s0 +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBIO_ctrl\fR\|(3), +\&\fBBIO_f_base64\fR\|(3), \fBBIO_f_buffer\fR\|(3), +\&\fBBIO_f_cipher\fR\|(3), \fBBIO_f_md\fR\|(3), +\&\fBBIO_f_null\fR\|(3), \fBBIO_f_ssl\fR\|(3), +\&\fBBIO_find_type\fR\|(3), \fBBIO_new\fR\|(3), +\&\fBBIO_new_bio_pair\fR\|(3), +\&\fBBIO_push\fR\|(3), \fBBIO_read_ex\fR\|(3), +\&\fBBIO_s_accept\fR\|(3), \fBBIO_s_bio\fR\|(3), +\&\fBBIO_s_connect\fR\|(3), \fBBIO_s_fd\fR\|(3), +\&\fBBIO_s_file\fR\|(3), \fBBIO_s_mem\fR\|(3), +\&\fBBIO_s_null\fR\|(3), \fBBIO_s_socket\fR\|(3), +\&\fBBIO_set_callback\fR\|(3), +\&\fBBIO_should_retry\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/ct.7 b/secure/lib/libcrypto/man/man7/ct.7 new file mode 100644 index 000000000000..f8005393a607 --- /dev/null +++ b/secure/lib/libcrypto/man/man7/ct.7 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CT 7" +.TH CT 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ct \- Certificate Transparency +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements Certificate Transparency (\s-1CT\s0) verification for \s-1TLS\s0 +clients, as defined in \s-1RFC 6962.\s0 This verification can provide some confidence +that a certificate has been publicly logged in a set of \s-1CT\s0 logs. +.PP +By default, these checks are disabled. They can be enabled using +\&\fBSSL_CTX_enable_ct\fR\|(3) or \fBSSL_enable_ct\fR\|(3). +.PP +This library can also be used to parse and examine \s-1CT\s0 data structures, such as +Signed Certificate Timestamps (SCTs), or to read a list of \s-1CT\s0 logs. There are +functions for: +\&\- decoding and encoding SCTs in \s-1DER\s0 and \s-1TLS\s0 wire format. +\&\- printing SCTs. +\&\- verifying the authenticity of SCTs. +\&\- loading a \s-1CT\s0 log list from a \s-1CONF\s0 file. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBd2i_SCT_LIST\fR\|(3), +\&\fBCTLOG_STORE_new\fR\|(3), +\&\fBCTLOG_STORE_get0_log_by_id\fR\|(3), +\&\fBSCT_new\fR\|(3), +\&\fBSCT_print\fR\|(3), +\&\fBSCT_validate\fR\|(3), +\&\fBSCT_validate\fR\|(3), +\&\fBCT_POLICY_EVAL_CTX_new\fR\|(3), +\&\fBSSL_CTX_set_ct_validation_callback\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The ct library was added in OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/des_modes.7 b/secure/lib/libcrypto/man/man7/des_modes.7 new file mode 100644 index 000000000000..da9a50aefbb3 --- /dev/null +++ b/secure/lib/libcrypto/man/man7/des_modes.7 @@ -0,0 +1,295 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "DES_MODES 7" +.TH DES_MODES 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +des_modes \- the variants of DES and other crypto algorithms of OpenSSL +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several crypto algorithms for OpenSSL can be used in a number of modes. Those +are used for using block ciphers in a way similar to stream ciphers, among +other things. +.SH "OVERVIEW" +.IX Header "OVERVIEW" +.SS "Electronic Codebook Mode (\s-1ECB\s0)" +.IX Subsection "Electronic Codebook Mode (ECB)" +Normally, this is found as the function \fIalgorithm\fR\fB_ecb_encrypt()\fR. +.IP "\(bu" 2 +64 bits are enciphered at a time. +.IP "\(bu" 2 +The order of the blocks can be rearranged without detection. +.IP "\(bu" 2 +The same plaintext block always produces the same ciphertext block +(for the same key) making it vulnerable to a 'dictionary attack'. +.IP "\(bu" 2 +An error will only affect one ciphertext block. +.SS "Cipher Block Chaining Mode (\s-1CBC\s0)" +.IX Subsection "Cipher Block Chaining Mode (CBC)" +Normally, this is found as the function \fIalgorithm\fR\fB_cbc_encrypt()\fR. +Be aware that \fBdes_cbc_encrypt()\fR is not really \s-1DES CBC\s0 (it does +not update the \s-1IV\s0); use \fBdes_ncbc_encrypt()\fR instead. +.IP "\(bu" 2 +a multiple of 64 bits are enciphered at a time. +.IP "\(bu" 2 +The \s-1CBC\s0 mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. +.IP "\(bu" 2 +The chaining operation makes the ciphertext blocks dependent on the +current and all preceding plaintext blocks and therefore blocks can not +be rearranged. +.IP "\(bu" 2 +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. +.IP "\(bu" 2 +An error will affect the current and the following ciphertext blocks. +.SS "Cipher Feedback Mode (\s-1CFB\s0)" +.IX Subsection "Cipher Feedback Mode (CFB)" +Normally, this is found as the function \fIalgorithm\fR\fB_cfb_encrypt()\fR. +.IP "\(bu" 2 +a number of bits (j) <= 64 are enciphered at a time. +.IP "\(bu" 2 +The \s-1CFB\s0 mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. +.IP "\(bu" 2 +The chaining operation makes the ciphertext variables dependent on the +current and all preceding variables and therefore j\-bit variables are +chained together and can not be rearranged. +.IP "\(bu" 2 +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. +.IP "\(bu" 2 +The strength of the \s-1CFB\s0 mode depends on the size of k (maximal if +j == k). In my implementation this is always the case. +.IP "\(bu" 2 +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. +.IP "\(bu" 2 +Only multiples of j bits can be enciphered. +.IP "\(bu" 2 +An error will affect the current and the following ciphertext variables. +.SS "Output Feedback Mode (\s-1OFB\s0)" +.IX Subsection "Output Feedback Mode (OFB)" +Normally, this is found as the function \fIalgorithm\fR\fB_ofb_encrypt()\fR. +.IP "\(bu" 2 +a number of bits (j) <= 64 are enciphered at a time. +.IP "\(bu" 2 +The \s-1OFB\s0 mode produces the same ciphertext whenever the same +plaintext enciphered using the same key and starting variable. More +over, in the \s-1OFB\s0 mode the same key stream is produced when the same +key and start variable are used. Consequently, for security reasons +a specific start variable should be used only once for a given key. +.IP "\(bu" 2 +The absence of chaining makes the \s-1OFB\s0 more vulnerable to specific attacks. +.IP "\(bu" 2 +The use of different start variables values prevents the same +plaintext enciphering to the same ciphertext, by producing different +key streams. +.IP "\(bu" 2 +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. +.IP "\(bu" 2 +Only multiples of j bits can be enciphered. +.IP "\(bu" 2 +\&\s-1OFB\s0 mode of operation does not extend ciphertext errors in the +resultant plaintext output. Every bit error in the ciphertext causes +only one bit to be in error in the deciphered plaintext. +.IP "\(bu" 2 +\&\s-1OFB\s0 mode is not self-synchronizing. If the two operation of +encipherment and decipherment get out of synchronism, the system needs +to be re-initialized. +.IP "\(bu" 2 +Each re-initialization should use a value of the start variable +different from the start variable values used before with the same +key. The reason for this is that an identical bit stream would be +produced each time from the same parameters. This would be +susceptible to a 'known plaintext' attack. +.SS "Triple \s-1ECB\s0 Mode" +.IX Subsection "Triple ECB Mode" +Normally, this is found as the function \fIalgorithm\fR\fB_ecb3_encrypt()\fR. +.IP "\(bu" 2 +Encrypt with key1, decrypt with key2 and encrypt with key3 again. +.IP "\(bu" 2 +As for \s-1ECB\s0 encryption but increases the key length to 168 bits. +There are theoretic attacks that can be used that make the effective +key length 112 bits, but this attack also requires 2^56 blocks of +memory, not very likely, even for the \s-1NSA.\s0 +.IP "\(bu" 2 +If both keys are the same it is equivalent to encrypting once with +just one key. +.IP "\(bu" 2 +If the first and last key are the same, the key length is 112 bits. +There are attacks that could reduce the effective key strength +to only slightly more than 56 bits, but these require a lot of memory. +.IP "\(bu" 2 +If all 3 keys are the same, this is effectively the same as normal +ecb mode. +.SS "Triple \s-1CBC\s0 Mode" +.IX Subsection "Triple CBC Mode" +Normally, this is found as the function \fIalgorithm\fR\fB_ede3_cbc_encrypt()\fR. +.IP "\(bu" 2 +Encrypt with key1, decrypt with key2 and then encrypt with key3. +.IP "\(bu" 2 +As for \s-1CBC\s0 encryption but increases the key length to 168 bits with +the same restrictions as for triple ecb mode. +.SH "NOTES" +.IX Header "NOTES" +This text was been written in large parts by Eric Young in his original +documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed +it to: +.PP +.Vb 5 +\& AS 2805.5.2 +\& Australian Standard +\& Electronic funds transfer \- Requirements for interfaces, +\& Part 5.2: Modes of operation for an n\-bit block cipher algorithm +\& Appendix A +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBBF_encrypt\fR\|(3), \fBDES_crypt\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/evp.7 b/secure/lib/libcrypto/man/man7/evp.7 new file mode 100644 index 000000000000..165b60f35b20 --- /dev/null +++ b/secure/lib/libcrypto/man/man7/evp.7 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "EVP 7" +.TH EVP 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +evp \- high\-level cryptographic functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 library provides a high-level interface to cryptographic +functions. +.PP +The \fBEVP_Seal\fR\fI\s-1XXX\s0\fR and \fBEVP_Open\fR\fI\s-1XXX\s0\fR +functions provide public key encryption and decryption to implement digital \*(L"envelopes\*(R". +.PP +The \fBEVP_DigestSign\fR\fI\s-1XXX\s0\fR and +\&\fBEVP_DigestVerify\fR\fI\s-1XXX\s0\fR functions implement +digital signatures and Message Authentication Codes (MACs). Also see the older +\&\fBEVP_Sign\fR\fI\s-1XXX\s0\fR and \fBEVP_Verify\fR\fI\s-1XXX\s0\fR +functions. +.PP +Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI\s-1XXX\s0\fR +functions. The \fBEVP_Digest\fR\fI\s-1XXX\s0\fR functions provide message digests. +.PP +The \fB\s-1EVP_PKEY\s0\fR\fI\s-1XXX\s0\fR functions provide a high level interface to +asymmetric algorithms. To create a new \s-1EVP_PKEY\s0 see +\&\fBEVP_PKEY_new\fR\|(3). EVP_PKEYs can be associated +with a private key of a particular algorithm by using the functions +described on the \fBEVP_PKEY_set1_RSA\fR\|(3) page, or +new keys can be generated using \fBEVP_PKEY_keygen\fR\|(3). +EVP_PKEYs can be compared using \fBEVP_PKEY_cmp\fR\|(3), or printed using +\&\fBEVP_PKEY_print_private\fR\|(3). +.PP +The \s-1EVP_PKEY\s0 functions support the full range of asymmetric algorithm operations: +.IP "For key agreement see \fBEVP_PKEY_derive\fR\|(3)" 4 +.IX Item "For key agreement see EVP_PKEY_derive" +.PD 0 +.IP "For signing and verifying see \fBEVP_PKEY_sign\fR\|(3), \fBEVP_PKEY_verify\fR\|(3) and \fBEVP_PKEY_verify_recover\fR\|(3). However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the \fBEVP_DigestSignInit\fR\|(3) functions for this purpose." 4 +.IX Item "For signing and verifying see EVP_PKEY_sign, EVP_PKEY_verify and EVP_PKEY_verify_recover. However, note that these functions do not perform a digest of the data to be signed. Therefore normally you would use the EVP_DigestSignInit functions for this purpose." +.ie n .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ""digital envelope"" using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 +.el .IP "For encryption and decryption see \fBEVP_PKEY_encrypt\fR\|(3) and \fBEVP_PKEY_decrypt\fR\|(3) respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a ``digital envelope'' using the \fBEVP_SealInit\fR\|(3) and \fBEVP_OpenInit\fR\|(3) functions." 4 +.IX Item "For encryption and decryption see EVP_PKEY_encrypt and EVP_PKEY_decrypt respectively. However, note that these functions perform encryption and decryption only. As public key encryption is an expensive operation, normally you would wrap an encrypted message in a digital envelope using the EVP_SealInit and EVP_OpenInit functions." +.PD +.PP +The \fBEVP_BytesToKey\fR\|(3) function provides some limited support for password +based encryption. Careful selection of the parameters will provide a PKCS#5 \s-1PBKDF1\s0 compatible +implementation. However, new applications should not typically use this (preferring, for example, +\&\s-1PBKDF2\s0 from PCKS#5). +.PP +The \fBEVP_Encode\fR\fI\s-1XXX\s0\fR and +\&\fBEVP_Decode\fR\fI\s-1XXX\s0\fR functions implement base 64 encoding +and decoding. +.PP +All the symmetric algorithms (ciphers), digests and asymmetric algorithms +(public key algorithms) can be replaced by \s-1ENGINE\s0 modules providing alternative +implementations. If \s-1ENGINE\s0 implementations of ciphers or digests are registered +as defaults, then the various \s-1EVP\s0 functions will automatically use those +implementations automatically in preference to built in software +implementations. For more information, consult the \fBengine\fR\|(3) man page. +.PP +Although low level algorithm specific functions exist for many algorithms +their use is discouraged. They cannot be used with an \s-1ENGINE\s0 and \s-1ENGINE\s0 +versions of new algorithms cannot be accessed using the low level functions. +Also makes code harder to adapt to new algorithms and some options are not +cleanly supported at the low level and some operations are more efficient +using the high level interface. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_DigestInit\fR\|(3), +\&\fBEVP_EncryptInit\fR\|(3), +\&\fBEVP_OpenInit\fR\|(3), +\&\fBEVP_SealInit\fR\|(3), +\&\fBEVP_DigestSignInit\fR\|(3), +\&\fBEVP_SignInit\fR\|(3), +\&\fBEVP_VerifyInit\fR\|(3), +\&\fBEVP_EncodeInit\fR\|(3), +\&\fBEVP_PKEY_new\fR\|(3), +\&\fBEVP_PKEY_set1_RSA\fR\|(3), +\&\fBEVP_PKEY_keygen\fR\|(3), +\&\fBEVP_PKEY_print_private\fR\|(3), +\&\fBEVP_PKEY_decrypt\fR\|(3), +\&\fBEVP_PKEY_encrypt\fR\|(3), +\&\fBEVP_PKEY_sign\fR\|(3), +\&\fBEVP_PKEY_verify\fR\|(3), +\&\fBEVP_PKEY_verify_recover\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3), +\&\fBEVP_BytesToKey\fR\|(3), +\&\fBENGINE_by_id\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/ossl_store-file.7 b/secure/lib/libcrypto/man/man7/ossl_store-file.7 new file mode 100644 index 000000000000..3185ac380bbf --- /dev/null +++ b/secure/lib/libcrypto/man/man7/ossl_store-file.7 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE-FILE 7" +.TH OSSL_STORE-FILE 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ossl_store\-file \- The store 'file' scheme loader +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +#include +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. +Since files come in all kinds of formats and content types, the 'file' +scheme has its own layer of functionality called \*(L"file handlers\*(R", +which are used to try to decode diverse types of file contents. +.PP +In case a file is formatted as \s-1PEM,\s0 each called file handler receives +the \s-1PEM\s0 name (everything following any '\f(CW\*(C`\-\-\-\-\-BEGIN \*(C'\fR') as well as +possible \s-1PEM\s0 headers, together with the decoded \s-1PEM\s0 body. Since \s-1PEM\s0 +formatted files can contain more than one object, the file handlers +are called upon for each such object. +.PP +If the file isn't determined to be formatted as \s-1PEM,\s0 the content is +loaded in raw form in its entirety and passed to the available file +handlers as is, with no \s-1PEM\s0 name or headers. +.PP +Each file handler is expected to handle \s-1PEM\s0 and non-PEM content as +appropriate. Some may refuse non-PEM content for the sake of +determinism (for example, there are keys out in the wild that are +represented as an \s-1ASN.1 OCTET STRING.\s0 In raw form, it's not easily +possible to distinguish those from any other data coming as an \s-1ASN.1 +OCTET STRING,\s0 so such keys would naturally be accepted as \s-1PEM\s0 files +only). +.SH "NOTES" +.IX Header "NOTES" +When needed, the 'file' scheme loader will require a pass phrase by +using the \f(CW\*(C`UI_METHOD\*(C'\fR that was passed via \fBOSSL_STORE_open()\fR. +This pass phrase is expected to be \s-1UTF\-8\s0 encoded, anything else will +give an undefined result. +The files made accessible through this loader are expected to be +standard compliant with regards to pass phrase encoding. +Files that aren't should be re-generated with a correctly encoded pass +phrase. +See \fBpassphrase\-encoding\fR\|(7) for more information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBossl_store\fR\|(7), \fBpassphrase\-encoding\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/ossl_store.7 b/secure/lib/libcrypto/man/man7/ossl_store.7 new file mode 100644 index 000000000000..c8ab5a70b3df --- /dev/null +++ b/secure/lib/libcrypto/man/man7/ossl_store.7 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "OSSL_STORE 7" +.TH OSSL_STORE 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ossl_store \- Store retrieval functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +#include +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +.SS "General" +.IX Subsection "General" +A \s-1STORE\s0 is a layer of functionality to retrieve a number of supported +objects from a repository of any kind, addressable as a file name or +as a \s-1URI.\s0 +.PP +The functionality supports the pattern \*(L"open a channel to the +repository\*(R", \*(L"loop and retrieve one object at a time\*(R", and \*(L"finish up +by closing the channel\*(R". +.PP +The retrieved objects are returned as a wrapper type \fB\s-1OSSL_STORE_INFO\s0\fR, +from which an OpenSSL type can be retrieved. +.SS "\s-1URI\s0 schemes and loaders" +.IX Subsection "URI schemes and loaders" +Support for a \s-1URI\s0 scheme is called a \s-1STORE\s0 \*(L"loader\*(R", and can be added +dynamically from the calling application or from a loadable engine. +.PP +Support for the 'file' scheme is built into \f(CW\*(C`libcrypto\*(C'\fR. +See \fBossl_store\-file\fR\|(7) for more information. +.SS "\s-1UI_METHOD\s0 and pass phrases" +.IX Subsection "UI_METHOD and pass phrases" +The \fB\s-1OSS_STORE\s0\fR \s-1API\s0 does nothing to enforce any specific format or +encoding on the pass phrase that the \fB\s-1UI_METHOD\s0\fR provides. However, +the pass phrase is expected to be \s-1UTF\-8\s0 encoded. The result of any +other encoding is undefined. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +.SS "A generic call" +.IX Subsection "A generic call" +.Vb 1 +\& OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem"); +\& +\& /* +\& * OSSL_STORE_eof() simulates file semantics for any repository to signal +\& * that no more data can be expected +\& */ +\& while (!OSSL_STORE_eof(ctx)) { +\& OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); +\& +\& /* +\& * Do whatever is necessary with the OSSL_STORE_INFO, +\& * here just one example +\& */ +\& switch (OSSL_STORE_INFO_get_type(info)) { +\& case OSSL_STORE_INFO_X509: +\& /* Print the X.509 certificate text */ +\& X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info)); +\& /* Print the X.509 certificate PEM output */ +\& PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info)); +\& break; +\& } +\& } +\& +\& OSSL_STORE_close(ctx); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1\fBOSSL_STORE_INFO\s0\fR\|(3), \s-1\fBOSSL_STORE_LOADER\s0\fR\|(3), +\&\fBOSSL_STORE_open\fR\|(3), \fBOSSL_STORE_expect\fR\|(3), +\&\s-1\fBOSSL_STORE_SEARCH\s0\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/passphrase-encoding.7 b/secure/lib/libcrypto/man/man7/passphrase-encoding.7 new file mode 100644 index 000000000000..a9975f240b42 --- /dev/null +++ b/secure/lib/libcrypto/man/man7/passphrase-encoding.7 @@ -0,0 +1,287 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "PASSPHRASE-ENCODING 7" +.TH PASSPHRASE-ENCODING 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +passphrase\-encoding \&\- How diverse parts of OpenSSL treat pass phrases character encoding +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +In a modern world with all sorts of character encodings, the treatment of pass +phrases has become increasingly complex. +This manual page attempts to give an overview over how this problem is +currently addressed in different parts of the OpenSSL library. +.SS "The general case" +.IX Subsection "The general case" +The OpenSSL library doesn't treat pass phrases in any special way as a general +rule, and trusts the application or user to choose a suitable character set +and stick to that throughout the lifetime of affected objects. +This means that for an object that was encrypted using a pass phrase encoded in +\&\s-1ISO\-8859\-1,\s0 that object needs to be decrypted using a pass phrase encoded in +\&\s-1ISO\-8859\-1.\s0 +Using the wrong encoding is expected to cause a decryption failure. +.SS "PKCS#12" +.IX Subsection "PKCS#12" +PKCS#12 is a bit different regarding pass phrase encoding. +The standard stipulates that the pass phrase shall be encoded as an \s-1ASN.1\s0 +BMPString, which consists of the code points of the basic multilingual plane, +encoded in big endian (\s-1UCS\-2 BE\s0). +.PP +OpenSSL tries to adapt to this requirements in one of the following manners: +.IP "1." 4 +Treats the received pass phrase as \s-1UTF\-8\s0 encoded and tries to re-encode it to +\&\s-1UTF\-16\s0 (which is the same as \s-1UCS\-2\s0 for characters U+0000 to U+D7FF and U+E000 +to U+FFFF, but becomes an expansion for any other character), or failing that, +proceeds with step 2. +.IP "2." 4 +Assumes that the pass phrase is encoded in \s-1ASCII\s0 or \s-1ISO\-8859\-1\s0 and +opportunistically prepends each byte with a zero byte to obtain the \s-1UCS\-2\s0 +encoding of the characters, which it stores as a BMPString. +.Sp +Note that since there is no check of your locale, this may produce \s-1UCS\-2 / +UTF\-16\s0 characters that do not correspond to the original pass phrase characters +for other character sets, such as any \s-1ISO\-8859\-X\s0 encoding other than +\&\s-1ISO\-8859\-1\s0 (or for Windows, \s-1CP 1252\s0 with exception for the extra \*(L"graphical\*(R" +characters in the 0x80\-0x9F range). +.PP +OpenSSL versions older than 1.1.0 do variant 2 only, and that is the reason why +OpenSSL still does this, to be able to read files produced with older versions. +.PP +It should be noted that this approach isn't entirely fault free. +.PP +A pass phrase encoded in \s-1ISO\-8859\-2\s0 could very well have a sequence such as +0xC3 0xAF (which is the two characters \*(L"\s-1LATIN CAPITAL LETTER A WITH BREVE\*(R"\s0 +and \*(L"\s-1LATIN CAPITAL LETTER Z WITH DOT ABOVE\*(R"\s0 in \s-1ISO\-8859\-2\s0 encoding), but would +be misinterpreted as the perfectly valid \s-1UTF\-8\s0 encoded code point U+00EF (\s-1LATIN +SMALL LETTER I WITH DIARESIS\s0) \fIif the pass phrase doesn't contain anything that +would be invalid \s-1UTF\-8\s0\fR. +A pass phrase that contains this kind of byte sequence will give a different +outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0. +.PP +.Vb 2 +\& 0x00 0xC3 0x00 0xAF # OpenSSL older than 1.1.0 +\& 0x00 0xEF # OpenSSL 1.1.0 and newer +.Ve +.PP +On the same accord, anything encoded in \s-1UTF\-8\s0 that was given to OpenSSL older +than 1.1.0 was misinterpreted as \s-1ISO\-8859\-1\s0 sequences. +.SS "\s-1OSSL_STORE\s0" +.IX Subsection "OSSL_STORE" +\&\fBossl_store\fR\|(7) acts as a general interface to access all kinds of objects, +potentially protected with a pass phrase, a \s-1PIN\s0 or something else. +This \s-1API\s0 stipulates that pass phrases should be \s-1UTF\-8\s0 encoded, and that any +other pass phrase encoding may give undefined results. +This \s-1API\s0 relies on the application to ensure \s-1UTF\-8\s0 encoding, and doesn't check +that this is the case, so what it gets, it will also pass to the underlying +loader. +.SH "RECOMMENDATIONS" +.IX Header "RECOMMENDATIONS" +This section assumes that you know what pass phrase was used for encryption, +but that it may have been encoded in a different character encoding than the +one used by your current input method. +For example, the pass phrase may have been used at a time when your default +encoding was \s-1ISO\-8859\-1\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 +0xEF 0x76 0x65), and you're now in an environment where your default encoding +is \s-1UTF\-8\s0 (i.e. \*(L"nai\*:ve\*(R" resulting in the byte sequence 0x6E 0x61 0xC3 0xAF 0x76 +0x65). +Whenever it's mentioned that you should use a certain character encoding, it +should be understood that you either change the input method to use the +mentioned encoding when you type in your pass phrase, or use some suitable tool +to convert your pass phrase from your default encoding to the target encoding. +.PP +Also note that the sub-sections below discuss human readable pass phrases. +This is particularly relevant for PKCS#12 objects, where human readable pass +phrases are assumed. +For other objects, it's as legitimate to use any byte sequence (such as a +sequence of bytes from `/dev/urandom` that's been saved away), which makes any +character encoding discussion irrelevant; in such cases, simply use the same +byte sequence as it is. +.SS "Creating new objects" +.IX Subsection "Creating new objects" +For creating new pass phrase protected objects, make sure the pass phrase is +encoded using \s-1UTF\-8.\s0 +This is default on most modern Unixes, but may involve an effort on other +platforms. +Specifically for Windows, setting the environment variable +\&\f(CW\*(C`OPENSSL_WIN32_UTF8\*(C'\fR will have anything entered on [Windows] console prompt +converted to \s-1UTF\-8\s0 (command line and separately prompted pass phrases alike). +.SS "Opening existing objects" +.IX Subsection "Opening existing objects" +For opening pass phrase protected objects where you know what character +encoding was used for the encryption pass phrase, make sure to use the same +encoding again. +.PP +For opening pass phrase protected objects where the character encoding that was +used is unknown, or where the producing application is unknown, try one of the +following: +.IP "1." 4 +Try the pass phrase that you have as it is in the character encoding of your +environment. +It's possible that its byte sequence is exactly right. +.IP "2." 4 +Convert the pass phrase to \s-1UTF\-8\s0 and try with the result. +Specifically with PKCS#12, this should open up any object that was created +according to the specification. +.IP "3." 4 +Do a nai\*:ve (i.e. purely mathematical) \s-1ISO\-8859\-1\s0 to \s-1UTF\-8\s0 conversion and try +with the result. +This differs from the previous attempt because \s-1ISO\-8859\-1\s0 maps directly to +U+0000 to U+00FF, which other non\-UTF\-8 character sets do not. +.Sp +This also takes care of the case when a \s-1UTF\-8\s0 encoded string was used with +OpenSSL older than 1.1.0. +(for example, \f(CW\*(C`i\*:\*(C'\fR, which is 0xC3 0xAF when encoded in \s-1UTF\-8,\s0 would become 0xC3 +0x83 0xC2 0xAF when re-encoded in the nai\*:ve manner. +The conversion to BMPString would then yield 0x00 0xC3 0x00 0xA4 0x00 0x00, the +erroneous/non\-compliant encoding used by OpenSSL older than 1.1.0) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBevp\fR\|(7), +\&\fBossl_store\fR\|(7), +\&\fBEVP_BytesToKey\fR\|(3), \fBEVP_DecryptInit\fR\|(3), +\&\fBPEM_do_header\fR\|(3), +\&\fBPKCS12_parse\fR\|(3), \fBPKCS12_newpass\fR\|(3), +\&\fBd2i_PKCS8PrivateKey_bio\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/scrypt.7 b/secure/lib/libcrypto/man/man7/scrypt.7 new file mode 100644 index 000000000000..fd73e3aa5fa4 --- /dev/null +++ b/secure/lib/libcrypto/man/man7/scrypt.7 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SCRYPT 7" +.TH SCRYPT 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +scrypt \- EVP_PKEY scrypt KDF support +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP_PKEY_SCRYPT\s0 algorithm implements the scrypt password based key +derivation function, as described in \s-1RFC 7914.\s0 It is memory-hard in the sense +that it deliberately requires a significant amount of \s-1RAM\s0 for efficient +computation. The intention of this is to render brute forcing of passwords on +systems that lack large amounts of main memory (such as GPUs or ASICs) +computationally infeasible. +.PP +scrypt provides three work factors that can be customized: N, r and p. N, which +has to be a positive power of two, is the general work factor and scales \s-1CPU\s0 +time in an approximately linear fashion. r is the block size of the internally +used hash function and p is the parallelization factor. Both r and p need to be +greater than zero. The amount of \s-1RAM\s0 that scrypt requires for its computation +is roughly (128 * N * r * p) bytes. +.PP +In the original paper of Colin Percival (\*(L"Stronger Key Derivation via +Sequential Memory-Hard Functions\*(R", 2009), the suggested values that give a +computation time of less than 5 seconds on a 2.5 GHz Intel Core 2 Duo are N = +2^20 = 1048576, r = 8, p = 1. Consequently, the required amount of memory for +this computation is roughly 1 GiB. On a more recent \s-1CPU\s0 (Intel i7\-5930K at 3.5 +GHz), this computation takes about 3 seconds. When N, r or p are not specified, +they default to 1048576, 8, and 1, respectively. The default amount of \s-1RAM\s0 that +may be used by scrypt defaults to 1025 MiB. +.SH "NOTES" +.IX Header "NOTES" +A context for scrypt can be obtained by calling: +.PP +.Vb 1 +\& EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); +.Ve +.PP +The output length of an scrypt key derivation is specified via the +length parameter to the \fBEVP_PKEY_derive\fR\|(3) function. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +This example derives a 64\-byte long test vector using scrypt using the password +\&\*(L"password\*(R", salt \*(L"NaCl\*(R" and N = 1024, r = 8, p = 16. +.PP +.Vb 2 +\& EVP_PKEY_CTX *pctx; +\& unsigned char out[64]; +\& +\& size_t outlen = sizeof(out); +\& pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL); +\& +\& if (EVP_PKEY_derive_init(pctx) <= 0) { +\& error("EVP_PKEY_derive_init"); +\& } +\& if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) { +\& error("EVP_PKEY_CTX_set1_pbe_pass"); +\& } +\& if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) { +\& error("EVP_PKEY_CTX_set1_scrypt_salt"); +\& } +\& if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) { +\& error("EVP_PKEY_CTX_set_scrypt_N"); +\& } +\& if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) { +\& error("EVP_PKEY_CTX_set_scrypt_r"); +\& } +\& if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) { +\& error("EVP_PKEY_CTX_set_scrypt_p"); +\& } +\& if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { +\& error("EVP_PKEY_derive"); +\& } +\& +\& { +\& const unsigned char expected[sizeof(out)] = { +\& 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, +\& 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, +\& 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, +\& 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, +\& 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, +\& 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, +\& 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, +\& 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 +\& }; +\& +\& assert(!memcmp(out, expected, sizeof(out))); +\& } +\& +\& EVP_PKEY_CTX_free(pctx); +.Ve +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC 7914\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBEVP_PKEY_CTX_set1_scrypt_salt\fR\|(3), +\&\fBEVP_PKEY_CTX_set_scrypt_N\fR\|(3), +\&\fBEVP_PKEY_CTX_set_scrypt_r\fR\|(3), +\&\fBEVP_PKEY_CTX_set_scrypt_p\fR\|(3), +\&\fBEVP_PKEY_CTX_set_scrypt_maxmem_bytes\fR\|(3), +\&\fBEVP_PKEY_CTX_new\fR\|(3), +\&\fBEVP_PKEY_CTX_ctrl_str\fR\|(3), +\&\fBEVP_PKEY_derive\fR\|(3) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2017\-2019 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/ssl.7 b/secure/lib/libcrypto/man/man7/ssl.7 new file mode 100644 index 000000000000..95fcdc10a116 --- /dev/null +++ b/secure/lib/libcrypto/man/man7/ssl.7 @@ -0,0 +1,914 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL 7" +.TH SSL 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +ssl \- OpenSSL SSL/TLS library +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +See the individual manual pages for details. +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \fBssl\fR library implements the Secure Sockets Layer (\s-1SSL\s0 v2/v3) and +Transport Layer Security (\s-1TLS\s0 v1) protocols. It provides a rich \s-1API\s0 which is +documented here. +.PP +An \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish +\&\s-1TLS/SSL\s0 enabled connections (see \fBSSL_CTX_new\fR\|(3)). +Various options regarding certificates, algorithms etc. can be set +in this object. +.PP +When a network connection has been created, it can be assigned to an +\&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using +\&\fBSSL_new\fR\|(3), \fBSSL_set_fd\fR\|(3) or +\&\fBSSL_set_bio\fR\|(3) can be used to associate the network +connection with the object. +.PP +When the \s-1TLS/SSL\s0 handshake is performed using +\&\fBSSL_accept\fR\|(3) or \fBSSL_connect\fR\|(3) +respectively. +\&\fBSSL_read_ex\fR\|(3), \fBSSL_read\fR\|(3), \fBSSL_write_ex\fR\|(3) and \fBSSL_write\fR\|(3) are +used to read and write data on the \s-1TLS/SSL\s0 connection. +\&\fBSSL_shutdown\fR\|(3) can be used to shut down the +\&\s-1TLS/SSL\s0 connection. +.SH "DATA STRUCTURES" +.IX Header "DATA STRUCTURES" +Currently the OpenSSL \fBssl\fR library functions deals with the following data +structures: +.IP "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 +.IX Item "SSL_METHOD (SSL Method)" +This is a dispatch structure describing the internal \fBssl\fR library +methods/functions which implement the various protocol versions (SSLv3 +TLSv1, ...). It's needed to create an \fB\s-1SSL_CTX\s0\fR. +.IP "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 +.IX Item "SSL_CIPHER (SSL Cipher)" +This structure holds the algorithm information for a particular cipher which +are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured +on a \fB\s-1SSL_CTX\s0\fR basis and the actual ones used are then part of the +\&\fB\s-1SSL_SESSION\s0\fR. +.IP "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 +.IX Item "SSL_CTX (SSL Context)" +This is the global context structure which is created by a server or client +once per program life-time and which holds mainly default values for the +\&\fB\s-1SSL\s0\fR structures which are later created for the connections. +.IP "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 +.IX Item "SSL_SESSION (SSL Session)" +This is a structure containing the current \s-1TLS/SSL\s0 session details for a +connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc. +.IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 +.IX Item "SSL (SSL Connection)" +This is the main \s-1SSL/TLS\s0 structure which is created by a server or client per +established connection. This actually is the core structure in the \s-1SSL API.\s0 +At run-time the application usually deals with this structure which has +links to mostly all other structures. +.SH "HEADER FILES" +.IX Header "HEADER FILES" +Currently the OpenSSL \fBssl\fR library provides the following C header files +containing the prototypes for the data structures and functions: +.IP "\fBssl.h\fR" 4 +.IX Item "ssl.h" +This is the common header file for the \s-1SSL/TLS API.\s0 Include it into your +program to make the \s-1API\s0 of the \fBssl\fR library available. It internally +includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. +Whenever you need hard-core details on the internals of the \s-1SSL API,\s0 look +inside this header file. +.IP "\fBssl2.h\fR" 4 +.IX Item "ssl2.h" +Unused. Present for backwards compatibility only. +.IP "\fBssl3.h\fR" 4 +.IX Item "ssl3.h" +This is the sub header file dealing with the SSLv3 protocol only. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.IP "\fBtls1.h\fR" 4 +.IX Item "tls1.h" +This is the sub header file dealing with the TLSv1 protocol only. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.SH "API FUNCTIONS" +.IX Header "API FUNCTIONS" +Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions. +They are documented in the following: +.SS "Dealing with Protocol Methods" +.IX Subsection "Dealing with Protocol Methods" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. +.IP "const \s-1SSL_METHOD\s0 *\fBTLS_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLS_method(void);" +Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for clients, +servers or both. +See \fBSSL_CTX_new\fR\|(3) for details. +.IP "const \s-1SSL_METHOD\s0 *\fBTLS_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLS_client_method(void);" +Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for clients. +Must be used to support the TLSv1.3 protocol. +.IP "const \s-1SSL_METHOD\s0 *\fBTLS_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLS_server_method(void);" +Constructor for the \fIversion-flexible\fR \s-1SSL_METHOD\s0 structure for servers. +Must be used to support the TLSv1.3 protocol. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_2_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_2_method(void);" +Constructor for the TLSv1.2 \s-1SSL_METHOD\s0 structure for clients, servers or both. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_2_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_2_client_method(void);" +Constructor for the TLSv1.2 \s-1SSL_METHOD\s0 structure for clients. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_2_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_2_server_method(void);" +Constructor for the TLSv1.2 \s-1SSL_METHOD\s0 structure for servers. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_1_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_1_method(void);" +Constructor for the TLSv1.1 \s-1SSL_METHOD\s0 structure for clients, servers or both. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_1_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_1_client_method(void);" +Constructor for the TLSv1.1 \s-1SSL_METHOD\s0 structure for clients. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_1_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_1_server_method(void);" +Constructor for the TLSv1.1 \s-1SSL_METHOD\s0 structure for servers. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for clients, servers or both. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_client_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for clients. +.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *TLSv1_server_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for servers. +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv3_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for clients, servers or both. +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv3_client_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for clients. +.IP "const \s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 +.IX Item "const SSL_METHOD *SSLv3_server_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for servers. +.SS "Dealing with Ciphers" +.IX Subsection "Dealing with Ciphers" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures. +.IP "char *\fBSSL_CIPHER_description\fR(\s-1SSL_CIPHER\s0 *cipher, char *buf, int len);" 4 +.IX Item "char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);" +Write a string to \fIbuf\fR (with a maximum size of \fIlen\fR) containing a human +readable description of \fIcipher\fR. Returns \fIbuf\fR. +.IP "int \fBSSL_CIPHER_get_bits\fR(\s-1SSL_CIPHER\s0 *cipher, int *alg_bits);" 4 +.IX Item "int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);" +Determine the number of bits in \fIcipher\fR. Because of export crippled ciphers +there are two bits: The bits the algorithm supports in general (stored to +\&\fIalg_bits\fR) and the bits which are actually used (the return value). +.IP "const char *\fBSSL_CIPHER_get_name\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IX Item "const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);" +Return the internal name of \fIcipher\fR as a string. These are the various +strings defined by the \fISSL3_TXT_xxx\fR and \fITLS1_TXT_xxx\fR +definitions in the header files. +.IP "const char *\fBSSL_CIPHER_get_version\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IX Item "const char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);" +Returns a string like "\f(CW\*(C`SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`TLSv1.2\*(C'\fR" which indicates the +\&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined +in the specification the first time). +.SS "Dealing with Protocol Contexts" +.IX Subsection "Dealing with Protocol Contexts" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. +.IP "int \fBSSL_CTX_add_client_CA\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IX Item "int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);" +.PD 0 +.IP "long \fBSSL_CTX_add_extra_chain_cert\fR(\s-1SSL_CTX\s0 *ctx, X509 *x509);" 4 +.IX Item "long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);" +.IP "int \fBSSL_CTX_add_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IX Item "int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);" +.IP "int \fBSSL_CTX_check_private_key\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_check_private_key(const SSL_CTX *ctx);" +.IP "long \fBSSL_CTX_ctrl\fR(\s-1SSL_CTX\s0 *ctx, int cmd, long larg, char *parg);" 4 +.IX Item "long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);" +.IP "void \fBSSL_CTX_flush_sessions\fR(\s-1SSL_CTX\s0 *s, long t);" 4 +.IX Item "void SSL_CTX_flush_sessions(SSL_CTX *s, long t);" +.IP "void \fBSSL_CTX_free\fR(\s-1SSL_CTX\s0 *a);" 4 +.IX Item "void SSL_CTX_free(SSL_CTX *a);" +.IP "char *\fBSSL_CTX_get_app_data\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "char *SSL_CTX_get_app_data(SSL_CTX *ctx);" +.IP "X509_STORE *\fBSSL_CTX_get_cert_store\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);" +.IP "\s-1STACK\s0 *\fBSSL_CTX_get_ciphers\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx);" +.IP "\s-1STACK\s0 *\fBSSL_CTX_get_client_CA_list\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "STACK *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);" +.IP "int (*\fBSSL_CTX_get_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey);" 4 +.IX Item "int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);" +.IP "void \fBSSL_CTX_get_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "void SSL_CTX_get_default_read_ahead(SSL_CTX *ctx);" +.IP "char *\fBSSL_CTX_get_ex_data\fR(const \s-1SSL_CTX\s0 *s, int idx);" 4 +.IX Item "char *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx);" +.IP "int \fBSSL_CTX_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.IP "void (*\fBSSL_CTX_get_info_callback\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, int cb, int ret);" 4 +.IX Item "void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);" +.IP "int \fBSSL_CTX_get_quiet_shutdown\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);" +.IP "void \fBSSL_CTX_get_read_ahead\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "void SSL_CTX_get_read_ahead(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_get_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);" +.IP "long \fBSSL_CTX_get_timeout\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "long SSL_CTX_get_timeout(const SSL_CTX *ctx);" +.IP "int (*\fBSSL_CTX_get_verify_callback\fR(const \s-1SSL_CTX\s0 *ctx))(int ok, X509_STORE_CTX *ctx);" 4 +.IX Item "int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);" +.IP "int \fBSSL_CTX_get_verify_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_verify_mode(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_load_verify_locations\fR(\s-1SSL_CTX\s0 *ctx, const char *CAfile, const char *CApath);" 4 +.IX Item "int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath);" +.IP "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(const \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);" +.IP "int SSL_CTX_up_ref(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_up_ref(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IX Item "int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);" +.IP "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_accept_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept_good(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_accept_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_cache_full\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_cache_full(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_cb_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_connect\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_connect_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect_good(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_connect_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_get_cache_size\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);" +.IP "\s-1SSL_SESSION\s0 *(*\fBSSL_CTX_sess_get_get_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy);" 4 +.IX Item "SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);" +.IP "int (*\fBSSL_CTX_sess_get_new_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess);" 4 +.IX Item "int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);" +.IP "void (*\fBSSL_CTX_sess_get_remove_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess);" 4 +.IX Item "void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);" +.IP "int \fBSSL_CTX_sess_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_hits(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_misses\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_misses(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_sess_number\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_number(SSL_CTX *ctx);" +.IP "void \fBSSL_CTX_sess_set_cache_size\fR(\s-1SSL_CTX\s0 *ctx, t);" 4 +.IX Item "void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, t);" +.IP "void \fBSSL_CTX_sess_set_get_cb\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *(*cb)(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy));" 4 +.IX Item "void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));" +.IP "void \fBSSL_CTX_sess_set_new_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess));" 4 +.IX Item "void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));" +.IP "void \fBSSL_CTX_sess_set_remove_cb\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess));" 4 +.IX Item "void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));" +.IP "int \fBSSL_CTX_sess_timeouts\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_timeouts(SSL_CTX *ctx);" +.IP "\s-1LHASH\s0 *\fBSSL_CTX_sessions\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "LHASH *SSL_CTX_sessions(SSL_CTX *ctx);" +.IP "int \fBSSL_CTX_set_app_data\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IX Item "int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);" +.IP "void \fBSSL_CTX_set_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 +.IX Item "void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);" +.IP "void \fBSSL_CTX_set1_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 +.IX Item "void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *cs);" +.IP "void \fBSSL_CTX_set_cert_verify_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(), char *arg)" 4 +.IX Item "void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)" +.IP "int \fBSSL_CTX_set_cipher_list\fR(\s-1SSL_CTX\s0 *ctx, char *str);" 4 +.IX Item "int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);" +.IP "void \fBSSL_CTX_set_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx, \s-1STACK\s0 *list);" 4 +.IX Item "void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);" +.IP "void \fBSSL_CTX_set_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey));" 4 +.IX Item "void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));" +.IP "int \fBSSL_CTX_set_ct_validation_callback\fR(\s-1SSL_CTX\s0 *ctx, ssl_ct_validation_cb callback, void *arg);" 4 +.IX Item "int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ssl_ct_validation_cb callback, void *arg);" +.IP "void \fBSSL_CTX_set_default_passwd_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb);(void))" 4 +.IX Item "void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))" +.IP "void \fBSSL_CTX_set_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 +.IX Item "void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);" +.IP "int \fBSSL_CTX_set_default_verify_paths\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);" +.PD +Use the default paths to locate trusted \s-1CA\s0 certificates. There is one default +directory path and one default file path. Both are set via this call. +.IP "int \fBSSL_CTX_set_default_verify_dir\fR(\s-1SSL_CTX\s0 *ctx)" 4 +.IX Item "int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)" +Use the default directory path to locate trusted \s-1CA\s0 certificates. +.IP "int \fBSSL_CTX_set_default_verify_file\fR(\s-1SSL_CTX\s0 *ctx)" 4 +.IX Item "int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)" +Use the file path to locate trusted \s-1CA\s0 certificates. +.IP "int \fBSSL_CTX_set_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx, char *arg);" 4 +.IX Item "int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);" +.PD 0 +.IP "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 +.IX Item "void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));" +.IP "void \fBSSL_CTX_set_msg_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IX Item "void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" +.IP "void \fBSSL_CTX_set_msg_callback_arg\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);" +.IP "unsigned long \fBSSL_CTX_clear_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 +.IX Item "unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);" +.IP "unsigned long \fBSSL_CTX_get_options\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "unsigned long SSL_CTX_get_options(SSL_CTX *ctx);" +.IP "unsigned long \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 +.IX Item "unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);" +.IP "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IX Item "void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);" +.IP "void \fBSSL_CTX_set_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 +.IX Item "void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int m);" +.IP "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IX Item "void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);" +.IP "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, const \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);" +.IP "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4 +.IX Item "void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);" +.IP "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4 +.IX Item "long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);" +.IP "long \fBSSL_CTX_set_tmp_dh_callback\fR(\s-1SSL_CTX\s0 *ctx, \s-1DH\s0 *(*cb)(void));" 4 +.IX Item "long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));" +.IP "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 +.IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))" +.IP "int \fBSSL_CTX_use_PrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1EVP_PKEY\s0 *pkey);" 4 +.IX Item "int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);" +.IP "int \fBSSL_CTX_use_PrivateKey_ASN1\fR(int type, \s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IX Item "int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len);" +.IP "int \fBSSL_CTX_use_PrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, const char *file, int type);" 4 +.IX Item "int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);" +.IP "int \fBSSL_CTX_use_RSAPrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);" +.IP "int \fBSSL_CTX_use_RSAPrivateKey_ASN1\fR(\s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);" +.IP "int \fBSSL_CTX_use_RSAPrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, const char *file, int type);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);" +.IP "int \fBSSL_CTX_use_certificate\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IX Item "int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);" +.IP "int \fBSSL_CTX_use_certificate_ASN1\fR(\s-1SSL_CTX\s0 *ctx, int len, unsigned char *d);" 4 +.IX Item "int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);" +.IP "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, const char *file, int type);" 4 +.IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);" +.IP "int \fBSSL_CTX_use_cert_and_key\fR(\s-1SSL_CTX\s0 *ctx, X509 *x, \s-1EVP_PKEY\s0 *pkey, \s-1STACK_OF\s0(X509) *chain, int override);" 4 +.IX Item "int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);" +.IP "X509 *\fBSSL_CTX_get0_certificate\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);" +.IP "\s-1EVP_PKEY\s0 *\fBSSL_CTX_get0_privatekey\fR(const \s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);" +.IP "void \fBSSL_CTX_set_psk_client_callback\fR(\s-1SSL_CTX\s0 *ctx, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" 4 +.IX Item "void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" +.IP "int \fBSSL_CTX_use_psk_identity_hint\fR(\s-1SSL_CTX\s0 *ctx, const char *hint);" 4 +.IX Item "int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint);" +.IP "void \fBSSL_CTX_set_psk_server_callback\fR(\s-1SSL_CTX\s0 *ctx, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *identity, unsigned char *psk, int max_psk_len));" 4 +.IX Item "void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));" +.PD +.SS "Dealing with Sessions" +.IX Subsection "Dealing with Sessions" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. +.IP "int \fBSSL_SESSION_cmp\fR(const \s-1SSL_SESSION\s0 *a, const \s-1SSL_SESSION\s0 *b);" 4 +.IX Item "int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b);" +.PD 0 +.IP "void \fBSSL_SESSION_free\fR(\s-1SSL_SESSION\s0 *ss);" 4 +.IX Item "void SSL_SESSION_free(SSL_SESSION *ss);" +.IP "char *\fBSSL_SESSION_get_app_data\fR(\s-1SSL_SESSION\s0 *s);" 4 +.IX Item "char *SSL_SESSION_get_app_data(SSL_SESSION *s);" +.IP "char *\fBSSL_SESSION_get_ex_data\fR(const \s-1SSL_SESSION\s0 *s, int idx);" 4 +.IX Item "char *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx);" +.IP "int \fBSSL_SESSION_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.IP "long \fBSSL_SESSION_get_time\fR(const \s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_time(const SSL_SESSION *s);" +.IP "long \fBSSL_SESSION_get_timeout\fR(const \s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_timeout(const SSL_SESSION *s);" +.IP "unsigned long \fBSSL_SESSION_hash\fR(const \s-1SSL_SESSION\s0 *a);" 4 +.IX Item "unsigned long SSL_SESSION_hash(const SSL_SESSION *a);" +.IP "\s-1SSL_SESSION\s0 *\fBSSL_SESSION_new\fR(void);" 4 +.IX Item "SSL_SESSION *SSL_SESSION_new(void);" +.IP "int \fBSSL_SESSION_print\fR(\s-1BIO\s0 *bp, const \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x);" +.IP "int \fBSSL_SESSION_print_fp\fR(\s-1FILE\s0 *fp, const \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x);" +.IP "int \fBSSL_SESSION_set_app_data\fR(\s-1SSL_SESSION\s0 *s, char *a);" 4 +.IX Item "int SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);" +.IP "int \fBSSL_SESSION_set_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx, char *arg);" 4 +.IX Item "int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);" +.IP "long \fBSSL_SESSION_set_time\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IX Item "long SSL_SESSION_set_time(SSL_SESSION *s, long t);" +.IP "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);" +.PD +.SS "Dealing with Connections" +.IX Subsection "Dealing with Connections" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +connection defined in the \fB\s-1SSL\s0\fR structure. +.IP "int \fBSSL_accept\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_accept(SSL *ssl);" +.PD 0 +.IP "int \fBSSL_add_dir_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *dir);" 4 +.IX Item "int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);" +.IP "int \fBSSL_add_file_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *file);" 4 +.IX Item "int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);" +.IP "int \fBSSL_add_client_CA\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IX Item "int SSL_add_client_CA(SSL *ssl, X509 *x);" +.IP "char *\fBSSL_alert_desc_string\fR(int value);" 4 +.IX Item "char *SSL_alert_desc_string(int value);" +.IP "char *\fBSSL_alert_desc_string_long\fR(int value);" 4 +.IX Item "char *SSL_alert_desc_string_long(int value);" +.IP "char *\fBSSL_alert_type_string\fR(int value);" 4 +.IX Item "char *SSL_alert_type_string(int value);" +.IP "char *\fBSSL_alert_type_string_long\fR(int value);" 4 +.IX Item "char *SSL_alert_type_string_long(int value);" +.IP "int \fBSSL_check_private_key\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_check_private_key(const SSL *ssl);" +.IP "void \fBSSL_clear\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_clear(SSL *ssl);" +.IP "long \fBSSL_clear_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_clear_num_renegotiations(SSL *ssl);" +.IP "int \fBSSL_connect\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_connect(SSL *ssl);" +.IP "int \fBSSL_copy_session_id\fR(\s-1SSL\s0 *t, const \s-1SSL\s0 *f);" 4 +.IX Item "int SSL_copy_session_id(SSL *t, const SSL *f);" +.PD +Sets the session details for \fBt\fR to be the same as in \fBf\fR. Returns 1 on +success or 0 on failure. +.IP "long \fBSSL_ctrl\fR(\s-1SSL\s0 *ssl, int cmd, long larg, char *parg);" 4 +.IX Item "long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);" +.PD 0 +.IP "int \fBSSL_do_handshake\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_do_handshake(SSL *ssl);" +.IP "\s-1SSL\s0 *\fBSSL_dup\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL *SSL_dup(SSL *ssl);" +.PD +\&\fBSSL_dup()\fR allows applications to configure an \s-1SSL\s0 handle for use +in multiple \s-1SSL\s0 connections, and then duplicate it prior to initiating +each connection with the duplicated handle. +Use of \fBSSL_dup()\fR avoids the need to repeat the configuration of the +handles for each connection. +.Sp +For \fBSSL_dup()\fR to work, the connection \s-1MUST\s0 be in its initial state +and \s-1MUST NOT\s0 have not yet have started the \s-1SSL\s0 handshake. +For connections that are not in their initial state \fBSSL_dup()\fR just +increments an internal reference count and returns the \fIsame\fR +handle. +It may be possible to use \fBSSL_clear\fR\|(3) to recycle an \s-1SSL\s0 handle +that is not in its initial state for re-use, but this is best +avoided. +Instead, save and restore the session, if desired, and construct a +fresh handle for each connection. +.IP "\s-1STACK\s0 *\fBSSL_dup_CA_list\fR(\s-1STACK\s0 *sk);" 4 +.IX Item "STACK *SSL_dup_CA_list(STACK *sk);" +.PD 0 +.IP "void \fBSSL_free\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_free(SSL *ssl);" +.IP "\s-1SSL_CTX\s0 *\fBSSL_get_SSL_CTX\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);" +.IP "char *\fBSSL_get_app_data\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_app_data(SSL *ssl);" +.IP "X509 *\fBSSL_get_certificate\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_certificate(const SSL *ssl);" +.IP "const char *\fBSSL_get_cipher\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_cipher(const SSL *ssl);" +.IP "int \fBSSL_is_dtls\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_is_dtls(const SSL *ssl);" +.IP "int \fBSSL_get_cipher_bits\fR(const \s-1SSL\s0 *ssl, int *alg_bits);" 4 +.IX Item "int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits);" +.IP "char *\fBSSL_get_cipher_list\fR(const \s-1SSL\s0 *ssl, int n);" 4 +.IX Item "char *SSL_get_cipher_list(const SSL *ssl, int n);" +.IP "char *\fBSSL_get_cipher_name\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_name(const SSL *ssl);" +.IP "char *\fBSSL_get_cipher_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_version(const SSL *ssl);" +.IP "\s-1STACK\s0 *\fBSSL_get_ciphers\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_ciphers(const SSL *ssl);" +.IP "\s-1STACK\s0 *\fBSSL_get_client_CA_list\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_client_CA_list(const SSL *ssl);" +.IP "\s-1SSL_CIPHER\s0 *\fBSSL_get_current_cipher\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);" +.IP "long \fBSSL_get_default_timeout\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_default_timeout(const SSL *ssl);" +.IP "int \fBSSL_get_error\fR(const \s-1SSL\s0 *ssl, int i);" 4 +.IX Item "int SSL_get_error(const SSL *ssl, int i);" +.IP "char *\fBSSL_get_ex_data\fR(const \s-1SSL\s0 *ssl, int idx);" 4 +.IX Item "char *SSL_get_ex_data(const SSL *ssl, int idx);" +.IP "int \fBSSL_get_ex_data_X509_STORE_CTX_idx\fR(void);" 4 +.IX Item "int SSL_get_ex_data_X509_STORE_CTX_idx(void);" +.IP "int \fBSSL_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.IP "int \fBSSL_get_fd\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_fd(const SSL *ssl);" +.IP "void (*\fBSSL_get_info_callback\fR(const \s-1SSL\s0 *ssl);)()" 4 +.IX Item "void (*SSL_get_info_callback(const SSL *ssl);)()" +.IP "int \fBSSL_get_key_update_type\fR(\s-1SSL\s0 *s);" 4 +.IX Item "int SSL_get_key_update_type(SSL *s);" +.IP "\s-1STACK\s0 *\fBSSL_get_peer_cert_chain\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_peer_cert_chain(const SSL *ssl);" +.IP "X509 *\fBSSL_get_peer_certificate\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_peer_certificate(const SSL *ssl);" +.IP "const \s-1STACK_OF\s0(\s-1SCT\s0) *\fBSSL_get0_peer_scts\fR(\s-1SSL\s0 *s);" 4 +.IX Item "const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);" +.IP "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "EVP_PKEY *SSL_get_privatekey(const SSL *ssl);" +.IP "int \fBSSL_get_quiet_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_quiet_shutdown(const SSL *ssl);" +.IP "\s-1BIO\s0 *\fBSSL_get_rbio\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_rbio(const SSL *ssl);" +.IP "int \fBSSL_get_read_ahead\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_read_ahead(const SSL *ssl);" +.IP "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_SESSION *SSL_get_session(const SSL *ssl);" +.IP "char *\fBSSL_get_shared_ciphers\fR(const \s-1SSL\s0 *ssl, char *buf, int size);" 4 +.IX Item "char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int size);" +.IP "int \fBSSL_get_shutdown\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_shutdown(const SSL *ssl);" +.IP "const \s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const SSL_METHOD *SSL_get_ssl_method(SSL *ssl);" +.IP "int \fBSSL_get_state\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_state(const SSL *ssl);" +.IP "long \fBSSL_get_time\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_time(const SSL *ssl);" +.IP "long \fBSSL_get_timeout\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_timeout(const SSL *ssl);" +.IP "int (*\fBSSL_get_verify_callback\fR(const \s-1SSL\s0 *ssl))(int, X509_STORE_CTX *)" 4 +.IX Item "int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *)" +.IP "int \fBSSL_get_verify_mode\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_verify_mode(const SSL *ssl);" +.IP "long \fBSSL_get_verify_result\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_verify_result(const SSL *ssl);" +.IP "char *\fBSSL_get_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_version(const SSL *ssl);" +.IP "\s-1BIO\s0 *\fBSSL_get_wbio\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_wbio(const SSL *ssl);" +.IP "int \fBSSL_in_accept_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_accept_init(SSL *ssl);" +.IP "int \fBSSL_in_before\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_before(SSL *ssl);" +.IP "int \fBSSL_in_connect_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_connect_init(SSL *ssl);" +.IP "int \fBSSL_in_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_init(SSL *ssl);" +.IP "int \fBSSL_is_init_finished\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_is_init_finished(SSL *ssl);" +.IP "int \fBSSL_key_update\fR(\s-1SSL\s0 *s, int updatetype);" 4 +.IX Item "int SSL_key_update(SSL *s, int updatetype);" +.IP "\s-1STACK\s0 *\fBSSL_load_client_CA_file\fR(const char *file);" 4 +.IX Item "STACK *SSL_load_client_CA_file(const char *file);" +.IP "\s-1SSL\s0 *\fBSSL_new\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "SSL *SSL_new(SSL_CTX *ctx);" +.IP "int SSL_up_ref(\s-1SSL\s0 *s);" 4 +.IX Item "int SSL_up_ref(SSL *s);" +.IP "long \fBSSL_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_num_renegotiations(SSL *ssl);" +.IP "int \fBSSL_peek\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IX Item "int SSL_peek(SSL *ssl, void *buf, int num);" +.IP "int \fBSSL_pending\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_pending(const SSL *ssl);" +.IP "int \fBSSL_read\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IX Item "int SSL_read(SSL *ssl, void *buf, int num);" +.IP "int \fBSSL_renegotiate\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_renegotiate(SSL *ssl);" +.IP "char *\fBSSL_rstate_string\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_rstate_string(SSL *ssl);" +.IP "char *\fBSSL_rstate_string_long\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_rstate_string_long(SSL *ssl);" +.IP "long \fBSSL_session_reused\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_session_reused(SSL *ssl);" +.IP "void \fBSSL_set_accept_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_set_accept_state(SSL *ssl);" +.IP "void \fBSSL_set_app_data\fR(\s-1SSL\s0 *ssl, char *arg);" 4 +.IX Item "void SSL_set_app_data(SSL *ssl, char *arg);" +.IP "void \fBSSL_set_bio\fR(\s-1SSL\s0 *ssl, \s-1BIO\s0 *rbio, \s-1BIO\s0 *wbio);" 4 +.IX Item "void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);" +.IP "int \fBSSL_set_cipher_list\fR(\s-1SSL\s0 *ssl, char *str);" 4 +.IX Item "int SSL_set_cipher_list(SSL *ssl, char *str);" +.IP "void \fBSSL_set_client_CA_list\fR(\s-1SSL\s0 *ssl, \s-1STACK\s0 *list);" 4 +.IX Item "void SSL_set_client_CA_list(SSL *ssl, STACK *list);" +.IP "void \fBSSL_set_connect_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_set_connect_state(SSL *ssl);" +.IP "int \fBSSL_set_ct_validation_callback\fR(\s-1SSL\s0 *ssl, ssl_ct_validation_cb callback, void *arg);" 4 +.IX Item "int SSL_set_ct_validation_callback(SSL *ssl, ssl_ct_validation_cb callback, void *arg);" +.IP "int \fBSSL_set_ex_data\fR(\s-1SSL\s0 *ssl, int idx, char *arg);" 4 +.IX Item "int SSL_set_ex_data(SSL *ssl, int idx, char *arg);" +.IP "int \fBSSL_set_fd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_fd(SSL *ssl, int fd);" +.IP "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 +.IX Item "void SSL_set_info_callback(SSL *ssl, void (*cb);(void))" +.IP "void \fBSSL_set_msg_callback\fR(\s-1SSL\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IX Item "void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" +.IP "void \fBSSL_set_msg_callback_arg\fR(\s-1SSL\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_set_msg_callback_arg(SSL *ctx, void *arg);" +.IP "unsigned long \fBSSL_clear_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 +.IX Item "unsigned long SSL_clear_options(SSL *ssl, unsigned long op);" +.IP "unsigned long \fBSSL_get_options\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "unsigned long SSL_get_options(SSL *ssl);" +.IP "unsigned long \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 +.IX Item "unsigned long SSL_set_options(SSL *ssl, unsigned long op);" +.IP "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IX Item "void SSL_set_quiet_shutdown(SSL *ssl, int mode);" +.IP "void \fBSSL_set_read_ahead\fR(\s-1SSL\s0 *ssl, int yes);" 4 +.IX Item "void SSL_set_read_ahead(SSL *ssl, int yes);" +.IP "int \fBSSL_set_rfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_rfd(SSL *ssl, int fd);" +.IP "int \fBSSL_set_session\fR(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *session);" 4 +.IX Item "int SSL_set_session(SSL *ssl, SSL_SESSION *session);" +.IP "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IX Item "void SSL_set_shutdown(SSL *ssl, int mode);" +.IP "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, const \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *meth);" +.IP "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IX Item "void SSL_set_time(SSL *ssl, long t);" +.IP "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IX Item "void SSL_set_timeout(SSL *ssl, long t);" +.IP "void \fBSSL_set_verify\fR(\s-1SSL\s0 *ssl, int mode, int (*callback);(void))" 4 +.IX Item "void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))" +.IP "void \fBSSL_set_verify_result\fR(\s-1SSL\s0 *ssl, long arg);" 4 +.IX Item "void SSL_set_verify_result(SSL *ssl, long arg);" +.IP "int \fBSSL_set_wfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_wfd(SSL *ssl, int fd);" +.IP "int \fBSSL_shutdown\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_shutdown(SSL *ssl);" +.IP "\s-1OSSL_HANDSHAKE_STATE\s0 \fBSSL_get_state\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);" +.PD +Returns the current handshake state. +.IP "char *\fBSSL_state_string\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string(const SSL *ssl);" +.PD 0 +.IP "char *\fBSSL_state_string_long\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string_long(const SSL *ssl);" +.IP "long \fBSSL_total_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_total_renegotiations(SSL *ssl);" +.IP "int \fBSSL_use_PrivateKey\fR(\s-1SSL\s0 *ssl, \s-1EVP_PKEY\s0 *pkey);" 4 +.IX Item "int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);" +.IP "int \fBSSL_use_PrivateKey_ASN1\fR(int type, \s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IX Item "int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len);" +.IP "int \fBSSL_use_PrivateKey_file\fR(\s-1SSL\s0 *ssl, const char *file, int type);" 4 +.IX Item "int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);" +.IP "int \fBSSL_use_RSAPrivateKey\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *rsa);" 4 +.IX Item "int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);" +.IP "int \fBSSL_use_RSAPrivateKey_ASN1\fR(\s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IX Item "int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);" +.IP "int \fBSSL_use_RSAPrivateKey_file\fR(\s-1SSL\s0 *ssl, const char *file, int type);" 4 +.IX Item "int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);" +.IP "int \fBSSL_use_certificate\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IX Item "int SSL_use_certificate(SSL *ssl, X509 *x);" +.IP "int \fBSSL_use_certificate_ASN1\fR(\s-1SSL\s0 *ssl, int len, unsigned char *d);" 4 +.IX Item "int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);" +.IP "int \fBSSL_use_certificate_file\fR(\s-1SSL\s0 *ssl, const char *file, int type);" 4 +.IX Item "int SSL_use_certificate_file(SSL *ssl, const char *file, int type);" +.IP "int \fBSSL_use_cert_and_key\fR(\s-1SSL\s0 *ssl, X509 *x, \s-1EVP_PKEY\s0 *pkey, \s-1STACK_OF\s0(X509) *chain, int override);" 4 +.IX Item "int SSL_use_cert_and_key(SSL *ssl, X509 *x, EVP_PKEY *pkey, STACK_OF(X509) *chain, int override);" +.IP "int \fBSSL_version\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_version(const SSL *ssl);" +.IP "int \fBSSL_want\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want(const SSL *ssl);" +.IP "int \fBSSL_want_nothing\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_nothing(const SSL *ssl);" +.IP "int \fBSSL_want_read\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_read(const SSL *ssl);" +.IP "int \fBSSL_want_write\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_write(const SSL *ssl);" +.IP "int \fBSSL_want_x509_lookup\fR(const \s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_x509_lookup(const SSL *ssl);" +.IP "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4 +.IX Item "int SSL_write(SSL *ssl, const void *buf, int num);" +.IP "void \fBSSL_set_psk_client_callback\fR(\s-1SSL\s0 *ssl, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" 4 +.IX Item "void SSL_set_psk_client_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));" +.IP "int \fBSSL_use_psk_identity_hint\fR(\s-1SSL\s0 *ssl, const char *hint);" 4 +.IX Item "int SSL_use_psk_identity_hint(SSL *ssl, const char *hint);" +.IP "void \fBSSL_set_psk_server_callback\fR(\s-1SSL\s0 *ssl, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *identity, unsigned char *psk, int max_psk_len));" 4 +.IX Item "void SSL_set_psk_server_callback(SSL *ssl, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));" +.IP "const char *\fBSSL_get_psk_identity_hint\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_psk_identity_hint(SSL *ssl);" +.IP "const char *\fBSSL_get_psk_identity\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_psk_identity(SSL *ssl);" +.PD +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See the individual manual pages for details. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBopenssl\fR\|(1), \fBcrypto\fR\|(7), +\&\fBCRYPTO_get_ex_new_index\fR\|(3), +\&\fBSSL_accept\fR\|(3), \fBSSL_clear\fR\|(3), +\&\fBSSL_connect\fR\|(3), +\&\fBSSL_CIPHER_get_name\fR\|(3), +\&\fBSSL_COMP_add_compression_method\fR\|(3), +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3), +\&\fBSSL_CTX_add_session\fR\|(3), +\&\fBSSL_CTX_ctrl\fR\|(3), +\&\fBSSL_CTX_flush_sessions\fR\|(3), +\&\fBSSL_CTX_get_verify_mode\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) +\&\fBSSL_CTX_new\fR\|(3), +\&\fBSSL_CTX_sess_number\fR\|(3), +\&\fBSSL_CTX_sess_set_cache_size\fR\|(3), +\&\fBSSL_CTX_sess_set_get_cb\fR\|(3), +\&\fBSSL_CTX_sessions\fR\|(3), +\&\fBSSL_CTX_set_cert_store\fR\|(3), +\&\fBSSL_CTX_set_cert_verify_callback\fR\|(3), +\&\fBSSL_CTX_set_cipher_list\fR\|(3), +\&\fBSSL_CTX_set_client_CA_list\fR\|(3), +\&\fBSSL_CTX_set_client_cert_cb\fR\|(3), +\&\fBSSL_CTX_set_default_passwd_cb\fR\|(3), +\&\fBSSL_CTX_set_generate_session_id\fR\|(3), +\&\fBSSL_CTX_set_info_callback\fR\|(3), +\&\fBSSL_CTX_set_max_cert_list\fR\|(3), +\&\fBSSL_CTX_set_mode\fR\|(3), +\&\fBSSL_CTX_set_msg_callback\fR\|(3), +\&\fBSSL_CTX_set_options\fR\|(3), +\&\fBSSL_CTX_set_quiet_shutdown\fR\|(3), +\&\fBSSL_CTX_set_read_ahead\fR\|(3), +\&\fBSSL_CTX_set_security_level\fR\|(3), +\&\fBSSL_CTX_set_session_cache_mode\fR\|(3), +\&\fBSSL_CTX_set_session_id_context\fR\|(3), +\&\fBSSL_CTX_set_ssl_version\fR\|(3), +\&\fBSSL_CTX_set_timeout\fR\|(3), +\&\fBSSL_CTX_set_tmp_dh_callback\fR\|(3), +\&\fBSSL_CTX_set_verify\fR\|(3), +\&\fBSSL_CTX_use_certificate\fR\|(3), +\&\fBSSL_alert_type_string\fR\|(3), +\&\fBSSL_do_handshake\fR\|(3), +\&\fBSSL_enable_ct\fR\|(3), +\&\fBSSL_get_SSL_CTX\fR\|(3), +\&\fBSSL_get_ciphers\fR\|(3), +\&\fBSSL_get_client_CA_list\fR\|(3), +\&\fBSSL_get_default_timeout\fR\|(3), +\&\fBSSL_get_error\fR\|(3), +\&\fBSSL_get_ex_data_X509_STORE_CTX_idx\fR\|(3), +\&\fBSSL_get_fd\fR\|(3), +\&\fBSSL_get_peer_cert_chain\fR\|(3), +\&\fBSSL_get_rbio\fR\|(3), +\&\fBSSL_get_session\fR\|(3), +\&\fBSSL_get_verify_result\fR\|(3), +\&\fBSSL_get_version\fR\|(3), +\&\fBSSL_load_client_CA_file\fR\|(3), +\&\fBSSL_new\fR\|(3), +\&\fBSSL_pending\fR\|(3), +\&\fBSSL_read_ex\fR\|(3), +\&\fBSSL_read\fR\|(3), +\&\fBSSL_rstate_string\fR\|(3), +\&\fBSSL_session_reused\fR\|(3), +\&\fBSSL_set_bio\fR\|(3), +\&\fBSSL_set_connect_state\fR\|(3), +\&\fBSSL_set_fd\fR\|(3), +\&\fBSSL_set_session\fR\|(3), +\&\fBSSL_set_shutdown\fR\|(3), +\&\fBSSL_shutdown\fR\|(3), +\&\fBSSL_state_string\fR\|(3), +\&\fBSSL_want\fR\|(3), +\&\fBSSL_write_ex\fR\|(3), +\&\fBSSL_write\fR\|(3), +\&\fBSSL_SESSION_free\fR\|(3), +\&\fBSSL_SESSION_get_time\fR\|(3), +\&\fBd2i_SSL_SESSION\fR\|(3), +\&\fBSSL_CTX_set_psk_client_callback\fR\|(3), +\&\fBSSL_CTX_use_psk_identity_hint\fR\|(3), +\&\fBSSL_get_psk_identity\fR\|(3), +\&\fBDTLSv1_listen\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fBSSLv2_client_method\fR, \fBSSLv2_server_method\fR and \fBSSLv2_method\fR were removed +in OpenSSL 1.1.0. +.PP +The return type of \fBSSL_copy_session_id\fR was changed from void to int in +OpenSSL 1.1.0. +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/man7/x509.7 b/secure/lib/libcrypto/man/man7/x509.7 new file mode 100644 index 000000000000..6d493eba9a0c --- /dev/null +++ b/secure/lib/libcrypto/man/man7/x509.7 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is >0, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "X509 7" +.TH X509 7 "2019-09-10" "1.1.1d" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +x509 \- X.509 certificate handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An X.509 certificate is a structured grouping of information about +an individual, a device, or anything one can imagine. A X.509 \s-1CRL\s0 +(certificate revocation list) is a tool to help determine if a +certificate is still valid. The exact definition of those can be +found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX.\s0 +In OpenSSL, the type X509 is used to express such a certificate, and +the type X509_CRL is used to express a \s-1CRL.\s0 +.PP +A related structure is a certificate request, defined in PKCS#10 from +\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896.\s0 In OpenSSL, the type +X509_REQ is used to express such a certificate request. +.PP +To handle some complex parts of a certificate, there are the types +X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express +a certificate attributes), X509_EXTENSION (to express a certificate +extension) and a few more. +.PP +Finally, there's the supertype X509_INFO, which can contain a \s-1CRL,\s0 a +certificate and a corresponding private key. +.PP +\&\fBX509_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_\fR\fI\s-1XXX\s0\fR functions +handle X.509 certificates, with some exceptions, shown below. +.PP +\&\fBX509_CRL_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_CRL_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_CRL_\fR\fI\s-1XXX\s0\fR +functions handle X.509 CRLs. +.PP +\&\fBX509_REQ_\fR\fI\s-1XXX\s0\fR, \fBd2i_X509_REQ_\fR\fI\s-1XXX\s0\fR, and \fBi2d_X509_REQ_\fR\fI\s-1XXX\s0\fR +functions handle PKCS#10 certificate requests. +.PP +\&\fBX509_NAME_\fR\fI\s-1XXX\s0\fR functions handle certificate names. +.PP +\&\fBX509_ATTRIBUTE_\fR\fI\s-1XXX\s0\fR functions handle certificate attributes. +.PP +\&\fBX509_EXTENSION_\fR\fI\s-1XXX\s0\fR functions handle certificate extensions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fBX509_NAME_ENTRY_get_object\fR\|(3), +\&\fBX509_NAME_add_entry_by_txt\fR\|(3), +\&\fBX509_NAME_add_entry_by_NID\fR\|(3), +\&\fBX509_NAME_print_ex\fR\|(3), +\&\fBX509_NAME_new\fR\|(3), +\&\fBd2i_X509\fR\|(3), +\&\fBd2i_X509_ALGOR\fR\|(3), +\&\fBd2i_X509_CRL\fR\|(3), +\&\fBd2i_X509_NAME\fR\|(3), +\&\fBd2i_X509_REQ\fR\|(3), +\&\fBd2i_X509_SIG\fR\|(3), +\&\fBX509v3\fR\|(3), +\&\fBcrypto\fR\|(7) +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved. +.PP +Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file \s-1LICENSE\s0 in the source distribution or at +. diff --git a/secure/lib/libcrypto/man/o2i_SCT_LIST.3 b/secure/lib/libcrypto/man/o2i_SCT_LIST.3 deleted file mode 100644 index aefa717ba74a..000000000000 --- a/secure/lib/libcrypto/man/o2i_SCT_LIST.3 +++ /dev/null @@ -1,179 +0,0 @@ -.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.39) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -. ds C` -. ds C' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is >0, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.\" -.\" Avoid warning from groff about undefined register 'F'. -.de IX -.. -.nr rF 0 -.if \n(.g .if rF .nr rF 1 -.if (\n(rF:(\n(.g==0)) \{\ -. if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 -. \} -. \} -.\} -.rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "O2I_SCT_LIST 3" -.TH O2I_SCT_LIST 3 "2019-09-10" "1.1.1d" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -o2i_SCT_LIST, i2o_SCT_LIST, o2i_SCT, i2o_SCT \- decode and encode Signed Certificate Timestamp lists in TLS wire format -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, -\& size_t len); -\& int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); -\& SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); -\& int i2o_SCT(const SCT *sct, unsigned char **out); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \s-1SCT_LIST\s0 and \s-1SCT\s0 functions are very similar to the i2d and d2i family of -functions, except that they convert to and from \s-1TLS\s0 wire format, as described in -\&\s-1RFC 6962.\s0 See d2i_SCT_LIST for more information about how the parameters are -treated and the return values. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -All of the functions have return values consistent with those stated for -d2i_SCT_LIST and i2d_SCT_LIST. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fBct\fR\|(7), -\&\fBd2i_SCT_LIST\fR\|(3), -\&\fBi2d_SCT_LIST\fR\|(3) -.SH "HISTORY" -.IX Header "HISTORY" -These functions were added in OpenSSL 1.1.0. -.SH "COPYRIGHT" -.IX Header "COPYRIGHT" -Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -.PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at -. -- cgit v1.2.3